Potential Memory Leak Bugs in drivers/gpu/drm/virtio/virtgpu_vq.c (Linux 5.6).

Dongyang Zhan zdyzztq at gmail.com
Fri May 29 02:05:35 UTC 2020


Ok, thanks!

Gerd Hoffmann <kraxel at redhat.com> 于2020年5月28日周四 下午4:25写道:
>
> On Thu, May 28, 2020 at 03:57:05PM +0800, Dongyang Zhan wrote:
> > Hi,
> > My name is Dongyang Zhan, I am a security researcher.
> > Currently, I found two possible memory bugs in
> > drivers/gpu/drm/virtio/virtgpu_vq.c (Linux 5.6).
> > I hope you can help me to confirm them. Thank you.
>
> Sorry.  Not confirmed.  You should do a better job verifying your
> claims before bugging people.
>
> > The first one is resp_buf will not be release in
> > virtio_gpu_cmd_get_display_info() with the condition
> > (resp_size <= MAX_INLINE_RESP_SIZE) in virtio_gpu_alloc_cmd_resp().
>
> In that code path resp_size equals sizeof(struct
> virtio_gpu_resp_display_info) which is larger than MAX_INLINE_RESP_SIZE
> so the condition is never true and no leak happens.
>
> take care,
>   Gerd
>


More information about the dri-devel mailing list