pve-kernel-qoup/CVE-2017-10810-drm-virtio-don-t-leak-bo-on-drm_gem_object_init-fail.patch
Thomas Lamprecht 4c390211d8 add CVE fixes
CVE-2017-1000364 (rather bugfix for the original CVE fix):
 * mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
 * mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack

CVE-2017-1000365: fs/exec.c: account for argv/envp pointers

CVE-2017-10810: drm/virtio: don't leak bo on drm_gem_object_init
 failure

CVE-2017-7482: rxrpc: Fix several cases where a padded len isn't
 checked in ticket decode

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-19 09:46:19 +02:00

44 lines
1.5 KiB
Diff

From de1c3d4474562e9d9dc9952f9283f07d8d58ef98 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 12 Jul 2017 12:35:52 +0200
Subject: [PATCH 1/3] drm/virtio: don't leak bo on drm_gem_object_init failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170406155941.458-1-kraxel@redhat.com
CVE-2017-10810
(cherry picked from commit 385aee965b4e4c36551c362a334378d2985b722a)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
drivers/gpu/drm/virtio/virtgpu_object.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
index 1483daebe057..6f66b7347cd0 100644
--- a/drivers/gpu/drm/virtio/virtgpu_object.c
+++ b/drivers/gpu/drm/virtio/virtgpu_object.c
@@ -81,8 +81,10 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev,
return -ENOMEM;
size = roundup(size, PAGE_SIZE);
ret = drm_gem_object_init(vgdev->ddev, &bo->gem_base, size);
- if (ret != 0)
+ if (ret != 0) {
+ kfree(bo);
return ret;
+ }
bo->dumb = false;
virtio_gpu_init_ttm_placement(bo, pinned);
--
2.11.0