Hi,
I'm currently finishing my upload for qemu, and a question is
remaining concerning the fix of CVE-2016-99{14,15,16}[0,1,2].
It is clear to me that the 9pfs proxy/handle backend drivers may
issue a memory leakage when unrealized (ctx->private not deallocated
for example). Thus, if they can be unrealized, we will need to
implement a cleanup mechanism, as proposed in the upstream patch[3,4].
In recent versions following the QOM model, the unrealize operation
is implemented in 9p.c. It is not the case in the wheezy version,
for which I can't find any function performing unrealize operations[5]
(the current unrealize function got implemented in this commit[6]).
So, I am having trouble defining whether it is possible to unrealize the
9pfs device in the wheezy version, and if yes, which method (if there's
one) is handling it.
Does anybody have an idea ?
Cheers,
Hugo
[0] https://security-tracker.debian.org/tracker/CVE-2016-9914
[1] https://security-tracker.debian.org/tracker/CVE-2016-9915
[2] https://security-tracker.debian.org/tracker/CVE-2016-9916
[3] http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30
[4] http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68
[5] For the record, the equivalent in wheezy of the modern realize function is
virtio_9p_init in virtio-9p-device.c.
[6] http://git.qemu.org/?p=qemu.git;a=commit;h=6cecf093735f2e5af7d0e29d957350320044e354
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature