diff --git a/SOURCES/kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch b/SOURCES/kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch new file mode 100644 index 0000000..133e278 --- /dev/null +++ b/SOURCES/kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch @@ -0,0 +1,44 @@ +From e8ec08a62a3ffce3deeeecd8e68408d0879f6915 Mon Sep 17 00:00:00 2001 +From: Peter Maydell +Date: Fri, 28 Mar 2014 14:22:49 +0000 +Subject: [PATCH] dma-helpers: Initialize DMAAIOCB in_cancel flag +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Stefano Garzarella +RH-MergeRequest: 53: dma-helpers: Initialize DMAAIOCB in_cancel flag +RH-Commit: [1/1] a729d40a4eae4ff0262764d9003552d1e4d67976 +RH-Bugzilla: 2007036 +RH-Acked-by: Kevin Wolf +RH-Acked-by: Stefan Hajnoczi +RH-Acked-by: Philippe Mathieu-Daudé + +Initialize the dbs->in_cancel flag in dma_bdrv_io(), since qemu_aio_get() +does not return zero-initialized memory. Spotted by the clang sanitizer +(which complained when the value loaded in dma_complete() was not valid +for a bool type); this might have resulted in leaking the AIO block. + +Signed-off-by: Peter Maydell +Signed-off-by: Kevin Wolf +(cherry picked from commit 4d1cb6e6f51b0d8405f701806a203a73e7431fe5) +Signed-off-by: Stefano Garzarella +--- + dma-helpers.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/dma-helpers.c b/dma-helpers.c +index 272632f367..7335dd71c7 100644 +--- a/dma-helpers.c ++++ b/dma-helpers.c +@@ -216,6 +216,7 @@ BlockDriverAIOCB *dma_bdrv_io( + dbs->sg_cur_index = 0; + dbs->sg_cur_byte = 0; + dbs->dir = dir; ++ dbs->in_cancel = false; + dbs->io_func = io_func; + dbs->bh = NULL; + qemu_iovec_init(&dbs->iov, sg->nsg); +-- +2.27.0 + diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec index 76ebcd6..2e4e935 100644 --- a/SPECS/qemu-kvm.spec +++ b/SPECS/qemu-kvm.spec @@ -14,7 +14,7 @@ %global have_usbredir 0 %endif -%ifnarch s390 s390x %{arm} +%ifnarch s390 s390x %global have_librdma 1 %global have_tcmalloc 1 %endif @@ -41,9 +41,6 @@ %ifarch aarch64 %global kvm_target aarch64 %endif -%ifarch %{arm} - %global kvm_target arm -%endif #Versions of various parts: @@ -79,13 +76,13 @@ Obsoletes: %1 < %{obsoletes_version} \ Summary: QEMU is a machine emulator and virtualizer Name: %{pkgname}%{?pkgsuffix} Version: 1.5.3 -Release: 175%{?dist}.4 +Release: 175%{?dist}.5 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 10 License: GPLv2 and GPLv2+ and CC-BY Group: Development/Tools URL: http://www.qemu.org/ -ExclusiveArch: x86_64 %{arm} +ExclusiveArch: x86_64 Requires: seabios-bin >= 1.7.2.2-5 Requires: sgabios-bin Requires: seavgabios-bin @@ -4056,6 +4053,8 @@ Patch1997: kvm-hw-core-loader-Fix-possible-crash-in-rom_copy.patch Patch1998: kvm-Suppress-prototype-warning-for-nss-headers.patch # For bz#1917449 - CVE-2020-29443 qemu-kvm: QEMU: ide: atapi: OOB access while processing read commands [rhel-7.9.z] Patch1999: kvm-ide-atapi-check-logical-block-address-and-read-size-.patch +# For bz#2007036 - Memory leak when using dma_read/write with virtio-scsi +Patch2000: kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch BuildRequires: zlib-devel @@ -6233,6 +6232,7 @@ tar -xf %{SOURCE21} %patch1997 -p1 %patch1998 -p1 %patch1999 -p1 +%patch2000 -p1 %build buildarch="%{kvm_target}-softmmu" @@ -6678,6 +6678,11 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %{_mandir}/man8/qemu-nbd.8* %changelog +* Fri Nov 12 2021 Jon Maloy - 1.5.3-175.el7_9.5 +- kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch [bz#2007036] +- Resolves: bz#2007036 + (Memory leak when using dma_read/write with virtio-scsi) + * Fri May 07 2021 Jon Maloy - 1.5.3-175.el7_9.4 - kvm-ide-atapi-check-logical-block-address-and-read-size-.patch [bz#1917449] - Resolves: bz#1917449