[prev in list] [next in list] [prev in thread] [next in thread]
List: qemu-commits
Subject: [Qemu-commits] [qemu/qemu] 1bc311: vnc: fix use-after-free
From: GitHub <noreply () github ! com>
Date: 2018-04-27 11:27:45
Message-ID: 5ae30931e9f12_8152af0a166dc00172f () hookshot-fe-2cc8887 ! cp1-iad ! github ! net ! mail
[Download RAW message or body]
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 1bc3117abad28d6465ecdb2c944b22943df0e4f3
https://github.com/qemu/qemu/commit/1bc3117abad28d6465ecdb2c944b229=
43df0e4f3
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: 2018-04-27 (Fri, 27 Apr 2018)
Changed paths:
M ui/vnc.c
Log Message:
-----------
vnc: fix use-after-free
When vnc_client_read() return value is -1
vs is not valid any more.
Fixes: d49b87f0d1e0520443a990fc610d0f02bc63c556
Reported-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Tested-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Tested-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Message-id: 20180420084820.3873-1-kraxel@redhat.com
Commit: 62f27922b3f1e0253a6755d2c711cd0bc1e79f18
https://github.com/qemu/qemu/commit/62f27922b3f1e0253a6755d2c711cd0=
bc1e79f18
Author: Elie Tournier <tournier.elie@gmail.com>
Date: 2018-04-27 (Fri, 27 Apr 2018)
Changed paths:
M qapi/ui.json
M vl.c
Log Message:
-----------
qapi: Parameter gl of DisplayType now accept an enum
v2: Rebase on top of master
v3: Fix the json format (Eric Blake)
Fix a comparison issue (Gerd Hoffmann)
Signed-off-by: Elie Tournier <elie.tournier@collabora.com>
Message-id: 20180413135842.21325-2-tournier.elie@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 844fd50dbbcfc9e401895274bf4fb8da8e8d3f64
https://github.com/qemu/qemu/commit/844fd50dbbcfc9e401895274bf4fb8d=
a8e8d3f64
Author: Elie Tournier <tournier.elie@gmail.com>
Date: 2018-04-27 (Fri, 27 Apr 2018)
Changed paths:
M include/ui/sdl2.h
M ui/sdl2.c
Log Message:
-----------
sdl: Move DisplayOptions global to sdl2_console
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Elie Tournier <elie.tournier@collabora.com>
Message-id: 20180413135842.21325-3-tournier.elie@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 4867e47cb637c6f3549786f1be70793112f96713
https://github.com/qemu/qemu/commit/4867e47cb637c6f3549786f1be70793=
112f96713
Author: Elie Tournier <tournier.elie@gmail.com>
Date: 2018-04-27 (Fri, 27 Apr 2018)
Changed paths:
M qemu-options.hx
M ui/sdl2-gl.c
M vl.c
Log Message:
-----------
sdl: Allow OpenGL ES context creation
Signed-off-by: Elie Tournier <elie.tournier@collabora.com>
Message-id: 20180413135842.21325-4-tournier.elie@gmail.com
[ kraxel: fix indent ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 7cd0afe69f3330a104b1462c01156dd8525b9bdd
https://github.com/qemu/qemu/commit/7cd0afe69f3330a104b1462c01156dd=
8525b9bdd
Author: Tina Zhang <tina.zhang@intel.com>
Date: 2018-04-27 (Fri, 27 Apr 2018)
Changed paths:
M include/ui/console.h
M ui/console.c
Log Message:
-----------
console: introduce dpy_gfx_update_full
dpy_gfx_update_full is used to do the whole display surface update.
This function is proposed by Gerd Hoffmann.
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Message-id: 1524820266-27079-2-git-send-email-tina.zhang@intel.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 8983e3e35033ecb9234725c2bba65f020824969b
https://github.com/qemu/qemu/commit/8983e3e35033ecb9234725c2bba65f0=
20824969b
Author: Tina Zhang <tina.zhang@intel.com>
Date: 2018-04-27 (Fri, 27 Apr 2018)
Changed paths:
M hw/vfio/display.c
M hw/vfio/pci.c
M hw/vfio/pci.h
Log Message:
-----------
ui: introduce vfio_display_reset
During guest OS reboot, guest framebuffer is invalid. It will cause
bugs, if the invalid guest framebuffer is still used by host.
This patch is to introduce vfio_display_reset which is invoked
during vfio display reset. This vfio_display_reset function is used
to release the invalid display resource, disable scanout mode and
replace the invalid surface with QemuConsole's DisplaySurafce.
This patch can fix the GPU hang issue caused by gd_egl_draw during
guest OS reboot.
Changes v3->v4:
- Move dma-buf based display check into the vfio_display_reset().
(Gerd)
Changes v2->v3:
- Limit vfio_display_reset to dma-buf based vfio display. (Gerd)
Changes v1->v2:
- Use dpy_gfx_update_full() update screen after reset. (Gerd)
- Remove dpy_gfx_switch_surface(). (Gerd)
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Message-id: 1524820266-27079-3-git-send-email-tina.zhang@intel.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 10f4718b51d77ff06878afd326c3d3dd140770ee
https://github.com/qemu/qemu/commit/10f4718b51d77ff06878afd326c3d3d=
d140770ee
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2018-04-27 (Fri, 27 Apr 2018)
Changed paths:
M hw/vfio/display.c
M hw/vfio/pci.c
M hw/vfio/pci.h
M include/ui/console.h
M include/ui/sdl2.h
M qapi/ui.json
M qemu-options.hx
M ui/console.c
M ui/sdl2-gl.c
M ui/sdl2.c
M ui/vnc.c
M vl.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/ui-20180427-pull-requ=
est' into staging
vnc: fix use-after-free.
sdl2: gles support.
vfio-display: add reset support.
# gpg: Signature made Fri 27 Apr 2018 10:54:17 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 =
7138
* remotes/kraxel/tags/ui-20180427-pull-request:
ui: introduce vfio_display_reset
console: introduce dpy_gfx_update_full
sdl: Allow OpenGL ES context creation
sdl: Move DisplayOptions global to sdl2_console
qapi: Parameter gl of DisplayType now accept an enum
vnc: fix use-after-free
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/dcbd26f88155...10f4718b51d7=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic