Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2224439/?format=api
{ "id": 2224439, "url": "http://patchwork.ozlabs.org/api/patches/2224439/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260417122703.845442-1-alex.bennee@linaro.org/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260417122703.845442-1-alex.bennee@linaro.org>", "list_archive_url": null, "date": "2026-04-17T12:27:03", "name": "[v2] hw/display: don't accidentally autofree existing virgl resources", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "91ee99560ab9680fefcf2ce2fe73dd3ec002abc6", "submitter": { "id": 39532, "url": "http://patchwork.ozlabs.org/api/people/39532/?format=api", "name": "Alex Bennée", "email": "alex.bennee@linaro.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260417122703.845442-1-alex.bennee@linaro.org/mbox/", "series": [ { "id": 500321, "url": "http://patchwork.ozlabs.org/api/series/500321/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=500321", "date": "2026-04-17T12:27:03", "name": "[v2] hw/display: don't accidentally autofree existing virgl resources", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/500321/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2224439/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2224439/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256\n header.s=google header.b=O5+ev40i;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fxvLQ4z7Vz1yD3\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 17 Apr 2026 22:28:29 +1000 (AEST)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wDiIE-0002AD-8F; Fri, 17 Apr 2026 08:27:30 -0400", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <alex.bennee@linaro.org>)\n id 1wDiIC-00029U-JI\n for qemu-devel@nongnu.org; Fri, 17 Apr 2026 08:27:28 -0400", "from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <alex.bennee@linaro.org>)\n id 1wDiIB-0002dP-35\n for qemu-devel@nongnu.org; Fri, 17 Apr 2026 08:27:28 -0400", "by mail-wr1-x42c.google.com with SMTP id\n ffacd0b85a97d-43fe62837baso293370f8f.3\n for <qemu-devel@nongnu.org>; Fri, 17 Apr 2026 05:27:26 -0700 (PDT)", "from draig.lan ([185.124.0.195]) by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-43fe4e3a381sm4669706f8f.21.2026.04.17.05.27.23\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 17 Apr 2026 05:27:24 -0700 (PDT)", "from draig.lan (localhost [IPv6:::1])\n by draig.lan (Postfix) with ESMTP id BC8A15F94F;\n Fri, 17 Apr 2026 13:27:22 +0100 (BST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=linaro.org; s=google; t=1776428845; x=1777033645; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=09Ao/kdkItFINOSsUtWmsMGzeiiAB3gnUtxxrN6Tkro=;\n b=O5+ev40i379X/kVixTVEp1lkhj2xZMaxUToDVLf31Ly5QBMX+cA6nqIOq9ZgMePNnL\n uhbheIoKSLJX0fqV8ulKvH8g9Uunayn+QxR1kfL4gb+f3VzCyiQCn+VDZqA9TZip865f\n iNCqB53u65XryHTcX5U1TKX630+8VO57MVnMsAps3rJEKBZVgWijJT1ULy7kQpA3HwzJ\n V2xCJ9Xo3d0MahhuoSogpfKjZlEDXdCP/McYTvdASbF8FnLA12bdcZbhswDwl2FrGEO+\n 98azor5A3wQX2HGHYBdm/gvwIC1jtnz5HywT+RqcqJTtZN0tvajaJm21935ZRXi/8xmD\n Yqjg==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776428845; x=1777033645;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=09Ao/kdkItFINOSsUtWmsMGzeiiAB3gnUtxxrN6Tkro=;\n b=JSSPsAD4a0V+imELdVkJuI9EQba3VNGIfEmObJ2CiYHFmqoL3VAP4fpcJnhGDqKckL\n IGeUruzlnuk+i5WSE5YUTGnmwK/zIsejasc5kR5Ni7bNAQ8wkgx43T2folvRnGj/n+ZI\n dk/RbfUx7ueppZBj8NFstMei0iDPhJqxVM2x5g0uwb9N/eBdwoKIVFFBqB7kVR/ZVr5b\n 787NkNYnirnd/GXwBKfMNyhZqKOZ3gvzdXGlV1IO6J7CnFf53s8sjskw1JQxou57EBru\n h/bCRFDhTZYwmWa5SKD3yOCiY/LuUKcpsNKDCfMTi55nvhH/7bsBBBFOPR0JedWh2/kg\n n5vw==", "X-Gm-Message-State": "AOJu0YyoYfXtHhCbgC+L7/MWDdIkFdYaWkvXRmGED0AtWgoWLNAZ1eXL\n vMLBl66YTCBmOw07LL6A5WbeKKsTOWsWSg/Z+I7g2xB8GceqG2mML30tC2i+QY1uqBo=", "X-Gm-Gg": "AeBDietl9ZXYhgcfJzndAj7QUUqAVYZdb7fHWJkv50DS941hAPJqbd54MM/iejf3l9e\n 7sre3AbZMngvCkpFy0wNdCp3mq9Bm9mQjVWxpCKNQseAW5eGMug06/loPCB6q5e/Lob14jwxZ9+\n 1FXug7MaH+97z5DdEf/sBqW01KXeQPLHSaRJ78ShbF2dRXsJ/sS+Shtz6ee50is19l9YzG2VMTz\n YTSBr93oFOEJhaH2Z+wDdWgwcUvEk3cwzDNSX0e7pwvg5xUAc5igiV8n7H52qzezRdC3NoJ2A23\n lkoknwzbR8fUU4gHqhaMLlQk2v4LZP0aKPOhM+NeEkI/yB9NECyqZV0ykSaBGlea1jf9vbOutb/\n LLcNF0ZMdzRd+Fp14+StTRxQys4nSFkODQs3lhBIx8qn+EFrPXKQH37i2rno+Ol8+GIchevLmON\n tnkmWZY3Yv+f5iT2EkkB4JwnLTUk4mYGXBVcEj/UGwXJ45", "X-Received": "by 2002:a05:6000:240e:b0:43d:7594:f378 with SMTP id\n ffacd0b85a97d-43fe3e0b18emr4094615f8f.41.1776428845051;\n Fri, 17 Apr 2026 05:27:25 -0700 (PDT)", "From": "=?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>", "To": "qemu-devel@nongnu.org", "Cc": "=?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>,\n Manos Pitsidianakis <manos.pitsidianakis@linaro.org>, qemu-stable@nongnu.org,\n \"Michael S. Tsirkin\" <mst@redhat.com>,\n Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>,\n Dmitry Osipenko <dmitry.osipenko@collabora.com>", "Subject": "[PATCH v2] hw/display: don't accidentally autofree existing virgl\n resources", "Date": "Fri, 17 Apr 2026 13:27:03 +0100", "Message-ID": "<20260417122703.845442-1-alex.bennee@linaro.org>", "X-Mailer": "git-send-email 2.47.3", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=UTF-8", "Content-Transfer-Encoding": "8bit", "Received-SPF": "pass client-ip=2a00:1450:4864:20::42c;\n envelope-from=alex.bennee@linaro.org; helo=mail-wr1-x42c.google.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "While sanity checking a create blob operation the use of the auto\nfreed res variable could lead to inadvertently freeing an existing\nblob.\n\nAvoid this by in-lining the virtio_gpu_virgl_find_resource() check as\nthe value is not needed anyway.\n\nWhile at it add a comment to the end and use g_steal_pointer to make\nit clearer the object lifetime exceeds the function bounds if we pass\nall the checks.\n\nFixes: CVE-2026-6502\nFixes: 7c092f17cce (virtio-gpu: Handle resource blob commands)\nMessage-ID: 20260417094443.785462-1-alex.bennee@linaro.org\nSigned-off-by: Alex Bennée <alex.bennee@linaro.org>\nReviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>\nCc: qemu-stable@nongnu.org\n---\n hw/display/virtio-gpu-virgl.c | 6 +++---\n 1 file changed, 3 insertions(+), 3 deletions(-)", "diff": "diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c\nindex b7a2d160ddd..add85bd4e61 100644\n--- a/hw/display/virtio-gpu-virgl.c\n+++ b/hw/display/virtio-gpu-virgl.c\n@@ -830,8 +830,7 @@ static void virgl_cmd_resource_create_blob(VirtIOGPU *g,\n return;\n }\n \n- res = virtio_gpu_virgl_find_resource(g, cblob.resource_id);\n- if (res) {\n+ if (virtio_gpu_virgl_find_resource(g, cblob.resource_id)) {\n qemu_log_mask(LOG_GUEST_ERROR, \"%s: resource already exists %d\\n\",\n __func__, cblob.resource_id);\n cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;\n@@ -884,8 +883,9 @@ static void virgl_cmd_resource_create_blob(VirtIOGPU *g,\n \n res->base.dmabuf_fd = info.fd;\n \n+ /* Now live, cleaned up in virtio_gpu_virgl_resource_unref */\n QTAILQ_INSERT_HEAD(&g->reslist, &res->base, next);\n- res = NULL;\n+ g_steal_pointer(&res);\n }\n \n static void virgl_cmd_resource_map_blob(VirtIOGPU *g,\n", "prefixes": [ "v2" ] }