summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_missing/2845.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2845.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_missing/2845.toml40
1 files changed, 40 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2845.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2845.toml
new file mode 100644
index 00000000..5f0d6c38
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_missing/2845.toml
@@ -0,0 +1,40 @@
+id = 2845
+title = "memory leak in virtio-pci devices"
+state = "opened"
+created_at = "2025-02-27T09:55:11.167Z"
+closed_at = "n/a"
+labels = ["device: PCI", "device:virtio"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2845"
+host-os = "Ubuntu 22.04 LTS"
+host-arch = "x86"
+qemu-version = "9.2.0"
+guest-os = "n/a"
+guest-arch = "n/a"
+description = """The Use-After-Free bug mentioned by #2440 **has not been solved**, but the same crash is not reproducable in the later versions. After reviewing the code, I found an initiailized address space `proxy->modern_cfg_mem_as` introduced by  [`55fa4be`](vscode-file://vscode-app/Applications/Visual%20Studio%20Code.app/Contents/Resources/app/out/vs/code/electron-sandbox/workbench/workbench.html "Inspect Commit Details") in `virtio_pci@hw/virtio/virtio-pci.c` will not be destroyed if the later realization is failed. 
+This will cause memory leak of the device object, which has unused reference and will not be destroyed.
+
+Relative Code in `virtio_pci_realize@virtio-pci.c`:
+
+```c
+/* subclasses can enforce modern, so do this unconditionally */
+memory_region_init(&proxy->modern_bar, OBJECT(proxy), "virtio-pci",
+                    /* PCI BAR regions must be powers of 2 */
+                    pow2ceil(proxy->notify.offset + proxy->notify.size));
+
+address_space_init(&proxy->modern_cfg_mem_as, &proxy->modern_bar,
+                    "virtio-pci-cfg-mem-as");
+
+if (proxy->disable_legacy == ON_OFF_AUTO_AUTO) {
+    proxy->disable_legacy = pcie_port ? ON_OFF_AUTO_ON : ON_OFF_AUTO_OFF;
+}
+```"""
+reproduce = """```bash
+cat <<EOF | qemu-system-i386 -M q35 -nodefaults -chardev stdio,id=char0 -mon char0 -device pcie-pci-bridge,id=br1,bus=pcie.0
+device_add virtio-net,failover=on,rx_queue_size=0,bus=br1,id=dev0
+device_add virtio-net,failover=on,bus=br1,id=dev0
+quit
+EOF
+```
+
+**This will cause UAF report in version `9.0.2`, but will not in `9.2.0`,** despite the bug still existing in code."""
+additional = """For ASAN report, please refer to #2440."""