From f2082b3f2f542cdef2779878301eac96d887d3b5 Mon Sep 17 00:00:00 2001
From: Chen Qun <kuhn.chenqun@huawei.com>
Date: Mon, 16 Mar 2020 14:48:43 +0800
Subject: [PATCH] fix some issue for monitor and iscsi

block/iscsi: use MIN() between mx_sb_len and sb_len_wr
monitor: fix memory leak in monitor_fdset_dup_fd_find_remove

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
---
 ...-MIN-between-mx_sb_len-and-sb_len_wr.patch | 30 +++++++++++++
 ...ry-leak-in-monitor_fdset_dup_fd_find.patch | 45 +++++++++++++++++++
 qemu.spec                                     |  8 +++-
 ...eak-in-xhci_kick_epctx-when-poweroff.patch |  2 +-
 4 files changed, 83 insertions(+), 2 deletions(-)
 create mode 100644 block-iscsi-use-MIN-between-mx_sb_len-and-sb_len_wr.patch
 create mode 100644 monitor-fix-memory-leak-in-monitor_fdset_dup_fd_find.patch

diff --git a/block-iscsi-use-MIN-between-mx_sb_len-and-sb_len_wr.patch b/block-iscsi-use-MIN-between-mx_sb_len-and-sb_len_wr.patch
new file mode 100644
index 00000000..ba53c1dd
--- /dev/null
+++ b/block-iscsi-use-MIN-between-mx_sb_len-and-sb_len_wr.patch
@@ -0,0 +1,30 @@
+From 547b06bb04287eb97ffb02e213aa8466c15cce65 Mon Sep 17 00:00:00 2001
+From: Chen Qun <kuhn.chenqun@huawei.com>
+Date: Mon, 16 Mar 2020 14:35:34 +0800
+Subject: [PATCH] block/iscsi: use MIN() between mx_sb_len and sb_len_wr
+
+Use MIN() macro between mx_sb_len and sb_len_wr the len for sbp copy data.
+
+Reported-by: Euler Robot <euler.robot@huawei.com>
+Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
+---
+ block/iscsi.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/block/iscsi.c b/block/iscsi.c
+index 3f86aaf..5c3c598 100644
+--- a/block/iscsi.c
++++ b/block/iscsi.c
+@@ -989,8 +989,7 @@ iscsi_aio_ioctl_cb(struct iscsi_context *iscsi, int status,
+         acb->ioh->driver_status |= SG_ERR_DRIVER_SENSE;
+ 
+         acb->ioh->sb_len_wr = acb->task->datain.size - 2;
+-        ss = (acb->ioh->mx_sb_len >= acb->ioh->sb_len_wr) ?
+-             acb->ioh->mx_sb_len : acb->ioh->sb_len_wr;
++        ss = MIN(acb->ioh->mx_sb_len, acb->ioh->sb_len_wr);
+         memcpy(acb->ioh->sbp, &acb->task->datain.data[2], ss);
+     }
+ 
+-- 
+1.8.3.1
+
diff --git a/monitor-fix-memory-leak-in-monitor_fdset_dup_fd_find.patch b/monitor-fix-memory-leak-in-monitor_fdset_dup_fd_find.patch
new file mode 100644
index 00000000..51f4113b
--- /dev/null
+++ b/monitor-fix-memory-leak-in-monitor_fdset_dup_fd_find.patch
@@ -0,0 +1,45 @@
+From 6f7a7f18f4460b0891eabbe1ca69e599216427b7 Mon Sep 17 00:00:00 2001
+From: Chen Qun <kuhn.chenqun@huawei.com>
+Date: Mon, 16 Mar 2020 14:26:06 +0800
+Subject: [PATCH] moniter: fix memleak in monitor_fdset_dup_fd_find_remove
+
+When remove dup_fd in monitor_fdset_dup_fd_find_remove function,
+we need to free mon_fdset_fd_dup. ASAN shows memory leak stack:
+
+Direct leak of 96 byte(s) in 3 object(s) allocated from:
+    #0 0xfffd37b033b3 in __interceptor_calloc (/lib64/libasan.so.4+0xd33b3)
+    #1 0xfffd375c71cb in g_malloc0 (/lib64/libglib-2.0.so.0+0x571cb)
+    #2 0xaaae25bf1c17 in monitor_fdset_dup_fd_add /qemu/monitor.c:2576
+    #3 0xaaae265cfd8f in qemu_open /qemu/util/osdep.c:315
+    #4 0xaaae264e2b2b in qmp_chardev_open_file_source /qemu/chardev/char-fd.c:122
+    #5 0xaaae264e47cf in qmp_chardev_open_file /qemu/chardev/char-file.c:81
+    #6 0xaaae264e118b in qemu_char_open /qemu/chardev/char.c:237
+    #7 0xaaae264e118b in qemu_chardev_new /qemu/chardev/char.c:964
+    #8 0xaaae264e1543 in qemu_chr_new_from_opts /qemu/chardev/char.c:680
+    #9 0xaaae25e12e0f in chardev_init_func /qemu/vl.c:2083
+    #10 0xaaae26603823 in qemu_opts_foreach /qemu/util/qemu-option.c:1170
+    #11 0xaaae258c9787 in main /qemu/vl.c:4089
+    #12 0xfffd35b80b9f in __libc_start_main (/lib64/libc.so.6+0x20b9f)
+
+Reported-by: Euler Robot <euler.robot@huawei.com>
+Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
+(cherry picked from commit a661614de18c89f58cad3fc1bb8aab44e820183a)
+---
+ monitor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/monitor.c b/monitor.c
+index 4807bbe..b5b15b5 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -2596,6 +2596,7 @@ static int monitor_fdset_dup_fd_find_remove(int dup_fd, bool remove)
+             if (mon_fdset_fd_dup->fd == dup_fd) {
+                 if (remove) {
+                     QLIST_REMOVE(mon_fdset_fd_dup, next);
++                    g_free(mon_fdset_fd_dup);
+                     if (QLIST_EMPTY(&mon_fdset->dup_fds)) {
+                         monitor_fdset_cleanup(mon_fdset);
+                     }
+-- 
+1.8.3.1
+
diff --git a/qemu.spec b/qemu.spec
index 80f35383..6f399ac2 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.0.1
-Release: 8
+Release: 9
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY
@@ -47,6 +47,8 @@ Patch0034: tcp_emu-Fix-oob-access.patch
 Patch0035: slirp-use-correct-size-while-emulating-IRC-commands.patch
 Patch0036: slirp-use-correct-size-while-emulating-commands.patch
 Patch0037: tcp_emu-fix-unsafe-snprintf-usages.patch
+Patch0038: block-iscsi-use-MIN-between-mx_sb_len-and-sb_len_wr.patch 
+Patch0039: monitor-fix-memory-leak-in-monitor_fdset_dup_fd_find.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -380,6 +382,10 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Thu Mar 16 2020 Huawei Technologies Co., Ltd. <kuhn.chenqun@huawei.com>
+- moniter: fix memleak in monitor_fdset_dup_fd_find_remove
+- block/iscsi: use MIN() between mx_sb_len and sb_len_wr
+
 * Wed Mar 11 2020 backport from qemu upstream
 - tcp_emu: Fix oob access
 - slirp: use correct size while emulating IRC commands
diff --git a/xhci-Fix-memory-leak-in-xhci_kick_epctx-when-poweroff.patch b/xhci-Fix-memory-leak-in-xhci_kick_epctx-when-poweroff.patch
index 9679374e..7d226e65 100644
--- a/xhci-Fix-memory-leak-in-xhci_kick_epctx-when-poweroff.patch
+++ b/xhci-Fix-memory-leak-in-xhci_kick_epctx-when-poweroff.patch
@@ -34,7 +34,7 @@ Direct leak of 80 byte(s) in 5 object(s) allocated from:
     #20 0xfffd1c77616b  (/lib64/libc.so.6+0xd616b)
 
 Reported-by: Euler Robot <euler.robot@huawei.com>
-Signed-off-by: Chen Qun <kuhn.chenqun@h
+Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 ---
  hw/usb/hcd-xhci.c | 1 +
  1 file changed, 1 insertion(+)
-- 
Gitee