From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59491) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b1sR7-0002f6-Gj for qemu-devel@nongnu.org; Sun, 15 May 2016 05:34:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b1sR4-0000Oo-8E for qemu-devel@nongnu.org; Sun, 15 May 2016 05:34:09 -0400 Received: from [2a03:4000:1::4e2f:c7ac:d] (port=57021 helo=mail.weilnetz.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b1sR3-0000Oi-US for qemu-devel@nongnu.org; Sun, 15 May 2016 05:34:06 -0400 References: From: Stefan Weil Message-ID: <57384159.6060605@weilnetz.de> Date: Sun, 15 May 2016 11:28:57 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="EopLINpopwQNweq0SFcmot8xHPMR4npkj" Subject: Re: [Qemu-devel] Regression with windows 7 VMs and VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Thomas Lamprecht , qemu-devel@nongnu.org, Gerd Hoffmann This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EopLINpopwQNweq0SFcmot8xHPMR4npkj Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Am 15.05.2016 um 01:13 schrieb Thomas Lamprecht: > Hi all, > > I recently ran into Problems when trying to install some Windows VMs > this was after an update to QEMU 2.5.1.1, the VM shows Windows loading > files for the installation, then the "Starting Windows" screen appears > here it hangs and never continues. > > Changing the "-vga" option to cirrus solves this, the installation can > proceed and finish. When changing back to std (or also qxl, vmware) the= > installed VM also hangs on the "Starting Windows" screen while qemu > showing a little but no excessive load. > > This phenomena appears also with QEMU 2.6.0 but not with 2.6.0-rc4, a > git bisect shows fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7 (vga: make > sure vga register setup for vbe stays intact (CVE-2016-3712)) as the > culprit for this regression, as its a fix for a DoS its not an option t= o > just revert it, I guess. > The (short) bisect log is: > > git bisect start > # bad: [bfc766d38e1fae5767d43845c15c79ac8fa6d6af] Update version for v2= =2E6.0 release > git bisect bad bfc766d38e1fae5767d43845c15c79ac8fa6d6af > # good: [975eb6a547f809608ccb08c221552f666611af25] Update version for v= 2.6.0-rc4 release > git bisect good 975eb6a547f809608ccb08c221552f666611af25 > # good: [2068192dcccd8a80dddfcc8df6164cf9c26e0fc4] vga: update vga regi= ster setup on vbe changes > git bisect good 2068192dcccd8a80dddfcc8df6164cf9c26e0fc4 > # bad: [53db932604dfa7bb9241d132e0173894cf54261c] Merge remote-tracking= branch 'remotes/kraxel/tags/pull-vga-20160509-1' into staging > git bisect bad 53db932604dfa7bb9241d132e0173894cf54261c > > I could reproduce that with QEMU 2.5.1 and QEMU 2.6 on a Debian derivat= e > (Promox VE) with 4.4 Kernel and also with QEMU 2.6 on an Arch Linux > System with a 4.5 Kernel, so it should not be host distro depended. Bot= h > machines have Intel x86_64 processors. > The problem should be reproducible with said Versions or a build from > git including the above mentioned commit (fd3c136) by starting a VM wit= h > an Windows 7 ISO, e.g.: > > Hanging installation > ./x86_64-softmmu/qemu-system-x86_64 -boot d -cdrom win7.iso -m 1024 > > Working installation: > ./x86_64-softmmu/qemu-system-x86_64 -boot d -cdrom win7.iso -m 1024 -vg= a cirrus > > Noteworthy may be that Windows 10 is working, I do not had time to get > other Windows versions and test them, I'll do that as soon as possible.= > Various Linux system also seems to work fine, at least I did not ran > into an issue there yet. > > I also tried testing with SeaBIOS and OVMF, as initially I had no idea > what broke, both lead to the same result - without the CVE-2016-3712 fi= x > they both work, with not. > Further, KVM enabled and disabled does not make any difference. > > If I can take any further step, e.g. open a bug report at another place= > or help with testing I'd glad to do so. > > best regards, > Thomas Hi Thomas, thanks for the bug report. I added Gerd to the address list, so I'm sure your report will be noticed= =2E Bugs can be reported at Launchpad (see http://wiki.qemu.org/Contribute/ReportABug). Maybe your report could be posted there, too, so people looking for known problems will find it at the well known location. Cheers Stefan --EopLINpopwQNweq0SFcmot8xHPMR4npkj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXOEFaAAoJEOCMIdVndFCtflkP/jrPlJsUkViWJyxtEWvA4nny Jmlvy7IxW/oGtFv3Gxvw9JtOAxqP1M0lZxFx/0SqVXyqGVaSfnaRYTSKD1FGMDaF NEjH0stJ9udEdwgXnBiUrJgH65r+SI7DJ5x5/QwM8lyntKfS/p9d3Yd/0eVRL8cT hyxXO68ZfV6BLqei+R7arCiPZX5/v00eNSmLkfk6dfYwkC6OQREuSKJ1Szkki9lX tz/t88LFktTeIFmWoLOjqCDL4eA8Z0UGR6mkxEkUSMuoKlBZ6hLlH9o6UcgwZ5RR W1PsRl7sRFJUIzYuv9+WmaInteReVjdG1lQlVN83mOvVpKtCeoIT9XkgHGIvW2t4 GDt95TOxdQTQG9y4uldNCuAuJfdjUVNGUvIL3yP8J60zWX3fbTky8TPAfbbT2R3O VJxyPdgbpigQ9zaTsTnKBu1VL3ETtI3YFD8zV4CT49nO7UcId8q/SUq1PH9Z/jeO vqq39iwuREZmpLZxn2B4MfCpg1kalqzHqzLi0Be1yoK55653eBquF7lfL87q33oc 0tCu9vJwzCgUwdKXHFpipVAlQtyN3RcdtSOmWe5LyZROXPk3DDinUtivNKTYU4OF /k8sirHAMemzKqsTj9doto2t/1SnD9N82s3B40soi3AAr2jBiGKL+3jKSqwduiqw tRl1CNaSVk9LnmEXtaqY =TBsP -----END PGP SIGNATURE----- --EopLINpopwQNweq0SFcmot8xHPMR4npkj--