From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11
 regression, crashes on older ...]
Date: Mon, 02 Nov 2009 09:42:06 -0600
Message-ID: <4AEEFDCE.1000006@codemonkey.ws>
References: <d9c105ea0910281222u76a61a2by3cc924e85d40a865@mail.gmail.com>	 <1256807803.10825.39.camel@blaa> <1256815818-sup-7805@xpc65.scottt>	 <1256818566.10825.58.camel@blaa> <4AE9A299.5060003@codemonkey.ws>	 <1256826351.10825.69.camel@blaa> <4AE9A90F.1060108@codemonkey.ws>	 <1256827719.10825.75.camel@blaa> <1256830455.25064.155.camel@x200>	 <d9c105ea0910301415n74efc9f2i3f8b2646217f44cb@mail.gmail.com> <1257172722.5075.7.camel@blaa>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Dustin Kirkland <kirkland@canonical.com>,
	Scott Tsai <scottt.tw@gmail.com>,
	qemu-devel <qemu-devel@nongnu.org>, kvm <kvm@vger.kernel.org>,
	Rusty Russell <rusty@rustcorp.com.au>, jdstrand@canonical.com,
	kees.cook@canonical.com,
	Marc Deslauriers <marc.deslauriers@canonical.com>
To: Mark McLoughlin <markmc@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-gx0-f212.google.com ([209.85.217.212]:36345 "EHLO
	mail-gx0-f212.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755324AbZKBPmF (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 2 Nov 2009 10:42:05 -0500
Received: by gxk4 with SMTP id 4so4294850gxk.8
        for <kvm@vger.kernel.org>; Mon, 02 Nov 2009 07:42:09 -0800 (PST)
In-Reply-To: <1257172722.5075.7.camel@blaa>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Mark McLoughlin wrote:
>> Canonical's Ubuntu Security Team will be filing a CVE on this issue,
>> since there is a bit of an attack vector here, and since
>> qemu-kvm-0.11.0 is generally available as an official release (and now
>> part of Ubuntu 9.10).
>>
>> Guests running linux <= 2.6.25 virtio-net (e.g Ubuntu 8.04 hardy) on
>> top of qemu-kvm-0.11.0 can be remotely crashed by a non-privileged
>> network user flooding an open port on the guest.  The crash happens in
>> a manner that abruptly terminates the guest's execution (ie, without
>> shutting down cleanly).  This may affect the guest filesystem's
>> general happiness.
>>     
>
> IMHO, the CVE should be against the 2.6.25 virtio drivers - the bug is
> in the guest and the issue we're discussing here is just a hacky
> workaround for the guest bug.
>   

Yeah, I'm inclined to agree.  The guest generates bad data and we exit.  
exit()ing is probably not wonderful but it's a well understood behavior.

The fundamental bug here is in the guest, not in qemu.

Regards,

Anthony Liguori

> Cheers,
> Mark.
>
>