From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dustin Kirkland Subject: Re: [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...] Date: Mon, 2 Nov 2009 10:58:44 -0600 Message-ID: References: <1256815818-sup-7805@xpc65.scottt> <1256818566.10825.58.camel@blaa> <4AE9A299.5060003@codemonkey.ws> <1256826351.10825.69.camel@blaa> <4AE9A90F.1060108@codemonkey.ws> <1256827719.10825.75.camel@blaa> <1256830455.25064.155.camel@x200> <1257172722.5075.7.camel@blaa> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Anthony Liguori , Scott Tsai , qemu-devel , kvm , Rusty Russell , jdstrand@canonical.com, kees.cook@canonical.com, Marc Deslauriers To: Mark McLoughlin Return-path: Received: from mail-bw0-f227.google.com ([209.85.218.227]:59218 "EHLO mail-bw0-f227.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755969AbZKBQ6l convert rfc822-to-8bit (ORCPT ); Mon, 2 Nov 2009 11:58:41 -0500 Received: by bwz27 with SMTP id 27so6525190bwz.21 for ; Mon, 02 Nov 2009 08:58:45 -0800 (PST) In-Reply-To: <1257172722.5075.7.camel@blaa> Sender: kvm-owner@vger.kernel.org List-ID: On Mon, Nov 2, 2009 at 8:38 AM, Mark McLoughlin wro= te: > On Fri, 2009-10-30 at 16:15 -0500, Dustin Kirkland wrote: >> Canonical's Ubuntu Security Team will be filing a CVE on this issue, >> since there is a bit of an attack vector here, and since >> qemu-kvm-0.11.0 is generally available as an official release (and n= ow >> part of Ubuntu 9.10). >> >> Guests running linux <=3D 2.6.25 virtio-net (e.g Ubuntu 8.04 hardy) = on >> top of qemu-kvm-0.11.0 can be remotely crashed by a non-privileged >> network user flooding an open port on the guest. =A0The crash happen= s in >> a manner that abruptly terminates the guest's execution (ie, without >> shutting down cleanly). =A0This may affect the guest filesystem's >> general happiness. > > IMHO, the CVE should be against the 2.6.25 virtio drivers - the bug i= s > in the guest and the issue we're discussing here is just a hacky > workaround for the guest bug. Kees/Jamie/Marc- I think Mark has a good point. This bug has two parts. Ultimately, it's triggered by a buggy virtio-net implementation in the Ubuntu 8.04 kernel (as well as any others using the circa 2.6.25 virtio net code). The CVE should probably mention (or focus on) this too. The qemu-kvm patch is still a good thing to do, as it shouldn't just exit and terminate the VM, so that's needed as well. :-Dustin