From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1N4y5l-0006yQ-GS for qemu-devel@nongnu.org; Mon, 02 Nov 2009 09:41:09 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1N4y5g-0006vq-MT for qemu-devel@nongnu.org; Mon, 02 Nov 2009 09:41:09 -0500 Received: from [199.232.76.173] (port=36632 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1N4y5g-0006vk-I5 for qemu-devel@nongnu.org; Mon, 02 Nov 2009 09:41:04 -0500 Received: from mx1.redhat.com ([209.132.183.28]:45642) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1N4y5g-0005l5-1L for qemu-devel@nongnu.org; Mon, 02 Nov 2009 09:41:04 -0500 From: Mark McLoughlin In-Reply-To: References: <1256807803.10825.39.camel@blaa> <1256815818-sup-7805@xpc65.scottt> <1256818566.10825.58.camel@blaa> <4AE9A299.5060003@codemonkey.ws> <1256826351.10825.69.camel@blaa> <4AE9A90F.1060108@codemonkey.ws> <1256827719.10825.75.camel@blaa> <1256830455.25064.155.camel@x200> Content-Type: text/plain Date: Mon, 02 Nov 2009 09:38:42 -0500 Message-Id: <1257172722.5075.7.camel@blaa> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] Re: [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...] Reply-To: Mark McLoughlin List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Dustin Kirkland Cc: Scott Tsai , kvm , Rusty Russell , qemu-devel , jdstrand@canonical.com, Marc Deslauriers , kees.cook@canonical.com On Fri, 2009-10-30 at 16:15 -0500, Dustin Kirkland wrote: > On Thu, Oct 29, 2009 at 10:34 AM, Dustin Kirkland > wrote: > > whitelist host virtio networking features > > > > This patch is a followup to 8eca6b1bc770982595db2f7207c65051572436cb, > > fixing crashes when guests with 2.6.25 virtio drivers have saturated > > virtio network connections. > > > > https://bugs.edge.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521 > > > > That patch should have been whitelisting *_HOST_* rather than the the > > *_GUEST_* features. > > > > I tested this by running an Ubuntu 8.04 Hardy guest (2.6.24 kernel + > > 2.6.25-virtio driver). I saturated both the incoming, and outgoing > > network connection with nc, seeing sustained 6MB/s up and 6MB/s down > > bitrates for ~20 minutes. Previously, this crashed immediately. Now, > > the guest does not crash and maintains network connectivity throughout > > the test. > > > FYI... Thanks for the notice > Canonical's Ubuntu Security Team will be filing a CVE on this issue, > since there is a bit of an attack vector here, and since > qemu-kvm-0.11.0 is generally available as an official release (and now > part of Ubuntu 9.10). > > Guests running linux <= 2.6.25 virtio-net (e.g Ubuntu 8.04 hardy) on > top of qemu-kvm-0.11.0 can be remotely crashed by a non-privileged > network user flooding an open port on the guest. The crash happens in > a manner that abruptly terminates the guest's execution (ie, without > shutting down cleanly). This may affect the guest filesystem's > general happiness. IMHO, the CVE should be against the 2.6.25 virtio drivers - the bug is in the guest and the issue we're discussing here is just a hacky workaround for the guest bug. Cheers, Mark.