From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44750) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bZfNT-0006Yv-FU for qemu-devel@nongnu.org; Tue, 16 Aug 2016 10:30:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bZfNP-0006th-9U for qemu-devel@nongnu.org; Tue, 16 Aug 2016 10:30:02 -0400 Received: from mail-wm0-x22b.google.com ([2a00:1450:400c:c09::22b]:37001) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bZfNO-0006tW-UZ for qemu-devel@nongnu.org; Tue, 16 Aug 2016 10:29:59 -0400 Received: by mail-wm0-x22b.google.com with SMTP id i5so171862256wmg.0 for ; Tue, 16 Aug 2016 07:29:58 -0700 (PDT) Date: Tue, 16 Aug 2016 15:29:55 +0100 From: Stefan Hajnoczi Message-ID: <20160816142955.GA7561@stefanha-x1.localdomain> References: <87h9aru62z.fsf@meteor.durcheinandertal.bofh> <20160812104217.GF10583@stefanha-x1.localdomain> <87popbrt0m.fsf@meteor.durcheinandertal.bofh> <87lgzzrsmn.fsf@meteor.durcheinandertal.bofh> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline In-Reply-To: <87lgzzrsmn.fsf@meteor.durcheinandertal.bofh> Subject: Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gaudenz Steinlin Cc: qemu-devel@nongnu.org --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 14, 2016 at 10:40:48PM +0200, Gaudenz Steinlin wrote: > Gaudenz Steinlin writes: >=20 > > Hi > > > > Stefan Hajnoczi writes: > > > >> [ Unknown signature status ] > >> On Thu, Aug 11, 2016 at 09:18:12AM +0200, Gaudenz Steinlin wrote: > >>>=20 > >>> [ Please CC me on replies as I'm not subscribed to this list. ] > >>>=20 > >>> Hi=20 > >>>=20 > >>> The Fix for CVE-2016-5403 (virtio: error out if guest exceeds virtque= ue > >>> size)[1] causes qemu to exit(1) after migration or restart from a sav= ed > >>> state if memory statistics are enabled in libvirt. Qemu exits after > >>> printing "qemu-system-x86_64: Virtqueue size exceeded". > >>>=20 > >>> I experienced this problem with the latest security update in Ubuntu > >>> Trusty (14.04) which cherry-picked this fix. If you think that the > >>> latest upstream version is not affected I can try this too. I only > >>> tested with VM started through libvirt. If someone tells me how to > >>> enable memory statistics with plain qemu without libvirt I can test t= his > >>> too. My guess would be that this does not make a difference. > >>>=20 > >>> I discovered this bug because OpenStack Nova enables memory statistics > >>> by default since the Juno release. After the QEMU upgrade to the late= st > >>> version in Ubuntu VMs were suddenly shutoff after migration. > >>>=20 > >>> Steps to reproduce: > >>> 1. Create a VM with libvirt which contains a memory balloon device > >>> defined like this: > >>> > >>>
> >>> > >>> > >>>=20 > >>> 2. Start the VM and let the Linux kernel boot (bug does not appear if > >>> the kernel is not yet booted, eg. while in the PXE boot phase) > >>> 3. Issue a managedsave > >>> 4. Start the VM again > >>> 5. The VM is restored and "crashes" right after it starts running aga= in. > >>> 6. You can find the qemu output "qemu-system-x86_64: Virtqueue size > >>> exceeded" in the log at /var/log/libvirt/vmname.log > >> > >> I couldn't reproduce this with qemu.git/master (28b874429ba) and a RHEL > >> 7.2 guest. > >> > >> Which guest distro and kernel version are you using? > > > > I just retested and ran into the bug with the following guest OSs: > > - Ubuntu 16.04 (Linux ubuntu-1604 4.4.0-24-generic #43-Ubuntu SMP Wed J= un 8 19:27:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux) > > - Ubuntu 14.04 (Linux ubuntu-1404 3.13.0-88-generic #135-Ubuntu SMP Wed= Jun 8 21:10:42 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux)=20 > > - Debian 8.5 (Linux debian 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+= deb8u3 (2016-07-02) x86_64 GNU/Linu) > > - Centos 7 (Linux centos 3.10.0-327.18.2.el7.x86_64 #1 SMP Thu May 12 1= 1:03:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux > > - Arch 16.07 (Linux arch 4.6.4-1-ARCH #1 SMP PREEMPT Mon Jul 11 19:12:3= 2 CEST 2016 x86_64 GNU/Linux) > > - CoreOS 1010.5.0 (Linux coreos.openstacklocal 4.5.0-coreos-r1 #2 SMP T= hu May 26 22:21:06 UTC 2016 x86_64 Intel Xeon E312xx (Sandy Bridge) Genuine= Intel GNU/Linux) > > > > So it's reproducible with a wide range of Linux OSes and kernel > > versions for me. I used the Ubuntu packaged qemu version > > 2.0.0+dfsg-2ubuntu1.26. The version 2.0.0+dfsg-2ubuntu1.26 which has the > > fix for CVE-2016-5403 reversed does not have the bug. So it seems quite > > obvious that at least backporting this fix to 2.0.0 is not safe. >=20 > See also https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1612089 > where Marc Deslauriers from Ubuntu reports that he can reproduce this as > well with Qemu 2.0.0 but not with Qemu 2.6 from Ubuntu Yakkety. >=20 > I will try the patches you posted later. Okay, the Ubuntu package maintainers will have to take a look. Stefan --0F1p//8PRICkK4MW Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXsyNjAAoJEJykq7OBq3PIOGoH/RI/b44RcEeSVwlzEB2LjOEK KaCSKuqB2qGjuNv17lQoceG4qC4tiLC/hu3yq+02C37cvWomx2giRAa319JEv6XU 5btmUeem23cNM8HV92orL88nNK9QoRM4PBjg58/Gmo/GLKaMYDtyu7AEsfwhhROy oPBQWDeaZV+ka94yG/tZEmaucCep48XPUhGxFyKKiC+7pYrcS7IH2plXxImvI3cr 8xZ6FiDo1lr63PD7YPrkjOrg0/DbMouJMkyWdbHk8lcFesnRsP/IdgX81d2L0wP5 HSDiP62AO5Ili7Q5lMj+lyJwuAof3dPfPjr8E8bdqUwMv5emd/LAI+igie4kEWY= =Wwqt -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW--