From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, hreitz@redhat.com, berrange@redhat.com,
qemu-block@nongnu.org, den@virtuozzo.com,
andrey.drobyshev@virtuozzo.com, alexander.ivanov@virtuozzo.com,
vsementsov@yandex-team.ru
Subject: [PATCH for-9.1 v4 0/7] CVE-2024-7409
Date: Wed, 7 Aug 2024 12:43:26 -0500 [thread overview]
Message-ID: <20240807174943.771624-9-eblake@redhat.com> (raw)
v3 was here:
https://lists.gnu.org/archive/html/qemu-devel/2024-08/msg00818.html
since then:
- re-add a minor patch from v2 (now patch 1)
- refactor how the client opaque pointer is handled (patch 2)
- add two new patches to prevent malicious clients from consuming
inordinate resources: change the default max-connections from
unlimited to capped at 100 (patch 3), and add code to kill any
client that takes longer than 10 seconds after connect to reach
NBD_OPT_GO (patch 4) [Dan]
- squash the connection list handling into a single patch (5) [Dan]
- two new additional patches for reverting back to 9.0 behavior for
integration testing purposes; I'm okay if these last two miss 9.1
Eric Blake (7):
nbd: Minor style fixes
nbd/server: Plumb in new args to nbd_client_add()
nbd/server: CVE-2024-7409: Change default max-connections to 100
nbd/server: CVE-2024-7409: Drop non-negotiating clients
nbd/server: CVE-2024-7409: Close stray client sockets at shutdown
qemu-nbd: Allow users to adjust handshake limit
nbd/server: Allow users to adjust handshake limit in QMP
docs/tools/qemu-nbd.rst | 5 +++
qapi/block-export.json | 18 +++++++---
include/block/nbd.h | 20 +++++++++--
block/monitor/block-hmp-cmds.c | 3 +-
blockdev-nbd.c | 62 +++++++++++++++++++++++++++++++---
nbd/server.c | 51 +++++++++++++++++++++++++---
qemu-nbd.c | 44 ++++++++++++++++--------
nbd/trace-events | 1 +
8 files changed, 173 insertions(+), 31 deletions(-)
--
2.45.2
next reply other threads:[~2024-08-07 17:51 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-07 17:43 Eric Blake [this message]
2024-08-07 17:43 ` [PATCH v4 1/7] nbd: Minor style fixes Eric Blake
2024-08-07 17:55 ` Daniel P. Berrangé
2024-08-07 17:43 ` [PATCH v4 2/7] nbd/server: Plumb in new args to nbd_client_add() Eric Blake
2024-08-07 17:58 ` Daniel P. Berrangé
2024-08-07 21:00 ` Eric Blake
2024-08-07 17:43 ` [PATCH v4 3/7] nbd/server: CVE-2024-7409: Change default max-connections to 100 Eric Blake
2024-08-07 18:24 ` Daniel P. Berrangé
2024-08-07 21:23 ` Eric Blake
2024-08-07 17:43 ` [PATCH v4 4/7] nbd/server: CVE-2024-7409: Drop non-negotiating clients Eric Blake
2024-08-07 18:28 ` Daniel P. Berrangé
2024-08-07 17:43 ` [PATCH v4 5/7] nbd/server: CVE-2024-7409: Close stray client sockets at shutdown Eric Blake
2024-08-07 18:29 ` Daniel P. Berrangé
2024-08-07 21:30 ` Eric Blake
2024-08-07 17:43 ` [PATCH v4 6/7] qemu-nbd: Allow users to adjust handshake limit Eric Blake
2024-08-07 17:43 ` [PATCH v4 7/7] nbd/server: Allow users to adjust handshake limit in QMP Eric Blake
2024-08-22 10:57 ` [PATCH for-9.1 v4 0/7] CVE-2024-7409 Denis V. Lunev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240807174943.771624-9-eblake@redhat.com \
--to=eblake@redhat.com \
--cc=alexander.ivanov@virtuozzo.com \
--cc=andrey.drobyshev@virtuozzo.com \
--cc=berrange@redhat.com \
--cc=den@virtuozzo.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).