From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35605)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <pl@kamp.de>)
	id 1YsctX-0008B2-57
	for qemu-devel@nongnu.org; Wed, 13 May 2015 16:04:44 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pl@kamp.de>) id 1YsctV-0006vH-0Q
	for qemu-devel@nongnu.org; Wed, 13 May 2015 16:04:43 -0400
Received: from mx-v6.kamp.de ([2a02:248:0:51::16]:56001 helo=mx01.kamp.de)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <pl@kamp.de>)
	id 1YsctU-0006ut-M2
	for qemu-devel@nongnu.org; Wed, 13 May 2015 16:04:40 -0400
Message-ID: <5553AE53.6050800@kamp.de>
Date: Wed, 13 May 2015 22:04:35 +0200
From: Peter Lieven <pl@kamp.de>
MIME-Version: 1.0
References: <1431527602-29889-1-git-send-email-jsnow@redhat.com>	<55539D17.7010000@weilnetz.de>	<55539EFA.6050605@profihost.ag>	<5553A07E.6070608@weilnetz.de>	<5553A17D.4090308@profihost.ag>	<5553A651.3060508@kamp.de>	<877fsccl19.fsf@blackfin.pond.sub.org>
	<5553ADBF.6060005@kamp.de> <5553ADFB.2060105@redhat.com>
In-Reply-To: <5553ADFB.2060105@redhat.com>
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [Qemu-stable] [PATCH] fdc: force the fifo access
 to be in bounds of the allocated buffer
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: John Snow <jsnow@redhat.com>, Markus Armbruster <armbru@redhat.com>
Cc: peter.maydell@linaro.org, Stefan Weil <sw@weilnetz.de>, Petr Matousek <pmatouse@redhat.com>, qemu-devel@nongnu.org, qemu-stable@nongnu.org

Am 13.05.2015 um 22:03 schrieb John Snow:
>
> On 05/13/2015 04:02 PM, Peter Lieven wrote:
>> Am 13.05.2015 um 21:52 schrieb Markus Armbruster:
>>> Peter Lieven <pl@kamp.de> writes:
>>>
>>>> Am 13.05.2015 um 21:09 schrieb Stefan Priebe:
>>>>> Am 13.05.2015 um 21:05 schrieb Stefan Weil:
>>>>>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe:
>>>>>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I just noticed this patch because my provider told me that my KVM based
>>>>>>>> server
>>>>>>>> needs a reboot because of a CVE (see this German news:
>>>>>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html)
>>>>>>>>
>>>>>>> Isn't a live migration to a fixed version enough instead of a reboot?
>>>>>>>
>>>>>>> Stefan
>>>>>> Good point. A live migration would be sufficient - if there are no bugs
>>>>>> in QEMU's live migration.
>>>>> just migrating all our customer machines and wanted to be sure that
>>>>> live migration is enough.
>>>> Just to confirm: If Qemu is started with -nodefaults and there is no
>>>> fdc configuration the system is not affected by this CVE?
>>> Not true.  The FD controller is still there.  It has no drives attached
>>> then, but is vulnerable all the same.
>> Are you sure? With -nodefaults the hmp command 'info block' returns nothing and
>> the guest sees no floppy drive.
>>
>> Without -nodefaults I indeed see floppy0 and I have /dev/fd0 in the guest respectively.
>>
>> Peter
>>
> It's not the *drive* that is the problem, it is the *controller*.
>
Okay, and indeed in the qtree I see the isa-fdc.

Thanks for sorting that out.

Thank you,
Peter