Re: [Qemu-devel] Regression with windows 7 VMs and VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)

[Stefan Weil <sw@weilnetz.de>]

[-- Attachment #1: Type: text/plain, Size: 3283 bytes --]

Am 15.05.2016 um 01:13 schrieb Thomas Lamprecht:
> Hi all,
>
> I recently ran into Problems when trying to install some Windows VMs
> this was after an update to QEMU 2.5.1.1, the VM shows Windows loading
> files for the installation, then the "Starting Windows" screen appears
> here it hangs and never continues.
>
> Changing the "-vga" option to cirrus solves this, the installation can
> proceed and finish. When changing back to std (or also qxl, vmware) the
> installed VM also hangs on the "Starting Windows" screen while qemu
> showing a little but no excessive load.
>
> This phenomena appears also with QEMU 2.6.0 but not with 2.6.0-rc4, a
> git bisect shows fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7 (vga: make
> sure vga register setup for vbe stays intact (CVE-2016-3712)) as the
> culprit for this regression, as its a fix for a DoS its not an option to
> just revert it, I guess.
> The (short) bisect log is:
>
> git bisect start
> # bad: [bfc766d38e1fae5767d43845c15c79ac8fa6d6af] Update version for v2.6.0 release
> git bisect bad bfc766d38e1fae5767d43845c15c79ac8fa6d6af
> # good: [975eb6a547f809608ccb08c221552f666611af25] Update version for v2.6.0-rc4 release
> git bisect good 975eb6a547f809608ccb08c221552f666611af25
> # good: [2068192dcccd8a80dddfcc8df6164cf9c26e0fc4] vga: update vga register setup on vbe changes
> git bisect good 2068192dcccd8a80dddfcc8df6164cf9c26e0fc4
> # bad: [53db932604dfa7bb9241d132e0173894cf54261c] Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160509-1' into staging
> git bisect bad 53db932604dfa7bb9241d132e0173894cf54261c
>
> I could reproduce that with QEMU 2.5.1 and QEMU 2.6 on a Debian derivate
> (Promox VE) with 4.4 Kernel and also with QEMU 2.6 on an Arch Linux
> System with a 4.5 Kernel, so it should not be host distro depended. Both
> machines have Intel x86_64 processors.
> The problem should be reproducible with said Versions or a build from
> git including the above mentioned commit (fd3c136) by starting a VM with
> an Windows 7 ISO, e.g.:
>
> Hanging installation
> ./x86_64-softmmu/qemu-system-x86_64 -boot d -cdrom win7.iso -m 1024
>
> Working installation:
> ./x86_64-softmmu/qemu-system-x86_64 -boot d -cdrom win7.iso -m 1024 -vga cirrus
>
> Noteworthy may be that Windows 10 is working, I do not had time to get
> other Windows versions and test them, I'll do that as soon as possible.
> Various Linux system also seems to work fine, at least I did not ran
> into an issue there yet.
>
> I also tried testing with SeaBIOS and OVMF, as initially I had no idea
> what broke, both lead to the same result - without the CVE-2016-3712 fix
> they both work, with not.
> Further, KVM enabled and disabled does not make any difference.
>
> If I can take any further step, e.g. open a bug report at another place
> or help with testing I'd glad to do so.
>
> best regards,
> Thomas

Hi Thomas,

thanks for the bug report.

I added Gerd to the address list, so I'm sure your report will be noticed.

Bugs can be reported at Launchpad (see
http://wiki.qemu.org/Contribute/ReportABug).
Maybe your report could be posted there, too, so people looking for
known problems
will find it at the well known location.

Cheers
Stefan



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]