From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1N3yoj-0008ID-LB for qemu-devel@nongnu.org; Fri, 30 Oct 2009 17:15:29 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1N3yoe-0008HV-AC for qemu-devel@nongnu.org; Fri, 30 Oct 2009 17:15:28 -0400 Received: from [199.232.76.173] (port=33677 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1N3yoe-0008HS-6y for qemu-devel@nongnu.org; Fri, 30 Oct 2009 17:15:24 -0400 Received: from mail-bw0-f212.google.com ([209.85.218.212]:33768) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1N3yod-0008UX-Tb for qemu-devel@nongnu.org; Fri, 30 Oct 2009 17:15:24 -0400 Received: by bwz4 with SMTP id 4so4410357bwz.2 for ; Fri, 30 Oct 2009 14:15:22 -0700 (PDT) MIME-Version: 1.0 Sender: dustin.kirkland@gmail.com In-Reply-To: <1256830455.25064.155.camel@x200> References: <1256807803.10825.39.camel@blaa> <1256815818-sup-7805@xpc65.scottt> <1256818566.10825.58.camel@blaa> <4AE9A299.5060003@codemonkey.ws> <1256826351.10825.69.camel@blaa> <4AE9A90F.1060108@codemonkey.ws> <1256827719.10825.75.camel@blaa> <1256830455.25064.155.camel@x200> Date: Fri, 30 Oct 2009 16:15:22 -0500 Message-ID: From: Dustin Kirkland Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] Re: [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...] List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Mark McLoughlin Cc: Scott Tsai , kvm , Rusty Russell , qemu-devel , jdstrand@canonical.com, Marc Deslauriers , kees.cook@canonical.com On Thu, Oct 29, 2009 at 10:34 AM, Dustin Kirkland wrote: > whitelist host virtio networking features > > This patch is a followup to 8eca6b1bc770982595db2f7207c65051572436cb, > fixing crashes when guests with 2.6.25 virtio drivers have saturated > virtio network connections. > > https://bugs.edge.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521 > > That patch should have been whitelisting *_HOST_* rather than the the > *_GUEST_* features. > > I tested this by running an Ubuntu 8.04 Hardy guest (2.6.24 kernel + > 2.6.25-virtio driver). =A0I saturated both the incoming, and outgoing > network connection with nc, seeing sustained 6MB/s up and 6MB/s down > bitrates for ~20 minutes. =A0Previously, this crashed immediately. =A0Now= , > the guest does not crash and maintains network connectivity throughout > the test. FYI... Canonical's Ubuntu Security Team will be filing a CVE on this issue, since there is a bit of an attack vector here, and since qemu-kvm-0.11.0 is generally available as an official release (and now part of Ubuntu 9.10). Guests running linux <=3D 2.6.25 virtio-net (e.g Ubuntu 8.04 hardy) on top of qemu-kvm-0.11.0 can be remotely crashed by a non-privileged network user flooding an open port on the guest. The crash happens in a manner that abruptly terminates the guest's execution (ie, without shutting down cleanly). This may affect the guest filesystem's general happiness. :-Dustin