[PATCH QEMU for-4.7] main loop: Big hammer to fix logfile disk DoS in Xen setups

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: Wei Liu <wei.liu2@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Anthony PERARD <anthony.perard@citrix.com>,
	Wei Liu <wei.liu2@citrix.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>
Subject: [PATCH QEMU for-4.7] main loop: Big hammer to fix logfile disk DoS in Xen setups
Date: Thu, 26 May 2016 16:21:56 +0100	[thread overview]
Message-ID: <1464276116-8412-2-git-send-email-wei.liu2@citrix.com> (raw)
In-Reply-To: <1464276116-8412-1-git-send-email-wei.liu2@citrix.com>

From: Ian Jackson <ian.jackson@eu.citrix.com>

Each time round the main loop, we now fstat stderr.  If it is too big,
we dup2 /dev/null onto it.  This is not a very pretty patch but it is
very simple, easy to see that it's correct, and has a low risk of
collateral damage.

The limit is 1Mby by default but can be adjusted by setting a new
environment variable.

This fixes CVE-2014-3672.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Tested-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

Set the default to 0 so that it won't affect non-xen installation. The
limit will be set by Xen toolstack.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
 main-loop.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/main-loop.c b/main-loop.c
index 3997043..aa32f5b 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -164,6 +164,50 @@ int qemu_init_main_loop(Error **errp)
     return 0;
 }
 
+static void check_cve_2014_3672_xen(void)
+{
+    static unsigned long limit = ~0UL;
+    const int fd = 2;
+    struct stat stab;
+
+    if (limit == ~0UL) {
+        const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT");
+        /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */
+        limit = s ? strtoul(s,0,0) : 0;
+    }
+    if (limit == 0)
+        return;
+
+    int r = fstat(fd, &stab);
+    if (r) {
+        perror("fstat stderr (for CVE-2014-3672 check)");
+        exit(-1);
+    }
+    if (!S_ISREG(stab.st_mode))
+        return;
+    if (stab.st_size <= limit)
+        return;
+
+    /* oh dear */
+    fprintf(stderr,"\r\n"
+            "Closing stderr due to CVE-2014-3672 limit. "
+            " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override,"
+            " or 0 for no limit.\n");
+    fflush(stderr);
+
+    int nfd = open("/dev/null", O_WRONLY);
+    if (nfd < 0) {
+        perror("open /dev/null (for CVE-2014-3672 check)");
+        exit(-1);
+    }
+    r = dup2(nfd, fd);
+    if (r != fd) {
+        perror("dup2 /dev/null (for CVE-2014-3672 check)");
+        exit(-1);
+    }
+    close(nfd);
+}
+
 static int max_priority;
 
 #ifndef _WIN32
@@ -216,6 +260,8 @@ static int os_host_main_loop_wait(int64_t timeout)
     int ret;
     static int spin_counter;
 
+    check_cve_2014_3672_xen();
+
     glib_pollfds_fill(&timeout);
 
     /* If the I/O thread is very busy or we are incorrectly busy waiting in
@@ -407,6 +453,8 @@ static int os_host_main_loop_wait(int64_t timeout)
     fd_set rfds, wfds, xfds;
     int nfds;
 
+    check_cve_2014_3672_xen();
+
     /* XXX: need to suppress polling by better using win32 events */
     ret = 0;
     for (pe = first_polling_entry; pe != NULL; pe = pe->next) {
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2016-05-26 15:22 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-26 15:19 [PATCH for-4.7] XSA-180 patches for 4.7 Wei Liu
2016-05-26 15:21 ` [PATCH for-4.7] libxl: set XEN_QEMU_CONSOLE_LIMIT for QEMU Wei Liu
2016-05-26 15:21   ` Wei Liu [this message]
2016-05-26 15:36     ` [PATCH QEMU for-4.7] main loop: Big hammer to fix logfile disk DoS in Xen setups George Dunlap
2016-05-26 15:39       ` Wei Liu
2016-05-26 15:42     ` Ian Jackson
2016-05-26 16:10     ` Anthony PERARD
2016-05-26 16:50       ` Anthony PERARD
2016-05-26 15:41   ` [PATCH for-4.7] libxl: set XEN_QEMU_CONSOLE_LIMIT for QEMU Ian Jackson
2016-05-26 15:47     ` Wei Liu
2016-05-26 15:54       ` Wei Liu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3997043 dfblob:aa32f5b )
 OR (
bs:"[PATCH QEMU for-4.7] main loop: Big hammer to fix logfile disk DoS in Xen setups" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1464276116-8412-2-git-send-email-wei.liu2@citrix.com \
    --to=wei.liu2@citrix.com \
    --cc=anthony.perard@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).