[Qemu-devel] [Bug 1581936] Re: Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)
** Changed in: qemu Status: Confirmed => Fix Committed ** Changed in: qemu Status: Fix Committed => Confirmed ** Also affects: qemu (Fedora) via https://bugzilla.redhat.com/cgi-bin/bugreport.cgi?bug=1339267 Importance: Unknown Status: Unknown ** No longer affects: qemu (Fedora) ** Changed in: qemu Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1581936 Title: Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1) Status in QEMU: Fix Committed Bug description: Hi, As already posted on the QEMU devel list [1] I stumbled upon a problem with QEMU in version 2.5.1.1 and 2.6.0. the VM shows Windows loading files for the installation, then the "Starting Windows" screen appears here it hangs and never continues. Changing the "-vga" option to cirrus solves this, the installation can proceed and finish. When changing back to std (or also qxl, vmware) the installed VM also hangs on the "Starting Windows" screen while qemu showing a little but no excessive load. This phenomena appears also with QEMU 2.6.0 but not with 2.6.0-rc4, a git bisect shows fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7 (vga: make sure vga register setup for vbe stays intact (CVE-2016-3712)) as the culprit for this regression, as its a fix for a DoS its not an option to just revert it, I guess. The bisect log is: git bisect start # bad: [bfc766d38e1fae5767d43845c15c79ac8fa6d6af] Update version for v2.6.0 release git bisect bad bfc766d38e1fae5767d43845c15c79ac8fa6d6af # good: [975eb6a547f809608ccb08c221552f11af25] Update version for v2.6.0-rc4 release git bisect good 975eb6a547f809608ccb08c221552f11af25 # good: [2068192dcccd8a80dddfcc8df6164cf9c26e0fc4] vga: update vga register setup on vbe changes git bisect good 2068192dcccd8a80dddfcc8df6164cf9c26e0fc4 # bad: [53db932604dfa7bb9241d132e0173894cf54261c] Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160509-1' into staging git bisect bad 53db932604dfa7bb9241d132e0173894cf54261c # bad: [fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). git bisect bad fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7 # first bad commit: [fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). I could reproduce that with QEMU 2.5.1 and QEMU 2.6 on a Debian derivate (Promox VE) with 4.4 Kernel and also with QEMU 2.6 on an Arch Linux System with a 4.5 Kernel, so it should not be host distro depended. Both machines have Intel x86_64 processors. The problem should be reproducible with said Versions or a build from git including the above mentioned commit (fd3c136) by starting a VM with an Windows 7 ISO, e.g.: Freezing installation (as vga defaults to std I marked it as optional): ./x86_64-softmmu/qemu-system-x86_64 -boot d -cdrom win7.iso -m 1024 [-vga (std|qxl|vmware)] Working installation: ./x86_64-softmmu/qemu-system-x86_64 -boot d -cdrom win7.iso -m 1024 -vga cirrus If someone has already an installed Windows 7 VM this behaviour should be also observable when trying to start it with the new versions of QEMU. Noteworthy may be that Windows 10 is working, I do not had time to get other Windows versions and test them, I'll do that as soon as possible. Various Linux system also seems do work fine, at least I did not ran into an issue there yet. I also tried testing with SeaBIOS and OVMF as firmware, as initially I had no idea what broke, both lead to the same result - without the CVE-2016-3712 fix they both work, with not. Further, KVM enabled and disabled does not make any difference. [1] http://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg02416.html To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1581936/+subscriptions
[Qemu-devel] [Bug 1590796] Re: 2.6.0 Windows 7 install hangs on splash screen, works ok with 2.5.1
*** This bug is a duplicate of bug 1581936 *** https://bugs.launchpad.net/bugs/1581936 ** This bug has been marked a duplicate of bug 1581936 Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1590796 Title: 2.6.0 Windows 7 install hangs on splash screen, works ok with 2.5.1 Status in QEMU: New Bug description: Hi maintainers, I have tried to install Windows 7 SP1 from the ISO. The install process hangs on the windows 4 color logo with qemu 2.6.0, it works and installs fine with 2.5.1. This is the script I used with 2.5.1 and it works perfectly fine: #!/bin/sh exec qemu-system-x86_64 \ -enable-kvm \ -uuid 0ec801a0-d215-464b-a658-8f43a24cb62e \ -machine q35 \ -cpu host \ -smp cores=2,threads=2 \ -drive file=disk/ovmfcode.flash,format=raw,readonly,if=pflash \ -drive file=disk/ovmfvars.flash,format=raw,if=pflash \ -drive file=disk/windows7.img,discard=unmap,detect-zeroes=unmap,cache=unsafe,if=virtio \ -drive file=ISO/windows7.iso,media=cdrom \ -drive file=ISO/virtiowin.iso,media=cdrom \ -netdev tap,id=nic-0,ifname=tap0,vhost=on,script=no,downscript=no \ -net nic,macaddr=52:54:00:01:00:01,netdev=nic-0,model=virtio \ -m 4G \ -vga qxl \ -soundhw ac97 \ -usbdevice tablet \ -rtc clock=host,base=utc \ -name "Windows 7" \ -monitor telnet:127.0.0.1:2001,server,nowait \ -daemonize The same hangs on the splash screen with 2.6.0 Even the following simple script behaves the same and hangs at splash screen with 2.6.0: #!/bin/sh exec qemu-system-x86_64 \ -drive file=disk/windows7.img,if=ide \ -drive file=ISO/windows7.iso,media=cdrom \ -name "Windows 7" \ $@ The ISO is Windows 7 Ultimate english version, Service Pack 1. I reproduced the same behaviour on Gentoo and Arch, with the Qemu versions provided on both distributions. Cheers To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1590796/+subscriptions
[Qemu-devel] [Bug 1589153] Re: qemu-system-x86_64 version 2.5.0 freezes during windows 7 installation in lubuntu 16.04
*** This bug is a duplicate of bug 1581936 *** https://bugs.launchpad.net/bugs/1581936 ** This bug has been marked a duplicate of bug 1581936 Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1589153 Title: qemu-system-x86_64 version 2.5.0 freezes during windows 7 installation in lubuntu 16.04 Status in QEMU: New Bug description: Hi! I have been using qemu - kvm for several years in different versions of ubuntu (lubuntu). I am trying to migrate from 15.04 to 16.04 and am having a problem. In particular, on my machine (a samsung series 9 with dual core i7 processor and 8gb ram) the following commands worked in 15.04 but do not work in 15.10 and 16.04. FYI, I tested them on a clean machine, where I have created a 60GB image file in its own partition.. In particular, I am using the command to start installing windows 7 and it works in a clean install of 15.04 (yesterday) but not in 15.10 (yesterday) or 16.04 (the day before). I do not get any error messages in my xterminal when running this and do not know how to check for windows error messages. By not working I mean that after loading files it gets to a windows screen and then stays there forever. The command lines used to invoke qemu is: echo "*** Installing windows 7 virtual machine - Step 2" echo "*** Try command for slow mouse" export SDL_VIDEO_X11_DGAMOUSE=0 sudo qemu-system-x86_64 \ -enable-kvm \ -machine pc,accel=kvm \ -cdrom /home/Archives/Software/OperatingSystems.Windows7HP.64/Windows7HP64_Install.iso \ -boot d \ -net nic,macaddr=56:44:45:30:31:34 \ -net user \ -cpu host \ -vga qxl \ -spice port=5900,disable-ticketing \ -uuid 8373c3d6-1e6c-f022-38e2-b94e6e14e170 \ -smp cpus=2,maxcpus=3 \ -m 6144 \ -name DrPhilSS9AWin7VM \ -hda /mnt/Windows7Image/Windows7Guest.img \ -localtime \ -k en-us \ -usb \ -usbdevice tablet& sleep 10 spicy --host 127.0.0.1 --port 5900 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1589153/+subscriptions
[Qemu-devel] [Bug 1585008] Re: Windows 7 guests hang on bootup when qxl video is used
*** This bug is a duplicate of bug 1581936 *** https://bugs.launchpad.net/bugs/1581936 ** This bug is no longer a duplicate of bug 1591724 Windows 7 installation DVD can't boot in qemu 2.6.0/OVMF ** This bug has been marked a duplicate of bug 1581936 Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1585008 Title: Windows 7 guests hang on bootup when qxl video is used Status in QEMU: New Status in qemu package in Ubuntu: Fix Released Bug description: I installed libvirt-bin and virt-manager on Ubuntu 16.04. I created a new VM for Windows 7, basically with default settings, which includes qxl video.. The Windows boot process hangs with the "Starting Windows" animation. CPU and disk I/O drop to zero, and it continues animating forever and ever... It never finishes booting. But it doesn't fully "hang" either: the animation continues to animate. As a workaround, I set the video mode to "Cirrus" and then Windows boots but it is slow and limited. And also apparently to be avoided: https://www.kraxel.org/blog/2014/10/qemu-using-cirrus-considered- harmful/ I can confirm it's only when qxl is enabled, because if I switch from Cirrus back to qxl, it hangs again - and going back to Cirrus again "fixes" the problem. This issue is also reported elsewhere: http://serverfault.com/questions/776406/windows-7-setup-hangs-at- starting-windows-using-proxmox-4-2 https://forum.proxmox.com/threads/win7-setup-hangs-in-proxmox- ve-4-2.27388/ To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1585008/+subscriptions
[Qemu-devel] [Bug 1591724] Re: Windows 7 installation DVD can't boot in qemu 2.6.0/OVMF
*** This bug is a duplicate of bug 1581936 *** https://bugs.launchpad.net/bugs/1581936 ** This bug has been marked a duplicate of bug 1581936 Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1591724 Title: Windows 7 installation DVD can't boot in qemu 2.6.0/OVMF Status in QEMU: Fix Committed Bug description: With Qemu 2.5.50 (compiled from git some time ago) I can boot Windows 7 x64 installation DVD as follows: ~/code/qemu-v2/bin/slic-v2/native/x86_64-softmmu/qemu-system-x86_64 \ -machine type=pc,accel=kvm \ -enable-kvm \ -cpu host \ -m 2048 \ -vga cirrus \ -boot d \ -drive if=pflash,file=/vms/ovmf_x64_firstrun.bin,format=raw \ -cdrom /vms/win7_sp1.iso \ -monitor stdio This bug suggests different vga options https://bugs.launchpad.net/qemu/+bug/1581936. Here's the behaviours I'm getting with 2.6.0: std - "Starting Windows" with wavering flag hangs indefinitely cirrus - at "Starting Windows" wasps of light freeze before assembling into a flag qxl - "Starting Windows" with wavering flag hangs indefinitely virtio - "Starting Windows" with wavering flag hangs indefinitely To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1591724/+subscriptions
[Qemu-devel] [Bug 1581936] Re: Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)
So this is fixed upstream, in Fedora and ARCH. Can we expect a fix for xenial? This is quite a show stopper. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1581936 Title: Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1) Status in QEMU: Confirmed Bug description: Hi, As already posted on the QEMU devel list [1] I stumbled upon a problem with QEMU in version 2.5.1.1 and 2.6.0. the VM shows Windows loading files for the installation, then the "Starting Windows" screen appears here it hangs and never continues. Changing the "-vga" option to cirrus solves this, the installation can proceed and finish. When changing back to std (or also qxl, vmware) the installed VM also hangs on the "Starting Windows" screen while qemu showing a little but no excessive load. This phenomena appears also with QEMU 2.6.0 but not with 2.6.0-rc4, a git bisect shows fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7 (vga: make sure vga register setup for vbe stays intact (CVE-2016-3712)) as the culprit for this regression, as its a fix for a DoS its not an option to just revert it, I guess. The bisect log is: git bisect start # bad: [bfc766d38e1fae5767d43845c15c79ac8fa6d6af] Update version for v2.6.0 release git bisect bad bfc766d38e1fae5767d43845c15c79ac8fa6d6af # good: [975eb6a547f809608ccb08c221552f11af25] Update version for v2.6.0-rc4 release git bisect good 975eb6a547f809608ccb08c221552f11af25 # good: [2068192dcccd8a80dddfcc8df6164cf9c26e0fc4] vga: update vga register setup on vbe changes git bisect good 2068192dcccd8a80dddfcc8df6164cf9c26e0fc4 # bad: [53db932604dfa7bb9241d132e0173894cf54261c] Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160509-1' into staging git bisect bad 53db932604dfa7bb9241d132e0173894cf54261c # bad: [fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). git bisect bad fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7 # first bad commit: [fd3c136b3e1482cd0ec7285d6bc2a3e6a62c38d7] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). I could reproduce that with QEMU 2.5.1 and QEMU 2.6 on a Debian derivate (Promox VE) with 4.4 Kernel and also with QEMU 2.6 on an Arch Linux System with a 4.5 Kernel, so it should not be host distro depended. Both machines have Intel x86_64 processors. The problem should be reproducible with said Versions or a build from git including the above mentioned commit (fd3c136) by starting a VM with an Windows 7 ISO, e.g.: Freezing installation (as vga defaults to std I marked it as optional): ./x86_64-softmmu/qemu-system-x86_64 -boot d -cdrom win7.iso -m 1024 [-vga (std|qxl|vmware)] Working installation: ./x86_64-softmmu/qemu-system-x86_64 -boot d -cdrom win7.iso -m 1024 -vga cirrus If someone has already an installed Windows 7 VM this behaviour should be also observable when trying to start it with the new versions of QEMU. Noteworthy may be that Windows 10 is working, I do not had time to get other Windows versions and test them, I'll do that as soon as possible. Various Linux system also seems do work fine, at least I did not ran into an issue there yet. I also tried testing with SeaBIOS and OVMF as firmware, as initially I had no idea what broke, both lead to the same result - without the CVE-2016-3712 fix they both work, with not. Further, KVM enabled and disabled does not make any difference. [1] http://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg02416.html To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1581936/+subscriptions
