Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
On Mon, Aug 15, 2016 at 09:51:21PM +0200, Gaudenz Steinlin wrote: > Stefan Hajnoczi writes: > > > Gaudenz Steinlin reported that virtqueue_pop() > > terminates > > QEMU because the virtqueue size is exceeded following the CVE-2016-5403 > > fix. I > > have been unable to reproduce this or understand the root cause by code > > inspection. Along the way I did discover a few bugs in virtio-balloon and > > virtio code. > > > > Please see the individual patches for details. > > > > Gaudenz: If you can reproduce the bug you reported, please try again with > > these > > patches applied. > > As mentioned in the original thread I only tested on QEMU 2.0.0 so far. > I tried to apply your patches to this version, but did not succeed. I > could not apply the first patch in the series because the code changed > too much and with only the others applied QEMU failed to compile. I gave > up at that point. > > Does it make sense at all to test these patches on 2.0.0? Ubuntu > reverted the problematic fix in their latest package update for trusty, > so my immediate problem is "solved". Is there a chance to get a fix for > CVE-2016-5403 that works on QEMU 2.0.0 without breaking migrations? > > Best regards and thanks to all for the effort so far, > Gaudenz You will have to debug the failure I'm afraid. Most likely inuse is incremented in pop but not decremented. Maybe you need commit 0cf33fb6b49a19de32859e2cdc6021334f448fb3 Author: Jason Wang Date: Fri Sep 25 13:21:30 2015 +0800 virtio-net: correctly drop truncated packets It's hard to say. -- MST
Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
Stefan Hajnoczi writes: > Gaudenz Steinlin reported that virtqueue_pop() terminates > QEMU because the virtqueue size is exceeded following the CVE-2016-5403 fix. > I > have been unable to reproduce this or understand the root cause by code > inspection. Along the way I did discover a few bugs in virtio-balloon and > virtio code. > > Please see the individual patches for details. > > Gaudenz: If you can reproduce the bug you reported, please try again with > these > patches applied. As mentioned in the original thread I only tested on QEMU 2.0.0 so far. I tried to apply your patches to this version, but did not succeed. I could not apply the first patch in the series because the code changed too much and with only the others applied QEMU failed to compile. I gave up at that point. Does it make sense at all to test these patches on 2.0.0? Ubuntu reverted the problematic fix in their latest package update for trusty, so my immediate problem is "solved". Is there a chance to get a fix for CVE-2016-5403 that works on QEMU 2.0.0 without breaking migrations? Best regards and thanks to all for the effort so far, Gaudenz signature.asc Description: PGP signature
Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
Hi, Your series failed automatic build test. Please find the testing commands and their output below. If you have docker installed, you can probably reproduce it locally. Message-id: 1471015978-1123-1-git-send-email-stefa...@redhat.com Subject: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration Type: series === TEST SCRIPT BEGIN === #!/bin/bash set -e git submodule update --init dtc make J=8 docker-test-quick@centos6 # we need CURL DPRINTF patch # http://patchew.org/QEMU/1470027888-24381-1-git-send-email-famz%40redhat.com/ #make J=8 docker-test-mingw@fedora === TEST SCRIPT END === Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384 Switched to a new branch 'test' 65e5867 virtio-balloon: fix stats vq migration c2514f9 virtio: add virtqueue_rewind() b743840 virtio: decrement vq->inuse in virtqueue_discard() eb5b274 virtio: recalculate vq->inuse after migration === OUTPUT BEGIN === Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc' Cloning into 'dtc'... Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf' BUILD centos6 ARCHIVE qemu.tgz ARCHIVE dtc.tgz COPY RUNNER RUN test-quick in centos6 No C++ compiler available; disabling C++ specific optional code Install prefix/tmp/qemu-test/src/tests/docker/install BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu binary directory /tmp/qemu-test/src/tests/docker/install/bin library directory /tmp/qemu-test/src/tests/docker/install/lib module directory /tmp/qemu-test/src/tests/docker/install/lib/qemu libexec directory /tmp/qemu-test/src/tests/docker/install/libexec include directory /tmp/qemu-test/src/tests/docker/install/include config directory /tmp/qemu-test/src/tests/docker/install/etc local state directory /tmp/qemu-test/src/tests/docker/install/var Manual directory /tmp/qemu-test/src/tests/docker/install/share/man ELF interp prefix /usr/gnemul/qemu-%M Source path /tmp/qemu-test/src C compilercc Host C compiler cc C++ compiler Objective-C compiler cc ARFLAGS rv CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -g QEMU_CFLAGS -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -Wendif-labels -Wmissing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration -Wold-style-definition -Wtype-limits -fstack-protector-all LDFLAGS -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g make make install install pythonpython -B smbd /usr/sbin/smbd module supportno host CPU x86_64 host big endian no target list x86_64-softmmu aarch64-softmmu tcg debug enabled no gprof enabled no sparse enabledno strip binariesyes profiler no static build no pixmansystem SDL support yes (1.2.14) GTK support no GTK GL supportno VTE support no TLS priority NORMAL GNUTLS supportno GNUTLS rndno libgcrypt no libgcrypt kdf no nettleno nettle kdfno libtasn1 no curses supportno virgl support no curl support no mingw32 support no Audio drivers oss Block whitelist (rw) Block whitelist (ro) VirtFS supportno VNC support yes VNC SASL support no VNC JPEG support no VNC PNG support no xen support no brlapi supportno bluez supportno Documentation no PIE yes vde support no netmap supportno Linux AIO support no ATTR/XATTR support yes Install blobs yes KVM support yes RDMA support no TCG interpreter no fdt support yes preadv supportyes fdatasync yes madvise yes posix_madvise yes uuid support no libcap-ng support no vhost-net support yes vhost-scsi support yes Trace backendslog spice support no rbd support no xfsctl supportno smartcard support no libusbno usb net redir no OpenGL supportno OpenGL dmabufsno libiscsi support no libnfs supportno build guest agent yes QGA VSS support no QGA w32 disk info no QGA MSI support no seccomp support no coroutine backend ucontext coroutine poolyes GlusterFS support no Archipelago support no gcov gcov gcov enabled no TPM support yes libssh2 support no TPM passthrough yes QOM debugging yes vhdx no lzo support no snappy supportno bzip2 support no NUMA host support no tcmalloc support no jemalloc support no avx2 optimization no GEN x86_64-softmmu/config-devices.mak.tmp GEN aarch64-softmmu/config-devices.mak.tmp GEN config-host.h GEN qemu-options.def