So I tested Len's patch, and it does seem to work. However, I can't seem to understand why the below line is necessary, when upstream qemu has virtually identical code, and does not need this line. It almost makes me wonder if CVE-2016-5403-3.patch is incorrectly decrementing the inuse counter in our version of qemu.
" vdev->vq[i].inuse = (inuse_tmp < 0 ? 0 : inuse_tmp); " @Len in the failing case are you always seeing a inuse value of -1? I'm building a test qemu without 2016-5403-3 right now. The risk of removing that would be that we'd have a possible leak. It's at least worth a check. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5403 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647389 Title: Regression: Live migrations can still crash after CVE-2016-5403 fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1647389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs