[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migrat
From: |
Michael S. Tsirkin |
Subject: |
Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration |
Date: |
Tue, 16 Aug 2016 00:26:34 +0300 |
On Mon, Aug 15, 2016 at 09:51:21PM +0200, Gaudenz Steinlin wrote:
> Stefan Hajnoczi <address@hidden> writes:
>
> > Gaudenz Steinlin <address@hidden> reported that virtqueue_pop() terminates
> > QEMU because the virtqueue size is exceeded following the CVE-2016-5403
> > fix. I
> > have been unable to reproduce this or understand the root cause by code
> > inspection. Along the way I did discover a few bugs in virtio-balloon and
> > virtio code.
> >
> > Please see the individual patches for details.
> >
> > Gaudenz: If you can reproduce the bug you reported, please try again with
> > these
> > patches applied.
>
> As mentioned in the original thread I only tested on QEMU 2.0.0 so far.
> I tried to apply your patches to this version, but did not succeed. I
> could not apply the first patch in the series because the code changed
> too much and with only the others applied QEMU failed to compile. I gave
> up at that point.
>
> Does it make sense at all to test these patches on 2.0.0? Ubuntu
> reverted the problematic fix in their latest package update for trusty,
> so my immediate problem is "solved". Is there a chance to get a fix for
> CVE-2016-5403 that works on QEMU 2.0.0 without breaking migrations?
>
> Best regards and thanks to all for the effort so far,
> Gaudenz
You will have to debug the failure I'm afraid.
Most likely inuse is incremented in pop but not
decremented.
Maybe you need
commit 0cf33fb6b49a19de32859e2cdc6021334f448fb3
Author: Jason Wang <address@hidden>
Date: Fri Sep 25 13:21:30 2015 +0800
virtio-net: correctly drop truncated packets
It's hard to say.
--
MST
- [Qemu-devel] [PATCH for-2.7 4/4] virtio-balloon: fix stats vq migration, (continued)
- [Qemu-devel] [PATCH for-2.7 4/4] virtio-balloon: fix stats vq migration, Stefan Hajnoczi, 2016/08/12
- [Qemu-devel] [PATCH for-2.7 3/4] virtio: add virtqueue_rewind(), Stefan Hajnoczi, 2016/08/12
- [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration, Stefan Hajnoczi, 2016/08/12
- Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration, no-reply, 2016/08/12
- Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration, Gaudenz Steinlin, 2016/08/15
- Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration,
Michael S. Tsirkin <=