Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memo

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memo

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled
Date:	Fri, 12 Aug 2016 11:42:17 +0100
User-agent:	Mutt/1.6.2 (2016-07-01)

On Thu, Aug 11, 2016 at 09:18:12AM +0200, Gaudenz Steinlin wrote:
> 
> [ Please CC me on replies as I'm not subscribed to this list. ]
> 
> Hi 
> 
> The Fix for CVE-2016-5403 (virtio: error out if guest exceeds virtqueue
> size)[1] causes qemu to exit(1) after migration or restart from a saved
> state if memory statistics are enabled in libvirt. Qemu exits after
> printing "qemu-system-x86_64: Virtqueue size exceeded".
> 
> I experienced this problem with the latest security update in Ubuntu
> Trusty (14.04) which cherry-picked this fix. If you think that the
> latest upstream version is not affected I can try this too. I only
> tested with VM started through libvirt. If someone tells me how to
> enable memory statistics with plain qemu without libvirt I can test this
> too. My guess would be that this does not make a difference.
> 
> I discovered this bug because OpenStack Nova enables memory statistics
> by default since the Juno release. After the QEMU upgrade to the latest
> version in Ubuntu VMs were suddenly shutoff after migration.
> 
> Steps to reproduce:
> 1. Create a VM with libvirt which contains a memory balloon device
> defined like this:
> <memballoon model='virtio'>
>    <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
>    <stats period='10'/>
> </memballoon>
> 
> 2. Start the VM and let the Linux kernel boot (bug does not appear if
>    the kernel is not yet booted, eg. while in the PXE boot phase)
> 3. Issue a managedsave
> 4. Start the VM again
> 5. The VM is restored and "crashes" right after it starts running again.
> 6. You can find the qemu output "qemu-system-x86_64: Virtqueue size
>    exceeded" in the log at /var/log/libvirt/vmname.log

I couldn't reproduce this with qemu.git/master (28b874429ba) and a RHEL
7.2 guest.

Which guest distro and kernel version are you using?

Are you doing anything that might cause virtio-balloon activity?

Stefan

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled, Gaudenz Steinlin, 2016/08/11
- Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled, Stefan Hajnoczi <=
  - Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled, Gaudenz Steinlin, 2016/08/14
    - Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled, Gaudenz Steinlin, 2016/08/14
    - Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled, Stefan Hajnoczi, 2016/08/16

Prev by Date: Re: [Qemu-devel] [PATCH v2] help: Update help to reflect that GTK is the default
Next by Date: Re: [Qemu-devel] [PATCH] net: vmxnet: check fragments count at pkt initialisation
Previous by thread: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled
Next by thread: Re: [Qemu-devel] Fix for CVE-2016-5403 causes crash on migration if memory stats are enabled
Index(es):
- Date
- Thread