|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] Re: [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...] |
Date: | Mon, 02 Nov 2009 12:55:36 -0600 |
User-agent: | Thunderbird 2.0.0.23 (X11/20090825) |
Jamie Lokier wrote:
Anthony Liguori wrote:Mark McLoughlin wrote:Yeah, I'm inclined to agree. The guest generates bad data and we exit. exit()ing is probably not wonderful but it's a well understood behavior.Canonical's Ubuntu Security Team will be filing a CVE on this issue, since there is a bit of an attack vector here, and since qemu-kvm-0.11.0 is generally available as an official release (and now part of Ubuntu 9.10). Guests running linux <= 2.6.25 virtio-net (e.g Ubuntu 8.04 hardy) on top of qemu-kvm-0.11.0 can be remotely crashed by a non-privileged network user flooding an open port on the guest. The crash happens in a manner that abruptly terminates the guest's execution (ie, without shutting down cleanly). This may affect the guest filesystem's general happiness.IMHO, the CVE should be against the 2.6.25 virtio drivers - the bug is in the guest and the issue we're discussing here is just a hacky workaround for the guest bug.The fundamental bug here is in the guest, not in qemu.Guests should never be able to crash or terminate qemu, unless they call something that is intentionally an "exit qemu" hook for the guest. And even that should be possible to disable.
They can exit qemu via an ACPI shutdown. I don't see the difference. Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |