From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [Qemu-devel] Re: [PATCH] whitelist host virtio networking features
 [was Re: qemu-kvm-0.11 regression, crashes on older ...]
Date: Mon, 02 Nov 2009 12:55:36 -0600
Message-ID: <4AEF2B28.6000303@codemonkey.ws>
References: <1256815818-sup-7805@xpc65.scottt> <1256818566.10825.58.camel@blaa> <4AE9A299.5060003@codemonkey.ws> <1256826351.10825.69.camel@blaa> <4AE9A90F.1060108@codemonkey.ws> <1256827719.10825.75.camel@blaa> <1256830455.25064.155.camel@x200> <d9c105ea0910301415n74efc9f2i3f8b2646217f44cb@mail.gmail.com> <1257172722.5075.7.camel@blaa> <4AEEFDCE.1000006@codemonkey.ws> <20091102155228.GB9655@shareable.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Mark McLoughlin <markmc@redhat.com>,
	Scott Tsai <scottt.tw@gmail.com>, kvm <kvm@vger.kernel.org>,
	Dustin Kirkland <kirkland@canonical.com>,
	Rusty Russell <rusty@rustcorp.com.au>,
	qemu-devel <qemu-devel@nongnu.org>, jdstrand@canonical.com,
	Marc Deslauriers <marc.deslauriers@canonical.com>,
	kees.cook@canonical.com
To: Jamie Lokier <jamie@shareable.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from qw-out-2122.google.com ([74.125.92.27]:59108 "EHLO
	qw-out-2122.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755523AbZKBSze (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 2 Nov 2009 13:55:34 -0500
Received: by qw-out-2122.google.com with SMTP id 9so1180238qwb.37
        for <kvm@vger.kernel.org>; Mon, 02 Nov 2009 10:55:39 -0800 (PST)
In-Reply-To: <20091102155228.GB9655@shareable.org>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Jamie Lokier wrote:
> Anthony Liguori wrote:
>   
>> Mark McLoughlin wrote:
>>     
>>>> Canonical's Ubuntu Security Team will be filing a CVE on this issue,
>>>> since there is a bit of an attack vector here, and since
>>>> qemu-kvm-0.11.0 is generally available as an official release (and now
>>>> part of Ubuntu 9.10).
>>>>
>>>> Guests running linux <= 2.6.25 virtio-net (e.g Ubuntu 8.04 hardy) on
>>>> top of qemu-kvm-0.11.0 can be remotely crashed by a non-privileged
>>>> network user flooding an open port on the guest.  The crash happens in
>>>> a manner that abruptly terminates the guest's execution (ie, without
>>>> shutting down cleanly).  This may affect the guest filesystem's
>>>> general happiness.
>>>>    
>>>>         
>>> IMHO, the CVE should be against the 2.6.25 virtio drivers - the bug is
>>> in the guest and the issue we're discussing here is just a hacky
>>> workaround for the guest bug.
>>>  
>>>       
>> Yeah, I'm inclined to agree.  The guest generates bad data and we exit.  
>> exit()ing is probably not wonderful but it's a well understood behavior.
>>
>> The fundamental bug here is in the guest, not in qemu.
>>     
>
> Guests should never be able to crash or terminate qemu, unless they
> call something that is intentionally an "exit qemu" hook for the
> guest.  And even that should be possible to disable.
>   

They can exit qemu via an ACPI shutdown.  I don't see the difference.

Regards,

Anthony Liguori