Jamie Lokier wrote:
Anthony Liguori wrote:
Mark McLoughlin wrote:
Canonical's Ubuntu Security Team will be filing a CVE on this issue,
since there is a bit of an attack vector here, and since
qemu-kvm-0.11.0 is generally available as an official release (and now
part of Ubuntu 9.10).
Guests running linux <= 2.6.25 virtio-net (e.g Ubuntu 8.04 hardy) on
top of qemu-kvm-0.11.0 can be remotely crashed by a non-privileged
network user flooding an open port on the guest. The crash happens in
a manner that abruptly terminates the guest's execution (ie, without
shutting down cleanly). This may affect the guest filesystem's
general happiness.
IMHO, the CVE should be against the 2.6.25 virtio drivers - the bug is
in the guest and the issue we're discussing here is just a hacky
workaround for the guest bug.
Yeah, I'm inclined to agree. The guest generates bad data and we exit.
exit()ing is probably not wonderful but it's a well understood behavior.
The fundamental bug here is in the guest, not in qemu.
Guests should never be able to crash or terminate qemu, unless they
call something that is intentionally an "exit qemu" hook for the
guest. And even that should be possible to disable.
Well, if your buggy NIC driver does something wrong programming
the hardware (like the famous r8169 did - it allocated less
buffer space than telling to the card, so the card were happily
overwriting unrelated kernel memory with content received from
network), you will most likely get a machine which does not
respond to external events, a stuck machine, until you hit
"reset" button (provided there is one) or toggle power.
Or just a reboot, depending on what exactly you've hit.
If you want kvm to behave like this, wrap it into a trivial
shell script that restarts the guest.
/mjt
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html