Bug 1373535
| Summary: | smbios serial parameter insufficiently escaped when passed from XML to qemu-kvm | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Barak Korren <bkorren> |
| Component: | libvirt | Assignee: | Peter Krempa <pkrempa> |
| Status: | CLOSED ERRATA | QA Contact: | lijuan men <lmen> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | dyuan, jdenemar, lmen, pkrempa, rbalakri, xuzhang |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-2.5.0-1.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 17:14:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed upstream:
commit cf9a423cbd06440eb287f2faf2c267253db9e366
Author: Peter Krempa <pkrempa>
Date: Mon Oct 10 17:49:03 2016 +0200
schema: smbios: allow any strings
The smbios docs allow any string to be passed and libvirt does not
really do any validation on them. Allow passing any string.
Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1373535
commit fef3a810c7cc50bfc7ad274e5d658d96d2db6698
Author: Peter Krempa <pkrempa>
Date: Mon Oct 10 06:26:50 2016 +0200
qemu: command: escape smbios entry strings
We pass free-form strings from the users to qemu, thus we need escape
commas since they are passed to qemu monitor.
Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1373535
verify the bug
version:
libvirt-3.0.0-1.el7.x86_64
qemu-kvm-rhev-2.8.0-3.el7.x86_64
steps:
1.start a guest with the following xml:
...
<sysinfo type='smbios'>
<bios>
<entry name='vendor'>LEN OVO</entry>
<entry name='version'>6F{ET8}_2BW (3.12 )</entry>
<entry name='date'>02/08/2012</entry>
</bios>
<system>
<entry name='manufacturer'>Fed,ora</entry>
<entry name='product'>Virt/-"Manager"</entry>
<entry name='version'>0.'8.2-3.fc14'</entry>
<entry name='serial'>32d,fcb37-5af1[-55,2b-357c-be8c3aa38310]</entry>
<entry name='uuid'>f38a1abd-3ff1-434e-ae79-75ba67df289b</entry>
<entry name='sku'>12345#$*67.890</entry>
</system>
</sysinfo>
...
<os>
<type arch='x86_64' machine='pc-i440fx-rhel7.4.0'>hvm</type>
<boot dev='hd'/>
*** <smbios mode='sysinfo'/> ***
</os>
...
2.in the guest,
[root@localhost ~]# dmidecode
...
BIOS Information
Vendor: LEN OVO
Version: 6F{ET8}_2BW (3.12 )
Release Date: 02/08/2012
Address: 0xE8000
Runtime Size: 96 kB
ROM Size: 64 kB
Characteristics:
BIOS characteristics not supported
Targeted content distribution is supported
System is a virtual machine
BIOS Revision: 0.0
Handle 0x0100, DMI type 1, 27 bytes
System Information
Manufacturer: Fed,ora
Product Name: Virt/-"Manager"
Version: 0.'8.2-3.fc14'
Serial Number: 32d,fcb37-5af1[-55,2b-357c-be8c3aa38310]
UUID: F38A1ABD-3FF1-434E-AE79-75BA67DF289B
Wake-up Type: Power Switch
SKU Number: 12345#$*67.890
Family: Red Hat Enterprise Linux
...
It is same as in xml,so the bug is verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 |
Description of problem: When XML like the following is passed to libvirt (note the comma): ... <sysinfo type="smbios"> <system> ... <entry name="serial">foo,bar</entry> ... </system> </sysinfo> ... When starting the VM, the following error message is yielded: libvirtError: internal error: process exited while connecting to monitor: qemu-kvm: -smbios ... ,serial=label:foo,bar ... : Invalid parameter 'bar' It seems that the comma causes 'bar' to be considered as an additional parameter rather then a part of the custom serial number. Potentially XML values could be crafted to perform unintended tweaks...