Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1346981 - Regression from CVE-2016-3712: windows installer fails to start [rhel-6.9]
Regression from CVE-2016-3712: windows installer fails to start [rhel-6.9]
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm (Show other bugs)
6.8
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Gerd Hoffmann
Guo, Zhiyi
: Regression, ZStream
Depends On: 1346976 1346982
Blocks: 1347190 1347191 1347192
  Show dependency treegraph
 
Reported: 2016-06-15 14:15 EDT by Ademar Reis
Modified: 2017-03-21 05:38 EDT (History)
10 users (show)

See Also:
Fixed In Version: qemu-kvm-0.12.1.2-2.492.el6
Doc Type: Bug Fix
Doc Text:
After applying the fix for security issue CVE-2016-3712, the installation of certain guests on Red Hat Enterprise Linux was not possible due to unmodifiable registers. This update introduces a new register set to be used instead of vga registers in these guests. As a result, the vga registers no longer cause the guest installation to fail.
Story Points: ---
Clone Of: 1346976
: 1347190 1347191 1347192 (view as bug list)
Environment:
Last Closed: 2017-03-21 05:38:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0621 normal SHIPPED_LIVE Moderate: qemu-kvm security and bug fix update 2017-03-21 08:28:31 EDT

  None (edit)
Description Ademar Reis 2016-06-15 14:15:25 EDT 
+++ This bug was initially created as a clone of Bug #1346976 +++

The fix for CVE-2016-3712 introduced a regression and we'll have to push a new update.

From the upstream patch:

"""
From: Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH] vga: add sr_vbe register set

Commit "fd3c136 vga: make sure vga register setup for vbe stays intact
(CVE-2016-3712)." causes a regression.  The win7 installer is unhappy
because it can't freely modify vga registers any more while in vbe mode.

This patch introduces a new sr_vbe register set.  The vbe_update_vgaregs
will fill sr_vbe[] instead of sr[].  Normal vga register reads and
writes go to sr[].  Any sr register read access happens through a new
sr() helper function which will read from sr_vbe[] with vbe active and
from sr[] otherwise.

This way we can allow guests update sr[] registers as they want, without
allowing them disrupt vbe video modes that way.

Reported-by: Thomas Lamprecht <thomas@lamprecht.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
"""
Comment 3 Jeff Nelson 2016-06-30 14:34:05 EDT 
Fix included in qemu-kvm-0.12.1.2-2.492.el6
Comment 5 Guo, Zhiyi 2016-11-28 01:57:51 EST 
eproduced on 6.9.z host with
kernel: 2.6.32-671.el6.x86_64
qemu: qemu-kvm-rhev-0.12.1.2-2.491.el6_8.1.x86_64

Trying to install win7/win2008r2 guests, results:

iso:en_windows_7_ultimate_with_sp1_x86_dvd_u_677460.iso result: stuck at "starting windows"
iso:en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso result: stuck at "starting windows" 
iso:en_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617601.iso result: stuck at "starting windows" 

Install win10 guests for comparing, win10 guests install and work well, isos used:
en_windows_10_enterprise_version_1607_updated_jul_2016_x64_dvd_9054264.iso
en_windows_10_enterprise_version_1607_updated_jul_2016_x86_dvd_9060097.iso

Verify against qemu-kvm-0.12.1.2-2.496.el6.x86_64

Both windows7/win2008r2 guests install and work well.
Install win10 guests for comparing, win10 guests install and work well also.
Comment 6 Guo, Zhiyi 2016-11-28 01:58:40 EST 
Per comment 5, move to verified
Comment 8 errata-xmlrpc 2017-03-21 05:38:56 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0621.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.