Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1346982 - Regression from CVE-2016-3712: windows installer fails to start [rhel-7.3]
Regression from CVE-2016-3712: windows installer fails to start [rhel-7.3]
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Gerd Hoffmann
Guo, Zhiyi
: Regression, ZStream
Depends On: 1346976
Blocks: 1346981 1347527
  Show dependency treegraph
 
Reported: 2016-06-15 14:19 EDT by Ademar Reis
Modified: 2016-11-03 16:14 EDT (History)
9 users (show)

See Also:
Fixed In Version: qemu-kvm-1.5.3-115.el7
Doc Type: Bug Fix
Doc Text:
After applying the fix for security issue CVE-2016-3712, the installation of certain guests on Red Hat Enterprise Linux was not possible due to unmodifiable registers. This update introduces a new register set to be used instead of vga registers in these guests. As a result, the vga registers no longer cause the guest installation to fail.
Story Points: ---
Clone Of: 1346976
: 1347527 (view as bug list)
Environment:
Last Closed: 2016-11-03 16:14:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2585 normal SHIPPED_LIVE Moderate: qemu-kvm security, bug fix, and enhancement update 2016-11-03 08:09:03 EDT

  None (edit)
Description Ademar Reis 2016-06-15 14:19:13 EDT 
+++ This bug was initially created as a clone of Bug #1346976 +++

The fix for CVE-2016-3712 introduced a regression and we'll have to push a new update.

From the upstream patch:

"""
From: Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH] vga: add sr_vbe register set

Commit "fd3c136 vga: make sure vga register setup for vbe stays intact
(CVE-2016-3712)." causes a regression.  The win7 installer is unhappy
because it can't freely modify vga registers any more while in vbe mode.

This patch introduces a new sr_vbe register set.  The vbe_update_vgaregs
will fill sr_vbe[] instead of sr[].  Normal vga register reads and
writes go to sr[].  Any sr register read access happens through a new
sr() helper function which will read from sr_vbe[] with vbe active and
from sr[] otherwise.

This way we can allow guests update sr[] registers as they want, without
allowing them disrupt vbe video modes that way.

Reported-by: Thomas Lamprecht <thomas@lamprecht.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
"""
Comment 1 Gerd Hoffmann 2016-06-16 11:30:55 EDT 
backport posted.
Comment 3 Miroslav Rezanina 2016-06-20 03:35:42 EDT 
Fix included in qemu-kvm-1.5.3-115.el7
Comment 5 Guo, Zhiyi 2016-08-30 06:18:02 EDT 
Reproduced on 7.3 host with
kernel: 3.10.0-493.el7.x86_64
qemu:qemu-kvm-1.5.3-114.el7.x86_64

Trying to install win7/win2008r2 guests, results:

iso:en_windows_7_ultimate_with_sp1_x86_dvd_u_677460.iso result: stuck at "starting windows"
iso:en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso result: stuck at "starting windows" 
iso:en_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617601.iso result: stuck at "starting windows" 

Install win10 guests for comparing, win10 guests install and work well, isos used:
en_windows_10_enterprise_x64_dvd_6851151.iso
en_windows_10_enterprise_x86_dvd_6851156.iso

Verify against qemu-kvm-1.5.3-122.el7.x86_64

Both windows7/win2008r2 guests install and work well.
Install win10 guests for comparing, win10 guests install and work well also.
Comment 6 Guo, Zhiyi 2016-08-31 03:34:55 EDT 
Move to verified per comment 5
Comment 8 errata-xmlrpc 2016-11-03 16:14:34 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2585.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.