Red Hat Bugzilla – Bug 1346982
Regression from CVE-2016-3712: windows installer fails to start [rhel-7.3]
Last modified: 2016-11-03 16:14:34 EDT
+++ This bug was initially created as a clone of Bug #1346976 +++ The fix for CVE-2016-3712 introduced a regression and we'll have to push a new update. From the upstream patch: """ From: Gerd Hoffmann <kraxel@redhat.com> Subject: [Qemu-devel] [PATCH] vga: add sr_vbe register set Commit "fd3c136 vga: make sure vga register setup for vbe stays intact (CVE-2016-3712)." causes a regression. The win7 installer is unhappy because it can't freely modify vga registers any more while in vbe mode. This patch introduces a new sr_vbe register set. The vbe_update_vgaregs will fill sr_vbe[] instead of sr[]. Normal vga register reads and writes go to sr[]. Any sr register read access happens through a new sr() helper function which will read from sr_vbe[] with vbe active and from sr[] otherwise. This way we can allow guests update sr[] registers as they want, without allowing them disrupt vbe video modes that way. Reported-by: Thomas Lamprecht <thomas@lamprecht.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> """
backport posted.
Fix included in qemu-kvm-1.5.3-115.el7
Reproduced on 7.3 host with kernel: 3.10.0-493.el7.x86_64 qemu:qemu-kvm-1.5.3-114.el7.x86_64 Trying to install win7/win2008r2 guests, results: iso:en_windows_7_ultimate_with_sp1_x86_dvd_u_677460.iso result: stuck at "starting windows" iso:en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso result: stuck at "starting windows" iso:en_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617601.iso result: stuck at "starting windows" Install win10 guests for comparing, win10 guests install and work well, isos used: en_windows_10_enterprise_x64_dvd_6851151.iso en_windows_10_enterprise_x86_dvd_6851156.iso Verify against qemu-kvm-1.5.3-122.el7.x86_64 Both windows7/win2008r2 guests install and work well. Install win10 guests for comparing, win10 guests install and work well also.
Move to verified per comment 5
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2585.html