Bug 678559 - Disallow 0-sized writes to virtio ports to go through to host (leading to VM crash) [rhel-6.0.z]
Summary: Disallow 0-sized writes to virtio ports to go through to host (leading to VM ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.1
Hardware: All
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: Frantisek Hrbata
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On: 635535
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-18 12:29 UTC by RHEL Product and Program Management
Modified: 2013-01-11 03:49 UTC (History)
9 users (show)

Fixed In Version: kernel-2.6.32-71.19.1.el6
Doc Type: Bug Fix
Doc Text:
Prior to this update, user space could submit (using the write() operation) a buffer with zero length to be written to the host, causing the qemu hypervisor instance running on that host to crash. This was caused by the write() operation triggering a virtqueue event on the host, causing a NULL buffer to be accessed. With this update, user space is no longer allowed to submit zero-sized buffers and the aforementioned crash no longer occur.
Clone Of:
Environment:
Last Closed: 2011-04-08 02:59:40 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0421 normal SHIPPED_LIVE Important: kernel security and bug fix update 2011-04-08 02:56:45 UTC

Description RHEL Product and Program Management 2011-02-18 12:29:56 UTC
This bug has been copied from bug #635535 and has been proposed
to be backported to 6.0 z-stream (EUS).

Comment 4 Amos Kong 2011-03-21 07:31:28 UTC
Bug exists in kernel-2.6.32-71.18.2.el6, and could not reproduced in kernel-2.6.32-71.19.1.el6.
So moving to VERIFIED.

Comment 5 errata-xmlrpc 2011-04-08 02:59:40 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0421.html

Comment 6 Martin Prpič 2011-04-12 12:41:25 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Prior to this update, user space could submit (using the write() operation) a buffer with zero length to be written to the host, causing the qemu hypervisor instance running on that host to crash. This was caused by the write() operation triggering a virtqueue event on the host, causing a NULL buffer to be accessed. With this update, user space is no longer allowed to submit zero-sized buffers and the aforementioned crash no longer occur.


Note You need to log in before you can comment on or make changes to this bug.