[Bug 1894772] Re: live migration of windows 2012 r2 instance with virtio balloon driver fails from mitaka to queens.

Thu, 10 Sep 2020 01:36:24 -0700 

I think below commit is included inside 2.5 qemu in Xenial but not in
2.11

and I tested it with upstream commit build with migration. but I haven't
tested it yet

I'm going to test them with ubuntu releases as well.

If it is correct, we need patch > queens instead of mitaka


Description: make sure vdev->vq[i].inuse never goes below 0
 This is a work-around to fix live migrations after the patches for
 CVE-2016-5403 were applied. The true root cause still needs to be
 determined.
Origin: based on a patch by Len <[email protected]>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1647389

Index: qemu-2.5+dfsg/hw/virtio/virtio.c
===================================================================
--- qemu-2.5+dfsg.orig/hw/virtio/virtio.c       2017-04-05 09:48:17.420025137 
-0400
+++ qemu-2.5+dfsg/hw/virtio/virtio.c    2017-04-05 09:49:59.565337543 -0400
@@ -1510,6 +1510,7 @@
     for (i = 0; i < num; i++) {
         if (vdev->vq[i].vring.desc) {
             uint16_t nheads;
+            int inuse_tmp;
             nheads = vring_avail_idx(&vdev->vq[i]) - 
vdev->vq[i].last_avail_idx;
             /* Check it isn't doing strange things with descriptor numbers. */
             if (nheads > vdev->vq[i].vring.num) {
@@ -1527,12 +1528,15 @@
              * Since max ring size < UINT16_MAX it's safe to use modulo
              * UINT16_MAX + 1 subtraction.
              */
-            vdev->vq[i].inuse = (uint16_t)(vdev->vq[i].last_avail_idx -
+            inuse_tmp = (int)(vdev->vq[i].last_avail_idx -
                                 vring_used_idx(&vdev->vq[i]));
+
+            vdev->vq[i].inuse = (inuse_tmp < 0 ? 0 : inuse_tmp);
+
             if (vdev->vq[i].inuse > vdev->vq[i].vring.num) {
-                error_report("VQ %d size 0x%x < last_avail_idx 0x%x - "
+                error_report("VQ %d inuse %u size 0x%x < last_avail_idx 0x%x - 
"
                              "used_idx 0x%x",
-                             i, vdev->vq[i].vring.num,
+                             i, vdev->vq[i].inuse, vdev->vq[i].vring.num,
                              vdev->vq[i].last_avail_idx,
                              vring_used_idx(&vdev->vq[i]));
                 return -1;

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5403

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1894772

Title:
  live migration of windows 2012 r2 instance with virtio balloon driver
  fails from mitaka to queens.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1894772/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to