Message ID | 1565239512-11188-1-git-send-email-tyhicks@canonical.com |
---|---|
Headers | show |
Series | CVE-2019-3900: vhost DoS | expand |
On 8/7/19 9:45 PM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3900.html > > An infinite loop issue was found in the vhost_net kernel module in > Linux Kernel up to and including v5.1-rc6, while handling incoming > packets in handle_rx(). It could occur if one end sends packets faster > than the other end can process them. A guest user, maybe remote one, > could use this flaw to stall the vhost_net kernel thread, resulting in > a DoS scenario. > > Fairly involved backports. Build logs are clean. I tested with > netperf's TCP_RR, TCP_SENDFILE, TCP_STREAM, UDP_RR, and UDP_STREAM > tests. The tests were initiated from both the host and the guest to > ensure that the vhost-net connection was stable and that performance was > similar before and after the patches were applied. > > Tyler > > Jason Wang (6): > vhost: introduce vhost_vq_avail_empty() > vhost_net: tx batching > vhost_net: introduce vhost_exceeds_weight() > vhost: introduce vhost_exceeds_weight() > vhost_net: fix possible infinite loop > vhost: scsi: add weight support > > Paolo Abeni (1): > vhost_net: use packet weight for rx handler, too > > Willem de Bruijn (1): > vhost_net: do not stall on zerocopy depletion > > haibinzhang(张海斌) (1): > vhost-net: set packet weight of tx polling to 2 * vq size > > drivers/vhost/net.c | 60 ++++++++++++++++++++++++++++++++------------------- > drivers/vhost/scsi.c | 14 ++++++++---- > drivers/vhost/vhost.c | 34 ++++++++++++++++++++++++++++- > drivers/vhost/vhost.h | 7 +++++- > 4 files changed, 87 insertions(+), 28 deletions(-) > Acked-by: Connor Kuehl <connor.kuehl@canonical.com>
On 08.08.19 06:45, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3900.html > > An infinite loop issue was found in the vhost_net kernel module in > Linux Kernel up to and including v5.1-rc6, while handling incoming > packets in handle_rx(). It could occur if one end sends packets faster > than the other end can process them. A guest user, maybe remote one, > could use this flaw to stall the vhost_net kernel thread, resulting in > a DoS scenario. > > Fairly involved backports. Build logs are clean. I tested with > netperf's TCP_RR, TCP_SENDFILE, TCP_STREAM, UDP_RR, and UDP_STREAM > tests. The tests were initiated from both the host and the guest to > ensure that the vhost-net connection was stable and that performance was > similar before and after the patches were applied. > > Tyler > > Jason Wang (6): > vhost: introduce vhost_vq_avail_empty() > vhost_net: tx batching > vhost_net: introduce vhost_exceeds_weight() > vhost: introduce vhost_exceeds_weight() > vhost_net: fix possible infinite loop > vhost: scsi: add weight support > > Paolo Abeni (1): > vhost_net: use packet weight for rx handler, too > > Willem de Bruijn (1): > vhost_net: do not stall on zerocopy depletion > > haibinzhang(张海斌) (1): > vhost-net: set packet weight of tx polling to 2 * vq size > > drivers/vhost/net.c | 60 ++++++++++++++++++++++++++++++++------------------- > drivers/vhost/scsi.c | 14 ++++++++---- > drivers/vhost/vhost.c | 34 ++++++++++++++++++++++++++++- > drivers/vhost/vhost.h | 7 +++++- > 4 files changed, 87 insertions(+), 28 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 2019-08-08 04:45:03 , Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3900.html > > An infinite loop issue was found in the vhost_net kernel module in > Linux Kernel up to and including v5.1-rc6, while handling incoming > packets in handle_rx(). It could occur if one end sends packets faster > than the other end can process them. A guest user, maybe remote one, > could use this flaw to stall the vhost_net kernel thread, resulting in > a DoS scenario. > > Fairly involved backports. Build logs are clean. I tested with > netperf's TCP_RR, TCP_SENDFILE, TCP_STREAM, UDP_RR, and UDP_STREAM > tests. The tests were initiated from both the host and the guest to > ensure that the vhost-net connection was stable and that performance was > similar before and after the patches were applied. > > Tyler > > Jason Wang (6): > vhost: introduce vhost_vq_avail_empty() > vhost_net: tx batching > vhost_net: introduce vhost_exceeds_weight() > vhost: introduce vhost_exceeds_weight() > vhost_net: fix possible infinite loop > vhost: scsi: add weight support > > Paolo Abeni (1): > vhost_net: use packet weight for rx handler, too > > Willem de Bruijn (1): > vhost_net: do not stall on zerocopy depletion > > haibinzhang(张海斌) (1): > vhost-net: set packet weight of tx polling to 2 * vq size > > drivers/vhost/net.c | 60 ++++++++++++++++++++++++++++++++------------------- > drivers/vhost/scsi.c | 14 ++++++++---- > drivers/vhost/vhost.c | 34 ++++++++++++++++++++++++++++- > drivers/vhost/vhost.h | 7 +++++- > 4 files changed, 87 insertions(+), 28 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team