From ef332876f757293ab20cbe8619307868321ee929 Mon Sep 17 00:00:00 2001 From: Eduardo Habkost <ehabkost@redhat.com> Date: Mon, 7 Dec 2009 20:38:38 -0200 Subject: [PATCH 2/4] bz#545136: whitelist host virtio networking features RH-Author: Eduardo Habkost <ehabkost@redhat.com> Message-id: <20091207203533.GD3422@blackpad.lan.raisama.net> Patchwork-id: 3870 O-Subject: [RHEL-5.5 KVM PATCH] bz#545136: whitelist host virtio networking features Bugzilla: 545136 RH-Acked-by: Mark McLoughlin <markmc@redhat.com> RH-Acked-by: Eugene Teo <eugene@redhat.com> RH-Acked-by: Juan Quintela <quintela@redhat.com> Bugzilla: https://bugzilla.redhat.com/545136 cherry-pick of upstream commit below. It's not exactly a security bug on KVM, but it helps to mitigate a security bug on Linux 2.6.25 guests. Please ACK. --------- >From: Dustin Kirkland <kirkland@canonical.com> Date: Thu, 29 Oct 2009 15:34:15 +0000 Subject: [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...] whitelist host virtio networking features This patch is a followup to 8eca6b1bc770982595db2f7207c65051572436cb, fixing crashes when guests with 2.6.25 virtio drivers have saturated virtio network connections. https://bugs.edge.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521 That patch should have been whitelisting *_HOST_* rather than the the *_GUEST_* features. I tested this by running an Ubuntu 8.04 Hardy guest (2.6.24 kernel + 2.6.25-virtio driver). I saturated both the incoming, and outgoing network connection with nc, seeing sustained 6MB/s up and 6MB/s down bitrates for ~20 minutes. Previously, this crashed immediately. Now, the guest does not crash and maintains network connectivity throughout the test. Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Mark McLoughlin <markmc@redhat.com> Tested-by: Dustin Kirkland <kirkland@canonical.com> --- qemu/hw/virtio-net.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> --- qemu/hw/virtio-net.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/qemu/hw/virtio-net.c b/qemu/hw/virtio-net.c index 5d63547..6c6eb16 100644 --- a/qemu/hw/virtio-net.c +++ b/qemu/hw/virtio-net.c @@ -105,10 +105,10 @@ static uint32_t virtio_net_bad_features(VirtIODevice *vdev) /* Linux kernel 2.6.25. It understood MAC (as everyone must), * but also these: */ features |= (1 << VIRTIO_NET_F_MAC); - features |= (1 << VIRTIO_NET_F_GUEST_CSUM); - features |= (1 << VIRTIO_NET_F_GUEST_TSO4); - features |= (1 << VIRTIO_NET_F_GUEST_TSO6); - features |= (1 << VIRTIO_NET_F_GUEST_ECN); + features |= (1 << VIRTIO_NET_F_CSUM); + features |= (1 << VIRTIO_NET_F_HOST_TSO4); + features |= (1 << VIRTIO_NET_F_HOST_TSO6); + features |= (1 << VIRTIO_NET_F_HOST_ECN); return features & virtio_net_get_features(vdev); } -- 1.6.3.rc4.29.g8146