|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2013-0241: xf86-video-qxl: synchronous io guest DoS | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Stefan Dirsch <sndirsch> |
| Status: | RESOLVED INVALID | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | agraf, brogers, meissner, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
Seems we are shipping xf86-video-qxl X driver since openSUSE 12.1. I never got it working with qemu-kvm though. bugbot adjusting priority if its not working at all, or if we do not have synchronous io to qemu-kvm? who can we ask? qemu folks? (In reply to comment #3) > if its not working at all, or if we do not have synchronous io to qemu-kvm? > > who can we ask? qemu folks? Last time I tried it did not work. This is some time ago though. It has been a hackweek project to get this running and I failed miserably. I wrote my results in some FATE request about QXL support. I can't find it any longer. I believe figuring out, whether QXL works is much more effort than just doing the security update. Also there shouldn't be that much products, on which we already ship the xf86-video-qxl driver. yes, either just throw the patch in and submit or we could just ignore this bug if it does not work at all for now SLE doesn't ship xf86-video-qxl. openSUSE does. 12.1: xorg-x11-driver-video (xf86-video-qxl-0.0.13: affected) 12.2: xf86-video-qxl (0.0.17: contains the fix) 12.3: xf86-video-qxl (0.1.0: contains the fix) Factory/X11:XOrg: xf86-video-qxl (0.1.0: contains the fix) ==> Only openSUSE 12.1 needs to get fixed Well, the patch introduces wrappers around ioport_write() calls, but there is no ioport_write() yet defined in xf86-video-qxl 0.0.13 of openSUSE 12.1. Instead outb() is used in this version. Later ioport_write() has been introduced in xf86-video-qxl, but it requires the definition of XSPICE. If not outb() is used. And we do not build nor ship spice devel packages with openSUSE 12.1. Maybe this is becoming a non-issue with this in mind? Do you agree? it seems so. lets put the issue at rest. Thanks! |
is public, via oss-security CVE-2013-0241 On 01/30/2013 09:37 AM, Petr Matousek wrote: > A flaw was found in the way spice connection breakups were handled in > the qemu-kvm qxl driver. Some of the qxl port i/o commands were waiting > for the spice server to complete the actions, while the corresponding > thread holds qemu_mutex mutex, potentially blocking other threads in the > guest's qemu-kvm process. An user able to initiate spice connection to > the guest could use this flaw to make guest temporarily unavailable or, > in case kernel.softlockup_panic in the guest was set, crash the guest. > > Upstream fixes: > xf86-video-qxl commit > http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/commit/?id=30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741 > > which relies on qemu-kvm functionality introduced by commit > http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=5ff4e36c > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=906032 > > Thanks, Please use CVE-2013-0241 for this issue.