[PATCH 0/9][SRU][X] CVE-2019-3900: vhost DoS

Tyler Hicks tyhicks at canonical.com
Thu Aug 8 04:45:03 UTC 2019


 An infinite loop issue was found in the vhost_net kernel module in
 Linux Kernel up to and including v5.1-rc6, while handling incoming
 packets in handle_rx(). It could occur if one end sends packets faster
 than the other end can process them. A guest user, maybe remote one,
 could use this flaw to stall the vhost_net kernel thread, resulting in
 a DoS scenario.

Fairly involved backports. Build logs are clean. I tested with
tests. The tests were initiated from both the host and the guest to
ensure that the vhost-net connection was stable and that performance was
similar before and after the patches were applied.


Jason Wang (6):
  vhost: introduce vhost_vq_avail_empty()
  vhost_net: tx batching
  vhost_net: introduce vhost_exceeds_weight()
  vhost: introduce vhost_exceeds_weight()
  vhost_net: fix possible infinite loop
  vhost: scsi: add weight support

Paolo Abeni (1):
  vhost_net: use packet weight for rx handler, too

Willem de Bruijn (1):
  vhost_net: do not stall on zerocopy depletion

haibinzhang(张海斌) (1):
  vhost-net: set packet weight of tx polling to 2 * vq size

 drivers/vhost/net.c   | 60 ++++++++++++++++++++++++++++++++-------------------
 drivers/vhost/scsi.c  | 14 ++++++++----
 drivers/vhost/vhost.c | 34 ++++++++++++++++++++++++++++-
 drivers/vhost/vhost.h |  7 +++++-
 4 files changed, 87 insertions(+), 28 deletions(-)


More information about the kernel-team mailing list