ACK: [PATCH 0/9][SRU][X] CVE-2019-3900: vhost DoS
Connor Kuehl
connor.kuehl at canonical.com
Thu Aug 8 20:53:29 UTC 2019
On 8/7/19 9:45 PM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3900.html
>
> An infinite loop issue was found in the vhost_net kernel module in
> Linux Kernel up to and including v5.1-rc6, while handling incoming
> packets in handle_rx(). It could occur if one end sends packets faster
> than the other end can process them. A guest user, maybe remote one,
> could use this flaw to stall the vhost_net kernel thread, resulting in
> a DoS scenario.
>
> Fairly involved backports. Build logs are clean. I tested with
> netperf's TCP_RR, TCP_SENDFILE, TCP_STREAM, UDP_RR, and UDP_STREAM
> tests. The tests were initiated from both the host and the guest to
> ensure that the vhost-net connection was stable and that performance was
> similar before and after the patches were applied.
>
> Tyler
>
> Jason Wang (6):
> vhost: introduce vhost_vq_avail_empty()
> vhost_net: tx batching
> vhost_net: introduce vhost_exceeds_weight()
> vhost: introduce vhost_exceeds_weight()
> vhost_net: fix possible infinite loop
> vhost: scsi: add weight support
>
> Paolo Abeni (1):
> vhost_net: use packet weight for rx handler, too
>
> Willem de Bruijn (1):
> vhost_net: do not stall on zerocopy depletion
>
> haibinzhang(张海斌) (1):
> vhost-net: set packet weight of tx polling to 2 * vq size
>
> drivers/vhost/net.c | 60 ++++++++++++++++++++++++++++++++-------------------
> drivers/vhost/scsi.c | 14 ++++++++----
> drivers/vhost/vhost.c | 34 ++++++++++++++++++++++++++++-
> drivers/vhost/vhost.h | 7 +++++-
> 4 files changed, 87 insertions(+), 28 deletions(-)
>
Acked-by: Connor Kuehl <connor.kuehl at canonical.com>
More information about the kernel-team
mailing list