APPLIED: [PATCH 0/9][SRU][X] CVE-2019-3900: vhost DoS

Khaled Elmously khalid.elmously at canonical.com
Mon Aug 12 17:22:23 UTC 2019


On 2019-08-08 04:45:03 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3900.html
> 
>  An infinite loop issue was found in the vhost_net kernel module in
>  Linux Kernel up to and including v5.1-rc6, while handling incoming
>  packets in handle_rx(). It could occur if one end sends packets faster
>  than the other end can process them. A guest user, maybe remote one,
>  could use this flaw to stall the vhost_net kernel thread, resulting in
>  a DoS scenario.
> 
> Fairly involved backports. Build logs are clean. I tested with
> netperf's TCP_RR, TCP_SENDFILE, TCP_STREAM, UDP_RR, and UDP_STREAM
> tests. The tests were initiated from both the host and the guest to
> ensure that the vhost-net connection was stable and that performance was
> similar before and after the patches were applied.
> 
> Tyler
> 
> Jason Wang (6):
>   vhost: introduce vhost_vq_avail_empty()
>   vhost_net: tx batching
>   vhost_net: introduce vhost_exceeds_weight()
>   vhost: introduce vhost_exceeds_weight()
>   vhost_net: fix possible infinite loop
>   vhost: scsi: add weight support
> 
> Paolo Abeni (1):
>   vhost_net: use packet weight for rx handler, too
> 
> Willem de Bruijn (1):
>   vhost_net: do not stall on zerocopy depletion
> 
> haibinzhang(张海斌) (1):
>   vhost-net: set packet weight of tx polling to 2 * vq size
> 
>  drivers/vhost/net.c   | 60 ++++++++++++++++++++++++++++++++-------------------
>  drivers/vhost/scsi.c  | 14 ++++++++----
>  drivers/vhost/vhost.c | 34 ++++++++++++++++++++++++++++-
>  drivers/vhost/vhost.h |  7 +++++-
>  4 files changed, 87 insertions(+), 28 deletions(-)
> 
> -- 
> 2.7.4
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team



More information about the kernel-team mailing list