Re: unrealize mechanism in 9pfs

To: Hugo Lefeuvre <hle@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: unrealize mechanism in 9pfs
From: Guido Günther <agx@sigxcpu.org>
Date: Sat, 17 Dec 2016 18:21:37 +0100
Message-id: <[🔎] 20161217172137.3q5vtid5iqjtoby3@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, Hugo Lefeuvre <hle@debian.org>, Debian LTS <debian-lts@lists.debian.org>
In-reply-to: <[🔎] 20161217092957.zks3kphtuzgezbth@hle.local>
References: <[🔎] 20161213171103.h52x3nggiiw52fvf@hle.local> <CABY6=0=LWjd1yvNwbzMga2MKEb8WMs+JLMGVzmBS03ysbvMS0Q@mail.gmail.com> <CABY6=0nXyMo3aNj5Lxze6t1U24jj=qP6BLSkdHAX2aYUqjbX7Q@mail.gmail.com> <CABY6=0ko9v3QoAQ1WnDcwFqsnNqu47j=8Li1ViQdJ56ET3XdCQ@mail.gmail.com> <CABY6=0k=eDny-+KY4Cwj5wenX8XLqn62b8tR1K0ZU1=S9bHAPg@mail.gmail.com> <[🔎] CABY6=0=iOFxO7dCs28x2hCJij+wvQ+9w99nm8yFN37t4GYC6XA@mail.gmail.com> <[🔎] 20161213224759.nh6vxe4xln4kpqn2@hle.local> <[🔎] CABY6=0kaaHUzoc2KCoLZ-hexzAN7SC_SnrpNm9cbJR_S_ci2LA@mail.gmail.com> <[🔎] 20161215092740.vnqklkhasnpy4hcw@hle.local> <[🔎] 20161217092957.zks3kphtuzgezbth@hle.local>

On Sat, Dec 17, 2016 at 10:29:57AM +0100, Hugo Lefeuvre wrote:
> Hi,
> 
> I'm currently finishing my upload for qemu, and a question is
> remaining concerning the fix of CVE-2016-99{14,15,16}[0,1,2].
> 
> It is clear to me that the 9pfs proxy/handle backend drivers may
> issue a memory leakage when unrealized (ctx->private not deallocated

We don't have virtfs-proxy-helper in wheezy so I think we don't need
support the "proxy" case.

As for "handle" did you check that it works in Wheezy including unplug?
If so please let me know and we can have a closer look.

I've only used "local" so far which does not seem to be affected by the
CVEs.
Cheers,
 -- Gudio

> for example). Thus, if they can be unrealized, we will need to
> implement a cleanup mechanism, as proposed in the upstream patch[3,4].
> 
> In recent versions following the QOM model, the unrealize operation
> is implemented in 9p.c. It is not the case in the wheezy version,
> for which I can't find any function performing unrealize operations[5]
> (the current unrealize function got implemented in this commit[6]).
> 
> So, I am having trouble defining whether it is possible to unrealize the
> 9pfs device in the wheezy version, and if yes, which method (if there's
> one) is handling it.
> 
> Does anybody have an idea ?
> 
> Cheers,
>  Hugo
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2016-9914
> [1] https://security-tracker.debian.org/tracker/CVE-2016-9915
> [2] https://security-tracker.debian.org/tracker/CVE-2016-9916
> [3] http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30
> [4] http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68
> [5] For the record, the equivalent in wheezy of the modern realize function is
>     virtio_9p_init in virtio-9p-device.c.
> [6] http://git.qemu.org/?p=qemu.git;a=commit;h=6cecf093735f2e5af7d0e29d957350320044e354
> 
> -- 
>              Hugo Lefeuvre (hle)    |    www.owl.eu.com
> 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Reply to:

Follow-Ups:
- Re: unrealize mechanism in 9pfs
  - From: Hugo Lefeuvre <hle@debian.org>

References:
- Additional 9pfs issue in qemu
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: Additional 9pfs issue in qemu
  - From: Ola Lundqvist <ola.lundqvist@gmail.com>
- Re: Additional 9pfs issue in qemu
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: Additional 9pfs issue in qemu
  - From: Ola Lundqvist <ola.lundqvist@gmail.com>
- Re: Additional 9pfs issue in qemu
  - From: Hugo Lefeuvre <hle@debian.org>
- unrealize mechanism in 9pfs
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: unrealize mechanism in 9pfs
Next by Date: Wheezy update of python-bottle?
Previous by thread: unrealize mechanism in 9pfs
Next by thread: Re: unrealize mechanism in 9pfs
Index(es):
- Date
- Thread