NBD patches for 2020-06-09

- fix iotest 194 race - fix CVE-2020-10761: server DoS from assertion on long NBD error messages -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAl7hH3cACgkQp6FrSiUn Q2qPwAf+Le4m5AhAv9rLT+B9LGZFdD17dd7Dqj0CBeUyfVJKD9RtmcWIoVOsnI9Z RspYZwRgbYLZQZxKjqTKq1d1BNhK/73suGklkGQC554dik9QJOsHOmkcdK4KPwSD L0UG9muBKsmwUueGQusKFLixx39IkhQgLwLdno0wLGCao2PZUd1Z+4f/QmgLhxzI /cHzqqPtM97PFjf/lPWHvAZBcQVYmsf6SNMEqrSR30Tff5Lb5vsDFlEoaoPviEWA T2Yv1AQJwKcOrMuzmzbGeAIYeqip/WzH5mC4b8ZcKeSZ0pRcG4KoJRjuKIH78D8i iA34mc+fyUoctoyLSEFNA/v5Zdde3w== =m3k2 -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-06-09-v2' into staging NBD patches for 2020-06-09 - fix iotest 194 race - fix CVE-2020-10761: server DoS from assertion on long NBD error messages # gpg: Signature made Wed 10 Jun 2020 18:59:19 BST # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2020-06-09-v2: block: Call attention to truncation of long NBD exports nbd/server: Avoid long error message assertions CVE-2020-10761 iotests: 194: wait for migration completion on target too Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2025-08-03 07:43:54 -06:00 · 2020-06-11 21:19:29 +01:00 · 2020-06-11 21:19:29 +01:00 · 9f1f264edb
commit 9f1f264edb
parent 77c9e078b4 5c86bdf120
7 changed files with 59 additions and 13 deletions
--- a/tests/qemu-iotests/143
+++ b/tests/qemu-iotests/143
@ -58,6 +58,10 @@ _send_qemu_cmd $QEMU_HANDLE \
 $QEMU_IO_PROG -f raw -c quit \
    "nbd+unix:///no_such_export?socket=$SOCK_DIR/nbd" 2>&1 \
    | _filter_qemu_io | _filter_nbd
+# Likewise, with longest possible name permitted in NBD protocol
+$QEMU_IO_PROG -f raw -c quit \
+    "nbd+unix:///$(printf %4096d 1 | tr ' ' a)?socket=$SOCK_DIR/nbd" 2>&1 \
+    | _filter_qemu_io | _filter_nbd | sed 's/aaaa*aa/aa--aa/'

 _send_qemu_cmd $QEMU_HANDLE \
    "{ 'execute': 'quit' }" \
--- a/tests/qemu-iotests/143.out
+++ b/tests/qemu-iotests/143.out
@ -5,6 +5,8 @@ QA output created by 143
 {"return": {}}
 qemu-io: can't open device nbd+unix:///no_such_export?socket=SOCK_DIR/nbd: Requested export not available
 server reported: export 'no_such_export' not present
+qemu-io: can't open device nbd+unix:///aa--aa1?socket=SOCK_DIR/nbd: Requested export not available
+server reported: export 'aa--aa...' not present
 { 'execute': 'quit' }
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
--- a/tests/qemu-iotests/194
+++ b/tests/qemu-iotests/194
@ -87,4 +87,14 @@ with iotests.FilePath('source.img') as source_img_path, \
            iotests.log(dest_vm.qmp('nbd-server-stop'))
            break

+    iotests.log('Wait for migration completion on target...')
+    migr_events = (('MIGRATION', {'data': {'status': 'completed'}}),
+                   ('MIGRATION', {'data': {'status': 'failed'}}))
+    event = dest_vm.events_wait(migr_events)
+    iotests.log(event, filters=[iotests.filter_qmp_event])
+
+    iotests.log('Check bitmaps on source:')
    iotests.log(source_vm.qmp('query-block')['return'][0]['dirty-bitmaps'])
+
+    iotests.log('Check bitmaps on target:')
+    iotests.log(dest_vm.qmp('query-block')['return'][0]['dirty-bitmaps'])
--- a/tests/qemu-iotests/194.out
+++ b/tests/qemu-iotests/194.out
@ -21,4 +21,9 @@ Gracefully ending the `drive-mirror` job on source...
 {"data": {"device": "mirror-job0", "len": 1073741824, "offset": 1073741824, "speed": 0, "type": "mirror"}, "event": "BLOCK_JOB_COMPLETED", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
 Stopping the NBD server on destination...
 {"return": {}}
+Wait for migration completion on target...
+{"data": {"status": "completed"}, "event": "MIGRATION", "timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
+Check bitmaps on source:
+[{"busy": false, "count": 0, "granularity": 65536, "name": "bitmap0", "persistent": false, "recording": true, "status": "active"}]
+Check bitmaps on target:
 [{"busy": false, "count": 0, "granularity": 65536, "name": "bitmap0", "persistent": false, "recording": true, "status": "active"}]