[for-9.1,v3,0/2] NBD CVE-2024-7409

Message ID	20240806022542.381883-4-eblake@redhat.com (mailing list archive)
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> From: Eric Blake <eblake@redhat.com> To: qemu-devel@nongnu.org Cc: kwolf@redhat.com, hreitz@redhat.com, berrange@redhat.com, qemu-block@nongnu.org, den@virtuozzo.com, andrey.drobyshev@virtuozzo.com, alexander.ivanov@virtuozzo.com, vsementsov@yandex-team.ru Subject: [PATCH for-9.1 v3 0/2] NBD CVE-2024-7409 Date: Mon, 5 Aug 2024 21:21:34 -0500 Message-ID: <20240806022542.381883-4-eblake@redhat.com> MIME-Version: 1.0 Content-type: text/plain Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=eblake@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.143, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Series	NBD CVE-2024-7409 \| expand [for-9.1,v3,0/2] NBD CVE-2024-7409 [v3,1/2] nbd: CVE-2024-7409: Close stray client sockets at server shutdown [v3,2/2] nbd: Clean up clients more efficiently

Message ID

20240806022542.381883-4-eblake@redhat.com (mailing list archive)

Headers

From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, hreitz@redhat.com, berrange@redhat.com,
 qemu-block@nongnu.org, den@virtuozzo.com, andrey.drobyshev@virtuozzo.com,
 alexander.ivanov@virtuozzo.com, vsementsov@yandex-team.ru
Subject: [PATCH for-9.1 v3 0/2] NBD CVE-2024-7409
Date: Mon,  5 Aug 2024 21:21:34 -0500
Message-ID: <20240806022542.381883-4-eblake@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.133.124; envelope-from=eblake@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -21
X-Spam_score: -2.2
X-Spam_bar: --
X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.143,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Series

NBD CVE-2024-7409 | expand

Message

Eric Blake Aug. 6, 2024, 2:21 a.m. UTC

v2 was here:
https://lists.gnu.org/archive/html/qemu-devel/2024-08/msg00253.html

Since then:
 - CVE number assigned
 - drop old patch 1. Instead of tracking nbd_server generation, the
   code now ensures that nbd_server can't be set to NULL until all
   clients have disconnected
 - rewrite to force qio shutdown coupled with AIO_WAIT to ensure all
   clients actually disconnect quickly (from the server's
   perspective. A client may still hold its socket open longer, but
   will eventually see EPIPE or EOF when finally using it)
 - patch 2 is optional, although I like the notion of a doubly-linked
   list (where the client has to remember an opaque pointer) over a
   singly-linked one (where the client is unchanged, but a lot of
   repeated client connect/disconnect over a long-lived server can
   chew up memory and slow down the eventual nbd-server-stop)

Eric Blake (2):
  nbd: CVE-2024-7409: Close stray client sockets at server shutdown
  nbd: Clean up clients more efficiently

 include/block/nbd.h |  4 +++-
 blockdev-nbd.c      | 39 +++++++++++++++++++++++++++++++++++++--
 nbd/server.c        | 15 ++++++++++++---
 qemu-nbd.c          |  2 +-
 4 files changed, 53 insertions(+), 7 deletions(-)