[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2189995.dMzx47UeGf@kringsjaa.simula.nornet>
Date: Fri, 21 Jun 2013 16:33:35 +0200
From: Thomas Dreibholz <dreibh@...ula.no>
To: Full-Disclosure@...ts.grok.org.uk
Subject: How to lock up a VirtualBox host machine with a
guest using tracepath over virtio-net network interface
Hi,
I have discovered a problem with the VirtualBox virtio-net network driver that
leads to a lockup of the host machine's kernel and the need for a hard reset
to make it working again. The bug had been reported to the VirtualBox bug
tracker 8 days ago (https://www.virtualbox.org/ticket/11863), with the usual
reaction from Oracle support (i.e. none).
The bug can be reproduced easily as follows:
- The host system is a 64-bit Linux (tested with Ubuntu 12.04 LTS and Kubuntu
13.04). Did not try 32 bit.
- VirtualBox is the latest version 4.2.12 (using Oracle's Ubuntu repository).
- Create a new VM, use e.g. Kubuntu live CD image (32 or 64 bit, makes no
difference). No disk needed.
- Network adapter is: Bridged, Adapter Type: virtio-net.
Boot the system, ensure that network is working.
- tracepath 8.8.8.8
Now, the virtual machine locks up and the host machine's kernel seems to have
at least one core blocked. The host machine's console output is "BUG: soft
lockup - CPU #2 stuck for 22s ...". Also, the network on the host machine does
not work any more. For example, "ifconfig" just hangs.
- To recover the host machine, it needs a hard reset. "sudo reboot", etc. will
not work, since the kernel seems to hang.
This bug is critical, since it makes the host machine's network unusable
(particularly, if the host system is at a remote location), and it is very
easy to trigger with just a simple, standard "tracepath" call inside a virtual
machine. It is therefore trivial for a normal user in such a machine to
trigger a denial of service. I did no further investigation of the problem
yet, but if it is related to the path MTU discovery by tracepath, it might be
possible to trigger it by a lot of other software as well.
Best regards,
Thomas
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists