lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 8 Nov 2017 12:36:26 +0900
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Michal Kubecek <mkubecek@...e.cz>
Cc:     David Miller <davem@...emloft.net>,
        Network Development <netdev@...r.kernel.org>
Subject: Re: regression: UFO removal breaks kvm live migration

On Tue, Nov 7, 2017 at 5:02 PM, Michal Kubecek <mkubecek@...e.cz> wrote:
> Hello,
>
> I just received this bug report:
>
>   https://bugzilla.suse.com/show_bug.cgi?id=1066757
>
> The reporter runs a live migration of a kvm guest from a host with
> kernel supporting UFO (openSUSE 42.2 or 42.3, based on 4.4) to a host
> with kernel with UFO support removed (SLE15 or openSUSE 15.0 pre-release
> which is based on 4.12 but has the UFO removal series backported).
>
> The migration fails with
>
>   kvm: virtio-net: saved image requires TUN_F_UFO support
>
> because the guest image has a virtio_net device with UFO enabled which
> requires TUN_F_UFO on the corresponding host tun device but that is no
> longer available on the target host.
>
> This kind of problem already happened once:
>
>   https://www.spinics.net/lists/netdev/msg443821.html
>
> At that time, commit 3d0ad09412ff ("drivers/net: Disable UFO through
> virtio") was reverted once the issue it worked around was resolved in
> a different way.
>
> I didn't have time to think it through yet but perhaps we could allow
> setting TUN_F_UFO and ignore its value.

If the feature is enabled guests may try to send UFO packets, which
the host is no longer able to fragment.

virtio_net_hdr_to_skb will drop the packets immediately based on
gso_type and tun_get_user will return EINVAL.

Still, perhaps that's preferable as migration will succeed and most
guests won't ever try to send those packets in the first place.

> This is not time critical for SLE15 / openSUSE 15.0 which are still at
> early beta stage but 4.14 final is close and once it's out, more users
> are going to hit this.
>
> Michal Kubecek
>

Powered by blists - more mailing lists