Since v3:
- Preliminary extract blk_create_empty_drive()
- qtest checks qtest_check_clang_sanitizer() enabled
- qtest uses null-co:// driver instead of file

Philippe Mathieu-Daudé (3):
  hw/block/fdc: Extract blk_create_empty_drive()
  hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
  tests/qtest/fdc-test: Add a regression test for CVE-2021-20196

 hw/block/fdc.c         | 23 ++++++++++++++++++++---
 tests/qtest/fdc-test.c | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 3 deletions(-)

-- 
2.33.1

Am 24.11.2021 um 17:15 hat Philippe Mathieu-Daudé geschrieben:
> Since v3:
> - Preliminary extract blk_create_empty_drive()
> - qtest checks qtest_check_clang_sanitizer() enabled
> - qtest uses null-co:// driver instead of file
> 
> Philippe Mathieu-Daudé (3):
>   hw/block/fdc: Extract blk_create_empty_drive()
>   hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
>   tests/qtest/fdc-test: Add a regression test for CVE-2021-20196

If I may ask a meta question: No doubt that this is a bug and it's good
that we fixed it, but why was it assigned a CVE?

Any guest can legitimately shut down and we don't consider that a denial
of service. This bug was essentially just another undocumented way for
the guest kernel to shut down, as unprivileged users in the guest can't
normally access the I/O ports of the floppy controller. I don't think we
generally consider guests killing themselves a security problem as long
as it requires kernel or root privileges in the guest.

Kevin

On 12/10/21 14:42, Kevin Wolf wrote:
> Am 24.11.2021 um 17:15 hat Philippe Mathieu-Daudé geschrieben:
>> Since v3:
>> - Preliminary extract blk_create_empty_drive()
>> - qtest checks qtest_check_clang_sanitizer() enabled
>> - qtest uses null-co:// driver instead of file
>>
>> Philippe Mathieu-Daudé (3):
>>   hw/block/fdc: Extract blk_create_empty_drive()
>>   hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
>>   tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
> 
> If I may ask a meta question: No doubt that this is a bug and it's good
> that we fixed it, but why was it assigned a CVE?

No clue, I suppose this is audited and handled by qemu-security@ team
members. Cc'ing them.

> Any guest can legitimately shut down and we don't consider that a denial
> of service. This bug was essentially just another undocumented way for
> the guest kernel to shut down, as unprivileged users in the guest can't
> normally access the I/O ports of the floppy controller. I don't think we
> generally consider guests killing themselves a security problem as long
> as it requires kernel or root privileges in the guest.

Agreed.

On Wed, Nov 24, 2021 at 11:15 AM Philippe Mathieu-Daudé <philmd@redhat.com>
wrote:

> Since v3:
> - Preliminary extract blk_create_empty_drive()
> - qtest checks qtest_check_clang_sanitizer() enabled
> - qtest uses null-co:// driver instead of file
>
> Philippe Mathieu-Daudé (3):
>   hw/block/fdc: Extract blk_create_empty_drive()
>   hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
>   tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
>
>  hw/block/fdc.c         | 23 ++++++++++++++++++++---
>  tests/qtest/fdc-test.c | 38 ++++++++++++++++++++++++++++++++++++++
>  2 files changed, 58 insertions(+), 3 deletions(-)
>
> --
> 2.33.1
>
>
I'm testing this now. I'm going to take your word for it. If Hanna is fine
with the block-layer components of the fix, I'll probably take it, but I
will be sending a patch to remove myself as maintainer in the process,
since I don't have the time to do the "proper fix" for these devices, and
haven't for quite some time.

--js