[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH for-9.1 v4 0/7] CVE-2024-7409
|
From: |
Eric Blake |
|
Subject: |
[PATCH for-9.1 v4 0/7] CVE-2024-7409 |
|
Date: |
Wed, 7 Aug 2024 12:43:26 -0500 |
v3 was here:
https://lists.gnu.org/archive/html/qemu-devel/2024-08/msg00818.html
since then:
- re-add a minor patch from v2 (now patch 1)
- refactor how the client opaque pointer is handled (patch 2)
- add two new patches to prevent malicious clients from consuming
inordinate resources: change the default max-connections from
unlimited to capped at 100 (patch 3), and add code to kill any
client that takes longer than 10 seconds after connect to reach
NBD_OPT_GO (patch 4) [Dan]
- squash the connection list handling into a single patch (5) [Dan]
- two new additional patches for reverting back to 9.0 behavior for
integration testing purposes; I'm okay if these last two miss 9.1
Eric Blake (7):
nbd: Minor style fixes
nbd/server: Plumb in new args to nbd_client_add()
nbd/server: CVE-2024-7409: Change default max-connections to 100
nbd/server: CVE-2024-7409: Drop non-negotiating clients
nbd/server: CVE-2024-7409: Close stray client sockets at shutdown
qemu-nbd: Allow users to adjust handshake limit
nbd/server: Allow users to adjust handshake limit in QMP
docs/tools/qemu-nbd.rst | 5 +++
qapi/block-export.json | 18 +++++++---
include/block/nbd.h | 20 +++++++++--
block/monitor/block-hmp-cmds.c | 3 +-
blockdev-nbd.c | 62 +++++++++++++++++++++++++++++++---
nbd/server.c | 51 +++++++++++++++++++++++++---
qemu-nbd.c | 44 ++++++++++++++++--------
nbd/trace-events | 1 +
8 files changed, 173 insertions(+), 31 deletions(-)
--
2.45.2
- [PATCH for-9.1 v4 0/7] CVE-2024-7409,
Eric Blake <=