[PVE-User] virtio-9p-pci is not a valid device model name, since yesterday

Uwe Sauter uwe.sauter.de at gmail.com
Tue Feb 28 20:50:55 CET 2017 

Hi,

I'd like to make you aware of a security flaw in virtfs [1] that was published about 2 weeks ago.

Might be worth while to get this into the coming update if this applies to PVE.

Regards,

	Uwe


[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1035&can=6&q=

Am 27.02.2017 um 14:20 schrieb Fabian Grünbichler:
> On Sat, Feb 25, 2017 at 10:51:40AM +0100, Arjen wrote:
>> Hi all,
>>
>> After a apt-get dist-upgrade which updated pve-qemu-kvm from 2.7.1-3 to
>> 2.7.1-4, kvm complains when starting VMs that 'virtio-9p-pci' is not a
>> valid device model name. It is no longer in the kvm -device help list.
>>
>> I was using 9p to share a folder with the host:
>> # args: -virtfs local,id=i1,path=p1,security_model=none,mount_tag=t1
>>
>> Is dropping virtio-9p-pci on purpose? Could I have know this change was
>> coming? Is there a work-around to keep using it? Have other people
>> experienced this also, or am I doing something wrong?
> 
> short answer: no, to all of the above ;)
> 
> long answer:
> 
> the necessary libraries / headers are not explicitly listed in the build
> dependencies of the package. the last uploaded version was apparently
> built in a more minimal build environment than the previous ones
> (without the aforementioned -dev / header packages installed), and thus
> did not include VirtFS support.
> 
> this change was not intentional - given the fact that we previously
> included security fixes for 9pfs/VirtFS in our Qemu packages, I guess we
> wanted to include it (as manual option like you are using it), but
> forgot to add it to the build-dependencies. since it's a non-standard
> use case / feature, this change was not noticed in our internal testing.
> 
> I'll check this internally, and if my above assumption is correct,
> you'll probably see a rebuilt package with VirtFS support on pvetest in
> the next days. Feel free to ping this thread if you see no progress.
> 
> if you cannot wait that long, you can either downgrade (but be aware
> that the -3 package has a rather severe security bug in the cirrus
> graphic adapter code) or compile the -4 package with VirtFS support
> yourself[1]. the included makefile should work if you install all the
> build dependencies listed in debian/control and the ones for VirtFS:
> libattr1-dev and libcap-dev.
> 
> 1: https://git.proxmox.com/?p=pve-qemu-kvm.git;a=summary
> 
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>

More information about the pve-user mailing list