Bug 21192

Summary: qemu-nbd can't attach properly nbd device anymore, unless CVE-2017-9524-part1.patch and CVE-2017-9524-part2.patch are removed.
Product: Mageia Reporter: Giuseppe Ghibò <ghibomgx>
Component: RPM PackagesAssignee: Thomas Backlund <tmb>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: fri, marja11, tmb
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: qemu-2.8.1.1-5.mga6.src.rpm CVE:
Status comment:

Description Giuseppe Ghibò 2017-07-06 22:09:23 CEST 
I noticed since version 2.8.1.1-5.mga6 (so also 2.8.1.1-6.mga6), qemu-nbd can't attach properly device anymore. E.g. when you attach a device with -c to /dev/nbd0 and then do an fdisk to its device, you get the error:

fdisk: cannot open /dev/nbd0: Inappropriate ioctl for device

while with previous version 2.8.1.1-4.mga6 everything was working fine. So I suspect the latest round of security fixes in 2.8.1.1-5.mga6 has breaked something.
Comment 1 Thomas Backlund 2017-07-06 22:14:15 CEST 
Do you have nbd module loaded ?

CC: (none) => tmb

Comment 2 Giuseppe Ghibò 2017-07-06 22:39:32 CEST 
yes, the nbd module is loaded. Under the same conditions, downgrading to qemu-2.8.1.1-4.mga6 I don't get those errors and the device is accessed flawlessly.
Comment 3 Giuseppe Ghibò 2017-07-06 22:57:47 CEST 
Could be the side effect of CVE-2017-9524-part2.patch? That patch is dealing with block devices.
Comment 4 Giuseppe Ghibò 2017-07-07 00:26:22 CEST 
No, can't be CVE-2017-9524-part2.patch alone, but probably both CVE-2017-9524-part1.patch, and CVE-2017-9524-part2.patch.
Comment 5 Giuseppe Ghibò 2017-07-07 13:29:37 CEST 
I confirm removing those two patches, i.e.:

Patch0033:     CVE-2017-9524-part1.patch
Patch0034:     CVE-2017-9524-part2.patch

and rebuilding qemu have resolved the problems, so probably such patches are wrong or incomplete.
Marja Van Waes 2017-07-07 14:32:27 CEST

CC: (none) => marja11
Assignee: bugsquad => thierry.vignaud
Summary: qemu-nbd can't attach properly nbd device anymore => qemu-nbd can't attach properly nbd device anymore, unless CVE-2017-9524-part1.patch and CVE-2017-9524-part2.patch are removed.

Comment 6 Thomas Backlund 2017-07-07 21:00:27 CEST 
Yeah, I will disable them for mga6 release and re-visit them in a post-release security update

Assignee: thierry.vignaud => tmb

Comment 7 Morgan Leijström 2023-02-17 12:29:01 CET 
Per last comment I assume this got fixed for long time ago before our current release...

Status: NEW => RESOLVED
CC: (none) => fri
Resolution: (none) => FIXED