kvm husb: ctrl buffer too small

Thanks for the bug report. Can you see if its fixed in natty so we can probably backport this?

chuck

I've downloaded RH bugfix and latest Ubuntu source code.
https://bugzilla.redhat.com/attachment.cgi?id=441018

https://launchpad.net/ubuntu/lucid/+source/qemu-kvm
qemu-kvm_0.12.3+noroms.orig.tar.gz

usb-linux.c source file is exactly the same, so this patch will fix the bug. :-)
Tomorrow morning I'll test it.

commit fd7a446f162768c044b3bf3844f7605eeef351af
Author: Christian Krause <email address hidden>
Date: Sun Jan 24 17:34:52 2010 +0100

    usb-linux: increase buffer for USB control requests

    The WLAN USB stick ZyXEL NWD271N (0586:3417) uses very large
    usb control transfers of more than 2048 bytes which won't fit
    into the buffer of the ctrl_struct. This results in an error message
    "husb: ctrl buffer too small" and a non-working device.
    Increasing the buffer size to 8192 seems to be a safe choice.

    Signed-off-by: Christian Krause <email address hidden>
    Signed-off-by: Aurelien Jarno <email address hidden>

diff --git a/usb-linux.c b/usb-linux.c
index ba8facf..122cdbf 100644
--- a/usb-linux.c
+++ b/usb-linux.c
@@ -113,7 +113,7 @@ struct ctrl_struct {
     uint16_t offset;
     uint8_t state;
     struct usb_ctrlrequest req;
- uint8_t buffer[2048];
+ uint8_t buffer[8192];
 };

 struct USBAutoFilter {

Sorry I misunderstood You!
Yes in Natty (11.04) this bug is already fixed with the same patch above. :-)

I've modified the source code and built deb package.
Error message goes away, but for some other reason XP doesnt see PDA.

dmesg:
[85011.628047] usb 2-7: new full speed USB device using ohci_hcd and address 16
[85011.854203] usb 2-7: configuration #1 chosen from 1 choice
[85012.087034] rndis_host 2-7:1.0: RNDIS_MSG_QUERY(0x00010202) failed, -47
[85012.100755] eth1: register 'rndis_host' at usb-0000:00:0b.0-7, RNDIS device, 80:00:60:0f:e8:00
[85012.153171] udev: renamed network interface eth1 to eth2
[85023.312024] eth2: no IPv6 routers present
[85074.776006] eth2: unregister 'rndis_host' usb-0000:00:0b.0-7, RNDIS device
[85076.512050] usb 2-7: reset full speed USB device using ohci_hcd and address 16
[85077.760991] rndis_host 2-7:1.0: RNDIS_MSG_QUERY(0x00010202) failed, -47
[85077.774824] eth1: register 'rndis_host' at usb-0000:00:0b.0-7, RNDIS device, 80:00:60:0f:e8:00
[85077.774918] eth1: unregister 'rndis_host' usb-0000:00:0b.0-7, RNDIS device
[85087.128052] usb 2-7: reset full speed USB device using ohci_hcd and address 16
[85087.887995] rndis_host 2-7:1.0: RNDIS_MSG_QUERY(0x00010202) failed, -47
[85087.902959] eth1: register 'rndis_host' at usb-0000:00:0b.0-7, RNDIS device, 80:00:60:0f:e8:00
[85087.903304] eth1: unregister 'rndis_host' usb-0000:00:0b.0-7, RNDIS device
[85099.604546] usb 2-7: reset full speed USB device using ohci_hcd and address 16
[85100.419995] rndis_host 2-7:1.0: RNDIS_MSG_QUERY(0x00010202) failed, -47
[85100.434941] eth1: register 'rndis_host' at usb-0000:00:0b.0-7, RNDIS device, 80:00:60:0f:e8:00
[85100.435038] eth1: unregister 'rndis_host' usb-0000:00:0b.0-7, RNDIS device
[85103.324060] usb 2-7: reset full speed USB device using ohci_hcd and address 16
[85104.438991] rndis_host 2-7:1.0: RNDIS_MSG_QUERY(0x00010202) failed, -47
[85104.453991] eth1: register 'rndis_host' at usb-0000:00:0b.0-7, RNDIS device, 80:00:60:0f:e8:00
[85104.454092] eth1: unregister 'rndis_host' usb-0000:00:0b.0-7, RNDIS device
[85105.156066] usb 2-7: reset full speed USB device using ohci_hcd and address 16
[85105.905993] rndis_host 2-7:1.0: RNDIS_MSG_QUERY(0x00010202) failed, -47
[85105.919937] eth1: register 'rndis_host' at usb-0000:00:0b.0-7, RNDIS device, 80:00:60:0f:e8:00
[85105.920039] eth1: unregister 'rndis_host' usb-0000:00:0b.0-7, RNDIS device
[85415.007924] usb 2-7: USB disconnect, address 16

So the original bug is fixed with the patch above. :-)

Thanks very much for the patch. Do you have any idea what is still going wrong? The patch is worth SRUing in any case, but if a pair of patches together makes it fully work, then I'd prefer to handle them together

Maybe something is wrong with my PDA?
If I *uncheck* "Enable advanced network functionality" on WinMobile 6 (Start menu -> Settings -> Connections -> USBtoPC) everything works well!
This checkbox changes PDA connection mode from RNDIS to ttyUSB0 (serial).
And then I can use Activesync!

Thanks, Attb2. If I understand right, the workaround suffices? In that case, until someone hits a case which is solved by this patch, I'd prefer not to risk a regression with an SRU. I'll mark this WONTFIX for now. If I misunderstood you, please change back to Confirmed.

If anyone else hits this bug and the patch works for them, then I'll request the SRU.

Thanks very much.

Ok, I agree!
I've created a step by step workaround process.

Step 0. You encounter "husb: ctrl buffer too small" error message during kvm start.

Step 1. Fix kvm bug in usb-linux.c source with this patch
diff --git a/usb-linux.c b/usb-linux.c
index ba8facf..122cdbf 100644
--- a/usb-linux.c
+++ b/usb-linux.c
@@ -113,7 +113,7 @@ struct ctrl_struct {
     uint16_t offset;
     uint8_t state;
     struct usb_ctrlrequest req;
- uint8_t buffer[2048];
+ uint8_t buffer[8192];
 };

 struct USBAutoFilter {

Step 2. Build kvm from source.

Step 3. If kvm GuestOS doesn't see your USB device: *uncheck* "Enable advanced network functionality" on (Start menu -> Settings -> Connections -> USBtoPC) your USB device. (If this menu exists on your device)

Step 4. Try to attach USB device to your GuestOS with similar command:
kvm -m 1024 -k hu -usb --usbdevice host:045e:00ce GuestOS.img
(lsusb command helps to figure out device ID)

I've changed my mind on this. There doesn't appear to be a chance of a buffer overflow as the size of the buffer is checked before copying into it, but this just looks like it's begging to cause us trouble down the road. I'll push a package with the fix and request SRU.

Thanks again for reporting the bug and identifying the patch!

Quoting Attb2 (<email address hidden>):
> Ok, I agree!
> I've created a step by step workaround process.

Oh, thanks - I hadn't noticed this update (and decided I should
do the SRU anyway during a commute :).

IIUC the workaround will still be necessary for your particular
PDA. This fix however should still be helpful for other devices.

Accepted qemu-kvm into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Accepted qemu-kvm into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Please note that even if this bug is verified in lucid/maverick, there are two other bugs that have been waiting a while in qemu-kvm in lucid and maverick, which will block this fix from moving to -updates until they are verified too:

lucid:
  bug #786941 - Cannot boot from non-existent NIC
maverick:
  bug #719448 - The "once" parameter does not work with "-boot"

So, anybody verifying this bug in one of those releases, please go there and verify the respective fix as well to speed the propagation to -updates.

0.12.5+noroms-0ubuntu7.4 has been superseded by 0.12.5+noroms-0ubuntu7.5 in maverick-security. 0.12.3+noroms-0ubuntu9.8 has been superseded by 0.12.3+noroms-0ubuntu9.9 in lucid-security.

Thanks for the warning, Jamie. New versions have been uploaded to -proposed (awaiting approval).

---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

I'm not familiar with bug statuses:

What "Fix Released" means? Latest release (0.12.3+noroms-0ubuntu9.9) contains my bugfix or not?
May I update my local qemu-kvm package to 0.12.3+noroms-0ubuntu9.9? (Lucid 10.04 LTS)

thx

@Attb2,

no, 0.12.3+noroms-0ubuntu9.9 does not have the fix. I uploaded a new 0.12.3+noroms-0ubuntu9.10 to lucid-proposed.

Hm, but it appears to have been rejected, so I just re-uploaded it.

This fix was NOT included in the security fix, please accept this upload.

Excerpts from Attb2's message of Wed Jun 29 07:01:04 UTC 2011:
> I'm not familiar with bug statuses:
>
> What "Fix Released" means? Latest release (0.12.3+noroms-0ubuntu9.9) contains my bugfix or not?
> May I update my local qemu-kvm package to 0.12.3+noroms-0ubuntu9.9? (Lucid 10.04 LTS)

Fix Released in "ubuntu" just means in the current dev release or later
it has been fixed.

The other statuses are for Lucid and Maverick, and indicate that the
fix has been uploaded to their "Proposed updates" sections.

If you'd like to test the fix so it can moved to lucid updates, the
process is outlined here:

https://wiki.ubuntu.com/QATeam/PerformingSRUVerification

Following that process will get you the proposed fix on lucid, but be
aware that we don't know if it has been tested.

It looks like the 0.12.3+noroms-0ubuntu9.10 does not have the fixes from 0.12.3+noroms-0ubuntu9.7 included in it. Could you please re-roll these changes to include the previous proposed fixes as well.

Where did you look at 0.12.3+noroms-0ubuntu9.10? And which particular change were you looking for?

I'm looking at 0.12.3+noroms-0ubuntu9.10 in the lucid-proposed unapproved queue here: https://launchpad.net/ubuntu/lucid/+queue?queue_state=1

It appears to be missing the changelog for 0.12.3+noroms-0ubuntu9.7 and the associated fixes for bug #786941.

Quoting Chris Halse Rogers (<email address hidden>):
> I'm looking at 0.12.3+noroms-0ubuntu9.10 in the lucid-proposed
> unapproved queue here:
> https://launchpad.net/ubuntu/lucid/+queue?queue_state=1
>
> It appears to be missing the changelog for 0.12.3+noroms-0ubuntu9.7 and
> the associated fixes for bug #786941.

Looking at bug #786941, the lucid-proposed package was never verified.
So when the security team issued 0.12.3+noroms-0ubuntu9.9, the
unverified fixes (.7 and .8) were dropped.

If you'd like us to try that fix again, please comment on bug #786941,
and, when it gets pushed to -proposed, please verify the fix so that
we can push it to the archive.

@Chris: Indeed the queuediff output is confusing here. In these special cases, when a version got removed/superseded from -proposed, Launchpad will generate a confusing diff (against the removed SRU, not against what's actually in Ubuntu). Doing a manual debdiff against lucid-updates looks very reasonable.

Hello Attb2, or anyone else affected,

Accepted qemu-kvm into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello Attb2, or anyone else affected,

Accepted qemu-kvm into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Sorry to do this to you again, but 0.12.5+noroms-0ubuntu7.6 has been superseded by 0.12.5+noroms-0ubuntu7.8 in maverick-security. 0.12.3+noroms-0ubuntu9.10 has been superseded by 0.12.3+noroms-0ubuntu9.12 in lucid-security.

Hello Attb2, or anyone else affected,

Accepted qemu-kvm into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello Attb2, or anyone else affected,

Accepted qemu-kvm into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Thanks Martin!

Sorry my late answer, I was on holiday last week. :-)
I've just tested the new 0.12.3+noroms-0ubuntu9.12 package. It works with my Mobile device.
(ActiveSync and every other app can use it.)

@Attb2

is there any chance you would be able to verify the maverick package?

Not actually uploaded to lucid-proposed yet.

Hello Attb2, or anyone else affected,

Accepted qemu-kvm into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I'm sorry, but these have been superseded by security updates in 0.12.3+noroms-0ubuntu9.15 and 0.12.5+noroms-0ubuntu7.10.

I'm sorry - per the rules listed in https://wiki.ubuntu.com/StableReleaseUpdates, only bugs which are >= high priority are eligible for SRU. If you feel this bug should be high priority, please say so (with rationale) here.

An updated package for lucid through natty will be placed in the ubuntu-virt ppa (https://launchpad.net/~ubuntu-virt/+archive/ppa) as an alternative way to get this fix.