Activity log for bug #1251590

Date Who What changed Old value New value Message
2013-11-15 11:09:28 Loganathan Parthipan bug added bug
2013-11-15 11:13:12 Loganathan Parthipan description During pre-live-migration required disks are created along with their backing files (if they don't already exist). However, the root disk is used even for ephemeral backing file. 1. If the required ephemeral backing file is present then there's no issue. 2. If the required ephemeral backing file is not already present, then the root disk is downloaded and saved as the ephemeral backing file. This will result in the following situations: 2.1 The disk.local transferred during live-migration will be rebased on the ephemeral backing file so regardless of the content, the end result will be identical to the source disk.local. 2.2 However, if a new instance of the same flavor is spawned on this compute node, then it will have an ephemeral storage that exposes a root disk. Security concerns: If the migrated VM was spawned off a snapshot, now it's possible for any instances of the correct flavor to see the snapshot contents via the ephemeral storage. During pre-live-migration required disks are created along with their backing files (if they don't already exist). However, the root disk is used even for ephemeral backing file. 1. If the required ephemeral backing file is present then there's no issue. 2. If the required ephemeral backing file is not already present, then the root disk is downloaded and saved as the ephemeral backing file. This will result in the following situations: 2.1 The disk.local transferred during live-migration will be rebased on the ephemeral backing file so regardless of the content, the end result will be identical to the source disk.local. 2.2 However, if a new instance of the same flavor is spawned on this compute node, then it will have an ephemeral storage that exposes a root disk. Security concerns: If the migrated VM was spawned off a snapshot, now it's possible for any instances of the correct flavor to see the snapshot contents of another user via the ephemeral storage.
2013-11-15 11:28:16 Loganathan Parthipan bug added subscriber Phil Day
2013-11-15 11:28:38 Loganathan Parthipan bug added subscriber Gavin B
2013-11-15 11:29:44 Loganathan Parthipan bug added subscriber Nithya Ganesan
2013-11-15 11:30:00 Loganathan Parthipan bug added subscriber jan grant
2013-11-15 15:34:02 Loganathan Parthipan bug added subscriber Duncan Thomas
2013-11-15 15:35:06 Loganathan Parthipan description During pre-live-migration required disks are created along with their backing files (if they don't already exist). However, the root disk is used even for ephemeral backing file. 1. If the required ephemeral backing file is present then there's no issue. 2. If the required ephemeral backing file is not already present, then the root disk is downloaded and saved as the ephemeral backing file. This will result in the following situations: 2.1 The disk.local transferred during live-migration will be rebased on the ephemeral backing file so regardless of the content, the end result will be identical to the source disk.local. 2.2 However, if a new instance of the same flavor is spawned on this compute node, then it will have an ephemeral storage that exposes a root disk. Security concerns: If the migrated VM was spawned off a snapshot, now it's possible for any instances of the correct flavor to see the snapshot contents of another user via the ephemeral storage. During pre-live-migration required disks are created along with their backing files (if they don't already exist). However, the ephemeral backing file is created from a glance downloaded root disk. 1. If the required ephemeral backing file is present then there's no issue. 2. If the required ephemeral backing file is not already present, then the root disk is downloaded and saved as the ephemeral backing file. This will result in the following situations: 2.1 The disk.local transferred during live-migration will be rebased on the ephemeral backing file so regardless of the content, the end result will be identical to the source disk.local. 2.2 However, if a new instance of the same flavor is spawned on this compute node, then it will have an ephemeral storage that exposes a root disk. Security concerns: If the migrated VM was spawned off a snapshot, now it's possible for any instances of the correct flavor to see the snapshot contents of another user via the ephemeral storage.
2013-11-15 15:36:55 Loganathan Parthipan description During pre-live-migration required disks are created along with their backing files (if they don't already exist). However, the ephemeral backing file is created from a glance downloaded root disk. 1. If the required ephemeral backing file is present then there's no issue. 2. If the required ephemeral backing file is not already present, then the root disk is downloaded and saved as the ephemeral backing file. This will result in the following situations: 2.1 The disk.local transferred during live-migration will be rebased on the ephemeral backing file so regardless of the content, the end result will be identical to the source disk.local. 2.2 However, if a new instance of the same flavor is spawned on this compute node, then it will have an ephemeral storage that exposes a root disk. Security concerns: If the migrated VM was spawned off a snapshot, now it's possible for any instances of the correct flavor to see the snapshot contents of another user via the ephemeral storage. During pre-live-migration required disks are created along with their backing files (if they don't already exist). However, the ephemeral backing file is created from a glance downloaded root disk. # If the required ephemeral backing file is present then there's no issue. # If the required ephemeral backing file is not already present, then the root disk is downloaded and saved as the ephemeral backing file. This will result in the following situations: ## The disk.local transferred during live-migration will be rebased on the ephemeral backing file so regardless of the content, the end result will be identical to the source disk.local. ## However, if a new instance of the same flavor is spawned on this compute node, then it will have an ephemeral storage that exposes a root disk. Security concerns: If the migrated VM was spawned off a snapshot, now it's possible for any instances of the correct flavor to see the snapshot contents of another user via the ephemeral storage.
2013-11-15 16:20:37 Jeremy Stanley bug added subscriber Russell Bryant
2013-11-15 16:24:25 Jeremy Stanley bug task added ossa
2013-11-15 16:26:35 Jeremy Stanley bug added subscriber Nova Core security contacts
2013-11-15 16:28:51 Jeremy Stanley ossa: status New Confirmed
2013-11-15 16:28:59 Jeremy Stanley ossa: importance Undecided High
2013-11-15 16:41:11 Loganathan Parthipan bug added subscriber Tom Hancock
2013-11-20 16:21:05 Russell Bryant bug added subscriber Nikola Đipanov
2013-11-27 11:04:07 Thierry Carrez nova: status New Confirmed
2013-11-27 16:08:20 Russell Bryant bug added subscriber Daniel Berrange
2013-12-10 16:45:22 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3926817/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig.patch
2013-12-12 00:40:53 Grant Murphy ossa: assignee Grant Murphy (gmurphy)
2013-12-13 12:48:12 Thierry Carrez ossa: status Confirmed Triaged
2013-12-16 05:01:16 Grant Murphy nova: status Confirmed In Progress
2013-12-16 05:01:23 Grant Murphy nova: importance Undecided High
2013-12-16 16:48:32 Thierry Carrez ossa: status Triaged In Progress
2013-12-16 17:04:21 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3930419/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig.patch
2013-12-16 17:09:01 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3930420/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch
2013-12-18 02:10:37 Grant Murphy summary Live migration can leak root disk into ephemeral storage Live migration can leak root disk into ephemeral storage (CVE-2013-7130)
2014-01-06 13:25:51 Thierry Carrez nominated for series nova/grizzly
2014-01-06 13:25:51 Thierry Carrez bug task added nova/grizzly
2014-01-06 13:25:51 Thierry Carrez nominated for series nova/havana
2014-01-06 13:25:51 Thierry Carrez bug task added nova/havana
2014-01-06 13:25:58 Thierry Carrez nova/havana: status New In Progress
2014-01-06 13:26:02 Thierry Carrez nova/grizzly: status New Triaged
2014-01-07 00:21:21 Grant Murphy cve linked 2013-7130
2014-01-14 15:25:40 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3948550/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig.patch
2014-01-14 15:26:44 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3948551/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch
2014-01-14 15:32:10 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig_grizzly.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3948566/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig_grizzly.patch
2014-01-20 05:20:33 Grant Murphy nova: milestone next
2014-01-20 05:20:38 Grant Murphy nova: milestone next icehouse-3
2014-01-20 05:20:44 Grant Murphy nova: milestone icehouse-3
2014-01-22 04:59:29 Grant Murphy ossa: status In Progress Fix Committed
2014-01-23 11:08:02 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3954981/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch
2014-01-23 12:34:54 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3955079/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch
2014-01-23 13:34:51 Nikola Đipanov attachment added 0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch https://bugs.launchpad.net/nova/+bug/1251590/+attachment/3955084/+files/0001-libvirt-Fix-root-disk-leak-in-live-mig_havana.patch
2014-01-23 15:10:33 Grant Murphy information type Private Security Public Security
2014-01-24 18:23:21 Thierry Carrez summary Live migration can leak root disk into ephemeral storage (CVE-2013-7130) [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)
2014-01-25 12:19:01 OpenStack Infra nova: status In Progress Fix Committed
2014-01-27 11:00:38 Thierry Carrez nova/grizzly: status Triaged In Progress
2014-01-27 21:33:24 OpenStack Infra nova/grizzly: status In Progress Fix Committed
2014-01-28 00:02:01 Alan Pevec nova/grizzly: importance Undecided High
2014-01-28 00:02:05 Alan Pevec nova/havana: importance Undecided High
2014-01-28 00:03:32 Alan Pevec nova: assignee Nikola Đipanov (ndipanov)
2014-01-28 00:03:42 Alan Pevec nova/grizzly: assignee Nikola Đipanov (ndipanov)
2014-01-28 00:03:50 Alan Pevec nova/havana: assignee Nikola Đipanov (ndipanov)
2014-01-28 00:04:05 Alan Pevec nova/havana: milestone 2013.2.2
2014-01-30 14:24:13 OpenStack Infra nova/havana: status In Progress Fix Committed
2014-01-30 17:18:20 Thierry Carrez ossa: status Fix Committed Fix Released
2014-02-13 19:18:03 Alan Pevec nova/havana: status Fix Committed Fix Released
2014-02-21 14:42:33 Russell Bryant nova: milestone icehouse-3
2014-03-05 13:07:45 Thierry Carrez nova: status Fix Committed Fix Released
2014-03-18 12:59:06 Xavier Queralt nova/grizzly: milestone 2013.1.5
2014-03-20 22:11:07 Alan Pevec nova/grizzly: status Fix Committed Fix Released
2014-04-17 09:04:58 Thierry Carrez nova: milestone icehouse-3 2014.1