[SRU] virtualbox crash on network traffic

Bug #2063841 reported by Gianfranco Costamagna
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
virtualbox (Ubuntu)
Fix Released
Critical
Unassigned
Noble
Fix Released
Undecided
Unassigned
virtualbox-hwe (Ubuntu)
Invalid
Critical
Unassigned
Noble
Fix Released
Undecided
Unassigned

Bug Description

[Description]
ATTENTION: PLEASE REFRAIN FROM UPGRADING TO 7.0.16 (release pocket) FOR NOW. THIS RELEASE HAS AN ISSUE WHICH MIGHT CAUSE HOST OS CRASH WHEN VM IS CONFIGURED TO USE BRIDGED OR HOST-ONLY NETWORKING. WE WILL SEND AN ANNOUNCEMENT TO MAILING LISTS WHEN FIX WILL BE AVAILABLE FOR DOWNLOAD.

An incomplete allocation variable triggers an R0 memory corruption on kernel, leading to possible host crashes when high amount of traffic is generated

[Fix]
--- a/src/VBox/Devices/Network/SrvIntNetR0.cpp (revision 162842)
+++ b/src/VBox/Devices/Network/SrvIntNetR0.cpp (revision 162843)
@@ -2936,5 +2936,5 @@
     union
     {
- uint8_t abBuf[sizeof(INTNETSG) + sizeof(INTNETSEG)];
+ uint8_t abBuf[sizeof(INTNETSG) + 2 * sizeof(INTNETSEG)];
         INTNETSG SG;
     } u;

[ Regression potential ]
* Low, this is just a variable initialization.

[ Test case ]
* Enable Bridge and NAT network interface on the guest and generate a huge amount of traffic. The host *should not crash*

description: updated
Changed in virtualbox (Ubuntu):
importance: Undecided → Critical
Changed in virtualbox-hwe (Ubuntu):
importance: Undecided → Critical
summary: - virtualbox crash on network traffic
+ [SRU] virtualbox crash on network traffic
Revision history for this message
Andreas Hasenack (ahasenack) wrote (last edit ):

I understand this is urgent, but this SRU is missing some details.

a) Upstream still has the warning[1] in the "news flash" on the top right of the page, telling users to not upgrade to 7.0.16. In the 7.0.16 changelog[2] page, though, there is no further information.

b) I browsed their bug database, and mailing lists, particularly right after the 7.0.16 announcement, and found no patch or follow-up

c) While not required, the patch in the SRU has no DEP-3 headers. Where is it coming from? I think in this case, given the little amount of information available elsewhere, it would be best if it had such headers. Or, instead, the SRU description of the bug could have more details: upstream bug, upstream commit, perhaps a link to some discussion. Is this fix enough? I found another place in the same file where the same variable is declared, and it does not have the 2* change. Maybe not needed there, but then again, there is no explanation about this patch.

While we are at it, if a new upload would happen, it could also have these changes:
- run update-maintainer
- while at it, the version could be changed to the SRU format, which in this case, would be 7.0.16-dfsg-2ubuntu0.1

1. https://www.virtualbox.org/
2. https://www.virtualbox.org/wiki/Changelog-7.0#v16

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The virtualbox-hwe upload has this changelog:
 virtualbox-hwe (7.0.16-dfsg-2ubuntu1.24.04.2) noble; urgency=medium
 .
   * Build only the guest-* packages with hwe stack
 .
 virtualbox (7.0.16-dfsg-2ubuntu1) noble; urgency=medium
 .
   * Add patch 162843 to fix an host crash with some network modes.
     LP: #2063841

I didn't see anything in the diff, though, about the first change (build only the guest-* packages). It just has the same d/patch as virtualbox, for this bug. Is something missing?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Given the lack of details on the fix, upstream bug, my concern here is with a possible incomplete fix, and us having to rush another SRU right after, or perhaps even making things worse (if the fix is later changed again).

I checked the commits in trunk[1], and spotted this one there at [2], with the corresponding changeset at [3] which matches your patch, but the referenced bug or even svn rev are not public :/

That commit[3] is at least the last one on that file, so they didn't change it again, which is good.

1. https://www.virtualbox.org/log/vbox/trunk
2. https://www.virtualbox.org/browser/vbox/trunk?rev=104355
3. https://www.virtualbox.org/changeset/104355/vbox

Revision history for this message
Steve Langasek (vorlon) wrote :

In addition to Andreas's comments, this SRU bug references the MRE page, but the SRU that's been uploaded (at least to noble) is not an upstream microrelease, it's a patch added under debian/patches. So the MRE exception does not apply here. How is this fix meant to be verified?

Changed in virtualbox (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in virtualbox-hwe (Ubuntu):
status: New → Confirmed
description: updated
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

>a) Upstream still has the warning[1] in the "news flash" on the top right of the page, telling users to not upgrade to 7.0.16. In the 7.0.16 changelog[2] page, though, there is no further information.

the situation is now more clear with 7.0.18 out

>b) I browsed their bug database, and mailing lists, particularly right after the 7.0.16 announcement, and found no patch or follow-up

more clear with 7.0.18 too

>c) While not required, the patch in the SRU has no DEP-3 headers. Where is it coming from? I think in this case, given the little amount of information available elsewhere, it would be best if it had such headers. Or, instead, the SRU description of the bug could have more details: upstream bug, upstream commit, perhaps a link to some discussion. Is this fix enough? I found another place in the same file where the same variable is declared, and it does not have the 2* change. Maybe not needed there, but then again, there is no explanation about this patch.

can we please avoid it? I usually stick with the very same content as for the Debian uploads, to have delta just between the changelog files

>While we are at it, if a new upload would happen, it could also have these changes:
- run update-maintainer

same reason as above, I would like to avoid having to maintain two codebases, except for changelog file last entry

- while at it, the version could be changed to the SRU format, which in this case, would be 7.0.16-dfsg-2ubuntu0.1

I use the ~ approach, because in case of MRE a "backport" versioning makes the upgrade path work correctly.

>I didn't see anything in the diff, though, about the first change (build only the guest-* packages). It just has the same d/patch as virtualbox, for this bug. Is something missing?

yes, it has the patchset with the additional patch and just a changelog new entry.

> MRE

removed, I also would like to update to 7.0.18 later, but for now, better a quick SRU instead of a new MRE upload. (also because MRE is not whitelisted yet)

description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox - 7.0.18-dfsg-1

---------------
virtualbox (7.0.18-dfsg-1) unstable; urgency=medium

  * New upstream version 7.0.18-dfsg
  * Fixup link for tarball import
  * Drop patch 162843, upstream. Refresh vnc patch

 -- Gianfranco Costamagna <email address hidden> Fri, 03 May 2024 16:44:26 +0200

Changed in virtualbox (Ubuntu):
status: Incomplete → Fix Released
Changed in virtualbox (Ubuntu):
status: Fix Released → Confirmed
Revision history for this message
Chris Halse Rogers (raof) wrote : Please test proposed package

Hello Gianfranco, or anyone else affected,

Accepted virtualbox into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/virtualbox/7.0.16-dfsg-2ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in virtualbox (Ubuntu Noble):
status: New → Fix Committed
tags: added: verification-needed verification-needed-noble
Revision history for this message
Chris Halse Rogers (raof) wrote :

Ah, I think I see what's happening with virtualbox-hwe? You took the new virtualbox src package, and then addded on a changelog entry for the diff between virtualbox and virtualbox-hwe?

That's not what we'd expect to see in a changelog entry - we'd expect to see the changes since the last version of *that* source package (particularly in an SRU, where the changelog is more user-visible).

Could you please upload with a fixed changelog?

Revision history for this message
Chris Halse Rogers (raof) wrote :

Hm. The changelog diff I'd *expect* is:

+virtualbox-hwe (7.0.16-dfsg-2ubuntu1.24.04.2) noble; urgency=medium
+
+ * Add patch 162843 to fix an host crash with some network modes.
+ LP: #2063841
+
+ -- Gianfranco Costamagna <email address hidden> Fri, 26 Apr 2024 12:51:11 +0200
+

ie: just the differences from the previous virtualbox-hwe package. I don't *think* this should complicate your branching strategy? You'd merge virtualbox into virtualbox-hwe, then *edit* the most recent changelog entry rather than appending one?

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

ok doing now.

Revision history for this message
Chris Halse Rogers (raof) wrote :

Hello Gianfranco, or anyone else affected,

Accepted virtualbox-hwe into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/virtualbox-hwe/7.0.16-dfsg-2ubuntu1.24.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in virtualbox-hwe (Ubuntu Noble):
status: New → Fix Committed
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Hello, testing was good on my side, please also other people help in testing proposed pocket.
Thanks!

tags: added: verification-done verification-done-noble
removed: verification-needed verification-needed-noble
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This fix is missing from src:virtualbox-hwe in Oracular, the current devel release. We currently have:

 virtualbox-hwe | 7.0.16-dfsg-2ubuntu1.24.04.1 | oracular/multiverse | source
 virtualbox-hwe | 7.0.16-dfsg-2ubuntu1.24.04.2 | noble-proposed/multiverse | source

Changed in virtualbox (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Marking src:virtualbox as released for devel (oracular), because oracular has version 7.0.18 which has this fix.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

virtualbox-hwe is scheduled for removal in oracular.
https://bugs.launchpad.net/ubuntu/+source/virtualbox-hwe/+bug/2063946

Changed in virtualbox-hwe (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

I am confused by this SRU. The bug is marked as verification-done and seems ready for release, but then the bug description has a huge disclaimer NOT to upgrade to the version under testing?

What is the status of this? Can we release it into noble-updates or not?

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

7.0.16 release pocket might crash, while 7.0.16 in proposed is fine

description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox - 7.0.16-dfsg-2ubuntu1

---------------
virtualbox (7.0.16-dfsg-2ubuntu1) noble; urgency=medium

  * Add patch 162843 to fix an host crash with some network modes.
    LP: #2063841

 -- Gianfranco Costamagna <email address hidden> Fri, 26 Apr 2024 12:51:11 +0200

Changed in virtualbox (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox-hwe - 7.0.16-dfsg-2ubuntu1.24.04.2

---------------
virtualbox-hwe (7.0.16-dfsg-2ubuntu1.24.04.2) noble; urgency=medium

  * Add patch 162843 to fix an host crash with some network modes.
    LP: #2063841

 -- Gianfranco Costamagna <email address hidden> Fri, 26 Apr 2024 12:51:11 +0200

Changed in virtualbox-hwe (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for virtualbox has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.