Date: Fri, 28 Jun 2013 06:03:17 GMT From: FreeBSD Errata Notices <errata-notices@freebsd.org> To: FreeBSD Errata Notices <errata-notices@freebsd.org> Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-13:02.vtnet Message-ID: <201306280603.r5S63Hhq025166@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-13:02.vtnet Errata Notice The FreeBSD Project Topic: vtnet(4) network interface issue on QEMU 1.4.0 and later Category: core Modules: sys_dev Announced: 2013-06-28 Credits: Julian Stecklina and Bryan Venteicher Affects: FreeBSD 8.4 Corrected: 2013-06-15 03:55:04 UTC (head, 10.0-CURRENT) 2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE) 2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE) 2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.freebsd.org/>. I. Background VirtIO is a specification for para-virtualized I/O in a virtual machine. The vtnet(4) network interface driver supports VirtIO emulated Ethernet device. QEMU is a generic and open source machine emulator and virtualizer. It is included as a third-party package in FreeBSD Ports Collection (emulators/qemu). II. Problem Description The vtnet(4) network interface driver displays the following message upon configuration when using QEMU 1.4.0 or later: vtnet0: error setting host MAC filter table The interface works normally when the interface has one MAC address. However, if it has two or more MAC addresses configured, frames to those additional MAC addresses are not forwarded to the vtnet(4) interface. Thus, only the first MAC address works. III. Impact A vtnet(4) network interface with two or more MAC addresses configured on it cannot receive frames to the addresses except for the first one when the FreeBSD kernel is running on QEMU 1.4.0 or later. For the first MAC address, the vtnet(4) interface works without problem even though the error message is displayed. The vtnet(4) driver is included in GENERIC kernel in FreeBSD 8.4-RELEASE. IV. Workaround The additional MAC addresses can work by setting the vtnet(4) network interface in promiscuous mode. The following command sets vtnet0 in promiscuous mode: # ifconfig vtnet0 promisc Note that this may lead to performance degradation. Or, the fixed version of the vtnet(4) driver can be installed as kernel module by using the Ports Collection (emulators/virtio-kmod). To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by removing all of the virtio(4) drivers before installing emulators/virtio-kmod. The following lines in kernel configuration file disable the drivers: nodevice virtio nodevice virtio_pci nodevice vtnet nodevice virtio_blk nodevice virtio_scsi nodevice virtio_balloon After recompilation and installing the new kernel and emulators/virtio-kmod, add the following lines to /boot/loader.conf. This enables the drivers by loading kernel modules which are installed by emulators/virtio-kmod at boot time. virtio_load="YES" virtio_pci_load="YES" virtio_blk_load="YES" if_vtnet_load="YES" virtio_balloon_load="YES" V. Solution Perform one of the following: 1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 8.4 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch # fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- head r251769 stable/9/ r252193 stable/8/ r252194 releng/8.4/ r252334 - ------------------------------------------------------------------------- VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw O3kAn0R36RIBdh45I+g/BPzjTimKMPza =8wlc -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306280603.r5S63Hhq025166>