Update vmm-sys-util and its users for CVE-2023-50711 by backporting upstream
commit 8382687b88f8dd1ae60526f40175aefc8ae3aa13.
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,4 +11,4 @@
lto = true
[patch.crates-io]
-kvm-bindings = { git = "https://github.com/firecracker-microvm/kvm-bindings", tag = "v0.6.0-2", features = ["fam-wrappers"] }
+kvm-bindings = { git = "https://github.com/firecracker-microvm/kvm-bindings", tag = "v0.7.0-1", features = ["fam-wrappers"] }
--- a/src/firecracker/Cargo.toml
+++ b/src/firecracker/Cargo.toml
@@ -14,7 +14,7 @@
[dependencies]
displaydoc = "0.2.4"
-event-manager = "0.3.0"
+event-manager = "0.4.0"
libc = "0.2.151"
log-instrument = { path = "../log-instrument", optional = true }
serde_json = "1.0.108"
--- a/src/snapshot/Cargo.toml
+++ b/src/snapshot/Cargo.toml
@@ -11,7 +11,7 @@
[dependencies]
libc = "0.2.117"
-versionize = "0.1.10"
+versionize = "0.2.0"
versionize_derive = "0.1.6"
thiserror = "1.0.32"
displaydoc = "0.2.4"
--- a/src/utils/Cargo.toml
+++ b/src/utils/Cargo.toml
@@ -14,10 +14,10 @@
serde = { version = "1.0.165", features = ["derive"] }
thiserror = "1.0.32"
displaydoc = "0.2.4"
-versionize = "0.1.10"
+versionize = "0.2.0"
versionize_derive = "0.1.6"
-vmm-sys-util = "0.11.2"
-vm-memory = { version = "0.13.0", features = ["backend-mmap", "backend-bitmap"] }
+vmm-sys-util = "0.12.0"
+vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-bitmap"] }
log-instrument = { path = "../log-instrument", optional = true }
[dev-dependencies]
--- a/src/vmm/Cargo.toml
+++ b/src/vmm/Cargo.toml
@@ -12,13 +12,13 @@
rand = "0.8.5"
bitflags = "2.0.2"
derive_more = { version = "0.99.17", default-features = false, features = ["from", "display"] }
-event-manager = "0.3.0"
-kvm-bindings = { version = "0.6.0", features = ["fam-wrappers"] }
-kvm-ioctls = "0.15.0"
+event-manager = "0.4.0"
+kvm-bindings = { version = "0.7.0", features = ["fam-wrappers"] }
+kvm-ioctls = "0.16.0"
lazy_static = "1.4.0"
libc = "0.2.117"
memfd = "0.6.3"
-linux-loader = "0.10.0"
+linux-loader = "0.11.0"
serde = { version = "1.0.136", features = ["derive", "rc"] }
semver = { version = "1.0.17", features = ["serde"] }
serde_json = "1.0.78"
@@ -26,12 +26,12 @@
thiserror = "1.0.32"
displaydoc = "0.2.4"
userfaultfd = "0.8.1"
-versionize = "0.1.10"
+versionize = "0.2.0"
versionize_derive = "0.1.6"
-vhost = { version = "0.9.0", features = ["vhost-user-frontend"] }
+vhost = { version = "0.10.0", features = ["vhost-user-frontend"] }
vm-allocator = "0.1.0"
vm-superio = "0.7.0"
-vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-bitmap"] }
+vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-bitmap"] }
log = { version = "0.4.17", features = ["std", "serde"] }
aes-gcm = { version = "0.10.1", default-features = false, features = ["aes"] }
base64 = "0.21.0"
--- a/src/vmm/src/vstate/vcpu/mod.rs
+++ b/src/vmm/src/vstate/vcpu/mod.rs
@@ -496,7 +496,7 @@
VcpuExit::SystemEvent(event_type, event_flags) => match event_type {
KVM_SYSTEM_EVENT_RESET | KVM_SYSTEM_EVENT_SHUTDOWN => {
info!(
- "Received KVM_SYSTEM_EVENT: type: {}, event: {}",
+ "Received KVM_SYSTEM_EVENT: type: {}, event: {:?}",
event_type, event_flags
);
Ok(VcpuEmulation::Stopped)
@@ -504,7 +504,7 @@
_ => {
METRICS.vcpu.failures.inc();
error!(
- "Received KVM_SYSTEM_EVENT signal type: {}, flag: {}",
+ "Received KVM_SYSTEM_EVENT signal type: {}, flag: {:?}",
event_type, event_flags
);
Err(VcpuError::FaultyKvmExit(format!(
@@ -752,24 +752,24 @@
)
);
- *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(2, 0)));
+ *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(2, &[])));
let res = vcpu.run_emulation();
assert!(res.is_ok());
assert_eq!(res.unwrap(), VcpuEmulation::Stopped);
- *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(1, 0)));
+ *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(1, &[])));
let res = vcpu.run_emulation();
assert!(res.is_ok());
assert_eq!(res.unwrap(), VcpuEmulation::Stopped);
- *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(3, 0)));
+ *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(3, &[])));
let res = vcpu.run_emulation();
assert!(res.is_err());
assert_eq!(
format!("{:?}", res.unwrap_err()),
format!(
"{:?}",
- EmulationError::FaultyKvmExit("SystemEvent(3, 0)".to_string())
+ EmulationError::FaultyKvmExit("SystemEvent(3, [])".to_string())
)
);
--- a/tests/integration_tests/functional/test_shut_down.py
+++ b/tests/integration_tests/functional/test_shut_down.py
@@ -6,6 +6,8 @@
import platform
import time
+from packaging import version
+
from framework import utils
@@ -56,7 +58,12 @@
assert len(datapoints) == 2
if platform.machine() != "x86_64":
- vm.check_log_message("Received KVM_SYSTEM_EVENT: type: 2, event: 0")
+ message = (
+ "Received KVM_SYSTEM_EVENT: type: 2, event: [0]"
+ if version.parse(utils.get_kernel_version()) >= version.parse("5.18")
+ else "Received KVM_SYSTEM_EVENT: type: 2, event: []"
+ )
+ vm.check_log_message(message)
vm.check_log_message("Vmm is stopping.")
# Make sure that the FC process was not killed by a seccomp fault