Skip to content
Permalink
Browse files

CHANGELOG: add note on vhost vulnerability

Signed-off-by: Jim Harris <james.r.harris@intel.com>
Change-Id: Id47256ecfc5d774e7d8054423cda32a90f0c4f76

Reviewed-on: https://review.gerrithub.io/c/442929
Chandler-Test-Pool: SPDK Automated Test System <sys_sgsw@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Darek Stojaczyk <dariusz.stojaczyk@intel.com>
Reviewed-by: Tomasz Zawadzki <tomasz.zawadzki@intel.com>
  • Loading branch information...
jimharris authored and darsto committed Feb 1, 2019
1 parent ce75af2 commit eca42c66092b9031711afe215fbc1891ee55f143
Showing with 7 additions and 0 deletions.
  1. +7 −0 CHANGELOG.md
@@ -191,6 +191,13 @@ block devices. The module is split into the library (located in lib/ftl) and bde

### vhost

A security vulnerability has been identified and fixed in the SPDK vhost target. A malicious
vhost client (i.e. virtual machine) could carefully construct a circular descriptor chain which
would result in a partial denial of service in the SPDK vhost target. These types of descriptor
chains are now properly detected by the vhost target. All SPDK vhost users serving untrusted
vhost clients are strongly recommended to upgrade. (Reported by Dima Stepanov and Evgeny
Yakovlev.)

Vhost SCSI and Vhost Block devices can now accept multiple connections on the same socket file.
Each connection (internally called a vhost session) will have access to the same storage, but
will use different virtqueues, different features and possibly different memory.

0 comments on commit eca42c6

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.