yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1526831] Fix merged to nova (master)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1526831@xxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Feb 2016 19:14:16 -0000
Reply-to: Bug 1526831 <1526831@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Reviewed:  https://review.openstack.org/258614
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=82bf282dd599d9c1528a34a032513e6721ae9876
Submitter: Jenkins
Branch:    master

commit 82bf282dd599d9c1528a34a032513e6721ae9876
Author: Lucian Petrut <lpetrut@xxxxxxxxxxxxxxxxxxxxxx>
Date:   Mon Dec 7 12:09:22 2015 +0200

    HyperV: Set disk serial number for attached volumes
    
    Setting the disk serial number allows us to easily map volumes
    with the according virtual disk resources.
    
    This is required for the Fibre Channel support implementation, as
    well for the patch fixing the swapped VM disks after host reboot.
    
    Co-Authored-By: Alin Balutoiu <abalutoiu@xxxxxxxxxxxxxxxxxxxxxx>
    
    Partial-Bug: #1526831
    Depends-On: I7faf798aa7c1c306ac641f4364b1407b80b40b09
    Change-Id: I5a91c12eb54d8539e30598e617eb9f036fbba843


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1526831

Title:
  Hyper-V: swapped disks after host reboot

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  This issue is being treated as a potential security risk under
  embargo. Please do not make any public mention of embargoed (private)
  security vulnerabilities before their coordinated publication by the
  OpenStack Vulnerability Management Team in the form of an official
  OpenStack Security Advisory. This includes discussion of the bug or
  associated fixes in public forums such as mailing lists, code review
  systems and bug trackers. Please also avoid private disclosure to
  other individuals not already approved for access to this information,
  and provide this same reminder to those who are made aware of the
  issue prior to publication. All discussion should remain confined to
  this private bug report, and any proposed fixes should be added to the
  bug as attachments.

  --

  As the disk number of iSCSI attached disks can change after host
  reboot, passthrough attached volumes can get attached in this case.

  This bug was partially fixed during Icehouse by this patch:
  https://review.openstack.org/95356

  One of the issues with this patch is that it only handles SCSI
  attached disks, for which reason this issue continues to occur when
  having generation 1 VMs booted from volume, in which case the disk
  will be placed on the IDE controller.

  In this case, one instance may end up booting from another tenant's
  volume, which is a critical security issue.

  Also, it assumes that the block device info volume order matches the
  according disk controller slot order, which is wrong.

  Related bug: https://bugs.launchpad.net/nova/+bug/1322926

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1526831/+subscriptions