-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-13:02.vtnet Errata Notice
The FreeBSD Project
Topic: vtnet(4) network interface issue on QEMU 1.4.0 and later
Category: core
Modules: sys_dev
Announced: 2013-06-28
Credits: Julian Stecklina and Bryan Venteicher
Affects: FreeBSD 8.4
Corrected: 2013-06-15 03:55:04 UTC (head, 10.0-CURRENT)
2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE)
2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE)
2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
I. Background
VirtIO is a specification for para-virtualized I/O in a virtual
machine. The vtnet(4) network interface driver supports VirtIO
emulated Ethernet device.
QEMU is a generic and open source machine emulator and virtualizer.
It is included as a third-party package in FreeBSD Ports Collection
(emulators/qemu).
II. Problem Description
The vtnet(4) network interface driver displays the following message
upon configuration when using QEMU 1.4.0 or later:
vtnet0: error setting host MAC filter table
The interface works normally when the interface has one MAC address.
However, if it has two or more MAC addresses configured, frames to
those additional MAC addresses are not forwarded to the vtnet(4)
interface. Thus, only the first MAC address works.
III. Impact
A vtnet(4) network interface with two or more MAC addresses configured
on it cannot receive frames to the addresses except for the first one
when the FreeBSD kernel is running on QEMU 1.4.0 or later. For the
first MAC address, the vtnet(4) interface works without problem even
though the error message is displayed.
The vtnet(4) driver is included in GENERIC kernel in FreeBSD
8.4-RELEASE.
IV. Workaround
The additional MAC addresses can work by setting the vtnet(4) network
interface in promiscuous mode. The following command sets vtnet0 in
promiscuous mode:
# ifconfig vtnet0 promisc
Note that this may lead to performance degradation.
Or, the fixed version of the vtnet(4) driver can be installed as
kernel module by using the Ports Collection (emulators/virtio-kmod).
To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by
removing all of the virtio(4) drivers before installing
emulators/virtio-kmod. The following lines in kernel configuration
file disable the drivers:
nodevice virtio
nodevice virtio_pci
nodevice vtnet
nodevice virtio_blk
nodevice virtio_scsi
nodevice virtio_balloon
After recompilation and installing the new kernel and
emulators/virtio-kmod, add the following lines to /boot/loader.conf.
This enables the drivers by loading kernel modules which are installed
by emulators/virtio-kmod at boot time.
virtio_load="YES"
virtio_pci_load="YES"
virtio_blk_load="YES"
if_vtnet_load="YES"
virtio_balloon_load="YES"
V. Solution
Perform one of the following:
1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 8.4 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch
# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
head r251769
stable/9/ r252193
stable/8/ r252194
releng/8.4/ r252334
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw
O3kAn0R36RIBdh45I+g/BPzjTimKMPza
=8wlc
-----END PGP SIGNATURE-----