Commit eca42c66 authored by Jim Harris's avatar Jim Harris Committed by Darek Stojaczyk
Browse files

CHANGELOG: add note on vhost vulnerability 



Signed-off-by: default avatarJim Harris <james.r.harris@intel.com>
Change-Id: Id47256ecfc5d774e7d8054423cda32a90f0c4f76

Reviewed-on: https://review.gerrithub.io/c/442929


Chandler-Test-Pool: SPDK Automated Test System <sys_sgsw@intel.com>
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarDarek Stojaczyk <dariusz.stojaczyk@intel.com>
Reviewed-by: default avatarTomasz Zawadzki <tomasz.zawadzki@intel.com>
parent ce75af21

CHANGELOG.md

+7 −0
Original line number Diff line number Diff line
@@ -191,6 +191,13 @@ block devices. The module is split into the library (located in lib/ftl) and bde 


### vhost



A security vulnerability has been identified and fixed in the SPDK vhost target.  A malicious

vhost client (i.e. virtual machine) could carefully construct a circular descriptor chain which

would result in a partial denial of service in the SPDK vhost target.  These types of descriptor

chains are now properly detected by the vhost target.  All SPDK vhost users serving untrusted

vhost clients are strongly recommended to upgrade. (Reported by Dima Stepanov and Evgeny

Yakovlev.)



Vhost SCSI and Vhost Block devices can now accept multiple connections on the same socket file.

Each connection (internally called a vhost session) will have access to the same storage, but

will use different virtqueues, different features and possibly different memory.