Regression: spice usbredirect causes windows client to crash

Bug #1545821 reported by Ryan
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
qemu (Ubuntu)
Expired
High
Unassigned

Bug Description

I have been using Ubuntu 14.04.3 as the host OS for a series of Windows based VM clients (Windows XP SP3 32-bit and Windows 10 Pro - 64bit) and using 'spice-client-gtk' to proxy a usb device (a webcam). Everything is fine if I use:

hi qemu-keymaps 2.0.0+dfsg-2ubuntu1.19 all QEMU keyboard maps
hi qemu-kvm 2.0.0+dfsg-2ubuntu1.19 amd64 QEMU Full virtualization
hi qemu-system-common 2.0.0+dfsg-2ubuntu1.19 amd64 QEMU full system emulation binaries (common files)
hi qemu-system-x86 2.0.0+dfsg-2ubuntu1.19 amd64 QEMU full system emulation binaries (x86)
hi qemu-utils 2.0.0+dfsg-2ubuntu1.19 amd64 QEMU utilities

However, after I've upgraded to the latest stable version: 2.0.0+dfsg-2ubuntu1.22.

* I start 'spicy'
* Connect to the remote windows guest
* Choose the webcam to export

Thus, far everything is normal (the device connects). Once I try to use the webcam (from either skype or chrome) - I get a brief indeicator light from the webcam... then the Windows XP Guest blue-screens and the Windows 10 Pro Guest hardlocks.

I get no useful information from the Host's /var/log/syslog.

I've also tried to compile the latest version of remote-viewer from source (version 3.1). When, it tries to connect to 2.0.0+dfsg-2ubuntu1.22 the effect is the same, both windows guests crash. However, after I've downgraded to 2.0.0+dfsg-2ubuntu1.19 both 'spicy' and the compiled remote-version v3.1 work perfectly.

I also tried upgrading the usbdk version on the windows clients to the most recent version v1.0.12 (from http://www.spice-space.org/download/windows/usbdk/), but it had no effect. I also tried a series of different webcams, the result was the same.

Here is a list of the packages that caused the error:

ii qemu-keymaps 2.0.0+dfsg-2ubuntu1.22 all QEMU keyboard maps
ii qemu-kvm 2.0.0+dfsg-2ubuntu1.22 amd64 QEMU Full virtualization
ii qemu-system-common 2.0.0+dfsg-2ubuntu1.22 amd64 QEMU full system emulation binaries (common files)
ii qemu-system-x86 2.0.0+dfsg-2ubuntu1.22 amd64 QEMU full system emulation binaries (x86)
ii qemu-utils 2.0.0+dfsg-2ubuntu1.22 amd64 QEMU utilities

Here is the version of spicy, I've used with both 1.19 and 1.22:

ii libspice-client-glib-2.0-8:amd64 0.22-0nocelt2 amd64 GObject for communicating with Spice servers (runtime library)
ii libspice-client-gtk-2.0-4:amd64 0.22-0nocelt2 amd64 GTK2 widget for SPICE clients (runtime library)
ii libspice-server1:amd64 0.12.4-0nocelt2ubuntu1.2 amd64 Implements the server side of the SPICE protocol
ii spice-client-glib-usb-acl-helper 0.22-0nocelt2 amd64 Spice client glib usb acl helper
ii spice-client-gtk 0.22-0nocelt2 amd64 Simple clients for interacting with SPICE servers

My current work-around was to revert the qemu-* packages back to version 1.19. I don't know at which revision this error occurred, but it was somewhere between 1.20 and 1.22.

How to recreate the problem:
* Create a windows VM (it might also apply to other guest o/s)
* Install spice-client-gtk
* Configure the VM to use spice (https://people.freedesktop.org/~teuf/spice-doc/html/ch02s06.html)
* Start the VM
* Attach a webcam (or probably another other device)
* Within the VM start an application that uses the device (I'd used both Skype and https://www.onlinemictest.com/webcam-test-in-adobe-flash via google-chrome)

CVE References

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for submitting this bug report.

Based on the changelog entries, I would guess that this was introduced by the fix to CVE-2015-8619.

Could you verify that downgrading to 2.0.0+dfsg-2ubuntu1.21 also fixes it for you?

affects: qemu-kvm (Ubuntu) → qemu (Ubuntu)
Changed in qemu (Ubuntu):
importance: Undecided → High
Revision history for this message
Ryan (rkr-7) wrote :

I'm certainly willing to try, but I cannot find the debian qemu binaries for version 2.0.0+dfsg-2ubuntu1.21 (I only have 2.0.0+dfsg-2ubuntu1.19 cached locally).

Are these packages mirrored somewhere?

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1545821] Re: Regression: spice usbredirect causes windows client to crash
Revision history for this message
Ryan (rkr-7) wrote :

Excellent -- However, ATM I'm away on business and I won't be able to try this until next week.

I'll report my findings then.

Revision history for this message
Simon Déziel (sdeziel) wrote :

Hi Ryan, have you been able to test a downgrade to 2.0.0+dfsg-2ubuntu1.21?

Changed in qemu (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for qemu (Ubuntu) because there has been no activity for 60 days.]

Changed in qemu (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.