Debian Bug report logs - #920897
SPICE session's connection_id's are not unique

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Philip Pum <Philip.Pum@radarservices.com>

To: "submit@bugs.debian.org" <submit@bugs.debian.org>

Subject: SPICE session's connection_id's are not unique

Date: Wed, 30 Jan 2019 11:21:54 +0000

[Message part 1 (text/plain, inline)]

Package: qemu-system-x86

Version: 1:2.8+dfsg-6+deb9u4


When creating a virtual machine with qemu (e.g. via libvirt) including a SPICE server, the client_id of the SPICE session is not unique. For example, starting multiple virtual machines on the same libvirtd, the client_id is the same for all virtual machine's SPICE sessions.


A description of the client_id can be found in

https://www.spice-space.org/static/docs/spice_protocol.pdf under section 2.11. c) :


"UINT32 connection_id - In case of a new session (i.e., channel type is RED_CHANNEL_MAIN) this field is set to zero, and in response the server will allocate session id and will send it via the RedLinkReply message. In case of all other channel types, this field will be equal to the allocated session id"


The relevant code for generating client ids in libspice-server1 can be found here: https://gitlab.freedesktop.org/spice/spice/blob/v0.12.8/server/reds.c#L1614

This uses rand() to generate the random id, but qemu (at least in the case of qemu-system-x86) fails to initialize the RNG seed (with e.g. srand()).


The result is, that every SPICE session started (by e.g. libvirtd) has the same client_id. Usually, this is not a problem, but running something like a SPICE proxy, relying on the client_id to correctly route connections, this creates problems.


Adding something like 'srand(time(NULL));' to qemu (in vl.c) solves this issue. Related (as seen in some VNC patches, e.g. 'CVE-2017-15124/04-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch/ui/vnc.c' ):  srand(time(NULL)+getpid()+getpid()*987654+rand());


Tested on Debian 9.7 with kernel  4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux.

[Message part 2 (text/html, inline)]

[smime.p7s (application/pkcs7-signature, attachment)]

Message #12 received at 920897@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: Philip Pum <Philip.Pum@radarservices.com>, 920897@bugs.debian.org

Subject: Re: Bug#920897: SPICE session's connection_id's are not unique

Date: Sun, 10 Feb 2019 20:52:31 +0300

Control: forwarded -1 https://www.mail-archive.com/qemu-devel@nongnu.org/msg591958.html
Control: tag -1 + moreinfo

30.01.2019 14:21, Philip Pum wrote:
> Package: qemu-system-x86
> 
> Version: 1:2.8+dfsg-6+deb9u4
> 
> 
> When creating a virtual machine with qemu (e.g. via libvirt) including a SPICE server, the client_id of the SPICE session is not unique. For example, 
> starting multiple virtual machines on the same libvirtd, the client_id is the same for all virtual machine's SPICE sessions.

Accoring to upstream, this is either not a bug or even if this is "fixed",
it is not sufficient to distinguish different connections from _different_
spice servers.

So I'm not really sure what to do here. To me this is notabug. Opinions?

Thanks,

/mjt

Message #21 received at 920897@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 920897@bugs.debian.org

Subject: Re: Bug#920897: SPICE session's connection_id's are not unique

Date: Fri, 16 Dec 2022 09:43:26 +0300

Control: tag -1 + wontfix

..
> Accoring to upstream, this is either not a bug or even if this is "fixed",
> it is not sufficient to distinguish different connections from _different_
> spice servers.
> 
> So I'm not really sure what to do here. To me this is notabug. Opinions?

It's been almost 4 years. Let's mark it "wontfix" until more info comes.

/mjt

Send a report that this bug log contains spam.