-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-EN-13:02.vtnet                                          Errata Notice
                                                          The FreeBSD Project

Topic:		vtnet(4) network interface issue on QEMU 1.4.0 and later

Category:	core
Modules:	sys_dev
Announced:	2013-06-28
Credits:	Julian Stecklina and Bryan Venteicher
Affects:	FreeBSD 8.4
Corrected:	2013-06-15 03:55:04 UTC (head, 10.0-CURRENT)
		2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE)
		2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE)
		2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.

I.   Background

VirtIO is a specification for para-virtualized I/O in a virtual
machine.  The vtnet(4) network interface driver supports VirtIO
emulated Ethernet device.

QEMU is a generic and open source machine emulator and virtualizer.
It is included as a third-party package in FreeBSD Ports Collection
(emulators/qemu).

II.  Problem Description

The vtnet(4) network interface driver displays the following message
upon configuration when using QEMU 1.4.0 or later:

 vtnet0: error setting host MAC filter table

The interface works normally when the interface has one MAC address.
However, if it has two or more MAC addresses configured, frames to
those additional MAC addresses are not forwarded to the vtnet(4)
interface.  Thus, only the first MAC address works.

III. Impact

A vtnet(4) network interface with two or more MAC addresses configured
on it cannot receive frames to the addresses except for the first one
when the FreeBSD kernel is running on QEMU 1.4.0 or later.  For the
first MAC address, the vtnet(4) interface works without problem even
though the error message is displayed.

The vtnet(4) driver is included in GENERIC kernel in FreeBSD
8.4-RELEASE.

IV.  Workaround

The additional MAC addresses can work by setting the vtnet(4) network
interface in promiscuous mode.  The following command sets vtnet0 in
promiscuous mode:

 # ifconfig vtnet0 promisc

Note that this may lead to performance degradation.

Or, the fixed version of the vtnet(4) driver can be installed as
kernel module by using the Ports Collection (emulators/virtio-kmod).
To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by
removing all of the virtio(4) drivers before installing
emulators/virtio-kmod.  The following lines in kernel configuration
file disable the drivers:

 nodevice          virtio
 nodevice          virtio_pci
 nodevice          vtnet
 nodevice          virtio_blk
 nodevice          virtio_scsi
 nodevice          virtio_balloon

After recompilation and installing the new kernel and
emulators/virtio-kmod, add the following lines to /boot/loader.conf.
This enables the drivers by loading kernel modules which are installed
by emulators/virtio-kmod at boot time.

 virtio_load="YES"
 virtio_pci_load="YES"
 virtio_blk_load="YES"
 if_vtnet_load="YES"
 virtio_balloon_load="YES"

V.   Solution

Perform one of the following:

1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
   security branch dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 8.4 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch
# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

3) To update your vulnerable system via a binary patch:

Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
head                                                              r251769
stable/9/                                                         r252193
stable/8/                                                         r252194
releng/8.4/                                                       r252334
- -------------------------------------------------------------------------

VII. References

The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw
O3kAn0R36RIBdh45I+g/BPzjTimKMPza
=8wlc
-----END PGP SIGNATURE-----