Comment 20 for bug 1612089

If it is of any help, Stefan Hajnoczi has been working with me to help fix the regressions introduced by the CVE-2016-5403 fix (upstream QEMU commit afd9096, which is in 2.6.1 stable release) in a follow-up 2.6.2 release.

So far the following patches have been identified as being needed in order to correct the behavior introduced with the CVE fix. The upstream QEMU commit IDs are:

commit bccdef6b1a204db0f41ffb6e24ce373e4d7890d4
Author: Stefan Hajnoczi <email address hidden>
Date: Mon Aug 15 13:54:15 2016 +0100

    virtio: recalculate vq->inuse after migration

commit 58a83c61496eeb0d31571a07a51bc1947e3379ac
Author: Stefan Hajnoczi <email address hidden>
Date: Mon Aug 15 13:54:16 2016 +0100

    virtio: decrement vq->inuse in virtqueue_discard()

commit 4b7f91ed0270a371e1933efa21ba600b6da23ab9
Author: Stefan Hajnoczi <email address hidden>
Date: Wed Sep 7 11:51:25 2016 -0400

    virtio: zero vq->inuse in virtio_reset()

commit 104e70cae78bd4afd95d948c6aff188f10508a9c
Author: Ladi Prosek <email address hidden>
Date: Wed Sep 7 17:20:47 2016 +0200

    virtio-balloon: discard virtqueue element on reset

I believe it is the last of these which addresses the issue reported in this bug.