From: Daniel Bareiro <daniel-listas@gmx.net>
To: KVM General <kvm@vger.kernel.org>
Subject: Re: Doubt on KVM-88 vulnerabilities
Date: Mon, 14 Dec 2009 14:36:07 -0300 [thread overview]
Message-ID: <20091214173607.GA7639@defiant.freesoftware> (raw)
In-Reply-To: <20091214110832.GA2977@defiant.freesoftware>
[-- Attachment #1: Type: text/plain, Size: 2208 bytes --]
On Monday, 14 December 2009 08:08:32 -0300,
Daniel Bareiro wrote:
> > I recommend to use distro-provided modules (or kernel.org kernels
> > within their support period) for production use. This ensures you
> > get security and stability fixes. kvm-89 will fix these issues,
> > but as it's a development snapshot, may introduce new issues.
> Minutes ago I've downloaded of kernel.org the source code of Linux
> 2.6.32 because I wanted to test with KSM, that it seems to me a very
> interesting aggregate. As you said above, surely the modules of 2.6.32
> are going to be newer than the compiled ones with KVM-88 with security
> fixes like the one of the DSA-1907-1.
>
> Then, I imagine that only it would be necessary to compile the
> userspace. The steps that I habitually followed are the mentioned ones
> in the section 'Unpacking and configuring kvm components' of this [1]
> document, but I suppose that to only compile userspace it will be
> necessary to follow a different procedure. Is there some document that
> you can indicate to me where are mentioned these steps?
According to I found looking for in Internet, qemu-kvm does not include
the kernel modules but only the userspace and it is considered to be
stable. I've downloaded qemu-kvm-0.11.0 and I build it with 'make' and
'make install' like did with kvm-nn but it seems that KSM is not
working:
root@ubuntu:~# uname -a
Linux ubuntu 2.6.32-dgb #1 SMP Mon Dec 14 06:18:06 ART 2009 x86_64 GNU/Linux
root@ubuntu:~# cat /sys/kernel/mm/ksm/max_kernel_pages
253738
root@ubuntu:~# cat /sys/kernel/mm/ksm/run
1
root@ubuntu:~# cat /sys/kernel/mm/ksm/pages_sharing
0
root@ubuntu:~# cat /sys/kernel/mm/ksm/pages_shared
0
Is it possible that there is to apply a patch on some of the files of
qemu-kvm-0.11.0? At least a fast search in the files does not show some
definition of MADV_MERGEABLE.
Also I have understood that it must exist support of KSM on glibc. I'm
using ubuntu Hardy Heron. Is it possible that this support is not
enabled?
Regards,
Daniel
--
Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37
Powered by Debian GNU/Linux Squeeze - Linux user #188.598
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
next prev parent reply other threads:[~2009-12-14 17:36 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-08 18:42 Doubt on KVM-88 vulnerabilities Daniel Bareiro
2009-11-10 10:04 ` Avi Kivity
2009-11-10 11:10 ` Asdo
2009-11-10 12:03 ` Michael Tokarev
2009-11-10 14:19 ` Asdo
2009-11-10 14:42 ` Michael Tokarev
2009-11-10 15:05 ` Asdo
2009-11-10 16:25 ` Jan Kiszka
2009-12-14 11:08 ` Daniel Bareiro
2009-12-14 17:36 ` Daniel Bareiro [this message]
2009-12-14 18:39 ` Avi Kivity
2009-12-14 21:07 ` Daniel Bareiro
2009-12-15 1:56 ` Daniel Bareiro
2009-12-15 10:03 ` Avi Kivity
2009-12-14 18:38 ` Avi Kivity
2009-12-14 23:27 ` Daniel Bareiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091214173607.GA7639@defiant.freesoftware \
--to=daniel-listas@gmx.net \
--cc=dbareiro@gmx.net \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.