From: Michael Tokarev <mjt@tls.msk.ru>
To: Asdo <asdo@shiftmail.org>
Cc: Avi Kivity <avi@redhat.com>, kvm@vger.kernel.org
Subject: Re: Doubt on KVM-88 vulnerabilities
Date: Tue, 10 Nov 2009 15:03:28 +0300 [thread overview]
Message-ID: <4AF95690.1050208@msgid.tls.msk.ru> (raw)
In-Reply-To: <4AF94A2A.2020302@shiftmail.org>
Asdo wrote:
> Avi Kivity wrote:
>> I recommend to use distro-provided modules (or kernel.org kernels
>> within their support period) for production use. This ensures you get
>> security and stability fixes. kvm-89 will fix these issues, but as
>> it's a development snapshot, may introduce new issues.
>
> This is interesting.
>
> I prefer compiling from source especially for upgrading KVM on
> production systems, because then I do not need to upgrade the kernel
> (may introduce new stability issues on very new kernels) or the distro
> (may introduce LOTS of new changes and stability issues on production
> sytems). KVM is newer and evolves more rapidly than the kernel so it is
> more beneficial to upgrade KVM than the rest of the kernel or distro
There's no need to compile kvm _modules_ if you're using recent-enough
kernel. I _fail_ to see why people are still using older and buggy
modules from kvm-88 with kernels >=2.6.30 where these modules are more
recent and with bugfixes. But that's entirely different point.
> However for compiling from source I would need to know which versions of
> KVM are "stable" and which are not.
qemu-kvm-n.nn.n are stable releases. First stable release (0.10)
already contained the fixes you mentioned. They're versioned exactly
like kernel - 0.10.0, 0.10.1, ..., 0.10.6 like 2.6.27 .. 2.6.26.36 or
what it is now. Current qemu-kvm is 0.11.0.
> I see the 89 you tell about, is not released yet:
> http://sourceforge.net/projects/kvm/files/
> So did you mean that 89 is not "yet" for production use or will "never"
> be for production use?
kvm-nn never was and never will be for production. They always has been
and always will be nothing more than development snapshots.
And the whole thing has been asked and answered numerous times here
and elsewhere.
/mjt
next prev parent reply other threads:[~2009-11-10 12:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-08 18:42 Doubt on KVM-88 vulnerabilities Daniel Bareiro
2009-11-10 10:04 ` Avi Kivity
2009-11-10 11:10 ` Asdo
2009-11-10 12:03 ` Michael Tokarev [this message]
2009-11-10 14:19 ` Asdo
2009-11-10 14:42 ` Michael Tokarev
2009-11-10 15:05 ` Asdo
2009-11-10 16:25 ` Jan Kiszka
2009-12-14 11:08 ` Daniel Bareiro
2009-12-14 17:36 ` Daniel Bareiro
2009-12-14 18:39 ` Avi Kivity
2009-12-14 21:07 ` Daniel Bareiro
2009-12-15 1:56 ` Daniel Bareiro
2009-12-15 10:03 ` Avi Kivity
2009-12-14 18:38 ` Avi Kivity
2009-12-14 23:27 ` Daniel Bareiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AF95690.1050208@msgid.tls.msk.ru \
--to=mjt@tls.msk.ru \
--cc=asdo@shiftmail.org \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.