From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tokarev Subject: Re: Doubt on KVM-88 vulnerabilities Date: Tue, 10 Nov 2009 15:03:28 +0300 Message-ID: <4AF95690.1050208@msgid.tls.msk.ru> References: <20091108184240.GA29279@defiant.freesoftware> <4AF93AB8.3040504@redhat.com> <4AF94A2A.2020302@shiftmail.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Avi Kivity , kvm@vger.kernel.org To: Asdo Return-path: Received: from isrv.corpit.ru ([81.13.33.159]:35220 "EHLO isrv.corpit.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751870AbZKJMDZ (ORCPT ); Tue, 10 Nov 2009 07:03:25 -0500 In-Reply-To: <4AF94A2A.2020302@shiftmail.org> Sender: kvm-owner@vger.kernel.org List-ID: Asdo wrote: > Avi Kivity wrote: >> I recommend to use distro-provided modules (or kernel.org kernels >> within their support period) for production use. This ensures you get >> security and stability fixes. kvm-89 will fix these issues, but as >> it's a development snapshot, may introduce new issues. > > This is interesting. > > I prefer compiling from source especially for upgrading KVM on > production systems, because then I do not need to upgrade the kernel > (may introduce new stability issues on very new kernels) or the distro > (may introduce LOTS of new changes and stability issues on production > sytems). KVM is newer and evolves more rapidly than the kernel so it is > more beneficial to upgrade KVM than the rest of the kernel or distro There's no need to compile kvm _modules_ if you're using recent-enough kernel. I _fail_ to see why people are still using older and buggy modules from kvm-88 with kernels >=2.6.30 where these modules are more recent and with bugfixes. But that's entirely different point. > However for compiling from source I would need to know which versions of > KVM are "stable" and which are not. qemu-kvm-n.nn.n are stable releases. First stable release (0.10) already contained the fixes you mentioned. They're versioned exactly like kernel - 0.10.0, 0.10.1, ..., 0.10.6 like 2.6.27 .. 2.6.26.36 or what it is now. Current qemu-kvm is 0.11.0. > I see the 89 you tell about, is not released yet: > http://sourceforge.net/projects/kvm/files/ > So did you mean that 89 is not "yet" for production use or will "never" > be for production use? kvm-nn never was and never will be for production. They always has been and always will be nothing more than development snapshots. And the whole thing has been asked and answered numerous times here and elsewhere. /mjt