From: Michael Tokarev <mjt@tls.msk.ru>
To: Asdo <asdo@shiftmail.org>
Cc: kvm@vger.kernel.org
Subject: Re: Doubt on KVM-88 vulnerabilities
Date: Tue, 10 Nov 2009 17:42:51 +0300 [thread overview]
Message-ID: <4AF97BEB.8020406@msgid.tls.msk.ru> (raw)
In-Reply-To: <4AF97689.1070503@shiftmail.org>
Asdo wrote:
> Thanks for your reply,
> sorry to get you angry, but there are still things which are not clear
> to me.
Well, today wasn't my best day.
You're right the documentation on the matter is nearly non-existing.
[]
> 3) Everyone here mentions to upgrade the userspace part only. That
> sounds strange to me because in all kernelmode+usermode applications I
> have seen up to now, the usermode part was just there to drive the
> kernelmode part (basically parse commandline parameters and communicate
> them to the kernel) Ok I understand that in KVM also the emulated
In kvm it's the opposite. Kernel part is very small and the interface
does not change as frequently. It's basically just a wrapper around
the CPU VT extensions.
[]
> But what about stable kernel modules?
>
> Are these the kvm-kmod's?
Yes.
> And besides, the versioning of kvm-kmod's are not obvious to me: I see
> these ones at sourceforge:
>
> 2.6.31.5
> 2.6.30
> 2.6.30.1
> 2.6.30-rc8
> 2.6.30-rc6
>
> I don't undestand why they are numbered like the kernel, that's
> strange... More specifically, this is the question: If I have a kernel
> version N, what kvm-kmod can I compile in it? If I can just compile
> version N, then it's useless because that's identical to the kvm.ko I
> already had. Or can I compile kvm-kmod 2.6.31.5 in my kernel 2.6.24?
> That's a strange version numbering... why haven't you used the same
> numbering as for qemu-kvm?
Because such numbering proved to be confusing, and you are confused by
it too. The above numbers means just like, kvm-kmod from kernel 2.6.30.1
(say), but "ported" to a wider range of kernels. kvm-kmod is being
developed as part of kernel.
Btw, 2.6.24 and in fact anything before ~2.6.28 might be problematic for
real kvm usage, due to other parts of the kernel. Applies to both
host and guest kernels.
/mjt
next prev parent reply other threads:[~2009-11-10 14:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-08 18:42 Doubt on KVM-88 vulnerabilities Daniel Bareiro
2009-11-10 10:04 ` Avi Kivity
2009-11-10 11:10 ` Asdo
2009-11-10 12:03 ` Michael Tokarev
2009-11-10 14:19 ` Asdo
2009-11-10 14:42 ` Michael Tokarev [this message]
2009-11-10 15:05 ` Asdo
2009-11-10 16:25 ` Jan Kiszka
2009-12-14 11:08 ` Daniel Bareiro
2009-12-14 17:36 ` Daniel Bareiro
2009-12-14 18:39 ` Avi Kivity
2009-12-14 21:07 ` Daniel Bareiro
2009-12-15 1:56 ` Daniel Bareiro
2009-12-15 10:03 ` Avi Kivity
2009-12-14 18:38 ` Avi Kivity
2009-12-14 23:27 ` Daniel Bareiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AF97BEB.8020406@msgid.tls.msk.ru \
--to=mjt@tls.msk.ru \
--cc=asdo@shiftmail.org \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.