From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tokarev Subject: Re: Doubt on KVM-88 vulnerabilities Date: Tue, 10 Nov 2009 17:42:51 +0300 Message-ID: <4AF97BEB.8020406@msgid.tls.msk.ru> References: <20091108184240.GA29279@defiant.freesoftware> <4AF93AB8.3040504@redhat.com> <4AF94A2A.2020302@shiftmail.org> <4AF95690.1050208@msgid.tls.msk.ru> <4AF97689.1070503@shiftmail.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: Asdo Return-path: Received: from isrv.corpit.ru ([81.13.33.159]:51142 "EHLO isrv.corpit.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756044AbZKJOmr (ORCPT ); Tue, 10 Nov 2009 09:42:47 -0500 In-Reply-To: <4AF97689.1070503@shiftmail.org> Sender: kvm-owner@vger.kernel.org List-ID: Asdo wrote: > Thanks for your reply, > sorry to get you angry, but there are still things which are not clear > to me. Well, today wasn't my best day. You're right the documentation on the matter is nearly non-existing. [] > 3) Everyone here mentions to upgrade the userspace part only. That > sounds strange to me because in all kernelmode+usermode applications I > have seen up to now, the usermode part was just there to drive the > kernelmode part (basically parse commandline parameters and communicate > them to the kernel) Ok I understand that in KVM also the emulated In kvm it's the opposite. Kernel part is very small and the interface does not change as frequently. It's basically just a wrapper around the CPU VT extensions. [] > But what about stable kernel modules? > > Are these the kvm-kmod's? Yes. > And besides, the versioning of kvm-kmod's are not obvious to me: I see > these ones at sourceforge: > > 2.6.31.5 > 2.6.30 > 2.6.30.1 > 2.6.30-rc8 > 2.6.30-rc6 > > I don't undestand why they are numbered like the kernel, that's > strange... More specifically, this is the question: If I have a kernel > version N, what kvm-kmod can I compile in it? If I can just compile > version N, then it's useless because that's identical to the kvm.ko I > already had. Or can I compile kvm-kmod 2.6.31.5 in my kernel 2.6.24? > That's a strange version numbering... why haven't you used the same > numbering as for qemu-kvm? Because such numbering proved to be confusing, and you are confused by it too. The above numbers means just like, kvm-kmod from kernel 2.6.30.1 (say), but "ported" to a wider range of kernels. kvm-kmod is being developed as part of kernel. Btw, 2.6.24 and in fact anything before ~2.6.28 might be problematic for real kvm usage, due to other parts of the kernel. Applies to both host and guest kernels. /mjt