From: Daniel Bareiro <daniel-listas@gmx.net>
To: KVM General <kvm@vger.kernel.org>
Subject: Re: Doubt on KVM-88 vulnerabilities
Date: Mon, 14 Dec 2009 08:08:32 -0300 [thread overview]
Message-ID: <20091214110832.GA2977@defiant.freesoftware> (raw)
In-Reply-To: <4AF93AB8.3040504@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1871 bytes --]
Hi, Avi.
On Tuesday, 10 November 2009 12:04:40 +0200,
Avi Kivity wrote:
>> I'm using KVM-88 compiled by myself from the source code provided by the
>> official site of the project.
>>
>> Is this version of KVM vulnerable to the mentioned thing in the
>> DSA-1907-1 [1]?
> Yes.
>> In such case, there is some published patch that can be
>> applied or some new version that solves this?
> I recommend to use distro-provided modules (or kernel.org kernels within
> their support period) for production use. This ensures you get security
> and stability fixes. kvm-89 will fix these issues, but as it's a
> development snapshot, may introduce new issues.
Minutes ago I've downloaded of kernel.org the source code of Linux 2.6.32
because I wanted to test with KSM, that it seems to me a very
interesting aggregate. As you said above, surely the modules of
2.6.32 are going to be newer than the compiled ones with KVM-88 with
security fixes like the one of the DSA-1907-1.
Then, I imagine that only it would be necessary to compile the
userspace. The steps that I habitually followed are the mentioned ones
in the section 'Unpacking and configuring kvm components' of this [1]
document, but I suppose that to only compile userspace it will be
necessary to follow a different procedure. Is there some document that
you can indicate to me where are mentioned these steps?
Very interesting the replies in this thread. It drew attention
powerfully to me which Michael Tokarev said that KVM never was and
never will be for production. Personally I'm using KVM-88 with 2.6.30
and it works wonderfully well.
Thanks for your reply.
Regards,
Daniel
[1] http://www.linux-kvm.org/page/HOWTO1
--
Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37
Powered by Debian GNU/Linux Squeeze - Linux user #188.598
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
next prev parent reply other threads:[~2009-12-14 11:08 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-08 18:42 Doubt on KVM-88 vulnerabilities Daniel Bareiro
2009-11-10 10:04 ` Avi Kivity
2009-11-10 11:10 ` Asdo
2009-11-10 12:03 ` Michael Tokarev
2009-11-10 14:19 ` Asdo
2009-11-10 14:42 ` Michael Tokarev
2009-11-10 15:05 ` Asdo
2009-11-10 16:25 ` Jan Kiszka
2009-12-14 11:08 ` Daniel Bareiro [this message]
2009-12-14 17:36 ` Daniel Bareiro
2009-12-14 18:39 ` Avi Kivity
2009-12-14 21:07 ` Daniel Bareiro
2009-12-15 1:56 ` Daniel Bareiro
2009-12-15 10:03 ` Avi Kivity
2009-12-14 18:38 ` Avi Kivity
2009-12-14 23:27 ` Daniel Bareiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091214110832.GA2977@defiant.freesoftware \
--to=daniel-listas@gmx.net \
--cc=dbareiro@gmx.net \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox