From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Bareiro Subject: Re: Doubt on KVM-88 vulnerabilities Date: Mon, 14 Dec 2009 14:36:07 -0300 Message-ID: <20091214173607.GA7639@defiant.freesoftware> References: <20091108184240.GA29279@defiant.freesoftware> <4AF93AB8.3040504@redhat.com> <20091214110832.GA2977@defiant.freesoftware> Reply-To: dbareiro@gmx.net Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+" To: KVM General Return-path: Received: from mail.gmx.net ([213.165.64.20]:52038 "HELO mail.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S932226AbZLNRgO (ORCPT ); Mon, 14 Dec 2009 12:36:14 -0500 Received: from defiant (defiant.freesoftware [10.1.0.65]) by hermes.freesoftware (Postfix) with ESMTP id C78F99B6 for ; Mon, 14 Dec 2009 14:37:33 -0300 (ART) Content-Disposition: inline In-Reply-To: <20091214110832.GA2977@defiant.freesoftware> Sender: kvm-owner@vger.kernel.org List-ID: --8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Monday, 14 December 2009 08:08:32 -0300, Daniel Bareiro wrote: > > I recommend to use distro-provided modules (or kernel.org kernels > > within their support period) for production use. This ensures you > > get security and stability fixes. kvm-89 will fix these issues, > > but as it's a development snapshot, may introduce new issues. > Minutes ago I've downloaded of kernel.org the source code of Linux > 2.6.32 because I wanted to test with KSM, that it seems to me a very > interesting aggregate. As you said above, surely the modules of 2.6.32 > are going to be newer than the compiled ones with KVM-88 with security > fixes like the one of the DSA-1907-1. >=20 > Then, I imagine that only it would be necessary to compile the > userspace. The steps that I habitually followed are the mentioned ones > in the section 'Unpacking and configuring kvm components' of this [1] > document, but I suppose that to only compile userspace it will be > necessary to follow a different procedure. Is there some document that > you can indicate to me where are mentioned these steps? According to I found looking for in Internet, qemu-kvm does not include the kernel modules but only the userspace and it is considered to be stable. I've downloaded qemu-kvm-0.11.0 and I build it with 'make' and 'make install' like did with kvm-nn but it seems that KSM is not working: root@ubuntu:~# uname -a Linux ubuntu 2.6.32-dgb #1 SMP Mon Dec 14 06:18:06 ART 2009 x86_64 GNU/Linux root@ubuntu:~# cat /sys/kernel/mm/ksm/max_kernel_pages 253738 root@ubuntu:~# cat /sys/kernel/mm/ksm/run 1 root@ubuntu:~# cat /sys/kernel/mm/ksm/pages_sharing 0 root@ubuntu:~# cat /sys/kernel/mm/ksm/pages_shared 0 Is it possible that there is to apply a patch on some of the files of qemu-kvm-0.11.0? At least a fast search in the files does not show some definition of MADV_MERGEABLE. Also I have understood that it must exist support of KSM on glibc. I'm using ubuntu Hardy Heron. Is it possible that this support is not enabled? Regards, Daniel --=20 Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37 Powered by Debian GNU/Linux Squeeze - Linux user #188.598 --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksmd4cACgkQZpa/GxTmHTfIuQCfS1OzG2okeiLIKQiGV0TLNI51 drQAniMwawWXIDqN/jLOdyT9gV/V6fig =wp99 -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+--