Re: Doubt on KVM-88 vulnerabilities

[Daniel Bareiro <daniel-listas@gmx.net>]

[-- Attachment #1: Type: text/plain, Size: 2670 bytes --]

Hi, Avi.

On Monday, 14 December 2009 20:38:08 +0200,
Avi Kivity wrote:

>> Then, I imagine that only it would be necessary to compile the
>> userspace.

> It is not necessary to rebuild userspace, unless you want to use new
> features.

Good. Then if we did not need new features and we only want to apply
security fixes, installing kvm-kmod would be sufficient?

Backing, for example, to the DSA-1907-1 [1] with KVM-88 and Linux
2.6.30.4 from kernel.org, under this situation what version of kvm-kmod
would have to build? I remember that when I did the compilation at that
time I had to apply the patch mentioned in this [2] thread. This no
longer would be necessary?

The dependencies for kvm-kmod are the same that for kvm-nn?

I guess that during the building of the new modules, the virtual
machines would have to be down. Is this correct?

>> The steps that I habitually followed are the mentioned ones in the
>> section 'Unpacking and configuring kvm components' of this [1]
>> document, but I suppose that to only compile userspace it will be
>> necessary to follow a different procedure. Is there some document
>> that you can indicate to me where are mentioned these steps?

> I suggest downloading qemu-kvm-0.12.0-rc2.  All you need is a
> ./configure; make; make install.

I forgot to mention 'configure' in the other mail, although also I had
used it. Thanks to indicate the procedure to me. With the packages
mentioned in the dependencies for kvm-nn [3], it seems that it was
sufficient, although perhaps now it is not necessary to install all.

Now I'm having the problem that told you when I doing 'make'.

>> Very interesting the replies in this thread. It drew attention
>> powerfully to me which Michael Tokarev said that KVM never was and
>> never will be for production. Personally I'm using KVM-88 with 2.6.30
>> and it works wonderfully well.

> I doubt he meant kvm is not for production use.

It can be, or perhaps he didn't have a good day, as he said :-D

> Instead, the development snapshots are not meant for production use
> (as they do not receive updates, for example).  Instead, use the
> modules and userspace provided by your distribution, or the kvm-kmod
> and qemu-kvm packages.

Thanks for the explanation.

Thanks for your reply.

Regards,
Daniel

[1] http://lists.debian.org/debian-security-announce/2009/msg00229.html
[2] http://thread.gmane.org/gmane.comp.emulators.kvm.devel/36981/focus=36985
[3] http://www.linux-kvm.org/page/HOWTO1
-- 
Fingerprint: BFB3 08D6 B4D1 31B2 72B9  29CE 6696 BF1B 14E6 1D37
Powered by Debian GNU/Linux Lenny - Linux user #188.598

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]