From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Bareiro Subject: Re: Doubt on KVM-88 vulnerabilities Date: Mon, 14 Dec 2009 20:27:24 -0300 Message-ID: <20091214232724.GC7639@defiant.freesoftware> References: <20091108184240.GA29279@defiant.freesoftware> <4AF93AB8.3040504@redhat.com> <20091214110832.GA2977@defiant.freesoftware> <4B268610.4000008@redhat.com> Reply-To: dbareiro@gmx.net Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KN5l+BnMqAQyZLvT" To: KVM General Return-path: Received: from mail.gmx.net ([213.165.64.20]:48094 "HELO mail.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1750905AbZLNX1b (ORCPT ); Mon, 14 Dec 2009 18:27:31 -0500 Received: from defiant (defiant.freesoftware [10.1.0.65]) by hermes.freesoftware (Postfix) with ESMTP id 893109B6 for ; Mon, 14 Dec 2009 20:28:50 -0300 (ART) Content-Disposition: inline In-Reply-To: <4B268610.4000008@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: --KN5l+BnMqAQyZLvT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Avi. On Monday, 14 December 2009 20:38:08 +0200, Avi Kivity wrote: >> Then, I imagine that only it would be necessary to compile the >> userspace. > It is not necessary to rebuild userspace, unless you want to use new > features. Good. Then if we did not need new features and we only want to apply security fixes, installing kvm-kmod would be sufficient? Backing, for example, to the DSA-1907-1 [1] with KVM-88 and Linux 2.6.30.4 from kernel.org, under this situation what version of kvm-kmod would have to build? I remember that when I did the compilation at that time I had to apply the patch mentioned in this [2] thread. This no longer would be necessary? The dependencies for kvm-kmod are the same that for kvm-nn? I guess that during the building of the new modules, the virtual machines would have to be down. Is this correct? >> The steps that I habitually followed are the mentioned ones in the >> section 'Unpacking and configuring kvm components' of this [1] >> document, but I suppose that to only compile userspace it will be >> necessary to follow a different procedure. Is there some document >> that you can indicate to me where are mentioned these steps? > I suggest downloading qemu-kvm-0.12.0-rc2. All you need is a > ./configure; make; make install. I forgot to mention 'configure' in the other mail, although also I had used it. Thanks to indicate the procedure to me. With the packages mentioned in the dependencies for kvm-nn [3], it seems that it was sufficient, although perhaps now it is not necessary to install all. Now I'm having the problem that told you when I doing 'make'. >> Very interesting the replies in this thread. It drew attention >> powerfully to me which Michael Tokarev said that KVM never was and >> never will be for production. Personally I'm using KVM-88 with 2.6.30 >> and it works wonderfully well. > I doubt he meant kvm is not for production use. It can be, or perhaps he didn't have a good day, as he said :-D > Instead, the development snapshots are not meant for production use > (as they do not receive updates, for example). Instead, use the > modules and userspace provided by your distribution, or the kvm-kmod > and qemu-kvm packages. Thanks for the explanation. Thanks for your reply. Regards, Daniel [1] http://lists.debian.org/debian-security-announce/2009/msg00229.html [2] http://thread.gmane.org/gmane.comp.emulators.kvm.devel/36981/focus=3D36= 985 [3] http://www.linux-kvm.org/page/HOWTO1 --=20 Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37 Powered by Debian GNU/Linux Lenny - Linux user #188.598 --KN5l+BnMqAQyZLvT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksmydwACgkQZpa/GxTmHTeRcgCeN4lAVVl6xnLFHDt/npWiXnKY AwUAn3wdgqX+4pUumu8tejgpiyxDSMB/ =qzkU -----END PGP SIGNATURE----- --KN5l+BnMqAQyZLvT--