[ANNOUNCE] kvm-82 release

[ANNOUNCE] kvm-82 release

[Avi Kivity]

This release adds support for nested virtualization, a feature which 
allows you to run kvm (and possibly other hypervisors) inside a guest. 
This is an experimental feature and is only available on AMD hosts.

There are fixes included for a couple of minor vulnerabilities: one for 
the slirp stack (-net user), which is not usually used in production, 
and another in the vnc server, which allows malicious users to cause a 
VM to hang.

Changes from kvm-81:
- merge qemu-svn
   - uuid support
   - fix CVE-2007-5729 (slirp vulnerability)
   - fix CVE-2008-2382 (vnc denial of service)
   - better scsi support
   - pci subsystem id for pci devices
     - this will cause Windows guest to rediscover hardware
   - improved I/O parallelism
   - ppc kvm support
   - hpet support
     - not fully integrated yet
   - monitor 'info status' command
- merge bochs-bios-cvs
   - uuid support
   - prepare for S3 sleep
- merge vgabios-cvs
- much improved guest debugging (Jan Kiszka)
   - both debugger in guest and debugger in host
- fix kvm makefile for separate object dir (Andi Kleen)
- nested svm (Alexander Graf)
   - run kvm in kvm in kvm...
- fix ia64 register and stack access from userspace (Jes Sorensen)
- don't treat a global pte as global if cr4.pge is clear
   - fixes Vista x86 smp failure on boot
- properly lock virtual i8259 interrupt controller
- fix large host pages invlpg/resync
   - fixes oops when using host hugetlbfs
- fix vmload instruction misemulated as lidt


Notes:
     If you use the modules bundled with kvm-82, you can use any version
of Linux from 2.6.16 upwards.  You may also use kvm-81 userspace with
the kvm modules provided by Linux 2.6.25 or above.  Some features may
only be available in newer releases.

http://kvm.qumranet.com

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

Re: [ANNOUNCE] kvm-82 release

[Mark Bidewell]

When building KVM-82 on F10 I get the following errors:

make[2]: Entering directory `/usr/src/kernels/2.6.27.9-159.fc10.x86_64'
  LD      /opt/kvm-82/kernel/x86/built-in.o
  CC [M]  /opt/kvm-82/kernel/x86/svm.o
In file included from /opt/kvm-82/kernel/x86/external-module-compat.h:10,
                 from <command-line>:2:
/opt/kvm-82/kernel/x86/../external-module-compat-comm.h:587: error:
conflicting types for 'hrtimer_add_expires_ns'
include/linux/hrtimer.h:245: error: previous definition of
'hrtimer_add_expires_ns' was here
/opt/kvm-82/kernel/x86/../external-module-compat-comm.h:592: error:
conflicting types for 'hrtimer_get_expires'
include/linux/hrtimer.h:250: error: previous definition of
'hrtimer_get_expires' was here
/opt/kvm-82/kernel/x86/../external-module-compat-comm.h:597: error:
conflicting types for 'hrtimer_get_expires_ns'
include/linux/hrtimer.h:260: error: previous definition of
'hrtimer_get_expires_ns' was here
/opt/kvm-82/kernel/x86/../external-module-compat-comm.h:602: error:
conflicting types for 'hrtimer_start_expires'
include/linux/hrtimer.h:341: error: previous definition of
'hrtimer_start_expires' was here
make[4]: *** [/opt/kvm-82/kernel/x86/svm.o] Error 1
make[3]: *** [/opt/kvm-82/kernel/x86] Error 2
make[2]: *** [_module_/opt/kvm-82/kernel] Error 2
make[2]: Leaving directory `/usr/src/kernels/2.6.27.9-159.fc10.x86_64'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/opt/kvm-82/kernel'
make: *** [kernel] Error 2

Has anyone else seen this?

Mark Bidewell

On Thu, Dec 25, 2008 at 5:11 AM, Avi Kivity <avi@redhat.com> wrote:
> This release adds support for nested virtualization, a feature which allows
> you to run kvm (and possibly other hypervisors) inside a guest. This is an
> experimental feature and is only available on AMD hosts.
>
> There are fixes included for a couple of minor vulnerabilities: one for the
> slirp stack (-net user), which is not usually used in production, and
> another in the vnc server, which allows malicious users to cause a VM to
> hang.
>
> Changes from kvm-81:
> - merge qemu-svn
>  - uuid support
>  - fix CVE-2007-5729 (slirp vulnerability)
>  - fix CVE-2008-2382 (vnc denial of service)
>  - better scsi support
>  - pci subsystem id for pci devices
>    - this will cause Windows guest to rediscover hardware
>  - improved I/O parallelism
>  - ppc kvm support
>  - hpet support
>    - not fully integrated yet
>  - monitor 'info status' command
> - merge bochs-bios-cvs
>  - uuid support
>  - prepare for S3 sleep
> - merge vgabios-cvs
> - much improved guest debugging (Jan Kiszka)
>  - both debugger in guest and debugger in host
> - fix kvm makefile for separate object dir (Andi Kleen)
> - nested svm (Alexander Graf)
>  - run kvm in kvm in kvm...
> - fix ia64 register and stack access from userspace (Jes Sorensen)
> - don't treat a global pte as global if cr4.pge is clear
>  - fixes Vista x86 smp failure on boot
> - properly lock virtual i8259 interrupt controller
> - fix large host pages invlpg/resync
>  - fixes oops when using host hugetlbfs
> - fix vmload instruction misemulated as lidt
>
>
> Notes:
>    If you use the modules bundled with kvm-82, you can use any version
> of Linux from 2.6.16 upwards.  You may also use kvm-81 userspace with
> the kvm modules provided by Linux 2.6.25 or above.  Some features may
> only be available in newer releases.
>
> http://kvm.qumranet.com
>
> --
> I have a truly marvellous patch that fixes the bug which this
> signature is too narrow to contain.
>
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [ANNOUNCE] kvm-82 release

[Andreas Winkelbauer]

Mark Bidewell <mark.bidewell <at> alumni.clemson.edu> writes:

> 
> When building KVM-82 on F10 I get the following errors:
> 
> make[2]: Entering directory `/usr/src/kernels/2.6.27.9-159.fc10.x86_64'
>   LD      /opt/kvm-82/kernel/x86/built-in.o
>   CC [M]  /opt/kvm-82/kernel/x86/svm.o
> In file included from /opt/kvm-82/kernel/x86/external-module-compat.h:10,
>                  from <command-line>:2:
> /opt/kvm-82/kernel/x86/../external-module-compat-comm.h:587: error:
> conflicting types for 'hrtimer_add_expires_ns'
> include/linux/hrtimer.h:245: error: previous definition of
> 'hrtimer_add_expires_ns' was here
> ...
> make: *** [kernel] Error 2
> 
> Has anyone else seen this?

the same problem exists with the latest stock kernel on fedora 9.

you may comment out the conflicting definitions in
kvm-82/kernel/external-module-compat-comm.h to fix the build problem.

bye,
Andreas Winkelbauer

Re: [ANNOUNCE] kvm-82 release

[Farkas Levente]

Avi Kivity wrote:
> This release adds support for nested virtualization, a feature which
> allows you to run kvm (and possibly other hypervisors) inside a guest.
> This is an experimental feature and is only available on AMD hosts.
> 
> There are fixes included for a couple of minor vulnerabilities: one for
> the slirp stack (-net user), which is not usually used in production,
> and another in the vnc server, which allows malicious users to cause a
> VM to hang.

on centos-5, kernel/include-compat/asm/msr-index.h gives dozens of such
warnings during compile:
In file included from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include/asm/kvm_host.h:65,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include/linux/kvm_host.h:67,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/x86/lapic.c:60:
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include-compat/asm/msr-index.h:304:1:
warning: "MSR_P4_U2L_ESCR0" redefined
In file included from include/asm/processor.h:16,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include/asm/kvm_para.h:89,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include/linux/kvm_para.h:63,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/x86/../external-module-compat-comm.h:14,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/x86/external-module-compat.h:9,
                 from <command line>:1:
include/asm/msr.h:407:1: warning: this is the location of the previous
definition
In file included from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include/asm/kvm_host.h:65,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include/linux/kvm_host.h:67,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/x86/lapic.c:60:
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include-compat/asm/msr-index.h:305:1:
warning: "MSR_P4_U2L_ESCR1" redefined
In file included from include/asm/processor.h:16,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include/asm/kvm_para.h:89,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/include/linux/kvm_para.h:63,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/x86/../external-module-compat-comm.h:14,
                 from
/home/robot/rpm/BUILD/kvm-kmod-82/_kmod_build_/kernel/x86/external-module-compat.h:9,


-- 
  Levente                               "Si vis pacem para bellum!"