4.83. kvm

Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.

Security Fixes

CVE-2012-0029
A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.
CVE-2011-4622
A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situation to occur, resulting in the host crashing.
Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.
All KVM users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect.
Updated kvm packages that resolve one security issue, and fix several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
KVM (Kernel-base Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.

Security Fixes

CVE-2011-4347
It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.
Red Hat would like to thank Sasha Levin for reporting this issue.

Bug Fixes

BZ#700281
Due to leaking file descriptors, if a Network Interface Card (NIC) was attached to or detached from a guest machine more than 250 times, KVM failed with the following error message:
get_real_device: /sys/bus/pci/devices/0000:09:00.0/resource: Too many open files
The problem has been fixed, and NIC can now be successfully attached to or detached from a guest machine more than 250 times.
BZ#701616
When booting a guest with more than 8 PCI devices, QEMU exits with the following message:
Too many assigned devices
However, when hot plugging PCI devices, the limitation of maximum number of devices assigned did not take effect, and the user could hot plug more than 8 PCI devices. QEMU has been modified to refuse to assign the ninth and any further hot plugged PCI devices with the aforementioned error message.
BZ#703335
Previously, the mktime() function incorrectly modified an input parameter according to the time zone of the host machine. As a consequence, if the user did not use Network Time Protocol (NTP) and the time zone on the host machine was set to "America/New_York", time displayed on the clock of a guest machine was shifted one hour forward on the first reboot. With this update, mktime() is not used if UTC time is specified, and the correct time is displayed in the aforementioned scenario.
BZ#703446
When the user booted a guest machine with a virtual Intel e1000 network interface card (NIC) and changed the maximum transmission unit (MTU) value, the guest machine could not be pinged from the host machine. With this update, multi-buffer packets are now supported, and the guest machine can be pinged successfully.
BZ#704081
Previously, variables that represented RAM addresses were declared as the "long" data type. Large numbers (guests with large memory defined) could lead to overflow, and consequently cause screen corruption or cause the utility to terminate unexpectedly with a segmentation fault. With this update, variables that represent RAM addresses are declared as the "ram_addr_t" data type, and the aforementioned problems no longer occur on guests with large memory defined.
BZ#725629
Previously, asynchronous I/O (aio) threads were created by threads of the virtual CPU. If the affinity of the virtual CPU was set, asynchronous I/O threads inherited this affinity. This could, in certain cases, lead to unexpectedly high latency of the virtual machines. With this update, asynchronous I/O threads are created by the main thread, and therefore inherit the main thread's affinity instead of the affinity of the virtual CPU. This ensures proper responses of virtual machines.
BZ#725876
Previously, the kvm utility did not properly emulate the real-time clock (RTC) alarm interrupts (AIE) on host machines running Red Hat Enterprise Linux 5. Newer kernels use AIE interrupts exclusively for RTC functionality (including update interrupt, or UIE, mode). As a consequence, if the user ran a guest machine with a recent kernel on the Red Hat Enterprise Linux 5 host, various bugs could manifest. Among these, for example, the following message could appear when running the hwclock utility:
select() to /dev/rtc to wait for clock tick timed out
This update adds support for the AIE mode emulation, so that UIE and AIE mode interrupts now work properly and applications run as expected.
BZ#751482
During the boot process inside the qemu-kvm utility, the screen was resized to the height of 1. A mouse click at this point caused a division by zero (the SIGFPE signal was sent) when calculating the absolute position of the pointer from the pixel. As a consequence, qemu-kvm terminated with the "Floating point exception" error. With this update, mouse click coordinates are forced to return values from the middle of the screen, so that qemu-kvm no longer terminates in the described scenario.
All KVM users should upgrade to these updated packages, which contain backported patches to correct this issue and fix these bugs.

Important

The following procedure must be performed before this update will take effect:
  1. Stop all KVM guest virtual machines.
  2. Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd.
  3. Restart the KVM guest virtual machines.