4.81. kvm

Updated kvm packages that fix one bug are now available for Red Hat Enterprise Linux 5.
[Updated 16 May 2012] This advisory has been updated with the correct description for bug 802429. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.

Bug Fix

BZ#802429
An accounting error in the I/O thread subsystem in QEMU could, under certain circumstances, lead to I/O stalls on the guest. This would typically cause the guest to become unresponsive. With this update, the accounting error has been corrected, and I/O stalls no longer occur in this scenario.
All users of kvm are advised to upgrade to these updated packages, which fix this bug. Note that the procedure in the Solution section must be performed before this update will take effect.
Updated kvm packages that fix various bugs are now available for Red Hat Enterprise Linux 5.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.

Bug Fixes

BZ#814096
Under certain circumstances, the qemu-kvm utility tried to invalidate an incorrect physical memory block, which resulted in qemu-kvm to terminate unexpectedly with a segmentation fault. The code has been fixed and the crashes no longer occur.
BZ#684745
Previously, when an I/O error occurred on a KVM host, the guest running on it became paused. After the guest was migrated to another host, the guest could not be properly resumed. Consequently, it was impossible to log in to the guest via SSH or a console. This bug has been fixed and migrated guests can now be resumed as expected.
BZ#782631
Due to an accounting error in the QEMU I/O thread subsystem, I/O delays were occurring on guests, which were observed as unresponsive for the time of the delay. This bug has been fixed and the delays no longer occur.
BZ#805676
Due to an incompatibility between previously used encryption modes and FIPS mode, it was impossible to start KVM guests when running kernel in FIPS mode. With this update, VNC password authentication is disabled when the host system is operating in FIPS mode, and QEMU exits and returns an error message if it is configured to run as a password-authenticated VNC server. If QEMU is configured to run as an unauthenticated VNC server, it will work as expected.
BZ#838466
Previously, the typeperf command of the virtualized Microsoft Windows Server 2008 Service Pack 2 for the x86 architecture with the SQL Server 2005 Service Pack 3 installed returned an invalid value for the Processor Time. This bug has been fixed and typeperf now returns a correct value.
BZ#761350
Previously, a simple counter was used to track GSIs (Global System Interrupts) that were given to devices. Consequently, when a hot plug or unplug operation was performed approximately 30 times on certain Ethernet controllers in a Microsoft Windows Server 2008 guest on the AMD64 and Intel 64 architectures, the controller driver returned a large number of error messages on incorrectly deallocated MSI-X table entries. This update uses a bitmap to track GSIs and the errors no longer occur.
BZ#843683
Previously, KVM did not provide receive overrun status information, which is used for virtual serial devices. Consequently, virtual machines using a serial console redirection became unresponsive on startup. This update implements receive overrun status and the hangs no longer occur.
BZ#829040
Due to a coding bug, the masking in the device assignment function was invalid. Consequently, the KVM device assignment bridge test could break virtual function of certain devices that implement BAR (Base Address Register) resources. This bug has been fixed and the test now works as expected.
BZ#781922
Under certain circumstances, implementation of the Realtek 8139 Ethernet driver allowed the qemu-kvm utility to attempt to allocate unlimited buffer size. If it happened, qemu-kvm terminated unexpectedly with a glib error, unable to allocate such a buffer. This update limits the transmission buffer size of the driver, thus fixing this bug.
BZ#819413
Previously, it was possible to shut down a guest using the system_powerdown command even if the "-no-shutdown" option was specified on the command line. This bug has been fixed and "-no-shutdown" is now handled properly.
Users of KVM are advised to upgrade to these updated packages, which fix these bugs. Note that the procedure in the Solution section must be performed before this update will take effect.
Updated kvm packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.

Security Fixes

CVE-2012-1601
A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU (VCPU) already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host.
CVE-2012-2121
A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host.

Bug Fix

BZ#816207
An off-by-one error in the QEMU guest's memory management could, in rare cases, cause QEMU-KVM to crash due to a segmentation fault in tb_invalidate_phys_page_range() if a device initiated DMA into a specific guest address. In a reported case, this issue presented on a system that had a guest using the 8139cp network driver.
All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note that the procedure in the Solution section must be performed before this update will take effect.
Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.

Security Fix

CVE-2012-3515
A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.
This flaw did not affect the default use of KVM. Affected configurations were:
* When guests were started from the command line ("/usr/libexec/qemu-kvm"), and without specifying a serial or parallel device that specifically does not use a virtual console (vc) back-end. (Note that Red Hat does not support invoking "qemu-kvm" from the command line on Red Hat Enterprise Linux 5.)
* Guests that were managed via libvirt, such as when using Virtual Machine Manager (virt-manager), but that have a serial or parallel device that uses a virtual console back-end. By default, guests managed via libvirt will not use a virtual console back-end for such devices.
Red Hat would like to thank the Xen project for reporting this issue.
All KVM users should upgrade to these updated packages, which correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.