Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.167. qemu-kvm

Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM.
CVE-2013-4344
A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
This issue was discovered by Asias He of Red Hat.

Bug Fixes

BZ#974617
Previously, a counter variable was not correctly reset when restarting an allocating request for disk images using the qcow2 file format. Consequently, these disk images in the cluster allocation code were corrupted in some cases. This update changes the way the number of available clusters is counted in the qcow2 format, and qcow2 disks are no longer corrupted in the described scenario.
BZ#927336
Due to an integer overflow in calculations, the qemu-kvm utility was reporting incorrect memory size on QMP (QEMU Machine Protocol) event when using Virtio Balloon Driver with more than 4 GB of memory. A patch has been provided to fix this bug, and qemu-kvm now reports the correct amount of current RAM.
BZ#917860
Previously, smart card emulation for Microsoft Windows XP and Microsoft Windows 7 guests failed due to inconsistent Answer To Reset (ATR) file length with a smart card Input/Output device error. This update creates an ATR file length with appropriate historical bytes, and disables USB signaling when necessary. Now, smart card emulation works, and failures no longer occur in the aforementioned scenario.
BZ#916020
Previously, the qemu-kvm utility did not enable the IOeventFD feature, which caused the IOeventFD support for virtio-blk devices to be silently disabled. This update enables the IOeventFD feature, and the IOeventFD support for virtio-blk devices works as expected.

Enhancements

BZ#670162
A new feature for removing the backing file using the qemu-img rebase command has been implemented. Now, no data loss will occur when running the qemu-img rebase command.
BZ#963420
Red Hat Enterprise Linux 6.5 brings read-only support for VHDX (Hyper-V virtual hard disk), image formats, as created by Microsoft Hyper-V.
BZ#960685
Red Hat Enterprise Linux 6.5 brings a number of improvements on read-only support for VMDK (Virtual Machine Disk), image file formats, including its sub-formats, as created by many VMware Virtualization products.
BZ#848070
Updated support for GlusterFS in QEMU allows native access to GlusterFS volumes using the libgfapi library instead of through a locally mounted FUSE file system. This native approach offers considerable performance improvements.
BZ#884253
Support of Volume Control from within Microsoft Windows Guests has been implemented. Users can now fully control the volume level on Microsoft Windows XP guests using the AC'97 codec.
BZ#914802
Support for dumping metadata of virtual disks has been implemented with this update. Third-party applications running on the host are now able to read guest image contents without knowing the details of the QCOW2 image format. This can be used together with the Linux device mapper to access QCOW2 images as Linux block devices.
BZ#911569
Similarly to the Windows VSS (Visual SourceSafe) version, application-consistent snapshots can now be created with the use of scripts that attach to the QEMU guest agent running on the guest. These scripts can notify applications which would flush their data to the disk during a freeze or thaw operation, thus allowing consistent snapshots to be taken.

Note

VNC password authentication is disabled when the system is operating in FIPS (Federal Information Processing Standards) mode.
All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Updated qemu-kvm packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM.

Bug Fixes

BZ#1025596
Recent changes to the block layer resulted in a disk I/O performance degradation due to the way block length is calculated and cached internally. This update improves the logic for calculating such lengths and restores performance to the expected levels.
BZ#1029327
Due to a regression, the "qemu-img info" command took too much time to respond with the "cluster_size=512,preallocation=metadata" option. This bug has been fixed and "qemu-img info" now responds within one second.
BZ#1029327
On images created with very small non-standard cluster sizes (for example, 512 bytes), the "qemu-img info" command could take a long time to respond if run immediately after an image creation. This bug has been fixed, and "qemu-img info" now works as expected.
BZ#1029329
When doing live migration with the "--copy-storage-all" option, the virsh user interface failed with the following error message:
"error: Unable to read from monitor: Connection reset by peer"
This bug, caused by a regression, has been fixed, and live migration now finishes successfully.
BZ#1028252
Previously, qemu (for example, the "qemu-img info" command) could not open VMWare ESX image files. A patch fixing this bug has been provided, and ESX images are now handled correctly.
Users of qemu-kvm are advised to upgrade to these updated packages, which fix these bugs.