RHBA-2015:2546 - Bug Fix Advisory

Topic

Updated qemu-kvm-rhev packages that fix several bugs and add various enhancements are now available.

Description

KVM (Kernel-based Virtual Machine) is a virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides
the user-space component for running virtual machines using KVM.

Notable enhancements:

• The high-watermark allocation of any block device holding qcow2 can be

viewed with drive-mirror. (BZ#1158094)

• A new event reports if block device usage exceeds a given threshold.

(BZ#1181648)

• The guest memory dump can be extracted from the qemu-kvm core dump.

(BZ#1194304)

• There are two new machine types, pc-i440fx-rhel7.2.0 and rhel-6.6.0. (BZ#1210050, BZ#1189712)
• qemu-kvm now logs failures for device ROM to libvirt. (BZ#1210516)
• vfio can now use the type1 v2 IOMMU interface. (BZ#1210519)
• A new notification allows a guest to automatically release a

vfio-pci device when an unbind attempt is made. (BZ#1210520)

Notable fixes:

• The guest kernel issued a spurious warning when unplugging a PCI device.

(BZ#1058321)

• qemu-img help was missing vhdx and iscsi in the list of supported

formats. (BZ#1122778 )

• Incorrect colors were displayed on virtual VGA with a ppc64le guest

on a ppc64 host. (BZ#1146809)

• qemu core dumped when adding hotplug memory a second time. (BZ#1152875)
• When a Windows guest was booted with the "-numa node" option, it was

not possible to hotplug vCPUs. (BZ#162080)

• qemu-kvm could not cancel a migration in the source host when the network

of the destination host failed. (BZ#1167197)

• It was possible to overcommit host memory, which caused the qemu-kvm-rhev

process to quit. (BZ#1167765)

• Stale data could be transferred and cause a crash if a ppc64 guest was

rebooted during a live migration. (BZ#1168446)

• QEMU core dumped when doing a ping-pong migration to file for an LE

guest. (BZ#1169230)

• The guest time was changed if the host time changed or after a

migration. (BZ#1170132, BZ#1171700)

• There was a Segfault at spapr_tce_table_finalize. (BZ#1170934)
• Migration failed when a RHEL guest was configured with OVMF BIOS.

(BZ#1175099)

• An endian issue on a ppc64le guest with data-plane caused reboot

failures. (BZ#1177094)

• Capslock did not perform the expected shift / key combination.

(BZ#1177131)

• The kvm_stat command failed on a ppc system with an AttributeError.

(BZ#1177710)

• Setting a PCI pass-through device to a large or a negative value caused

improper behavior. (BZ#1181409)

• The memory added by the pc-dimm device was not included in the total

memory size known by the balloon. (BZ#1186428)

• When a guest was configured with the virtio console device, hotplugging

a guest agent device caused the qemu and libvirtd processes to crash.
(BZ#1192775)

• bdrv_make_zero passed an nb_sectors value to bdrv_write_zeroes which

was too large and returned an invalid argument error. (BZ#1196688)

• A better error message has been added for the BLOCK_IO_ERROR event.

(BZ#1199174)

• qemu's websocket frame decoder processed incoming frames without

limiting resources for the header and payload. An attacker able to access
a guest's VNC console could trigger a denial of service on the host.
(CVE-2015-1779)

• Hot plugging and unplugging a VF for a guest on SR-IOV multiple times

caused qemu to crash. (BZ#1208464)

• There were errors for loading state for an instance when migrating

guests with apic or intel-hda devices. (BZ#1209300, BZ#1209793)

• An unknown ramblock error caused migration from RHEL 7.2 to fail.

(BZ#1209798)

• irqfd broke the network with an LE guest and an LE host. (BZ#1210188)
• An overrun error after readlink() caused the buffer to fill completely.

(BZ#1210517)

• The runstate has been updated when an AER error occurs. (BZ#1210518)
• MTRRs are now properly synced with qemu when an instance is reset or

migrated. (BZ#1210521)

• An out-of-bounds memory access flaw in qemu's virtual Floppy Disk

Controller could allow a privileged guest user to crash the guest or
execute arbitrary code on the host. (CVE-2015-3456)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Virtualization 3 for RHEL 7 x86_64

Fixes

• BZ - 616772 - feature request: virtio-serial needs a callback to notify device that to guest queue is not full
• BZ - 894956 - floppy can not be recognized by Windows guest (q35)
• BZ - 970544 - hot-plugging serial device with no chardev option exits qemu
• BZ - 987312 - Display mess when boot guest w/ multiple display devices
• BZ - 1006651 - qemu should give a more friendly prompt when didn't specify read-only for VHDX format disk
• BZ - 1049108 - qemu-kvm do not check media while '-drive' only specified 'serial' with '-M q35'
• BZ - 1058321 - qemu-kvm-rhev: Qemu: Q35: hw: pci: use after free triggered via guest [rhel-7.2]
• BZ - 1103313 - RFE: configure guest NUMA node locality for guest PCI devices
• BZ - 1128992 - Spiceport character device is not reliable caused domain shutoff
• BZ - 1135385 - execute query-block QMP command fail to list the NBD storage backend file/filename
• BZ - 1135772 - Qemu should prevent the configuration of 'AMD & threads>1'
• BZ - 1136382 - block: Mirroring to raw block device doesn't zero out unused blocks
• BZ - 1151043 - qemu-img shows error message for backing file twice
• BZ - 1152875 - qemu core dumped when hotplug memory twice with size=0.1G option
• BZ - 1154937 - qemu-img fail to open the big vdi format disk image with 'Invalid argument' error
• BZ - 1158094 - tracing allocation high-watermark of drive-mirror
• BZ - 1160169 - Segfault occurred at Dst VM while completed migration upon ENOSPC
• BZ - 1161393 - qemu-img: Assert for 'amend -o compat=0.10' command on the fuzzed image
• BZ - 1162080 - "-numa node" option cause windows guest can not online hot-added CPUs
• BZ - 1165534 - balloon: improve error message when adding second device
• BZ - 1167197 - qemu-kvm can not cancel migration in src host when network of dst host failed
• BZ - 1167765 - qemu-kvm-rhev process quit when hotplugging memory size overcommit host memory
• BZ - 1170132 - Guest time could change with host time even specify the guest clock as "-rtc base=utc,clock=vm,..."
• BZ - 1170934 - Segfault at spapr_tce_table_finalize(): QLIST_REMOVE(tcet, list)
• BZ - 1171700 - 'hwclock' in destination guest returns to base '2006-06-06' after migration
• BZ - 1172583 - [Power KVM] Qemu monitor command don't support {"execute":"qom-get","arguments":{"path":"/machine","property":"rtc-time"}}
• BZ - 1175099 - [migration]migration failed when configure guest with OVMF bios + machine type=rhel6.5.0
• BZ - 1177094 - endian issue due to ppc64le guest w/ data-plane
• BZ - 1177131 - capslock does not perform shift and key combination
• BZ - 1177597 - can not use PS/2 mouse on migration destination
• BZ - 1177710 - Command 'kvm_stat' couldn't be executecd on PPC rhel system
• BZ - 1179555 - qemu-kvm Segmentation fault when switch runlevel 5 to runlevel 3 inside RHEL6 guest
• BZ - 1181409 - PCI pass-through device works improperly due to the PHB's index being set to a big value
• BZ - 1181648 - [RFE] Add an event to report if a block device usage exceeds a threshold.
• BZ - 1185750 - qemu crash when try to save a vm have 2097152M vgamem
• BZ - 1186402 - Haswell and Broadwell CPU models contain unavailable features (HLE and RTM)
• BZ - 1186428 - memory balloon doesn't take hotplugged memory into account
• BZ - 1188200 - hotplugged vcpu is not consistent with guest NUMA topology
• BZ - 1192775 - Qemu and Libvirtd crash while do hot-plug guest agent with guest configured with virtio console
• BZ - 1196688 - bdrv_make_zero() passes a too large nb_sectors value to bdrv_write_zeroes()
• BZ - 1197993 - migration fail as qemu-kvm: load of migration failed: Invalid argument
• BZ - 1198016 - qemu will hang when specify "-realtime mlock=on" and "-sandbox on" at the same time
• BZ - 1198936 - wdt_i6300esb immediately fires on big endian (ppc64)
• BZ - 1199039 - with -object memory-backend-ram and -sandbox on, the guest will fail
• BZ - 1200685 - RHEL6 64bit guest hangs during boot on 7.2 host when default VCPU->NUMA mapping is used
• BZ - 1203914 - qemu's i6300esb watchdog implementation will trigger immediately if timeout is set sufficiently large
• BZ - 1204696 - Expose PM system states in fw_cfg file on Q35
• BZ - 1207034 - QEMU segfault when doing unaligned zero write to non-512 disk
• BZ - 1208464 - qemu crash when hot-unplug a VF on SR-IOV
• BZ - 1208555 - qcow2_update_header corrupts metadata if backing file was overridden
• BZ - 1209300 - migration: 7.2 (2.2.x) -> 7.1: error while loading state for instance 0x1 of device 'apic'
• BZ - 1209793 - migration: 7.1->7.2 error while loading state for instance 0x0 of device '0000:00:04.0/intel-hda'
• BZ - 1209798 - migration: 7.2->7.1 qemu-kvm: Unknown ramblock "/rom@etc/acpi/rsdp", cannot accept migration (7.2 machine type)
• BZ - 1210050 - Add pc-i440fx-rhel7.2.0 machine type
• BZ - 1210516 - vfio improve PCI ROM loading error handling
• BZ - 1210517 - vfio: Fix overrun after readlink() fills buffer completely
• BZ - 1210518 - vfio: use correct runstate
• BZ - 1210519 - vfio: Use vfio type1 v2 IOMMU interface
• BZ - 1210520 - vfio-pci: Enable device request notification support
• BZ - 1210521 - Sync MTRRs with KVM and disable on reset
• BZ - 1210715 - migration/rdma: 7.1->7.2: RDMA ERROR: ram blocks mismatch #3!
• BZ - 1211689 - atomic live snapshots are not atomic with dataplane-backed devices
• BZ - 1211970 - smart card emulation doesn't work with USB3 (nec-xhci) controller
• BZ - 1215087 - migration: 7.2->earlier; serial compatibility
• BZ - 1215088 - migration: 7.2->earlier; mc146818rtc compatibility
• BZ - 1215091 - migration: 7.2->earlier; floppy compatibility
• BZ - 1215092 - migration: 7.2->earlier: pckbd compatibility
• BZ - 1215618 - Unhelpful error message on Power when SMT is enabled
• BZ - 1219090 - vfio-pci - post QEMU2.3 fixes, error sign + BAR overflow
• BZ - 1221425 - qemu crash when hot-plug a memory device
• BZ - 1221943 - On_crash events didn't work when using guest's pvpanic device
• BZ - 1222834 - We ship incomplete QMP documentation
• BZ - 1223317 - BSod occurs When installing latest Windows Enterprise Insider 10 and windows server 2016 Preview
• BZ - 1224542 - unsupported devices need to be disabled in qemu-kvm-rhev after rebasing to 2.3.0
• BZ - 1225980 - Package tscdeadline_latency.flat with qemu-kvm-rhev
• BZ - 1226297 - qcow2 crash during discard operation
• BZ - 1226809 - Overflow in malloc size calculation in VMDK driver
• BZ - 1226996 - qcow2: Fix minimum L2 cache size
• BZ - 1227282 - tighten conditions for board-implied FDC in pc-q35-rhel7.2.0+
• BZ - 1227343 - [virtio-1] QEMU Virtio-1 Support
• BZ - 1228574 - Add RHEL7.2 machine type in QEMU for PPC64LE
• BZ - 1229073 - [graphical framebuffer]Start guest failed when VNC listen on IPV6 address
• BZ - 1230550 - [abrt] qemu-system-x86: __memcmp_sse4_1(): qemu-system-x86_64 killed by SIGSEGV
• BZ - 1232308 - [abrt] qemu-system-x86: qemu_ram_alloc(): qemu-system-x86_64 killed by SIGABRT
• BZ - 1232570 - Qcow2 preallocation options Falloc, full missing in RHEL7.1 qemu-kvm-rhev
• BZ - 1233826 - issueing drive-mirror command causes monitor unresponsive
• BZ - 1235813 - block/curl: Fix generic "Input/output error" on failure
• BZ - 1236447 - Update qemu-kvm-rhev package for new SLOF
• BZ - 1237034 - Error prompt while booting with vfio-pci device
• BZ - 1237220 - Fail to create NUMA guest with <nosharepages/>
• BZ - 1238141 - [virtio-win][pvpanic]win10-32 guest can not detect pvpanic device in device manager
• BZ - 1238585 - drive-mirror has spurious failures with low 'granularity' values
• BZ - 1241331 - Machine type reported by guest is different with that in RHEL.7.1 GA version
• BZ - 1241886 - hot plugged pci devices won't appear unless reboot
• BZ - 1242316 - Add "unmap" support for drive-mirror
• BZ - 1242479 - backport QEMU changes needed for supporting multiple PCI root buses with OVMF
• BZ - 1243102 - Deleting VM snapshots with qemu-kvm-ev-2.1.2 fails
• BZ - 1243349 - Rhel6.0 Guest will be hang when boot it with more than one queues
• BZ - 1243721 - After hotunpug virtio device, the device still exist in pci info
• BZ - 1244066 - [RHEL7.2][TestOnly] RHEL6.5-z as a guest on RHEL7.2 Power host
• BZ - 1244069 - [RHEL7.2][TestOnly] RHEL6.6-z as a guest on RHEL7.2 Power host
• BZ - 1244071 - [RHEL7.2][TestOnly] RHEL6.7 guest agent + RHEL 6.6-z guest os on RHEL7.2 Power host - guest agent test
• BZ - 1244072 - [RHEL7.2][TestOnly] RHEL6.7 guest agent + RHEL 6.5-z guest os on RHEL7.2 Power host - guest agent test
• BZ - 1244348 - Quirk for Chelsio T5 MSI-X PBA
• BZ - 1245127 - bootindex doesn't work for vfio-pci
• BZ - 1247042 - qemu quit when using sg_write_same command inside RHEL7.2 guest
• BZ - 1247479 - display mess when boot a win2012-r2-64 guest with -vga std
• BZ - 1247893 - qemu's i6300esb watchdog does not fire on time with large heartbeat like 2046
• BZ - 1248312 - "fdisk -l"can not output anything and the process status is D+ after migrating RHEL7.2 guest with virtio-1 virtio-scsi disk
• BZ - 1251487 - qemu core dump when do drive mirror
• BZ - 1251962 - kvm-setup.service should include Before=libvirtd.service
• BZ - 1254927 - qemu-img shows Input/output error when compressing guest image
• BZ - 1256541 - qemu-img hangs forever in aio_poll when used to convert some images
• BZ - 1257059 - qemu-iotests 099 failed for vmdk
• BZ - 1257781 - The prompt is confusing when boot a guest with larger vcpu number than host physical cpu
• BZ - 1259229 - drive-mirror blocks QEMU due to lseek64() on raw image files
• BZ - 1259556 - Allow VFIO devices on the same guest PHB as emulated devices
• BZ - 1260365 - Guest image created coredump after installation.
• BZ - 1260464 - The spapr vscsi disks for lun id '9-31' and channel id '4-7' could not be recognized inside a power pc guest
• BZ - 1261263 - qemu crash while start a guest with invalid vnc socket path
• BZ - 1261846 - qemu-kvm-rhev: 64-bit PCI bars may overlap hotplugged memory and vice verse
• BZ - 1262143 - VM startup is very slow with large amounts of hotpluggable memory
• BZ - 1262232 - self announcement and ctrl offloads does not work after migration
• BZ - 1262670 - [PowerKVM]SIGSEGV when boot up guest with -numa node and set up the cpus in one node to the boundary
• BZ - 1263795 - vfio device can't be hot unplugged on powerpc guest
• BZ - 1264347 - QMP device-list-properties crashes for CPU devices
• BZ - 1264845 - [regression] Guest usb mouse/keyboard could not be used on qemu-kvm-rhev-2.3.0-24.el7.ppc64le
• BZ - 1267533 - qemu quit when rebooting guest which hotplug memory >=13 times
• BZ - 1271145 - Guest OS paused after migration.

CVEs

(none)

References

(none)