4.83. kvm

Security Fixes

CVE-2012-0029

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.

CVE-2011-4622

A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situation to occur, resulting in the host crashing.

Security Fixes

CVE-2011-4347

It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.

Red Hat would like to thank Sasha Levin for reporting this issue.

Bug Fixes

BZ#700281

Due to leaking file descriptors, if a Network Interface Card (NIC) was attached to or detached from a guest machine more than 250 times, KVM failed with the following error message:

get_real_device: /sys/bus/pci/devices/0000:09:00.0/resource: Too many open files

The problem has been fixed, and NIC can now be successfully attached to or detached from a guest machine more than 250 times.

BZ#701616

When booting a guest with more than 8 PCI devices, QEMU exits with the following message:

Too many assigned devices

However, when hot plugging PCI devices, the limitation of maximum number of devices assigned did not take effect, and the user could hot plug more than 8 PCI devices. QEMU has been modified to refuse to assign the ninth and any further hot plugged PCI devices with the aforementioned error message.

BZ#703335

Previously, the mktime() function incorrectly modified an input parameter according to the time zone of the host machine. As a consequence, if the user did not use Network Time Protocol (NTP) and the time zone on the host machine was set to "America/New_York", time displayed on the clock of a guest machine was shifted one hour forward on the first reboot. With this update, mktime() is not used if UTC time is specified, and the correct time is displayed in the aforementioned scenario.

BZ#703446

When the user booted a guest machine with a virtual Intel e1000 network interface card (NIC) and changed the maximum transmission unit (MTU) value, the guest machine could not be pinged from the host machine. With this update, multi-buffer packets are now supported, and the guest machine can be pinged successfully.

BZ#704081

Previously, variables that represented RAM addresses were declared as the "long" data type. Large numbers (guests with large memory defined) could lead to overflow, and consequently cause screen corruption or cause the utility to terminate unexpectedly with a segmentation fault. With this update, variables that represent RAM addresses are declared as the "ram_addr_t" data type, and the aforementioned problems no longer occur on guests with large memory defined.

BZ#725629

Previously, asynchronous I/O (aio) threads were created by threads of the virtual CPU. If the affinity of the virtual CPU was set, asynchronous I/O threads inherited this affinity. This could, in certain cases, lead to unexpectedly high latency of the virtual machines. With this update, asynchronous I/O threads are created by the main thread, and therefore inherit the main thread's affinity instead of the affinity of the virtual CPU. This ensures proper responses of virtual machines.

BZ#725876

Previously, the kvm utility did not properly emulate the real-time clock (RTC) alarm interrupts (AIE) on host machines running Red Hat Enterprise Linux 5. Newer kernels use AIE interrupts exclusively for RTC functionality (including update interrupt, or UIE, mode). As a consequence, if the user ran a guest machine with a recent kernel on the Red Hat Enterprise Linux 5 host, various bugs could manifest. Among these, for example, the following message could appear when running the hwclock utility:

select() to /dev/rtc to wait for clock tick timed out

This update adds support for the AIE mode emulation, so that UIE and AIE mode interrupts now work properly and applications run as expected.

BZ#751482

During the boot process inside the qemu-kvm utility, the screen was resized to the height of 1. A mouse click at this point caused a division by zero (the SIGFPE signal was sent) when calculating the absolute position of the pointer from the pixel. As a consequence, qemu-kvm terminated with the "Floating point exception" error. With this update, mouse click coordinates are forced to return values from the middle of the screen, so that qemu-kvm no longer terminates in the described scenario.