8.167. qemu-kvm

CVE-2013-4344

A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Bug Fixes

BZ#974617

Previously, a counter variable was not correctly reset when restarting an allocating request for disk images using the qcow2 file format. Consequently, these disk images in the cluster allocation code were corrupted in some cases. This update changes the way the number of available clusters is counted in the qcow2 format, and qcow2 disks are no longer corrupted in the described scenario.

BZ#927336

Due to an integer overflow in calculations, the qemu-kvm utility was reporting incorrect memory size on QMP (QEMU Machine Protocol) event when using Virtio Balloon Driver with more than 4 GB of memory. A patch has been provided to fix this bug, and qemu-kvm now reports the correct amount of current RAM.

BZ#917860

Previously, smart card emulation for Microsoft Windows XP and Microsoft Windows 7 guests failed due to inconsistent Answer To Reset (ATR) file length with a smart card Input/Output device error. This update creates an ATR file length with appropriate historical bytes, and disables USB signaling when necessary. Now, smart card emulation works, and failures no longer occur in the aforementioned scenario.

BZ#916020

Previously, the qemu-kvm utility did not enable the IOeventFD feature, which caused the IOeventFD support for virtio-blk devices to be silently disabled. This update enables the IOeventFD feature, and the IOeventFD support for virtio-blk devices works as expected.

Enhancements

BZ#670162

A new feature for removing the backing file using the qemu-img rebase command has been implemented. Now, no data loss will occur when running the qemu-img rebase command.

BZ#963420

Red Hat Enterprise Linux 6.5 brings read-only support for VHDX (Hyper-V virtual hard disk), image formats, as created by Microsoft Hyper-V.

BZ#960685

Red Hat Enterprise Linux 6.5 brings a number of improvements on read-only support for VMDK (Virtual Machine Disk), image file formats, including its sub-formats, as created by many VMware Virtualization products.

BZ#848070

Updated support for GlusterFS in QEMU allows native access to GlusterFS volumes using the libgfapi library instead of through a locally mounted FUSE file system. This native approach offers considerable performance improvements.

BZ#884253

Support of Volume Control from within Microsoft Windows Guests has been implemented. Users can now fully control the volume level on Microsoft Windows XP guests using the AC'97 codec.

BZ#914802

Support for dumping metadata of virtual disks has been implemented with this update. Third-party applications running on the host are now able to read guest image contents without knowing the details of the QCOW2 image format. This can be used together with the Linux device mapper to access QCOW2 images as Linux block devices.

BZ#911569

Similarly to the Windows VSS (Visual SourceSafe) version, application-consistent snapshots can now be created with the use of scripts that attach to the QEMU guest agent running on the guest. These scripts can notify applications which would flush their data to the disk during a freeze or thaw operation, thus allowing consistent snapshots to be taken.

Bug Fixes

BZ#1025596

Recent changes to the block layer resulted in a disk I/O performance degradation due to the way block length is calculated and cached internally. This update improves the logic for calculating such lengths and restores performance to the expected levels.

BZ#1029327

Due to a regression, the "qemu-img info" command took too much time to respond with the "cluster_size=512,preallocation=metadata" option. This bug has been fixed and "qemu-img info" now responds within one second.

BZ#1029327

On images created with very small non-standard cluster sizes (for example, 512 bytes), the "qemu-img info" command could take a long time to respond if run immediately after an image creation. This bug has been fixed, and "qemu-img info" now works as expected.

BZ#1029329

When doing live migration with the "--copy-storage-all" option, the virsh user interface failed with the following error message:

"error: Unable to read from monitor: Connection reset by peer"

This bug, caused by a regression, has been fixed, and live migration now finishes successfully.

BZ#1028252

Previously, qemu (for example, the "qemu-img info" command) could not open VMWare ESX image files. A patch fixing this bug has been provided, and ESX images are now handled correctly.