Product SiteDocumentation Site

1.94. kvm

1.94.1. RHBA-2009:1423: bug fix update

Note

This update has already been released (prior to the GA of this release) as errata RHBA-2009:1423
Updated kvm packages that resolve an issue are now available.
KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware.
These updated kvm packages fix the following bug:
* rebooting a KVM guest domain could cause the guest to fail to receive keyboard and mouse input following the reboot. This has been fixed by reinitializing keyboard and mouse state in the guest after it reboots, which resolves the issue. (BZ#517855)
Note: after installing these updated packages, the following procedure should be carried out to ensure that the fix takes effect:
1. Stop all KVM guest virtual machines (VMs).
2. Either reboot the hypervisor machine, or, as the superuser, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd.
3. Restart the KVM guest VMs.
All users of kvm are advised to upgrade to these updated packages, which resolve this issue.

1.94.2. RHBA-2009:1488: bug fix update

Note

This update has already been released (prior to the GA of this release) as errata RHBA-2009:1488
Updated kvm packages that resolved two issues are now available.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware. KVM can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.
These updated packages fix the following bugs:
* the pthread_cond_timedwait time out was not properly handled. Consequently, under some loads, some KVM guests stopped responding to commands from the management interface. (Note: the reproducer was a host running around 300 KVM guests with each guest consuming around 50% of their virtual CPU. On this setup, some guests became non-responsive after several hours.) With this update the time outs are handled properly and KVM guests remain responsive, as expected. (BZ#526244)
* some Linux-based guests that used virtio virtual block devices aborted during installation, returning the error message: "unhandled vm exit: 0x31 vcpu_id 0".
Using an interface other than virtio for the guest virtual disk was a work around documented in the Red Hat Enterprise Linux 5.4 Technical Notes Known Issues for KVM. The work around was associated with BZ#518081, the original Bugzilla report for this issue.
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technica l_Notes/Known_Issues-kvm.html
With this update, the underlying issue (stale EPTP-tagged mappings possibly being used when a virtual CPU or vcpu migrated to a different Physical CPU or pcpu) has been addressed and the work around is no longer necessary: Linux-based guests using virtio virtual block devices no longer abort during installation. (BZ#527192)
All users of kvm are advised to upgrade to these updated packages, which resolve this issue.

1.94.3. RHBA-2010:0158: bug fix update

Note

This update has already been released (prior to the GA of this release) as errata RHBA-2010:0158
Updated kvm packages that resolved two issues are now available.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. KVM can run multiple unmodified, virtualized guest Windows and Linux operating systems.
These updated packages fix the following bug:
* high loads could cause Microsoft Windows 7 32 bit guests to crash with a Blue Screen error that contained the "HAL_RTC_IRQF_WILL_NOT_CLEAR" error code. The updated package resolves this issue and Windows 7 32 bit guests should not crash under high loads.
All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note that the procedure in the Solution section must be performed before this update takes effect.

1.94.4. RHSA-2010:0271: Important security, bug fix and enhancement update

Updated kvm packages that fix one security issue, multiple bugs, and add enhancements are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.
A flaw was found in the way QEMU-KVM handled erroneous data provided by the Linux virtio-net driver, used by guest operating systems. Due to a deficiency in the TSO (TCP segment offloading) implementation, a guest's virtio-net driver would transmit improper data to a certain QEMU-KVM process on the host, causing the guest to crash. A remote attacker could use this flaw to send specially-crafted data to a target guest system, causing that guest to crash. (CVE-2010-0741)
  • Setting the cpu_set variable to 1 online in the qemu Monitor and then shutting down the guest would cause the host or the guest to crash. The updated package resolves this issue and prevents the host or guest from crashing in this scenario. (BZ#487857)
  • The KVM configure script would not abort if the correct options were not enabled. The KVM configure script now verifies features are enabled or disabled by the configure script and aborts if the features was not loaded as requested. (BZ#489900)
  • The para-virtualized network drivers (virtio-net) lacked non-maskable interrupt (NMI) injection masking on AMD-based hosts. This caused Windows XP guests using the para-virtualized network driver could fail with a Blue Screen error during certain tests. The updated packages resolve this issue. (BZ#492290)
  • Timer events were processed before entering guest mode. This meant that certain timer events may not have been processed. Timer events are now processed in the main VCPU event loop so timer events are processed while the VCPU is halted. Timer events may inject interrupts or non-maskable interrupt (NMI) which will then unhalt the VCPU. This fixes the issue of unconditionally unhalting the VCPU. (BZ#492663)
  • If one or more VCPUs was disabled, VCPUs would appear in Windows Server 2008 Device Manager as devices with the ! symbol indicating an error. Windows does not handle CPUs marked as present (bit 0 in ACPI spec), but not enabled (bit 1), which causes this issue.
    However, there are situations where Linux expects CPUs to be present but not enabled. This is a heuristic test used by Linux to determine if a CPU is hot-pluggable.
    The updated package fixes virtualized CPU detection for Windows but breaks the ability to hot-add CPUs into Linux guests. (BZ#495844)
  • Using the numeric keypad of a keyboard with or without Num Lock produced erroneous input on guests accessed with VNC through the QEMU monitor application. The number pad keys should now work for input on guests accessed with VNC. (BZ#497507)
  • An unhandled interrupt from the kvm_vcpu_block() call unhalted a VCPU outside of the interrupt window. As a consequence, when the "there is no bootable disk" error presented the qemu process used 100% of the available CPUs. The updated packages resolve this issue and the interrupt is now handled correctly. (BZ#502086)
  • Windows Server 2008 R2 guests would hang after a restart if the guest was created with multiple VCPUs. This was caused by not properly filtering non-maskable interrupts (NMIs) from the guests during the restart procedure. The updated packages fix this issue and Windows Server 2008 R2 guests can successfully use multiple VCPU. (BZ#502543BZ#503322)
  • Migrating a paused guest caused the guest to resume at the destination. Paused guests now remain paused after a migration. (BZ#503367)
  • Multiple virtualized guests using the hypercall device resulted in one or more of the guests using 100% of their assigned CPUs or becoming unresponsive. The updated packages fix the hypercall device, preventing this issue. (BZ#503759)
  • VCPUs were not reported correctly to Windows XP guests. On the Windows XP guest the number for CPUs listed in Task Manager was lower than the number of CPUs assigned to the guest. Windows XP guests should now use and display the number of VCPUs assign if the guest can handle that number of CPUs. (BZ#508040)
  • A segmentation fault occurred when a guest used a i82551 emulated network interface card was used. The segmentation fault is fixed in the packages. (BZ#510706)
  • Creating guests that use both 64k and 4k image block cluster sizes and virtualized IDE as the storage device driver would cause a segmentation fault in the qemu-kvm process. The updated packages resolve this issue. (BZ#542923)
  • Running the migrate_set_speed command in the QEMU console after running migrate_cancel causes segmentation fault in KVM. The updated packages fix this issue and the code causing the segmentation fault is fixed. (BZ#522887)
  • A segmentation fault occurred when using the qemu-img rebase command to rebase an image snapshot. (BZ#563141)
  • The qemu-img rebase command failed with an "Operation not supported" error message when it was run on locally-attached block devices. (BZ#569762)
  • The qemu-img command failed to copy a RAW image to a Fibre Channel storage device. The qemu-image command can now copy, convert and create images on Fibre Channel storage devices. (BZ#511072)
  • Storage I/O errors were processed out of order causing the guest to change state or crash unexpectedly. The guest state handlers now process storage I/O errors in the proper order. (BZ#514522)
  • A guest would occasionally not accept keystrokes or mouse clicks after rebooting. The updated package resolves this issue and user interactions are accepted after repeatedly rebooting guests. (BZ#515275)
  • In rare instances, certain virtualized guests could lock up while requesting a raw_pread system call. The offset was larger than the file size of the read failures which causes the system to infinitely loop I/O requests. This could, in certain circumstances lead to file system corruption on virtualized guests. The updated pacakges add a result test which prevents the infinite request loop. (BZ#515655)
  • The guest could change the QXL device ROM which could result in memory corruption. The updated packages prevent the guest from modifying the QXL device ROM. (BZ#537888)
  • The MRS storage array (msrs) in kvm_arch_save_regs() function. The array was sized too small for the function and may cause stack corruption. (BZ#528917)
  • Incorrectly handled I/O errors could cause guests file system corruption when using the para-virtualized block drivers and IDE emulation of NFS storage. The updated packages resolve this issue and host I/O errors will pause the guest instead of causing file system corruption. (BZ#531827)
  • With Red Hat Enterprise Virtualization, the virtio_blk_dma_restart_bh() function previously handled write errors. The function was not updated for this, causing read errors to be resubmitted as writes. This caused guest image corruption in some cases.
    Additionally, the return values of the bdrv_aio_write() and bdrv_aio_read() functions were ignored. If an immediate failure occurred in one of these functions, errors would be missed and the guest could hang or read corrupted data. (BZ#552487)
  • with Red Hat Enterprise Virtualization, guests continued to run after encountering disk read errors. This could have caused guest file systems to corrupt (but not the host's), notably in environments that use networked storage. With this update, the qemu-kvm command's -drive "werror=stop" option now applies not only to write errors but also to read errors. When using this option, guests will pause on disk read and write errors.
    By default, guests managed by Red Hat Enterprise Virtualization use the "werror=stop" option. This option is not used by default for guests managed by libvirt. (BZ#533390)
  • KVM would crash or fail to boot when attempting to assign 64GB of memory to 32-bit guests using PAE. KVM now supports addressing up to 48 bits of physical memory with PAE. (BZ#516545)
  • Windows Server 2003 32-bit guests assigned more than 4GB of RAM would crash after rebooting the guest. The updated packages resolve this issue and Windows Server 2003 32-bit guests can be assigned more than 4GB of RAM. 32-bit guests may not be able to use more than 4GB of RAM, refer to the guest operating system's documentation. (BZ#516762)
  • 64-bit guests would hang on an AMD host if one or more of the guest's VCPUs were changed from offline to online. This issue is resolved in the updated package. (BZ#525699 and BZ#517223)
  • When using the virtual vm8086 mode, bugs in the emulated hardware task switching implementation may have caused older guest operating systems to malfunction. (BZ#517324)
  • An "unhandled vm exit: 0x31 vcpu_id 0" error message could appear when installing certain guest operating systems, such as SUSE Linux Enterprise Server 11, using a para-virtualized block device (virtio-blk). The updated packages resolve this issue and installation with the para-virtualized drivers is supported and working. (BZ#518081)
  • The __kvm_mmu_free_some_pages list was not verified empty before it was used. The updated package verifies the __kvm_mmu_free_some_pages list is empty before attempting to look at list entries. (BZ#519397)
  • Windows Server 2008 64 bit guests use a cr8 call which executed a vmexit call. This caused performance issues for Windows Server 2008 guests. The updated packages use a different call method to handle cr8 calls which significantly improves the performance of Windows Server 2008 64 bit guests. (BZ#520285)
  • When attempting to resume from hibernate with Windows Server 2003 guests, KVM would attempt to stop the QEMU emulated audio device which was not activated. This caused a "snd_playback_stop: ASSERT playback_channel->base.active failed" error message to appear and the resume process to fail and the guest to crash. The updated package resolves this issue. (BZ#520394)
  • Time drift may have occurred in Windows guests that use the IOAPIC interrupt for timing. The updated packages resolve this issue and Windows guests should now keep time accurately. (BZ#521025)
  • Windows Server 2003 (32-bit and 64-bit) guests may have experienced time drift. (BZ#543137)
  • On AMD hosts, Window Server 2008 R2 Datacenter guests would stop during the installation at the step "Setup will continue after restarting your computer". This issue is resolved and Windows Server 2008 R2 Datacenter guests now successfully install. (BZ#521749)
  • Resetting the PCI status of a para-virtualized network device (virtio-net) would cause KVM to crash. This issue is resolved the the updated packages. (BZ#521829)
  • The German keyboard map was missing some keys in when accessing a guest with VNC. The German keyboard map now contains all keys when accessing guests with VNC. (BZ#521835)
  • When a guest issued an Inter-processor Interrupt (IPI) call, the call would cause KVM to issue a global IPI call on the host. The global IPI call interrupts all processors instead of just those assigned to the guest. The updated packages resolve the issue by using the kernel's IPI handling functions instead of emulating the IPI handler. (BZ#524970)
  • KVM and virtualized guests would become unresponsive due to waiting infinitely for an aio threads to return. The updated packages resolve this issue by correctly timing out threads which do not return. (BZ#525114)
  • The host KVM process could crash or use 100% of the allocated CPUs when a guest with more than one VCPU received high volumes of network traffic through a device using the para-virtualized network drivers (virtio-net). This issue is resolved in the updated packages. (BZ#525323)
  • KVM did not change the pacakge address of the etherboot.zrom file. KVM would always used the default, the ne.zrom file. Guests could not get an IP address or access PXE servers. The updated packages resolve this issue and guests can access PXE server when using non-default network devices. (BZ#526124)
  • KVM could generate invalid memory types in Memory Type Range Registers (MTRR) and Page Attribute Tables (PAT). This could be used by guests running random code to possibly store (and later use) a random MTRR type. The updated package prevent these invalid memory types from being created. (BZ#526837)
  • An error in the Makefile prevented users from using the source RPM to install KVM. (BZ#527722)
  • Linux guest initrd images greater than 4GB would cause the guest to crash. KVM now limits the size of initrd images to less than 4GB. (BZ#529694)
  • If the qemu-kvm command's -net user option was used, unattended Windows XP installations would not receive an IP address after rebooting. The guest requests a second DHCP address which makes the list of free DHCP addresses run out much quicker. This issue is fixed by reassigning the same addressed requested with DHCP to the guest after the guest reboots. (BZ#531631)
  • The para-virtualized clock (pvclock) Mode-specific register values were not preserved after a migration. This issue also affected the para-virtualized clock when a guest was saved and restored. These drivers not being saved could cause the guest's time keeping to become significantly skewed after restoring or migrating the guest. In the updated packages, the MSR values are preserved when a guest is saved and restored, and for migrations. (BZ#531701)
  • Installing Windows Server 2008 R2 from an ISO image could result in a blue screen "BAD_POOL_HEADER" stop error. (BZ#531887)
  • Running certain test functions on Windows 7 guests caused a blue screen "HAL_RTC_IRQF_WILL_NOT_CLEAR" stop error. (BZ#556455)
  • Windows Server 2003 R2 Service Pack 2 32-bit guests using the para-virtualized block drivers could crash with an unhandledvm exit error during reboot. The hypervisor now handles this error, resolving the issue. (BZ#532086)
  • After restoring a migrated Windows Server 2008 R2 guest, a race condition caused the guest to hang during the shut down sequence. The updated packages resolve this issue and Windows Server 2008 R2 guests will successfully shut down when requested after a migration. (BZ#533090)
  • a bug in the grow_refcount_table() error handling caused infinite recursion in some cases. This caused the qemu-kvm process to hang and eventually crash. (BZ#537075)
  • Full I/O error codes were not passed up to the host or the Red Hat Enterprise Virtualization Manager. Accurate I/O error codes are now forwarded to the user and management tools. (BZ#537077)
  • There was a regression in the qemu-img command, Fibre Channel devices could not be formatted using RAW or use preallocated RAW devices. The qemu-img command is updated to handle Fibre Channel devices in the RAW format. (BZ#537655)
  • Guests could not eject CD-ROMs from physical CD-ROM drives attached to the guest. The updated packages resolve this issue and guests can now eject CD-ROMs from physical CD-ROM drives. (BZ#539250)
  • The qcow2 file format unnecessarily rounded up the length of the backing format string to the next multiple of 8. The array in BlockDriverState can only store 15 characters, causing backing formats with 9 characters or more to fail. This issue effected devices using the host_device format. The updated packages resolve this issue by determining the length of the backing format of qcow2 devices. (BZ#540893)
  • Migrations could fail due to invisible physical CPU states. A new set of IOCTL exports report user-invisible states related to exceptions, interrupts, and Non-Maskable Interrupts (NMIs). These functions allow management tools to prevent this type of failed migration. (BZ#541084)
  • Guests could not PXE boot with gPXE and an emulated e1000 network interface card. The updated packages fix this issue and guests can boot images using gPXE and the emulated e1000 driver. (BZ#543979 and BZ#550265)
  • The KVM process could become non-responsive if a networked or local connect to the QXL driver was lost while the driver was running. This cause a "qxl_display_update: waiting for command" error message to be printed in the logs. The updated packages resolve this issue. (BZ#544785)
  • The qemu-kvm man page incorrectly described the qcow2 default as cache=writeback. The default is cache=none for qcow2 images and cache=writethrough for all other disk types. The man page for qemu-kvm has been updated to reflect this. (BZ#545194)
  • KVM did not verify if barriers were required for migration. KVM now verifies if barriers are required for guest migration and disables barriers if they are not required. (BZ#549938)
  • The hypercall driver for Windows guests did not reset the device when the guest was shut down or rebooted. This occasionally caused the driver to use 100% of the CPU and cause the guest to hang. (BZ#550755)
  • The kvm-qemu-img command failed to convert sparse RAW image files to qcow2 sparse snapshot image files. (BZ#558195)
  • Migration with the -M rhel5.5.0 parameter did not work for migration to or from Red Hat Enterprise Linux 5.5. Migration with the -M parameter is now supported and functional. (BZ#559163)
  • Removed a warning message which appeared when the -initrd option was used. (BZ#512672)
  • The KVM kernel module would panic if the paging64_sync_page() call was executed on a system using PCI passthrough devices. This kernel panic error could occur if a guest with an attached PCI device was started. The updated packages resolve this issue. (BZ#566385)
  • Various issues with compiling the KVM modules and packages. (BZ#533453,BZ#533059, BZ#539589 and BZ#533197)
  • Removed a debugging message qemu_popen: returning result of qemu_fopen_ops that displayed when saving a virtualized guest state into a compressed file. (BZ#530533)
These updated packages add the following enhancements:
  • Support for migration and image compatibility between Red Hat Enterprise Linux 5.4.4 and Red Hat Enterprise Linux 5.5 hosts. (BZ#553187 and BZ#557327)
  • The KVM hypervisor does not accept MSR_KERNEL_GS_BASE intercept calls for Windows Server 2008 guests. This improves performance of Windows Server 2008 guests under heavy loads. (BZ#488130)
  • qcow2 now uses 64Kb as the default block cluster size instead of 4Kb blocks which improves performance for guests using qcow2. (BZ#502809)
  • Various unsupported features of the qemu-kvm command are now compiled out of the kvm pacakges. (BZ#516672)
  • Support for migration from older hypervisors which use versions of savevm with additional fields which are not supported by newer versions. This feature is required for migrations from older hypervisors to newer versions of KVM. (BZ#541731)
  • Significantly improved performance of qcow2 devices using the cache=off parameter. (BZ#518169)
  • Support for guest access to advanced CPU extensions, including: SSE4.1, SSE4.2 and SSE4a. (BZ#518090)
  • SMBIOS table 4 data is now generated for Windows guests. (BZ#537178)
  • The cache flushing command was changed from fsync to fdatasync. This allows write caches to be exposed to guests and allows the guest to request for flushing I/O buffers. This improves I/O performance for some guests. (BZ#537646)
  • KVM can now use gPXE or etherboot roms stored in the /usr/share/qemu-pxe-roms directory. (BZ#546019 and BZ#550053)
  • Support for changing the file format of an in-place backing file. (BZ#530134)
  • Support for Red Hat Enterprise Linux 3.9 guests running the para-virtualized drivers. (BZ#536749)
  • The QXL driver now supports setting resolutions of 1024x576 and 1024x600. (BZ#552240)
All KVM users should upgrade to these updated packages, which resolve this issue as well as fixing the bugs and adding the enhancements noted in the Technical Notes. Note: The procedure in the Solution section must be performed before this update will take effect.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.