virt October 2010

virt@lists.fedoraproject.org

5 participants
8 discussions

Re: [fedora-virt] Routing to guests
by Robert Thiem 15 Jan '12

15 Jan '12

> From: Philip Rhoades > I can ssh from/to the host/guest OK but how do I set up a route (or > whatever is necessary) so that another machine: > eth0: 192.168.0.12 > can ssh to the guest? - "ssh 192.168.122.68" gives "no route to host" - > http://docs.fedoraproject.org/virtualization-guide/f12/en-US/html/ but > the problem does not seem to be covered there. Alexander is correct in saying that bridging would allow you to do that. There are two networking discussed in the guide. The first is a NAT (network address translation), in which the guests are given "private" ip addresses and any outbound traffic appears to be coming from the host machine's IP address. This is the same as the setup on your ADSL router where the internal network machines get addresses of 192.168.x.x but the internet sees your requests as coming from the IP address of your router. There should be lots of documentation in linux firewalling guides under sections on NAT (or possibly called IP Masquerading in some). Have a look at these for information on port forwarding to reveal services inside the virtual (such as ssh). The other option is bridging. This shares the physical network interface of the host with the guest. In this case the VM acts as though it's a machine plugged into the same subnet as the host, its services are accessible like those of the host and it's as vulnerable to attack as the host. Robert

9 13

Fedora 14 KVM - all SMP 2.6.35.x guests are hanging
by Richard Chan 01 Nov '10

01 Nov '10

Hi, Running Fedora 14 Beta x86_64, yum updated, on AMD Phenom X4 CPU. All KVM SMP 2.6.35 guests are hanging during boot; the odd thing is that the console echoes characters but the system does not come up. E.g. I had a Ubuntu 10.04 guest which works ok; after upgrading to 2.6.35 (Ubuntu 10.10) couldn't boot to shell. Fedora 14 beta install DVD also fails to boot to anaconda The F14 Beta install DVD boots to hpet0: at MMIO 0xfed0000, IRQs 2, 8, 0 hpet0: 3 comparators, 64-bit 100.000000 MHz counter Switching to clocksource kvm-clock I've tried clocksource=tsc =hpet0 = acpi_pm Tthe console can echo characters but nothing happens. I sort of found this obscure thread on 2.6.35-rc1, pvclock, SMP regressions https://patchwork.kernel.org/patch/226981/ Thanks

2 2

Xen dom0 (core) merged to upstream Linux 2.6.37 and other new features
by Pasi Kärkkäinen 31 Oct '10

31 Oct '10

Hello, People here might be interested to know that Xen pvops dom0 core was merged to upstream Linux kernel during the 2.6.37 merge window! This has been in the works for a long time, so it's good news. Note that this is the core/initial merge, there's more upstreaming needed to get for example the Xen dom0 backend drivers merged to be able to run other domains using the upstream kernel. Xen developers are working on upstreaming more of the missing bits in the next Linux versions. Recently in addition to the Xen dom0 bits there has been other upstreamed features aswell: - Xen PV-on-HVM drivers for fully virtualized (HVM) Linux guests in 2.6.36, and optimizations for the drivers in 2.6.37. - Xen PCI front driver in Linux 2.6.37 for PCI passthru to Xen PV guests (works also with hardware where VT-d/IOMMU is not available). There will also be a git kernel tree based on 2.6.37 with the backend drivers and other not-yet-upstreamed patches included. -- Pasi

2 1

Re: [fedora-virt] [virt-tools-list] CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk
by Richard W.M. Jones 23 Oct '10

23 Oct '10

Version 1.5.23 contains the fix. Fedora 14 users, please test this package and vote it up if it works for you: https://admin.fedoraproject.org/updates/libguestfs-1.5.23-1 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones New in Fedora 11: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 70 libraries supprt'd http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw

1 0

Fedora Virt Bits of Note
by Justin Forbes 21 Oct '10

21 Oct '10

Fedora 13 - We have 151 open bugs, 8 of which have fixes in awaiting updates. - With Fedora 14 release so close, Fedora 13 is really in maintenance mode. - 3 bugs have been closed. Fedora 14 - Beta has shipped, and the change deadline has past. Any new updates will now become 0 day updates. - Qemu-0.13.0 is now available for F14 (and for F13 virt-preview users). - Test composes are in progress for the release. - qemu, spice, and libguestfs have seen recent updates. - We have 34 open bugs, 7 of which have fixes awaiting updates to push. - 9 Bugs have been closed. Bugs of importance: - 601012 vhost-net module should be loaded automatically This will be fixed in a zero day update for qemu. - 644973 On an AMD F14 host, running an F14 guest with 2 cores assigned hangs for "a long time" (several 10's of minutes) at start of boot It appears the issue is identified, a patch will need to be added to the next kernel update.

1 0

CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk
by Richard W.M. Jones 19 Oct '10

19 Oct '10

(This bug was found by Matthew Booth during routine code review) We found a security issue which affects libguestfs programs in some circumstances. Since we don't pass the disk format through to qemu, a malicious guest backed by raw-format storage might craft a qcow2 header into its own disk. QEmu would interpret this, and qcow2 offers a wide range of features such as accessing arbitrary backing files from the host, allowing the guest to read a host file (under rather narrow conditions, see below). All versions of virt-v2v are vulnerable. virt-inspector is vulnerable for versions <= 1.5.3. Other programs that use libguestfs may be vulnerable. You should review the bug below carefully to find out if you could be affected, particularly the Description and Comment 1: https://bugzilla.redhat.com/show_bug.cgi?id=643958 A CVE has been allocated to this bug: http://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2010-3851 No fix is available at present, but we are working on one. In the meantime, avoid using libguestfs / tools on: - untrusted, malicious guests that use raw-format storage - where you are running commands from these guests (http://libguestfs.org/guestfs.3.html#running_commands) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora

1 0

ANNOUNCE: virt-tools.org website
by Richard W.M. Jones 13 Oct '10

13 Oct '10

I'm pleased to announce the virt-tools.org website: http://virt-tools.org/ The "virt tools" are an informal group of system administration tools for small-scale Linux virtualization, including virt-manager, virt-install, libvirt, virt-v2v, libguestfs, virt-df, virt-top and more. The virt tools website is an umbrella project to provide documentation, tutorials, online help and roadmaps for these tools. The website does *not* replace the existing upstream websites, but hopes to complement those sites by providing documentation that crosses tool boundaries and help to get started. The site is open source and we welcome your contributions. Get the git repository here: http://git.fedorahosted.org/git/?p=virt-tools.git and send patches to the mailing list: http://virt-tools.org/contact/#mailing-list Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v

1 0

PCI passthrough IDE DVD-ROM shares same PCI device as SATA HDD?
by John Brier 02 Oct '10

02 Oct '10

Hi, I'm on F13 x86_64 with KVM. I would like to build a Fedora 13 guest with wine and EAC (Exact Audio Copy) for ripping audio CDs. I was hoping to use a newly installed DVD-ROM from an old system, but it looks like it is on the same IDE Bus as one of my SATA drives that is already in a RAID 5 array.. so I don't think this will work. It seems odd to me that my motherboard would have a SATA bus and IDE bus share the same PCI device.. take a look: [root@trainwreck ~]# virsh nodedev-list --tree computer | +- net_lo_00_00_00_00_00_00 +- net_vnet0_0e_15_40_a9_a4_fb +- pci_0000_00_00_0 +- pci_0000_00_01_0 | | | +- pci_0000_01_05_0 | +- pci_0000_01_05_1 | +- pci_0000_00_05_0 | | | +- pci_0000_02_00_0 | | | +- net_eth1_40_61_86_be_7d_d0 | +- pci_0000_00_11_0 | | | +- scsi_host0 | | | | | +- scsi_target0_0_0 | | | | | +- scsi_0_0_0_0 | | | | | +- block_sda_WDC_WD2500YS_01SHB1_WD_WCANY3824770 | | | +- scsi_host1 | | | | | +- scsi_target1_0_0 | | | | | +- scsi_1_0_0_0 | | | | | +- block_sdb_WDC_WD2500YS_01SHB1_WD_WCANY1981711 | | | +- scsi_host2 | | | | | +- scsi_target2_0_0 | | | | | +- scsi_2_0_0_0 | | | | | +- block_sdc_SAMSUNG_HD203WI_S1UYJ1RZ603028 | | | +- scsi_host3 | | | +- scsi_target3_0_0 | | | +- scsi_3_0_0_0 | | | +- block_sdd_SAMSUNG_HD203WI_S1UYJ1RZ603027 | +- pci_0000_00_12_0 | | | +- usb_usb3 | | | +- usb_3_0_1_0 | +- usb_3_2 | | | +- usb_3_2_1_0 | +- usb_3_2_1_1 | +- pci_0000_00_12_1 | | | +- usb_usb4 | | | +- usb_4_0_1_0 | +- pci_0000_00_12_2 | | | +- usb_usb1 | | | +- usb_1_0_1_0 | +- usb_1_3 | | | +- usb_1_3_1_0 | | | +- scsi_host6 | | | +- scsi_target6_0_0 | | | +- scsi_6_0_0_0 | | | +- block_sdf_FANTOM_WD10EACS_00D6B0_57442D574341553430333035_0_0 | +- pci_0000_00_13_0 | | | +- usb_usb5 | | | +- usb_5_0_1_0 | +- pci_0000_00_13_1 | | | +- usb_usb6 | | | +- usb_6_0_1_0 | +- pci_0000_00_13_2 | | | +- usb_usb2 | | | +- usb_2_0_1_0 | +- pci_0000_00_14_0 +- pci_0000_00_14_1 | | | +- scsi_host4 | | | | | +- scsi_target4_0_0 | | | | | +- scsi_4_0_0_0 | | | | | +- block_sr0 | | | +- scsi_host5 | | | +- scsi_target5_0_0 | | | +- scsi_5_0_0_0 | | | +- block_sde_SAMSUNG_HD203WI_S1UYJ1RZ603031 | +- pci_0000_00_14_2 +- pci_0000_00_14_3 +- pci_0000_00_14_4 | | | +- pci_0000_03_06_0 | | | +- net_eth0_00_10_4b_1f_95_71 | +- pci_0000_00_14_5 | | | +- usb_usb7 | | | +- usb_7_0_1_0 | +- pci_0000_00_18_0 +- pci_0000_00_18_1 +- pci_0000_00_18_2 +- pci_0000_00_18_3 +- pci_0000_00_18_4 The PCI device I'm concerned with is pci_0000_00_14_1 which has /dev/sr0 on it which is my IDE DVD ROM, but it also has my Samsung 2TB hard drive on it, which is SATA [root@trainwreck ~]# virsh nodedev-dumpxml pci_0000_00_14_1 <device> <name>pci_0000_00_14_1</name> <parent>computer</parent> <driver> <name>pata_atiixp</name> </driver> <capability type='pci'> <domain>0</domain> <bus>0</bus> <slot>20</slot> <function>1</function> <product id='0x439c'>SB700/SB800 IDE Controller</product> <vendor id='0x1002'>ATI Technologies Inc</vendor> </capability> </device> It would be better if it were on this which has the rest of my SATA drives on it: [root@trainwreck ~]# virsh nodedev-dumpxml pci_0000_00_11_0 <device> <name>pci_0000_00_11_0</name> <parent>computer</parent> <driver> <name>ahci</name> </driver> <capability type='pci'> <domain>0</domain> <bus>0</bus> <slot>17</slot> <function>0</function> <product id='0x4390'>SB700/SB800 SATA Controller [IDE mode]</product> <vendor id='0x1002'>ATI Technologies Inc</vendor> </capability> </device> Previously I had tried using attach-disk to add the device to a guest but that seems impossible: [root@trainwreck ~]# virsh attach-disk digweed /dev/sr0 hda --driver file --type cdrom --mode readonly error: Failed to attach disk error: internal error Removable media not supported for cdrom device It seems that is only usable for iso files? That seems a little contradictory to the docs: http://docs.fedoraproject.org/en-US/Fedora/13/html/Virtualization_Guide/sec… What's the best way to achieve this? I suppose I could hook up a USB IDE DVD ROM as I do have one of those, and it wouldn't share the same PCI device. John Brier

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

virt October 2010