[Xen-devel] Added as CC - [#29506] [Xen-announce] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe

Xen.org security team submitted a new ticket to Firelay/Proteon Support Portal and requested that we copy you Ticket Description: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xen Security Advisory CVE-2017-2620 / XSA-209 version 3

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Aug 3, 2016, at 02:01 AM, Jan Beulich wrote: > > with the 'baseline' as referenced + a patched kernel > > > > > Can you try > > >((void *)(md) + (m)->desc_size - 1) < (m)->map_end; > >\ > > > > with efi cmd line opts: +"/mapbs" > > > > The

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Aug 3, 2016, at 07:50 AM, li...@ssl-mail.com wrote: > So *today's* simplest working combination seems to be After the sytem is booted with + patched kernel - /mapbs + efi=no-rs I now get tons of these at serial console (XEN) [2016-08-03 15:23:25] d1v0

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

> > A #GP fault in firmware code. Not much we can do about, I'm afraid, > > except for having you go with one of the mentioned workarounds I tried + efi=no-rs + efi=attr=uc on the Xen cmd line. With efi=attr=uc, crashes on reboot with or without /mapbs With efi=no-rs, reboots

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Aug 3, 2016, at 02:01 AM, Jan Beulich wrote: > Thanks. Does the use of /mapbs really matter for booting? I was > assuming it would be relevant only for shutdown/reboot? It has no effect on boot. With or without the "/mapbs" it boots Xen OK. Without the "/mapbs" the system used to crash

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

> > Can you try > > > > ((void *)(md) + (m)->desc_size - 1) < > > (m)->map_end; \ > > > > instead? with the 'baseline' as referenced + a patched kernel > Can you try >((void *)(md) + (m)->desc_size - 1) < (m)->map_end;

Re: [Xen-devel] What distros have Xen 4.7 packages that work on UEFI hardware?

> The level of support you get is somewhat proportional to the amount of money > you spend. I shared that comment here, and the immediate follow-on response was: "Great. Money's not the problem. Which commercial entity provides a supported solution?" We're happy to consider Oracle, Redhat,

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Tue, Aug 2, 2016, at 07:50 AM, Jan Beulich wrote: > - one with some suitable variant of reboot= What exactly is "some suitable variant of reboot" ? ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Tue, Aug 2, 2016, at 07:13 AM, Jan Beulich wrote: > > You keep stating what you don't see. > > Because you keep being vague... I have attempted to provide everything that's been asked of me. If you don't like it that's fine. State with specificity what it is you want. > Unless /mapbs

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Tue, Aug 2, 2016, at 06:38 AM, Jan Beulich wrote: > Well, without going through the _full_ thread again, what I could > easily find is > > "So full console output from boot -> crash now doesn't look any different > than > >

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Mon, Aug 1, 2016, at 11:57 PM, Jan Beulich wrote: > Obviously it's not mentioned, as it's in the base tarball. Not obvious at all. What seemed obvious is that the changelog would show all the changes. It doesn't and it wasn't mentioned. Now I know. > Can you try > >

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Mon, Aug 1, 2016, at 11:36 PM, Jan Beulich wrote: > yet without a full log thereof I can't judge I've asked what that 'full log' should be >>> Hmmm Could you provide full console dump from Xen and Linux kernel? > >Will serial console output with these options > > kernel:

Re: [Xen-devel] What distros have Xen 4.7 packages that work on UEFI hardware?

On Tue, Aug 2, 2016, at 12:06 AM, Jan Beulich wrote: > I don't understand this distro related complaint. Possibly because it's not a complaint. It's a question. > Afaict the bug is in upstream Linux, and hence any distro will have the issue. > expectation that freshly released Linux (or Xen)

[Xen-devel] [BUG] Re: Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

Horse is already WAY out of the barn on this, but just realizing the instructions say to > Please tag your subject line with a '[BUG]' prefix. ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Fri, Jul 29, 2016, at 09:03 AM, Konrad Rzeszutek Wilk wrote: > It may very well be added. > > But having extra test-confirmation is always good. looking at the patch diff --git a/include/linux/efi.h b/include/linux/efi.h index c2db3ca..f196dd0 100644 ---

[Xen-devel] What distros have Xen 4.7 packages that work on UEFI hardware?

I want to run Xen+Linux Dom0 host on server-grade UEFI hardware. I want to use current stable releases of Xen (4.7) and Linux kernel (4.7). I prefer to use distro packages when possible, but the current distro packages I use crash on Xen boot. I can't keep having things down for days or weeks

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Fri, Jul 29, 2016, at 09:03 AM, Konrad Rzeszutek Wilk wrote: > It may very well be added. Just fyi, it's not in here. Yet. > But having extra test-confirmation is always good. Right, and I'm glad to do that. I'd like to. Goal is to keep moving the ball forward. And I've been testing

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Fri, Jul 29, 2016, at 08:42 AM, Konrad Rzeszutek Wilk wrote: > did you apply the patch that Vitaly pointed out? No. It wasn't clear that it was anything more than a question to "double-check". There wasn't any further comment on my reply. I'm depending on working packages for now. Like

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Jul 27, 2016, at 09:34 AM, Andrew Cooper wrote: > This looks suspiciously like the issue which was fixed by c/s > d6b186c1e2d852a92c43f090d0d8fad4704d51ef "x86/xen: avoid m2p lookup when > setting early page table entries", but that fix is present in Linux 4.7.0 > > Can you check to see

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On 07/28/2016 11:25 AM, li...@ssl-mail.com wrote:> > Hmmm Could you provide full console dump from Xen and Linux kernel? > > Will serial console output with these options > > kernel: earlyprintk=xen,keep debug loglevel=8 > hypervisor: loglvl=all guest_loglvl=all sync_console

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

> Hmmm Could you provide full console dump from Xen and Linux kernel? Will serial console output with these options kernel: earlyprintk=xen,keep debug loglevel=8 hypervisor: loglvl=all guest_loglvl=all sync_console console_to_ring do?

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

anyone need any addl info from my end to help ? ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Thu, Jul 28, 2016, at 07:09 AM, Vitaly Kuznetsov wrote: > While I see that you're running linux-4.7 could you please double-check > that it has the following: > > commit 55f1ea15216a5a14c96738bd5284100a00ffa9dc > Author: Vitaly Kuznetsov > Date: Tue May 31 11:23:43

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Jul 27, 2016, at 05:28 PM, li...@ssl-mail.com wrote: > 123 unsigned long long size = md->num_pages << > EFI_PAGE_SHIFT; If I'm reading it right, that originated in this pull DateMon, 16 May 2016 16:43:11 +0200 FromIngo Molnar <> Subject [GIT PULL] EFI

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Jul 27, 2016, at 11:36 AM, li...@ssl-mail.com wrote: > On Wed, Jul 27, 2016, at 11:28 AM, Andrew Cooper wrote: > > > I'm not sure if that's good enough. > > > > Sadly not. The debug symbols need to be specific to the exact binary > > you booted. > > > > Any change in the compilation

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Jul 27, 2016, at 11:28 AM, Andrew Cooper wrote: > > I'm not sure if that's good enough. > > Sadly not. The debug symbols need to be specific to the exact binary > you booted. > > Any change in the compilation will result in the translation being > useless. What addr2line is doing is

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Jul 27, 2016, at 09:56 AM, Andrew Cooper wrote: > >> Failing that, can you find out exactly where the kernel crashed? You > >> need to manually decode 81f6374c with the debug symbols. > > Sure can try. I'm gonna have to read-up on how . Atm no clue. > > addr2line -e

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Jul 27, 2016, at 09:34 AM, Andrew Cooper wrote: > This looks suspiciously like the issue which was fixed by c/s > d6b186c1e2d852a92c43f090d0d8fad4704d51ef "x86/xen: avoid m2p lookup when > setting early page table entries", but that fix is present in Linux 4.7.0 > > Can you check to see

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

On Wed, Jul 27, 2016, at 08:50 AM, Andrew Cooper wrote: > This disassembles to > > callq *0x8(%rax) > > and %rax looks like an implausible value for a function pointer. This > particular issue is definitely an EFI firmware issue. With all the reference to & around EFI I kinda figured ... >

Re: [Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

> What other debug info can help figure out this specific problem? I found this post with some suggestions and additional references Troubleshooting UEFI related problems https://www.qubes-os.org/doc/uefi-troubleshooting/ I tried different combinations of /mapbs, /noexitboot on the

[Xen-devel] Xen 4.7.0 boot PANIC on kernel 4.7.0-4 + UEFI ?

I'm running Xen-4.7.0_08-452 + linux kernel 4.7.0-4.g89a2ada-default on X86_64 UEFI hardware. If I boot without Xen hypervisor enabled it boots fine. If I boot with Xen enabled it PANICs: (XEN) [2016-07-26 22:05:33] Hardware Dom0 crashed: rebooting machine in 5 seconds.

Re: [Xen-devel] Nested Virt - Xen 4.4 through 4.6 - Hyper-V; Can't boot after enabling Hyper-V

the message about needing to reboot is presented. -- Bill On Tue, Apr 7, 2015 at 12:19 PM, Andrew Cooper andrew.coop...@citrix.com wrote: On 07/04/15 02:42, mailing lists wrote: Hi -- I've been trying to get nested virtualization working with Xen so that I could boot Windows and use Hyper-V related

Re: [Xen-devel] How to set full update mode in QEMU (in regards to display output)

to be the right answer... On Tue, Apr 7, 2015 at 10:44 PM, mailing lists theli...@gmail.com wrote: Following the guide for nested virtualization here: http://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen It states that one option for display issues is to force full update mode

[Xen-devel] How to set full update mode in QEMU (in regards to display output)

Following the guide for nested virtualization here: http://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen It states that one option for display issues is to force full update mode in QEMU. How is that done? I can't seem to find any documentation on it, and in the QEMU source,

[Xen-devel] Nested Virt - Xen 4.4 through 4.6 - Hyper-V; Can't boot after enabling Hyper-V

Hi -- I've been trying to get nested virtualization working with Xen so that I could boot Windows and use Hyper-V related features, however I have not had much success. Using Windows 8.1 or Windows 2012r2, I'm able to install Windows, select and install Hyper-V features, and start rebooting.