Xen.org security team submitted a new ticket to Firelay/Proteon Support Portal
and requested that we copy you Ticket Description: -BEGIN PGP SIGNED
MESSAGE-
Hash: SHA1
Xen Security Advisory CVE-2017-2620 / XSA-209
version 3
On Wed, Aug 3, 2016, at 02:01 AM, Jan Beulich wrote:
> > with the 'baseline' as referenced + a patched kernel
> >
> > > Can you try
> > >((void *)(md) + (m)->desc_size - 1) < (m)->map_end;
> >\
> >
> > with efi cmd line opts: +"/mapbs"
> >
> > The
On Wed, Aug 3, 2016, at 07:50 AM, li...@ssl-mail.com wrote:
> So *today's* simplest working combination seems to be
After the sytem is booted with
+ patched kernel
- /mapbs
+ efi=no-rs
I now get tons of these at serial console
(XEN) [2016-08-03 15:23:25] d1v0
> > A #GP fault in firmware code. Not much we can do about, I'm afraid,
> > except for having you go with one of the mentioned workarounds
I tried
+ efi=no-rs
+ efi=attr=uc
on the Xen cmd line.
With efi=attr=uc, crashes on reboot with or without /mapbs
With efi=no-rs, reboots
On Wed, Aug 3, 2016, at 02:01 AM, Jan Beulich wrote:
> Thanks. Does the use of /mapbs really matter for booting? I was
> assuming it would be relevant only for shutdown/reboot?
It has no effect on boot. With or without the "/mapbs" it boots Xen OK.
Without the "/mapbs" the system used to crash
> > Can you try
> >
> > ((void *)(md) + (m)->desc_size - 1) <
> > (m)->map_end; \
> >
> > instead?
with the 'baseline' as referenced + a patched kernel
> Can you try
>((void *)(md) + (m)->desc_size - 1) < (m)->map_end;
> The level of support you get is somewhat proportional to the amount of money
> you spend.
I shared that comment here, and the immediate follow-on response was:
"Great. Money's not the problem. Which commercial entity provides a supported
solution?"
We're happy to consider Oracle, Redhat,
On Tue, Aug 2, 2016, at 07:50 AM, Jan Beulich wrote:
> - one with some suitable variant of reboot=
What exactly is "some suitable variant of reboot" ?
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On Tue, Aug 2, 2016, at 07:13 AM, Jan Beulich wrote:
> > You keep stating what you don't see.
>
> Because you keep being vague...
I have attempted to provide everything that's been asked of me.
If you don't like it that's fine. State with specificity what it is you want.
> Unless /mapbs
On Tue, Aug 2, 2016, at 06:38 AM, Jan Beulich wrote:
> Well, without going through the _full_ thread again, what I could
> easily find is
>
> "So full console output from boot -> crash now doesn't look any different
> than
>
>
On Mon, Aug 1, 2016, at 11:57 PM, Jan Beulich wrote:
> Obviously it's not mentioned, as it's in the base tarball.
Not obvious at all. What seemed obvious is that the changelog would show all
the changes.
It doesn't and it wasn't mentioned. Now I know.
> Can you try
>
>
On Mon, Aug 1, 2016, at 11:36 PM, Jan Beulich wrote:
> yet without a full log thereof I can't judge
I've asked what that 'full log' should be
>>> Hmmm Could you provide full console dump from Xen and Linux kernel?
>
>Will serial console output with these options
>
> kernel:
On Tue, Aug 2, 2016, at 12:06 AM, Jan Beulich wrote:
> I don't understand this distro related complaint.
Possibly because it's not a complaint. It's a question.
> Afaict the bug is in upstream Linux, and hence any distro will have the issue.
> expectation that freshly released Linux (or Xen)
Horse is already WAY out of the barn on this, but just realizing the
instructions say to
> Please tag your subject line with a '[BUG]' prefix.
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On Fri, Jul 29, 2016, at 09:03 AM, Konrad Rzeszutek Wilk wrote:
> It may very well be added.
>
> But having extra test-confirmation is always good.
looking at the patch
diff --git a/include/linux/efi.h b/include/linux/efi.h
index c2db3ca..f196dd0 100644
---
I want to run Xen+Linux Dom0 host on server-grade UEFI hardware.
I want to use current stable releases of Xen (4.7) and Linux kernel (4.7).
I prefer to use distro packages when possible, but the current distro packages
I use crash on Xen boot.
I can't keep having things down for days or weeks
On Fri, Jul 29, 2016, at 09:03 AM, Konrad Rzeszutek Wilk wrote:
> It may very well be added.
Just fyi, it's not in here. Yet.
> But having extra test-confirmation is always good.
Right, and I'm glad to do that. I'd like to. Goal is to keep moving the ball
forward.
And I've been testing
On Fri, Jul 29, 2016, at 08:42 AM, Konrad Rzeszutek Wilk wrote:
> did you apply the patch that Vitaly pointed out?
No. It wasn't clear that it was anything more than a question to
"double-check". There wasn't any further comment on my reply.
I'm depending on working packages for now. Like
On Wed, Jul 27, 2016, at 09:34 AM, Andrew Cooper wrote:
> This looks suspiciously like the issue which was fixed by c/s
> d6b186c1e2d852a92c43f090d0d8fad4704d51ef "x86/xen: avoid m2p lookup when
> setting early page table entries", but that fix is present in Linux 4.7.0
>
> Can you check to see
On 07/28/2016 11:25 AM, li...@ssl-mail.com wrote:>
> Hmmm Could you provide full console dump from Xen and Linux kernel?
>
> Will serial console output with these options
>
> kernel: earlyprintk=xen,keep debug loglevel=8
> hypervisor: loglvl=all guest_loglvl=all sync_console
> Hmmm Could you provide full console dump from Xen and Linux kernel?
Will serial console output with these options
kernel: earlyprintk=xen,keep debug loglevel=8
hypervisor: loglvl=all guest_loglvl=all sync_console console_to_ring
do?
anyone need any addl info from my end to help ?
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On Thu, Jul 28, 2016, at 07:09 AM, Vitaly Kuznetsov wrote:
> While I see that you're running linux-4.7 could you please double-check
> that it has the following:
>
> commit 55f1ea15216a5a14c96738bd5284100a00ffa9dc
> Author: Vitaly Kuznetsov
> Date: Tue May 31 11:23:43
On Wed, Jul 27, 2016, at 05:28 PM, li...@ssl-mail.com wrote:
> 123 unsigned long long size = md->num_pages <<
> EFI_PAGE_SHIFT;
If I'm reading it right, that originated in this pull
DateMon, 16 May 2016 16:43:11 +0200
FromIngo Molnar <>
Subject [GIT PULL] EFI
On Wed, Jul 27, 2016, at 11:36 AM, li...@ssl-mail.com wrote:
> On Wed, Jul 27, 2016, at 11:28 AM, Andrew Cooper wrote:
> > > I'm not sure if that's good enough.
> >
> > Sadly not. The debug symbols need to be specific to the exact binary
> > you booted.
> >
> > Any change in the compilation
On Wed, Jul 27, 2016, at 11:28 AM, Andrew Cooper wrote:
> > I'm not sure if that's good enough.
>
> Sadly not. The debug symbols need to be specific to the exact binary
> you booted.
>
> Any change in the compilation will result in the translation being
> useless. What addr2line is doing is
On Wed, Jul 27, 2016, at 09:56 AM, Andrew Cooper wrote:
> >> Failing that, can you find out exactly where the kernel crashed? You
> >> need to manually decode 81f6374c with the debug symbols.
> > Sure can try. I'm gonna have to read-up on how . Atm no clue.
>
> addr2line -e
On Wed, Jul 27, 2016, at 09:34 AM, Andrew Cooper wrote:
> This looks suspiciously like the issue which was fixed by c/s
> d6b186c1e2d852a92c43f090d0d8fad4704d51ef "x86/xen: avoid m2p lookup when
> setting early page table entries", but that fix is present in Linux 4.7.0
>
> Can you check to see
On Wed, Jul 27, 2016, at 08:50 AM, Andrew Cooper wrote:
> This disassembles to
>
> callq *0x8(%rax)
>
> and %rax looks like an implausible value for a function pointer. This
> particular issue is definitely an EFI firmware issue.
With all the reference to & around EFI I kinda figured ...
>
> What other debug info can help figure out this specific problem?
I found this post with some suggestions and additional references
Troubleshooting UEFI related problems
https://www.qubes-os.org/doc/uefi-troubleshooting/
I tried different combinations of
/mapbs, /noexitboot
on the
I'm running Xen-4.7.0_08-452 + linux kernel 4.7.0-4.g89a2ada-default on X86_64
UEFI hardware.
If I boot without Xen hypervisor enabled it boots fine.
If I boot with Xen enabled it PANICs:
(XEN) [2016-07-26 22:05:33] Hardware Dom0 crashed: rebooting machine in
5 seconds.
the message about needing to reboot is presented.
-- Bill
On Tue, Apr 7, 2015 at 12:19 PM, Andrew Cooper andrew.coop...@citrix.com
wrote:
On 07/04/15 02:42, mailing lists wrote:
Hi --
I've been trying to get nested virtualization working with Xen so that I
could boot Windows and use Hyper-V related
to be the right answer...
On Tue, Apr 7, 2015 at 10:44 PM, mailing lists theli...@gmail.com wrote:
Following the guide for nested virtualization here:
http://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen
It states that one option for display issues is to force full update
mode
Following the guide for nested virtualization here:
http://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen
It states that one option for display issues is to force full update mode
in QEMU. How is that done? I can't seem to find any documentation on it,
and in the QEMU source,
Hi --
I've been trying to get nested virtualization working with Xen so that I
could boot Windows and use Hyper-V related features, however I have not had
much success. Using Windows 8.1 or Windows 2012r2, I'm able to install
Windows, select and install Hyper-V features, and start rebooting.
35 matches
Mail list logo