Package: linux-source-6.1 Version: 6.1.124-1 Severity: critical Justification: breaks the whole system Tags: patch
Hi, It turns out the upstream changes made to fix XSA-466 / CVE-2024-53241 "x86/xen: remove hypercall page" [1] and "x86/xen: use new hypercall functions instead of hypercall page" [2] can leave an Xen PVH domU unbootable. These went into Debian in linux-image-6.1.0-29-amd64 (6.1.123-1) and upstream Linux in 6.1.121, and also into other kernel series, and mainline. Juergen Gross has already very helpfully diagnosed this problem and fixed it with a patch that's been accepted in mainline "x86/xen: fix xen_hypercall_hvm() to not clobber %rbx" [3] This bug report is to request this patch be incorporated into the Debian stable kernel. It seems quite variable whether systems are affected. Not everyone hits it, but we (Jump Networks, a VPS hosting provider) have seen it across multiple versions of Xen and on both Intel and AMD hardware. Symptoms are PVH domU immediately shutting down before any output from the kernel, even with earlyprintk=xen and CONFIG_X86_VERBOSE_BOOTUP. The xl log just shows that the domain shut down. Appending 'loglvl=all guest_loglvl=all' to the Xen host commandline produces something more useful in the 'xl dmesg' buffer after a guest crash, here's some characteristic output for anyone else wanting to know if they're hitting the same bug (garbled characters in original, and bug related). (d38) [ 0.000000] Linux version 6.1.0-29-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.123-1 (2025-01 (d38) -02) (d38) @�!��������Linux version 6.1.0-29-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.123-1 (2025-01-02) (d38) 2) (d38) ���Command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-29-amd64 root=PARTUUID=5650c9f4-01 ro console=tty0 console=hvc0 earlyprintk=xen net.ifnames=0 consoleblank=0=0 (d38) ���BIOS-provided physical RAM map:p: (d38) ���BIOS-e820: [mem 0x0000000000000000-0x00000000fbffffff] usablec (d38) ���BIOS-e820: [mem 0x00000000fc000000-0x00000000fc008fff] ACPI datac (d38) ���BIOS-e820: [mem 0x00000000feff8000-0x00000000feffffff] reservedc (d38) ���BIOS-e820: [mem 0x0000000100000000-0x0000000203ffffff] usablec (d38) �?Ħ���� @Ħ�����AĦ�����AĦ�����AĦ����BĦ����CĦ����@CĦ����DĦ�����DĦ�����DĦ�����DĦ�����DĦ�����DĦ����EĦ����IĦ����IĦ����@IĦ����`IĦ�����JĦ�����JĦ�����JĦ�����JĦ����@KĦ����KĦ�����KĦ�� (d38) ���KĦ�����KĦ�����KĦ����LĦ����LĦ���� LĦ����PLĦ����`LĦ����pLĦ����LĦ����LĦ�����LĦ�����LĦ�����LĦ�����LĦ�����LĦ����MĦ����MĦ���� MĦ����@MĦ����pRĦ����pSĦ����SĦ�����SĦ����UĦ����PUĦ� (d38) ����UĦ����@Ħ�����Ħ����PĦ����`Ħ�����Ħ����`�Ħ�����Ħ�����Ħ�����Ħ����@�Ħ����`�Ħ����p�Ħ�����Ħ�����Ħ������Ħ������Ħ������Ħ����гĦ�����Ħ����`�Ħ�����Ħ�����Ħ����@�Ħ����P�Ħ����p�Ħ��� (d38) ��Ħ�����Ħ�����Ħ���� �Ħ����0�Ħ����P�Ħ�����Ħ������Ħ����жĦ����0�Ħ�����Ħ������Ħ�����Ħ����p�Ħ����`�Ħ������Ħ���� �Ħ����@�Ħ����PANIC: early exception 0x0e IP 10:ffffffffa5e9606b error 0 c (d38) r2 0xffffffffa8e00000 Thanks for your help, Andrew Kanaber Jump Networks [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4c24703978b44d4bb95413a6b85c3254a5fa9bc1 [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1a2471af32acd00378d07164d025eaf226f337c3 [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/x86/xen/xen-head.S?id=98a5cfd2320966f40fe049a9855f8787f0126825 -- System Information: Debian Release: 12.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.128 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-source-6.1 depends on: ii binutils 2.40-2 ii xz-utils 5.4.1-0.2 Versions of packages linux-source-6.1 recommends: ii bc 1.07.1-3+b1 ii bison 2:3.8.2+dfsg-1+b1 ii build-essential 12.9 ii cpio 2.13+dfsg-7.1 ii flex 2.6.4-8.2 ii kmod 30+20221128-1 ii libelf-dev 0.188-2.1 ii libssl-dev 3.0.15-1~deb12u1 ii linux-config-6.1 6.1.124-1 ii rsync 3.2.7-1+deb12u2 Versions of packages linux-source-6.1 suggests: ii libncurses-dev [ncurses-dev] 6.4-4 pn pkg-config <none> pn qtbase5-dev <none> -- no debconf information
