Your message dated Tue, 16 Jul 2013 18:42:27 +0200 with message-id <[email protected]> and subject line Re: linux-image-2.6.26-2-xen-amd64: fix for CVE-2010-3699 instead broke xen dom0 and domU if using blktap has caused the Debian Bug report #611534, regarding linux-image-2.6.26-2-xen-amd64: fix for CVE-2010-3699 instead broke xen dom0 and domU if using blktap to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 611534: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611534 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: linux-image-2.6.26-2-xen-amd64 Version: 2.6.26-26lenny1 Severity: critical Justification: breaks the whole system I've recently updated kernels from debian security repo: linux-image-2.6.26-2-xen-amd64 2.6.26-26lenny2 supposed to address CVE-2010-3699 but instead makes dom0 and domU unusables and even freezes dom0 this happens only if using blktap2, i.e. tap:aio in xen config, perhaps not working by default on lenny because of a missing link (I filled a bug ages ago) I'm attaching some kernel logs I had to revert back to lenny1 version Regards -- System Information: Debian Release: 5.0.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages linux-image-2.6.26-2-xen-amd64 depends on: ii initramfs-tools 0.92o tools for generating an initramfs ii linux-modules-2.6.26-2-x 2.6.26-26lenny1 Linux 2.6.26 modules on AMD64 linux-image-2.6.26-2-xen-amd64 recommends no packages. Versions of packages linux-image-2.6.26-2-xen-amd64 suggests: ii grub 0.97-47lenny2 GRand Unified Bootloader (Legacy v pn linux-doc-2.6.26 <none> (no description available) -- no debconf informationJan 30 13:57:46 falco vmunix: [ 33.563652] eth0: no IPv6 routers present Jan 30 13:57:48 falco vmunix: [ 35.816480] blktap: ring-ref 8, event-channel 8, protocol 1 (x86_64-abi) Jan 30 13:57:48 falco vmunix: [ 35.819397] blktap: ring-ref 9, event-channel 9, protocol 1 (x86_64-abi) Jan 30 13:57:53 falco vmunix: [ 39.939113] vif1.0: no IPv6 routers present Jan 30 13:58:00 falco vmunix: [ 47.206907] vif2.0: no IPv6 routers present Jan 30 13:58:28 falco vmunix: [ 75.934833] BUG: unable to handle kernel paging request at ffff880072452b38 Jan 30 13:58:28 falco vmunix: [ 75.934833] IP: [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72 Jan 30 13:58:28 falco vmunix: [ 75.934833] PGD 1f7f067 PUD 2181067 PMD 2314067 PTE 8010000072452065 Jan 30 13:58:28 falco vmunix: [ 75.934833] Oops: 0003 [1] SMP Jan 30 13:58:28 falco vmunix: [ 75.934833] CPU 0 Jan 30 13:58:28 falco vmunix: [ 75.934833] Modules linked in: xt_tcpudp xt_physdev iptable_filter ip_tables x_tables bridge netloop ipv6 loop i2c_piix4 pcspkr k8temp snd_hda_intel i2c_core snd_pcm snd_timer snd soundcore snd_page_alloc button shpchp pci_hotplug evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot dm_mod ehci_hcd ohci_hcd r8169 sd_mod thermal processor fan thermal_sys xenblktap raid1 raid0 md_mod atiixp ahci sata_nv sata_sil sata_via libata dock via82cxxx ide_core 3w_9xxx 3w_xxxx scsi_mod [last unloaded: scsi_wait_scan] Jan 30 13:58:28 falco vmunix: [ 75.934833] Pid: 2883, comm: tapdisk Not tainted 2.6.26-2-xen-amd64 #1 Jan 30 13:58:28 falco vmunix: [ 75.934833] RIP: e030:[<ffffffff80436b6b>] [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72 Jan 30 13:58:28 falco vmunix: [ 75.934833] RSP: e02b:ffff880032f8ddd8 EFLAGS: 00010056 Jan 30 13:58:28 falco vmunix: [ 75.934833] RAX: 0000000000000100 RBX: ffff880072452b38 RCX: 0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.934833] RDX: ffffffffff5f7000 RSI: 000000000000001c RDI: ffff880072452b38 Jan 30 13:58:28 falco vmunix: [ 75.934833] RBP: 0000000000000000 R08: ffff880032f8db90 R09: 0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.934833] R10: 0000000000000009 R11: ffff880000000000 R12: ffff880072452b00 Jan 30 13:58:28 falco vmunix: [ 75.934833] R13: ffff8800724aa1d0 R14: ffff880072452b38 R15: 0000000000000016 Jan 30 13:58:28 falco vmunix: [ 75.934833] FS: 00007f5c0f4106e0(0000) GS:ffffffff8053a000(0000) knlGS:0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.934833] CS: e033 DS: 0000 ES: 0000 Jan 30 13:58:28 falco vmunix: [ 75.934833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.934833] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jan 30 13:58:28 falco vmunix: [ 75.934833] Process tapdisk (pid: 2883, threadinfo ffff880032f8c000, task ffff880071095780) Jan 30 13:58:28 falco vmunix: [ 75.934833] Stack: 0000000000000000 0000000000000000 ffff88000000001a ffff880032fb9e80 Jan 30 13:58:28 falco vmunix: [ 75.934833] ffff880072452b10 ffffffffa00d1efe 0000000000000000 ffff8800724dae40 Jan 30 13:58:28 falco vmunix: [ 75.934833] 000000000000001c 0000000000003c00 0000000000000000 ffff880032fb9e80 Jan 30 13:58:28 falco vmunix: [ 75.934833] Call Trace: Jan 30 13:58:28 falco vmunix: [ 75.934833] [<ffffffffa00d1efe>] :xenblktap:make_response+0x2f/0x15d Jan 30 13:58:28 falco vmunix: [ 75.934833] [<ffffffffa00d2552>] :xenblktap:blktap_ioctl+0x24d/0x43b Jan 30 13:58:28 falco vmunix: [ 75.934833] [<ffffffff80296b41>] vfs_ioctl+0x55/0x6b Jan 30 13:58:28 falco vmunix: [ 75.934833] [<ffffffff80296d9f>] do_vfs_ioctl+0x248/0x261 Jan 30 13:58:28 falco vmunix: [ 75.934833] [<ffffffff80296e09>] sys_ioctl+0x51/0x70 Jan 30 13:58:28 falco vmunix: [ 75.934833] [<ffffffff8020b528>] system_call+0x68/0x6d Jan 30 13:58:28 falco vmunix: [ 75.934833] [<ffffffff8020b4c0>] system_call+0x0/0x6d Jan 30 13:58:28 falco vmunix: [ 75.934833] Jan 30 13:58:28 falco vmunix: [ 75.934833] Jan 30 13:58:28 falco vmunix: [ 75.934833] Code: 48 89 fb 48 83 ec 18 48 8b 15 b2 a3 0c 00 65 8b 04 25 24 00 00 00 89 c0 48 c1 e0 06 0f b6 6c 10 01 c6 44 10 01 01 b8 00 01 00 00 <f0> 66 0f c1 07 89 44 24 14 8b 44 24 14 ba 00 04 00 00 38 e0 74 Jan 30 13:58:28 falco vmunix: [ 75.943422] RIP [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72 Jan 30 13:58:28 falco vmunix: [ 75.943422] RSP <ffff880032f8ddd8> Jan 30 13:58:28 falco vmunix: [ 75.943422] CR2: ffff880072452b38 Jan 30 13:58:28 falco vmunix: [ 75.943422] ---[ end trace aa759babcdf2114f ]--- Jan 30 13:58:28 falco vmunix: [ 75.949127] BUG: unable to handle kernel paging request at ffff880072452e38 Jan 30 13:58:28 falco vmunix: [ 75.949339] IP: [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72 Jan 30 13:58:28 falco vmunix: [ 75.949473] PGD 1f7f067 PUD 2181067 PMD 2314067 PTE 8010000072452065 Jan 30 13:58:28 falco vmunix: [ 75.949790] Oops: 0003 [2] SMP Jan 30 13:58:28 falco vmunix: [ 75.949981] CPU 0 Jan 30 13:58:28 falco vmunix: [ 75.950110] Modules linked in: xt_tcpudp xt_physdev iptable_filter ip_tables x_tables bridge netloop ipv6 loop i2c_piix4 pcspkr k8temp snd_hda_intel i2c_core snd_pcm snd_timer snd soundcore snd_page_alloc button shpchp pci_hotplug evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot dm_mod ehci_hcd ohci_hcd r8169 sd_mod thermal processor fan thermal_sys xenblktap raid1 raid0 md_mod atiixp ahci sata_nv sata_sil sata_via libata dock via82cxxx ide_core 3w_9xxx 3w_xxxx scsi_mod [last unloaded: scsi_wait_scan] Jan 30 13:58:28 falco vmunix: [ 75.953047] Pid: 3147, comm: tapdisk Tainted: G D 2.6.26-2-xen-amd64 #1 Jan 30 13:58:28 falco vmunix: [ 75.953047] RIP: e030:[<ffffffff80436b6b>] [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72 Jan 30 13:58:28 falco vmunix: [ 75.953047] RSP: e02b:ffff880011b6bdd8 EFLAGS: 00010056 Jan 30 13:58:28 falco vmunix: [ 75.953047] RAX: 0000000000000100 RBX: ffff880072452e38 RCX: 0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.953047] RDX: ffffffffff5f7000 RSI: 000000000000000b RDI: ffff880072452e38 Jan 30 13:58:28 falco vmunix: [ 75.953047] RBP: 0000000000000000 R08: ffff880011b6bb90 R09: 0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.953047] R10: 0000000000000045 R11: ffff880000000000 R12: ffff880072452e00 Jan 30 13:58:28 falco vmunix: [ 75.953047] R13: ffff880011b61d80 R14: ffff880072452e38 R15: 0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.953047] FS: 00007f2a30a896e0(0000) GS:ffffffff8053a000(0000) knlGS:0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.953047] CS: e033 DS: 0000 ES: 0000 Jan 30 13:58:28 falco vmunix: [ 75.953047] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jan 30 13:58:28 falco vmunix: [ 75.953047] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jan 30 13:58:28 falco vmunix: [ 75.953047] Process tapdisk (pid: 3147, threadinfo ffff880011b6a000, task ffff8800735a2240) Jan 30 13:58:28 falco vmunix: [ 75.953047] Stack: 0000000000000000 0000000000000000 ffff88000000001f ffff880011b61e80 Jan 30 13:58:28 falco vmunix: [ 75.953047] ffff880072452e10 ffffffffa00d1efe 0000000000000000 ffff8800724dab40 Jan 30 13:58:28 falco vmunix: [ 75.953047] 000000000000000b 0000000000000f00 0000000000000000 ffff880011b61e80 Jan 30 13:58:28 falco vmunix: [ 75.953047] Call Trace: Jan 30 13:58:28 falco vmunix: [ 75.953047] [<ffffffffa00d1efe>] :xenblktap:make_response+0x2f/0x15d Jan 30 13:58:28 falco vmunix: [ 75.953047] [<ffffffffa00d2552>] :xenblktap:blktap_ioctl+0x24d/0x43b Jan 30 13:58:28 falco vmunix: [ 75.953047] [<ffffffff80296b41>] vfs_ioctl+0x55/0x6b Jan 30 13:58:28 falco vmunix: [ 75.953047] [<ffffffff80296d9f>] do_vfs_ioctl+0x248/0x261 Jan 30 13:58:28 falco vmunix: [ 75.953047] [<ffffffff80296e09>] sys_ioctl+0x51/0x70 Jan 30 13:58:28 falco vmunix: [ 75.953047] [<ffffffff8020b528>] system_call+0x68/0x6d Jan 30 13:58:28 falco vmunix: [ 75.953047] [<ffffffff8020b4c0>] system_call+0x0/0x6d Jan 30 13:58:28 falco vmunix: [ 75.953047] Jan 30 13:58:28 falco vmunix: [ 75.953047] Jan 30 13:58:28 falco vmunix: [ 75.953047] Code: 48 89 fb 48 83 ec 18 48 8b 15 b2 a3 0c 00 65 8b 04 25 24 00 00 00 89 c0 48 c1 e0 06 0f b6 6c 10 01 c6 44 10 01 01 b8 00 01 00 00 <f0> 66 0f c1 07 89 44 24 14 8b 44 24 14 ba 00 04 00 00 38 e0 74 Jan 30 13:58:28 falco vmunix: [ 75.953047] RIP [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72 Jan 30 13:58:28 falco vmunix: [ 75.953047] RSP <ffff880011b6bdd8> Jan 30 13:58:28 falco vmunix: [ 75.953047] CR2: ffff880072452e38 Jan 30 13:58:28 falco vmunix: [ 75.953047] ---[ end trace aa759babcdf2114f ]--- Jan 30 14:00:58 falco vmunix: [ 225.356070] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 Jan 30 14:00:58 falco vmunix: [ 225.356070] IP: [<ffffffff8023f817>] prepare_to_wait+0x2d/0x64 Jan 30 14:00:58 falco vmunix: [ 225.356070] PGD 7202a067 PUD 724fc067 PMD 0 Jan 30 14:00:58 falco vmunix: [ 225.356070] Oops: 0002 [3] SMP Jan 30 14:00:58 falco vmunix: [ 225.356070] CPU 1 Jan 30 14:00:58 falco vmunix: [ 225.356070] Modules linked in: xt_tcpudp xt_physdev iptable_filter ip_tables x_tables bridge netloop ipv6 loop i2c_piix4 pcspkr k8temp snd_hda_intel i2c_core snd_pcm snd_timer snd soundcore snd_page_alloc button shpchp pci_hotplug evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot dm_mod ehci_hcd ohci_hcd r8169 sd_mod thermal processor fan thermal_sys xenblktap raid1 raid0 md_mod atiixp ahci sata_nv sata_sil sata_via libata dock via82cxxx ide_core 3w_9xxx 3w_xxxx scsi_mod [last unloaded: scsi_wait_scan] Jan 30 14:00:58 falco vmunix: [ 225.360032] Pid: 23, comm: xenwatch Tainted: G D 2.6.26-2-xen-amd64 #1 Jan 30 14:00:58 falco vmunix: [ 225.360032] RIP: e030:[<ffffffff8023f817>] [<ffffffff8023f817>] prepare_to_wait+0x2d/0x64 Jan 30 14:00:58 falco vmunix: [ 225.360032] RSP: e02b:ffff880073587d10 EFLAGS: 00010046 Jan 30 14:00:58 falco vmunix: [ 225.360032] RAX: 0000000000000000 RBX: ffff880073587d30 RCX: ffff880073587d48 Jan 30 14:00:58 falco vmunix: [ 225.360071] RDX: ffff880072452c58 RSI: 0000000000000000 RDI: ffff880072452c50 Jan 30 14:00:58 falco vmunix: [ 225.360071] RBP: ffff880072452c50 R08: ffff880073586000 R09: ffff880072b7f8c8 Jan 30 14:00:58 falco vmunix: [ 225.360071] R10: ffff880081649000 R11: ffff880072b7f8c8 R12: 0000000000000002 Jan 30 14:00:58 falco vmunix: [ 225.360071] R13: ffffffff8057c580 R14: ffffffff8057d1c0 R15: 0000000000000000 Jan 30 14:00:58 falco vmunix: [ 225.360071] FS: 00007fdf51a646e0(0000) GS:ffffffff8053a080(0000) knlGS:0000000000000000 Jan 30 14:00:58 falco vmunix: [ 225.360071] CS: e033 DS: 0000 ES: 0000 Jan 30 14:00:58 falco vmunix: [ 225.360071] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jan 30 14:00:58 falco vmunix: [ 225.360071] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jan 30 14:00:58 falco vmunix: [ 225.360071] Process xenwatch (pid: 23, threadinfo ffff880073586000, task ffff88007355e180) Jan 30 14:00:58 falco vmunix: [ 225.360071] Stack: ffff880072452bc0 ffff880072452c50 ffff8800725eeda8 ffffffffa00d18d9 Jan 30 14:00:58 falco vmunix: [ 225.360071] 0000000000000000 ffff88007355e180 ffffffff8023f6d9 ffff880073587d48 Jan 30 14:00:58 falco vmunix: [ 225.360071] ffff880073587d48 ffff8800725eec00 ffff880070b33800 ffff8800725eec00 Jan 30 14:00:58 falco vmunix: [ 225.360071] Call Trace: Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffffa00d18d9>] ? :xenblktap:tap_blkif_free+0x5f/0x97 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8023f6d9>] ? autoremove_wake_function+0x0/0x2e Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffffa00d10dd>] ? :xenblktap:blktap_remove+0x6e/0x8f Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff803847b4>] ? xenbus_dev_remove+0x33/0x46 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff803795e0>] ? __device_release_driver+0x74/0x97 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff80379624>] ? device_release_driver+0x21/0x2d Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff80378b11>] ? bus_remove_device+0x8d/0xa1 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8037784b>] ? device_del+0xf8/0x15d Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff803778b9>] ? device_unregister+0x9/0x12 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffffa00d163c>] ? :xenblktap:tap_frontend_changed+0x1f9/0x227 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff80381d89>] ? xenbus_read_driver_state+0x26/0x3b Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8038464e>] ? otherend_changed+0x42/0x87 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff803833ef>] ? xenwatch_thread+0x0/0x186 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff80382acd>] ? xenwatch_handle_callback+0x15/0x48 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8038355c>] ? xenwatch_thread+0x16d/0x186 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8023f6d9>] ? autoremove_wake_function+0x0/0x2e Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8023f5ab>] ? kthread+0x47/0x74 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff802282ec>] ? schedule_tail+0x27/0x5c Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8020be28>] ? child_rip+0xa/0x12 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8023f564>] ? kthread+0x0/0x74 Jan 30 14:00:58 falco vmunix: [ 225.360071] [<ffffffff8020be1e>] ? child_rip+0x0/0x12 Jan 30 14:00:58 falco vmunix: [ 225.360071] Jan 30 14:00:58 falco vmunix: [ 225.360071] Jan 30 14:00:58 falco vmunix: [ 225.360071] Code: 41 89 d4 55 48 89 fd 53 83 26 fe 48 89 f3 e8 3f 73 1f 00 48 8b 4b 18 48 89 c6 48 8d 43 18 48 39 c1 75 18 48 8b 45 08 48 8d 55 08 <48> 89 48 08 48 89 43 18 48 89 51 08 48 89 4d 08 48 85 db 74 07 Jan 30 14:00:58 falco vmunix: [ 225.360071] RIP [<ffffffff8023f817>] prepare_to_wait+0x2d/0x64 Jan 30 14:00:58 falco vmunix: [ 225.360071] RSP <ffff880073587d10> Jan 30 14:00:58 falco vmunix: [ 225.360071] CR2: 0000000000000008 Jan 30 14:00:58 falco vmunix: [ 225.360071] ---[ end trace aa759babcdf2114f ]---
--- End Message ---
--- Begin Message ---On Sun, Jan 30, 2011 at 02:51:03PM +0100, Gianluigi Tiesi wrote: > Package: linux-image-2.6.26-2-xen-amd64 > Version: 2.6.26-26lenny1 > Severity: critical > Justification: breaks the whole system > > > I've recently updated kernels from debian security repo: > linux-image-2.6.26-2-xen-amd64 2.6.26-26lenny2 > supposed to address CVE-2010-3699 > > but instead makes dom0 and domU unusables and even freezes dom0 > this happens only if using blktap2, i.e. tap:aio in xen config, > perhaps not working by default on lenny because of a missing link > (I filled a bug ages ago) > > I'm attaching some kernel logs > > I had to revert back to lenny1 version Sorry for the late reply. Support for Debian Lenny ended some time ago and this should be working fine in Squeeze and Wheezy. Closing the bug. Cheers, Moritz
--- End Message ---
