[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#611534: marked as done (linux-image-2.6.26-2-xen-amd64: fix for CVE-2010-3699 instead broke xen dom0 and domU if using blktap)



Your message dated Tue, 16 Jul 2013 18:42:27 +0200
with message-id <20130716164227.GC29312@inutil.org>
and subject line Re: linux-image-2.6.26-2-xen-amd64: fix for CVE-2010-3699 instead broke xen dom0 and domU if using blktap
has caused the Debian Bug report #611534,
regarding linux-image-2.6.26-2-xen-amd64: fix for CVE-2010-3699 instead broke xen dom0 and domU if using blktap
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
611534: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611534
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: linux-image-2.6.26-2-xen-amd64
Version: 2.6.26-26lenny1
Severity: critical
Justification: breaks the whole system


I've recently updated kernels from debian security repo:
linux-image-2.6.26-2-xen-amd64 2.6.26-26lenny2
supposed to address CVE-2010-3699

but instead makes dom0 and domU unusables and even freezes dom0
this happens only if using blktap2, i.e. tap:aio in xen config,
perhaps not working by default on lenny because of a missing link
(I filled a bug ages ago)

I'm attaching some kernel logs

I had to revert back to lenny1 version


Regards


-- System Information:
Debian Release: 5.0.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages linux-image-2.6.26-2-xen-amd64 depends on:
ii  initramfs-tools          0.92o           tools for generating an initramfs
ii  linux-modules-2.6.26-2-x 2.6.26-26lenny1 Linux 2.6.26 modules on AMD64

linux-image-2.6.26-2-xen-amd64 recommends no packages.

Versions of packages linux-image-2.6.26-2-xen-amd64 suggests:
ii  grub                       0.97-47lenny2 GRand Unified Bootloader (Legacy v
pn  linux-doc-2.6.26           <none>        (no description available)

-- no debconf information
Jan 30 13:57:46 falco vmunix: [   33.563652] eth0: no IPv6 routers present
Jan 30 13:57:48 falco vmunix: [   35.816480] blktap: ring-ref 8, event-channel 8, protocol 1 (x86_64-abi)
Jan 30 13:57:48 falco vmunix: [   35.819397] blktap: ring-ref 9, event-channel 9, protocol 1 (x86_64-abi)
Jan 30 13:57:53 falco vmunix: [   39.939113] vif1.0: no IPv6 routers present
Jan 30 13:58:00 falco vmunix: [   47.206907] vif2.0: no IPv6 routers present
Jan 30 13:58:28 falco vmunix: [   75.934833] BUG: unable to handle kernel paging request at ffff880072452b38
Jan 30 13:58:28 falco vmunix: [   75.934833] IP: [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72
Jan 30 13:58:28 falco vmunix: [   75.934833] PGD 1f7f067 PUD 2181067 PMD 2314067 PTE 8010000072452065
Jan 30 13:58:28 falco vmunix: [   75.934833] Oops: 0003 [1] SMP 
Jan 30 13:58:28 falco vmunix: [   75.934833] CPU 0 
Jan 30 13:58:28 falco vmunix: [   75.934833] Modules linked in: xt_tcpudp xt_physdev iptable_filter ip_tables x_tables bridge netloop ipv6 loop i2c_piix4 pcspkr k8temp snd_hda_intel i2c_core snd_pcm snd_timer snd soundcore snd_page_alloc button shpchp pci_hotplug evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot dm_mod ehci_hcd ohci_hcd r8169 sd_mod thermal processor fan thermal_sys xenblktap raid1 raid0 md_mod atiixp ahci sata_nv sata_sil sata_via libata dock via82cxxx ide_core 3w_9xxx 3w_xxxx scsi_mod [last unloaded: scsi_wait_scan]
Jan 30 13:58:28 falco vmunix: [   75.934833] Pid: 2883, comm: tapdisk Not tainted 2.6.26-2-xen-amd64 #1
Jan 30 13:58:28 falco vmunix: [   75.934833] RIP: e030:[<ffffffff80436b6b>]  [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72
Jan 30 13:58:28 falco vmunix: [   75.934833] RSP: e02b:ffff880032f8ddd8  EFLAGS: 00010056
Jan 30 13:58:28 falco vmunix: [   75.934833] RAX: 0000000000000100 RBX: ffff880072452b38 RCX: 0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.934833] RDX: ffffffffff5f7000 RSI: 000000000000001c RDI: ffff880072452b38
Jan 30 13:58:28 falco vmunix: [   75.934833] RBP: 0000000000000000 R08: ffff880032f8db90 R09: 0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.934833] R10: 0000000000000009 R11: ffff880000000000 R12: ffff880072452b00
Jan 30 13:58:28 falco vmunix: [   75.934833] R13: ffff8800724aa1d0 R14: ffff880072452b38 R15: 0000000000000016
Jan 30 13:58:28 falco vmunix: [   75.934833] FS:  00007f5c0f4106e0(0000) GS:ffffffff8053a000(0000) knlGS:0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.934833] CS:  e033 DS: 0000 ES: 0000
Jan 30 13:58:28 falco vmunix: [   75.934833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.934833] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jan 30 13:58:28 falco vmunix: [   75.934833] Process tapdisk (pid: 2883, threadinfo ffff880032f8c000, task ffff880071095780)
Jan 30 13:58:28 falco vmunix: [   75.934833] Stack:  0000000000000000 0000000000000000 ffff88000000001a ffff880032fb9e80
Jan 30 13:58:28 falco vmunix: [   75.934833]  ffff880072452b10 ffffffffa00d1efe 0000000000000000 ffff8800724dae40
Jan 30 13:58:28 falco vmunix: [   75.934833]  000000000000001c 0000000000003c00 0000000000000000 ffff880032fb9e80
Jan 30 13:58:28 falco vmunix: [   75.934833] Call Trace:
Jan 30 13:58:28 falco vmunix: [   75.934833]  [<ffffffffa00d1efe>] :xenblktap:make_response+0x2f/0x15d
Jan 30 13:58:28 falco vmunix: [   75.934833]  [<ffffffffa00d2552>] :xenblktap:blktap_ioctl+0x24d/0x43b
Jan 30 13:58:28 falco vmunix: [   75.934833]  [<ffffffff80296b41>] vfs_ioctl+0x55/0x6b
Jan 30 13:58:28 falco vmunix: [   75.934833]  [<ffffffff80296d9f>] do_vfs_ioctl+0x248/0x261
Jan 30 13:58:28 falco vmunix: [   75.934833]  [<ffffffff80296e09>] sys_ioctl+0x51/0x70
Jan 30 13:58:28 falco vmunix: [   75.934833]  [<ffffffff8020b528>] system_call+0x68/0x6d
Jan 30 13:58:28 falco vmunix: [   75.934833]  [<ffffffff8020b4c0>] system_call+0x0/0x6d
Jan 30 13:58:28 falco vmunix: [   75.934833] 
Jan 30 13:58:28 falco vmunix: [   75.934833] 
Jan 30 13:58:28 falco vmunix: [   75.934833] Code: 48 89 fb 48 83 ec 18 48 8b 15 b2 a3 0c 00 65 8b 04 25 24 00 00 00 89 c0 48 c1 e0 06 0f b6 6c 10 01 c6 44 10 01 01 b8 00 01 00 00 <f0> 66 0f c1 07 89 44 24 14 8b 44 24 14 ba 00 04 00 00 38 e0 74 
Jan 30 13:58:28 falco vmunix: [   75.943422] RIP  [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72
Jan 30 13:58:28 falco vmunix: [   75.943422]  RSP <ffff880032f8ddd8>
Jan 30 13:58:28 falco vmunix: [   75.943422] CR2: ffff880072452b38
Jan 30 13:58:28 falco vmunix: [   75.943422] ---[ end trace aa759babcdf2114f ]---
Jan 30 13:58:28 falco vmunix: [   75.949127] BUG: unable to handle kernel paging request at ffff880072452e38
Jan 30 13:58:28 falco vmunix: [   75.949339] IP: [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72
Jan 30 13:58:28 falco vmunix: [   75.949473] PGD 1f7f067 PUD 2181067 PMD 2314067 PTE 8010000072452065
Jan 30 13:58:28 falco vmunix: [   75.949790] Oops: 0003 [2] SMP 
Jan 30 13:58:28 falco vmunix: [   75.949981] CPU 0 
Jan 30 13:58:28 falco vmunix: [   75.950110] Modules linked in: xt_tcpudp xt_physdev iptable_filter ip_tables x_tables bridge netloop ipv6 loop i2c_piix4 pcspkr k8temp snd_hda_intel i2c_core snd_pcm snd_timer snd soundcore snd_page_alloc button shpchp pci_hotplug evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot dm_mod ehci_hcd ohci_hcd r8169 sd_mod thermal processor fan thermal_sys xenblktap raid1 raid0 md_mod atiixp ahci sata_nv sata_sil sata_via libata dock via82cxxx ide_core 3w_9xxx 3w_xxxx scsi_mod [last unloaded: scsi_wait_scan]
Jan 30 13:58:28 falco vmunix: [   75.953047] Pid: 3147, comm: tapdisk Tainted: G      D   2.6.26-2-xen-amd64 #1
Jan 30 13:58:28 falco vmunix: [   75.953047] RIP: e030:[<ffffffff80436b6b>]  [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72
Jan 30 13:58:28 falco vmunix: [   75.953047] RSP: e02b:ffff880011b6bdd8  EFLAGS: 00010056
Jan 30 13:58:28 falco vmunix: [   75.953047] RAX: 0000000000000100 RBX: ffff880072452e38 RCX: 0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.953047] RDX: ffffffffff5f7000 RSI: 000000000000000b RDI: ffff880072452e38
Jan 30 13:58:28 falco vmunix: [   75.953047] RBP: 0000000000000000 R08: ffff880011b6bb90 R09: 0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.953047] R10: 0000000000000045 R11: ffff880000000000 R12: ffff880072452e00
Jan 30 13:58:28 falco vmunix: [   75.953047] R13: ffff880011b61d80 R14: ffff880072452e38 R15: 0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.953047] FS:  00007f2a30a896e0(0000) GS:ffffffff8053a000(0000) knlGS:0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.953047] CS:  e033 DS: 0000 ES: 0000
Jan 30 13:58:28 falco vmunix: [   75.953047] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 30 13:58:28 falco vmunix: [   75.953047] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jan 30 13:58:28 falco vmunix: [   75.953047] Process tapdisk (pid: 3147, threadinfo ffff880011b6a000, task ffff8800735a2240)
Jan 30 13:58:28 falco vmunix: [   75.953047] Stack:  0000000000000000 0000000000000000 ffff88000000001f ffff880011b61e80
Jan 30 13:58:28 falco vmunix: [   75.953047]  ffff880072452e10 ffffffffa00d1efe 0000000000000000 ffff8800724dab40
Jan 30 13:58:28 falco vmunix: [   75.953047]  000000000000000b 0000000000000f00 0000000000000000 ffff880011b61e80
Jan 30 13:58:28 falco vmunix: [   75.953047] Call Trace:
Jan 30 13:58:28 falco vmunix: [   75.953047]  [<ffffffffa00d1efe>] :xenblktap:make_response+0x2f/0x15d
Jan 30 13:58:28 falco vmunix: [   75.953047]  [<ffffffffa00d2552>] :xenblktap:blktap_ioctl+0x24d/0x43b
Jan 30 13:58:28 falco vmunix: [   75.953047]  [<ffffffff80296b41>] vfs_ioctl+0x55/0x6b
Jan 30 13:58:28 falco vmunix: [   75.953047]  [<ffffffff80296d9f>] do_vfs_ioctl+0x248/0x261
Jan 30 13:58:28 falco vmunix: [   75.953047]  [<ffffffff80296e09>] sys_ioctl+0x51/0x70
Jan 30 13:58:28 falco vmunix: [   75.953047]  [<ffffffff8020b528>] system_call+0x68/0x6d
Jan 30 13:58:28 falco vmunix: [   75.953047]  [<ffffffff8020b4c0>] system_call+0x0/0x6d
Jan 30 13:58:28 falco vmunix: [   75.953047] 
Jan 30 13:58:28 falco vmunix: [   75.953047] 
Jan 30 13:58:28 falco vmunix: [   75.953047] Code: 48 89 fb 48 83 ec 18 48 8b 15 b2 a3 0c 00 65 8b 04 25 24 00 00 00 89 c0 48 c1 e0 06 0f b6 6c 10 01 c6 44 10 01 01 b8 00 01 00 00 <f0> 66 0f c1 07 89 44 24 14 8b 44 24 14 ba 00 04 00 00 38 e0 74 
Jan 30 13:58:28 falco vmunix: [   75.953047] RIP  [<ffffffff80436b6b>] _spin_lock_irqsave+0x2d/0x72
Jan 30 13:58:28 falco vmunix: [   75.953047]  RSP <ffff880011b6bdd8>
Jan 30 13:58:28 falco vmunix: [   75.953047] CR2: ffff880072452e38
Jan 30 13:58:28 falco vmunix: [   75.953047] ---[ end trace aa759babcdf2114f ]---
Jan 30 14:00:58 falco vmunix: [  225.356070] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
Jan 30 14:00:58 falco vmunix: [  225.356070] IP: [<ffffffff8023f817>] prepare_to_wait+0x2d/0x64
Jan 30 14:00:58 falco vmunix: [  225.356070] PGD 7202a067 PUD 724fc067 PMD 0 
Jan 30 14:00:58 falco vmunix: [  225.356070] Oops: 0002 [3] SMP 
Jan 30 14:00:58 falco vmunix: [  225.356070] CPU 1 
Jan 30 14:00:58 falco vmunix: [  225.356070] Modules linked in: xt_tcpudp xt_physdev iptable_filter ip_tables x_tables bridge netloop ipv6 loop i2c_piix4 pcspkr k8temp snd_hda_intel i2c_core snd_pcm snd_timer snd soundcore snd_page_alloc button shpchp pci_hotplug evdev ext3 jbd mbcache dm_mirror dm_log dm_snapshot dm_mod ehci_hcd ohci_hcd r8169 sd_mod thermal processor fan thermal_sys xenblktap raid1 raid0 md_mod atiixp ahci sata_nv sata_sil sata_via libata dock via82cxxx ide_core 3w_9xxx 3w_xxxx scsi_mod [last unloaded: scsi_wait_scan]
Jan 30 14:00:58 falco vmunix: [  225.360032] Pid: 23, comm: xenwatch Tainted: G      D   2.6.26-2-xen-amd64 #1
Jan 30 14:00:58 falco vmunix: [  225.360032] RIP: e030:[<ffffffff8023f817>]  [<ffffffff8023f817>] prepare_to_wait+0x2d/0x64
Jan 30 14:00:58 falco vmunix: [  225.360032] RSP: e02b:ffff880073587d10  EFLAGS: 00010046
Jan 30 14:00:58 falco vmunix: [  225.360032] RAX: 0000000000000000 RBX: ffff880073587d30 RCX: ffff880073587d48
Jan 30 14:00:58 falco vmunix: [  225.360071] RDX: ffff880072452c58 RSI: 0000000000000000 RDI: ffff880072452c50
Jan 30 14:00:58 falco vmunix: [  225.360071] RBP: ffff880072452c50 R08: ffff880073586000 R09: ffff880072b7f8c8
Jan 30 14:00:58 falco vmunix: [  225.360071] R10: ffff880081649000 R11: ffff880072b7f8c8 R12: 0000000000000002
Jan 30 14:00:58 falco vmunix: [  225.360071] R13: ffffffff8057c580 R14: ffffffff8057d1c0 R15: 0000000000000000
Jan 30 14:00:58 falco vmunix: [  225.360071] FS:  00007fdf51a646e0(0000) GS:ffffffff8053a080(0000) knlGS:0000000000000000
Jan 30 14:00:58 falco vmunix: [  225.360071] CS:  e033 DS: 0000 ES: 0000
Jan 30 14:00:58 falco vmunix: [  225.360071] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 30 14:00:58 falco vmunix: [  225.360071] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jan 30 14:00:58 falco vmunix: [  225.360071] Process xenwatch (pid: 23, threadinfo ffff880073586000, task ffff88007355e180)
Jan 30 14:00:58 falco vmunix: [  225.360071] Stack:  ffff880072452bc0 ffff880072452c50 ffff8800725eeda8 ffffffffa00d18d9
Jan 30 14:00:58 falco vmunix: [  225.360071]  0000000000000000 ffff88007355e180 ffffffff8023f6d9 ffff880073587d48
Jan 30 14:00:58 falco vmunix: [  225.360071]  ffff880073587d48 ffff8800725eec00 ffff880070b33800 ffff8800725eec00
Jan 30 14:00:58 falco vmunix: [  225.360071] Call Trace:
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffffa00d18d9>] ? :xenblktap:tap_blkif_free+0x5f/0x97
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8023f6d9>] ? autoremove_wake_function+0x0/0x2e
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffffa00d10dd>] ? :xenblktap:blktap_remove+0x6e/0x8f
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff803847b4>] ? xenbus_dev_remove+0x33/0x46
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff803795e0>] ? __device_release_driver+0x74/0x97
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff80379624>] ? device_release_driver+0x21/0x2d
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff80378b11>] ? bus_remove_device+0x8d/0xa1
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8037784b>] ? device_del+0xf8/0x15d
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff803778b9>] ? device_unregister+0x9/0x12
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffffa00d163c>] ? :xenblktap:tap_frontend_changed+0x1f9/0x227
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff80381d89>] ? xenbus_read_driver_state+0x26/0x3b
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8038464e>] ? otherend_changed+0x42/0x87
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff803833ef>] ? xenwatch_thread+0x0/0x186
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff80382acd>] ? xenwatch_handle_callback+0x15/0x48
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8038355c>] ? xenwatch_thread+0x16d/0x186
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8023f6d9>] ? autoremove_wake_function+0x0/0x2e
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8023f5ab>] ? kthread+0x47/0x74
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff802282ec>] ? schedule_tail+0x27/0x5c
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8020be28>] ? child_rip+0xa/0x12
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8023f564>] ? kthread+0x0/0x74
Jan 30 14:00:58 falco vmunix: [  225.360071]  [<ffffffff8020be1e>] ? child_rip+0x0/0x12
Jan 30 14:00:58 falco vmunix: [  225.360071] 
Jan 30 14:00:58 falco vmunix: [  225.360071] 
Jan 30 14:00:58 falco vmunix: [  225.360071] Code: 41 89 d4 55 48 89 fd 53 83 26 fe 48 89 f3 e8 3f 73 1f 00 48 8b 4b 18 48 89 c6 48 8d 43 18 48 39 c1 75 18 48 8b 45 08 48 8d 55 08 <48> 89 48 08 48 89 43 18 48 89 51 08 48 89 4d 08 48 85 db 74 07 
Jan 30 14:00:58 falco vmunix: [  225.360071] RIP  [<ffffffff8023f817>] prepare_to_wait+0x2d/0x64
Jan 30 14:00:58 falco vmunix: [  225.360071]  RSP <ffff880073587d10>
Jan 30 14:00:58 falco vmunix: [  225.360071] CR2: 0000000000000008
Jan 30 14:00:58 falco vmunix: [  225.360071] ---[ end trace aa759babcdf2114f ]---

--- End Message ---
--- Begin Message ---
On Sun, Jan 30, 2011 at 02:51:03PM +0100, Gianluigi Tiesi wrote:
> Package: linux-image-2.6.26-2-xen-amd64
> Version: 2.6.26-26lenny1
> Severity: critical
> Justification: breaks the whole system
> 
> 
> I've recently updated kernels from debian security repo:
> linux-image-2.6.26-2-xen-amd64 2.6.26-26lenny2
> supposed to address CVE-2010-3699
> 
> but instead makes dom0 and domU unusables and even freezes dom0
> this happens only if using blktap2, i.e. tap:aio in xen config,
> perhaps not working by default on lenny because of a missing link
> (I filled a bug ages ago)
> 
> I'm attaching some kernel logs
> 
> I had to revert back to lenny1 version

Sorry for the late reply. Support for Debian Lenny ended some time ago
and this should be working fine in Squeeze and Wheezy. Closing the bug.

Cheers,
        Moritz

--- End Message ---

Reply to: