Bug#1006346: cloud.debian.org: bullseye AMIs don't boot on Amazon EC2 Xen instances with Enhanced Networking

To: Noah Meyerhans <noahm@debian.org>, 1006346@bugs.debian.org
Subject: Bug#1006346: cloud.debian.org: bullseye AMIs don't boot on Amazon EC2 Xen instances with Enhanced Networking
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 19 Mar 2022 10:41:39 +0100
Message-id: <[🔎] YjWlU2bZVelTa8+r@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1006346@bugs.debian.org
In-reply-to: <[🔎] YjNnxncWf0qa2B7H@localhost.localdomain>
References: <E1nN0pN-0002Wy-Qk@localhost.localdomain> <YhkvxALiou/rmBWe@localhost.localdomain> <E1nN0pN-0002Wy-Qk@localhost.localdomain> <[🔎] YjNnxncWf0qa2B7H@localhost.localdomain> <E1nN0pN-0002Wy-Qk@localhost.localdomain>

Hi Noah,

On Thu, Mar 17, 2022 at 09:54:30AM -0700, Noah Meyerhans wrote:
> >From the upstream discussion on the linux-pci mailing list [*]:
> 
> > Yes. My understanding is that the issue is because AWS is using older
> > versions of Xen. They are in the process of updating their fleet to a
> > newer version of Xen so the change introduced with Stefan's commit
> > isn't an issue any longer.
> > 
> > I think the changes are scheduled to be completed in the next 10-12
> > weeks. For now we are carrying a revert in the Fedora Kernel.
> > 
> > You can follow this Fedora CoreOS issue if you'd like to know more
> > about when the change lands in their backend. We work closely with one
> > of their partner engineers and he keeps us updated.
> > https://github.com/coreos/fedora-coreos-tracker/issues/1066
> 
> Ideally we can revert the upstream commit from the stable kernels, since
> otherwise Debian users on AWS Xen instance types may be stuck using
> older, unsafe kernels.  Especially if we have time to include the change
> in the upcoming bullseye and buster point releases.  If the kernel
> updates for those stable updates have already been built, though, it
> might be too late to matter.  By the time we publish our next kernel
> builds, the AWS Xen update may be complete.

Wehere one can track the update status for their Xen version directly
or is following the above the only reference?

How frequent is this particular combination of hardware/software? We
have the change already applied for a while in bullseye, buster would
be impacted new since the last update done for security fixes

Are there workarounds for the affected users of this combination? I
see some options listed in https://wiki.debian.org/Cloud/AmazonEC2Image/Bullseye 

If we revert the commit it reverts a fix for a bug with Marvell NVME
devices.

But we cannot just revert the commit for the cloud images.

If we know something about the release schedule from Amazon to update
their Xen instances (which is the way to move forward, since upstream
won't revert the commit) then we should leave the status as it is for
bullseye (and now for buster). For bullseye there is there is
CVE-2022-0847 fixes they would need to pick up.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#1006346: cloud.debian.org: bullseye AMIs don't boot on Amazon EC2 Xen instances with Enhanced Networking
  - From: Noah Meyerhans <noahm@debian.org>

References:
- Bug#1006346: cloud.debian.org: bullseye AMIs don't boot on Amazon EC2 Xen instances with Enhanced Networking
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: linux-latest_105+deb10u15_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Next by Date: linux-signed-amd64_5.10.106+1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Bug#1006346: cloud.debian.org: bullseye AMIs don't boot on Amazon EC2 Xen instances with Enhanced Networking
Next by thread: Bug#1006346: cloud.debian.org: bullseye AMIs don't boot on Amazon EC2 Xen instances with Enhanced Networking
Index(es):
- Date
- Thread