[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Filesystem corruption on restore without "xen-blkfront: introduce blkfront_gather_backend_features()"


[This conversation started on the xen-security-issues-discuss list
as I mistakenly thought it was to do with then-embargoed XSA

I did "xl save" on 17 domUs that were running under dom0 kernel
4.19.0-16-amd64 (4.19.181-1), hypervisor 4.14.2. I then rebooted
dom0 into kernel 5.10.0-0.bpo.8-amd64 (5.10.46-4~bpo10+1). On
restore 3 of the domUs were unresponsive and their consoles were
scrolling with:

backed has not unmapped grant: 1073
backed has not unmapped grant: 881
backed has not unmapped grant: 1474

(note typo)

After a destroy and boot there was filesystem corruption in the
domUs extensive enough to not be recoverable.

Andrew Cooper pointed me towards:


The affected domUs were running obsolete kernels that did not have
that fix, which appears to have reached upstream in v4.2-rc7. Two of
them were running a 3.16 kernel from Debian 8 (jessie), one a 2.6.32
kernel from CentOS 6.

Out of the 17 there were quite a few other obsolete guest kernels
that apparently were not affected - just luck?

As I have these plus more users still running these obsolete kernels
I have some questions about this patch.

- Is the problem here in my case that the dom0 kernel 4.19 had not
  used feature-persistent whereas the dom0 kernel 5.10 does, and
  guests with obsolete kernels don't recognise this when they

- The obsolete guests that apparently managed to restore okay
  presumably still have the problem and so can never safely be
  restored again until they have booted into a kernel with this

- Am I right in thinking that guest kernels with this patch should
  be safe to keep doing save/restore even if they have already been
  restored across that change of dom0 4.19->5.10?

- Can guests with obsolete kernels that have done a shutdown and
  boot under 5.10 now be safely saved and restored again, as long as
  no new backend features are added?

Basically I now have a population of domUs running that I think can't
be safely saved/restored and I now need to identify them.

(The guests administrators have already been ignoring advice to
upgrade for a long time, so I can't just upgrade the problematic
ones. They will probably accept loss of save/restore rather than




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.