bug disabling Xen guest interface
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Kernels that have applied Xen Security Advisory 39 (CVE-2013-0216, CVE-2013-0217) now disable Xen guest networking in undesirable situations. The case that many people encounter is where the guest has MAX_SKB_FRAGS larger than MAX_SKB_FRAGS on dom0. This also occurs with Windows HVM guests.
We should resolve this issue soon because most people using Ubuntu dom0 to host VMs will be affected after they apply the latest security updates.
Logs show something like the following:
xenbr1: port 8(vif51.0) entered forwarding state
vif vif-51-0 vif51.0: Too many frags
vif vif-51-0 vif51.0: fatal error; disabling device
xenbr1: port 8(vif51.0) entered disabled state
There is a thread on the Xen-devel mailing list discussing the issue: http://
It seems that setting MAX_SKB_FRAGS to 19 on the dom0 kernel will avoid this issue.
description: | updated |
information type: | Private Security → Public Security |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1162924
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.