bug disabling Xen guest interface
Kernels that have applied Xen Security Advisory 39 (CVE-2013-0216, CVE-2013-0217) now disable Xen guest networking in undesirable situations. The case that many people encounter is where the guest has MAX_SKB_FRAGS larger than MAX_SKB_FRAGS on dom0. This also occurs with Windows HVM guests.
We should resolve this issue soon because most people using Ubuntu dom0 to host VMs will be affected after they apply the latest security updates.
Logs show something like the following:
xenbr1: port 8(vif51.0) entered forwarding state
vif vif-51-0 vif51.0: Too many frags
vif vif-51-0 vif51.0: fatal error; disabling device
xenbr1: port 8(vif51.0) entered disabled state
There is a thread on the Xen-devel mailing list discussing the issue: http://
It seems that setting MAX_SKB_FRAGS to 19 on the dom0 kernel will avoid this issue.
|information type:||Private Security → Public Security|