[Pkg-xen-devel] Bug#994870: Bug#994870: Bug#994870: Bug#994870: Memory allocation problem for VM after xen security update
Alexander Dahl
post at lespocky.de
Sat Oct 2 19:06:11 BST 2021
Hei hei,
On Thu, Sep 30, 2021 at 01:13:54PM +0200, Hans van Kranenburg wrote:
> Hi!
>
> On 9/30/21 12:45 AM, Andy Smith wrote:
> > Hi Alex,
> >
> > On Thu, Sep 30, 2021 at 12:10:32AM +0200, Alexander Dahl wrote:
> >> Am 22.09.21 um 20:54 schrieb Hans van Kranenburg:
> >>> At this point I would really recommend to not wait for a fix to arrive
> >>> which makes it start again, but change your VM to use a 64-bit kernel.
> >>
> >> How?
> >
> > This was answered in earlier comments on this bug; please see:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994870#15
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994870#20
> >
> > The brief summary is, "start out like a crossgrade, but only do the
> > kernel". Very simple and quite safe.
> >
> > You haven't said how you boot your guest though (show us your
> > /etc/xen/guest.cfg file). If it's pvgrub, that has a 32-bit and a
> > 64-bit version so you'll need to change those as well. If it's
> > pygrub you probably don't need to do anything, though pygrub has its
> > own issues outside the scope of this bug.
> >
> >> FWIW, Debian 10 VMs with 32 bit running with PVH work fine. My important VM
> >> is still Debian 9 however due to a software I can not simply upgrade.
> >
> > I've found PVH needs at least 4.19 guest kernel to work, which can
> > be achieved in Debian 9 (stretch) today by using kernel from
> > stretch-backports, so perhaps that is an option for you.
>
> You can certainly do that and then run PVH.
This actually works. I'm running 4.19 i686 kernel in the stretch VM
now with PVH, at least for the Debian stretch VM (I had to permanently
disable some old OpenWRT VMs, where I get no updates anymore). Was a
little tricky to install it, because I had to install that kernel
without the vm being able to start, but it worked like this:
- mount the root filesystem of the vm in the host, e.g. to /mnt
- bind mount /dev, /sys to /mnt/dev and /mnt/sys
- mount procfs to /mnt/proc
- mount a tmpfs to /mnt/run and create /run/lock
- chroot into /mnt
- install the needed kernel with apt
- leave chroot, umount the things from above
- change domU config to PVH
- when in grub, edit the cmdline and change root= if it was changed by
update-grub (might have been changed to the mount point from the
chroot)
- in the now booted system, run update-grub again
> Since stretch-backports is not used any more since stretch became
> oldoldstable, new 4.19 backports kernels for Stretch are released
> through the security updates channel. Be aware of this.
>
> https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
>
> Latest in stretch-backports (frozen) is 4.19.118, and stretch security
> is now at 4.19.194. So double check you end up following the right one.
Thanks for all your hints. I really have to migrate my virtual
machines. :-/
Greets
Alex
--
/"\ ASCII RIBBON | »With the first link, the chain is forged. The first
\ / CAMPAIGN | speech censured, the first thought forbidden, the
X AGAINST | first freedom denied, chains us all irrevocably.«
/ \ HTML MAIL | (Jean-Luc Picard, quoting Judge Aaron Satie)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20211002/8162e00b/attachment.sig>
More information about the Pkg-xen-devel
mailing list