[Pkg-xen-devel] Bug#1041533: xen-system-amd64: Xen fails to start hvm type VMs when a vncpasswd is set

Claus R. Wickinghoff claus at oche.de
Thu Jul 20 13:53:38 BST 2023 

Package: xen-system-amd64
Version: 4.17.1+2-gb773c48e36-1
Severity: important

Dear Maintainer,

after upgrading my bullseye server to bookworm I ran into the issue that all VMs of type hvm are not starting anymore.

xl throws an error:
libxl: error: libxl_qmp.c:1399:qmp_ev_fd_callback: Domain 8:error on QMP socket: Connection reset by peer
libxl: error: libxl_qmp.c:1438:qmp_ev_fd_callback: Domain 8:Error happened with the QMP connection to QEMU
libxl: error: libxl_dm.c:3371:device_model_postconfig_done: Domain 8:Post DM startup configs failed, rc=-26
libxl: error: libxl_create.c:1896:domcreate_devmodel_started: Domain 8:device model did not start: -26
libxl: error: libxl_aoutils.c:646:libxl__kill_xs_path: Device Model already exited
libxl: error: libxl_domain.c:1183:libxl__destroy_domid: Domain 8:Non-existant domain
libxl: error: libxl_domain.c:1137:domain_destroy_callback: Domain 8:Unable to destroy guest
libxl: error: libxl_domain.c:1064:domain_destroy_cb: Domain 8:Destruction of domain failed

I started digging around in this QMP stuff and installed Xen freshly on another server with the actual bookworm iso, but the problem is the same there, too.

After reading the log of the VM I found this error:
xen-qemu-system-i386: -vnc 172.17.2.3:1,password=on,to=99: Cipher backend does not support DES algorithm

When disabling the vncpassword (and keeping the rest of the VM configuration untouched), xl is able to launch the VM properly.

I searched around for a while but I did not find any configuration option for choosing the cipher used by vnc.

Running vnc without password is a potential security risk.

I hope you have a clue to either fix this or extend the documentation on this.

Best regards
Claus


-- System Information:
Debian Release: 12.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xen-system-amd64 depends on:
ii  xen-hypervisor-4.17-amd64  4.17.1+2-gb773c48e36-1
ii  xen-hypervisor-common      4.17.1+2-gb773c48e36-1
ii  xen-utils-4.17             4.17.1+2-gb773c48e36-1

xen-system-amd64 recommends no packages.

xen-system-amd64 suggests no packages.

-- no debconf information

More information about the Pkg-xen-devel mailing list