177 lines
6.5 KiB
Text
177 lines
6.5 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-17:05.xen Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: Xen migration enhancements
|
|
|
|
Category: core
|
|
Module: xen
|
|
Announced: 2017-04-12
|
|
Credits: Citrix Systems R&D, Huawei Technologies
|
|
Affects: All supported versions of FreeBSD.
|
|
Corrected: 2017-03-21 08:38:12 UTC (stable/11, 11.0-STABLE)
|
|
2017-04-12 06:24:35 UTC (releng/11.0, 11.0-RELEASE-p9)
|
|
2017-03-29 17:11:41 UTC (stable/10, 10.3-STABLE)
|
|
2017-04-12 06:24:35 UTC (releng/10.3, 10.3-RELEASE-p18)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
FreeBSD when running as a Xen guest supports live-migration, that means being
|
|
able to move from one physical Xen host to another without interruption of
|
|
service.
|
|
|
|
Due to the lack of ordering during the resume procedure devices might try to
|
|
use the Xen PV timer before it's correctly resumed, leading to unexpected
|
|
results.
|
|
|
|
II. Problem Description
|
|
|
|
There are three issues that currently prevent FreeBSD from working reliably under
|
|
heavy live-migration stress:
|
|
|
|
1. FreeBSD cannot recover from a failed live migration. It is a Xen feature to
|
|
fail a live migration, which means the VM will continue running on the same
|
|
host. FreeBSD was not capable of coping with this situation.
|
|
|
|
[This is https://reviews.freebsd.org/D9635]
|
|
|
|
2. User-space processes that make use of the xenstore device
|
|
(/dev/xen/xenstore) might manage to lock-up the resume procedure, preventing
|
|
the kernel from resuming correctly after a live-migration.
|
|
|
|
[This is https://reviews.freebsd.org/D9638]
|
|
|
|
3. The Xen PV timer is attached to the xenpv bus on FreeBSD 11.0, and the xenpv
|
|
bus itself is attached after the PCI bus and other buses. This means that the
|
|
Xen PV timer is also resume quite late, and device drivers might try to use the
|
|
timer before it's resumed correctly, leading to erratic behavior or lockups.
|
|
|
|
III. Impact
|
|
|
|
FreeBSD 10.3 and 11.0 are affected by the 1. and 2. issues when being migrated
|
|
as a Xen guest.
|
|
|
|
Only FreeBSD 11.0 is affected when live-migrated as a Xen guest.
|
|
|
|
IV. Workaround
|
|
|
|
Not attempting to use live-migration when running as a Xen guest will prevent
|
|
those issues.
|
|
|
|
Not having user-space processes will prevent issue 2. from happening.
|
|
|
|
For issue 3, the administrator can switch to a different timer, like the TSC, if
|
|
there is plan to migrate the VM:
|
|
|
|
# sysctl -a | grep timecounter.choice
|
|
kern.timecounter.choice: XENTIMER(950) ACPI-safe(850) i8254(0) TSC-low(-100) dummy(-1000000)
|
|
# sysctl -w kern.timecounter.hardware=TSC-low
|
|
|
|
V. Solution
|
|
|
|
Issue 1. has been solved by adding the proper logic in FreeBSD in order to
|
|
recover from failed live migrations.
|
|
|
|
Issue 2. has been resolved by adding xenstore locking around the suspend
|
|
procedure, in order to make sure no user-space process is holding the xenstore
|
|
lock when going into suspension.
|
|
|
|
Issue 3. has been solved by marking the Xen PV timer as not safe for suspension
|
|
until the order issues can be solved.
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
A reboot is required.
|
|
|
|
2) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
A reboot is required.
|
|
|
|
3) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 11.0]
|
|
# fetch https://security.FreeBSD.org/patches/EN-17:05/xen-11.0.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-17:05/xen-11.0.patch.asc
|
|
# gpg --verify xen-11.0.patch.asc
|
|
|
|
[FreeBSD 10.3]
|
|
# fetch https://security.FreeBSD.org/patches/EN-17:05/xen-10.3.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-17:05/xen-10.3.patch.asc
|
|
# gpg --verify xen-10.3.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile your kernel as described in
|
|
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/10/ r316170
|
|
releng/10.3/ r316722
|
|
stable/11/ r315668
|
|
releng/11.0/ r316722
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:05.xen.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v2.1.19 (FreeBSD)
|
|
|
|
iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAljtyccACgkQ7Wfs1l3P
|
|
aucjmxAAtLQLh+Xjlue/pTN4OQFSlfS4drkk2ufnQqJON7qe+P6MUcOJaZPb730C
|
|
uFNX4XbRbUxsAx04N2LAygTungvl79LgacHAOL4UYC9z055qFISMY8/fPZN35k1G
|
|
rDAJ5C0O7/YLCA7Uxcars1FfPFxNuLBK78tjvpP6PHXbI/jm6CO8NRgnlZRjRIAg
|
|
088M5Fqc4ucM6qfesG6cjpsb3QgwJz7ZP8ioLIJpdCsrmCSsW4+ceD9bfCxzIPHJ
|
|
Gsb2nDw++n/QZEU0Ely6CjlNh9Y7oRDC7xcOzCyYGhUASATfqjfqSGOFUFpUD8PB
|
|
IcGNXew4IxTU0hhpkKO42bdi5jORzJy4EVCHOrjPeecZ6NL5Cmj9Yvnd2SEV8ura
|
|
Zm2+gpVmsL4hBTLg4cxjjGApzH11289imUfHCEhv2ehxLXEwSziDzAAcKaWdrTOU
|
|
KQ3HSIaitxynWP8YhmYDgNP2599iuXSnJvUwLtYJ03zEUILV+NTvEKqTMqLzxA90
|
|
lYYjq+vsF3G+A31TWKwIWR1VU+CBec6NHvZd7nxWb236hfxHNJPrrqUDCqhOfHaG
|
|
q6Lf//VPGTHAeLIQ5NPRr5/FwgsAHZCnyslg6bMQyqyql/3j/fMWKu4vOtI554mP
|
|
0GCTyEidEHxm3pXYCiv/RnTmnbiu7hQyZUFwgVISHlmnk+HWXSI=
|
|
=xLET
|
|
-----END PGP SIGNATURE-----
|