Xen project Mailing List

Re: Request for patch to fix boot loop issue in Xen 4.17.6

To: Ngamia Djabiri Julie <Julie.NgamiaDjabiri@xxxxxxxxxxxxxxxxx>

Date: Tue, 16 Sep 2025 04:08:02 +0200

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 16 Sep 2025 02:08:16 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 15.09.2025 18:52, Ngamia Djabiri Julie wrote: > Dear Jan, > I want to underline that this issue is a critical security problem affecting > system availability and that it has direct consequences for XEN users: > > * > Systems running Xen 4.17.0 – 4.17.3 will fail to boot when upgraded to 4.17.4 > or 4.17.5 under Intel Nested Virtualization. > > * > Diagnosing and fixing this requires advanced skills and time, and in some > cases may be impossible for standard users, leaving their systems unusable or > unmaintained. > > * > The problem has been known to Xen maintainers since 2024-01-20, but no > official communication has been made. > > * > Root cause: commit > 6bdb9651<https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=6bdb965178bbb3fc50cd4418d4770a7789956e2c> > (2024-01-17) > > * > Fix: commit > dd05d265<https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=dd05d265b8abda4cc7206b29cd71b77fb46658bf> > (2025-01-21), applied in Xen 4.18.5, 4.19.2, 4.20.0-rc3 > > * > Xen 4.17 remains security-supported until 2025-12-12, but this fix was not > included in 4.17.5 Yes; the fix isn't fixing a security issue, so won't go onto that branch. You (now) calling it a security issue doesn't make it one. Note how ... > On 03.05.2025 16:02, Ngamia Djabiri Julie wrote: >> Dear Xen developers, >> >> I would like to ask if the following fix can also be included in Xen 4.17.6 >> (and eventually in the Xen versions after 4.17.6 that don't have the fix) : >> >> https://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=dd05d265b8abda4cc7206b29cd71b77fb46658bf >> >> This bug causes a boot loop in nested virtualization environments (for >> instance nested environments that use VMware Workstation), making Xen unable >> to start. It was introduced in version 4.17.3 and the fix has already be >> included in 4.19(.2) and 4.20(.0) and woud be planned to be included in Xen >> 4.18.6 in the coming weeks. >> >> Even though Xen 4.17 is in security-only support, this is an issue that >> blocks testing and usage for users and projects such as Alpine Linux. ... there also was no talk of this being a security in your original report. Quite the opposite, you asked for the fix to be included despite the branch being in security-only mode. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.