Cannot start kvm guest

Testing with IDE devices instead of virtio shos no difference. Manually running kvm with -cpu qem64,-nx also shows no difference so don't believe it is NX related this time (but not ruling it out) however the symptoms are similar to that old bug.

Hello. Same problem after upgrade to kernel 2.6.32-22.35.

zoolook only way I have found to run my VM is to revert to 2.6.32-21 at this time...

note that if you use nvidia (or ati) propriety drivers than you will probably have to use dkms to rebuild/install the nvidia-current (in my case nvidia) for the -21 kernel or else end up with no valid nvidia module found.

Hello James,

thank you. I'll revert to 2.6.32-21 (or < 2.6.32-22.35) when I get back home (7 hours from now)

Best regards,
Norberto

I haven't tried 2.6.32-22.33 yet (it is in the proposed apt repository for lucid still I believe) but looking through the changelog for the kernel release last night .33 didn't include any changes that are kvm related but .35 (which was the one that made it to updates/security) included a fix for CVE-2010-0419 which is directly kvm related.... unfortunately I don't have a pure debian system available to test to see if the issue exists upstream as well.

Okay just pulled down linux-headers-2.6.32-22-generic_2.6.32-22.33_amd64.deb and linux-image-2.6.32-22-generic_2.6.32-22.33_amd64.deb from https://launchpad.net/ubuntu/+source/linux/2.6.32-22.33/+build/1709563 and I can confirm my guests work on that kernel....

So something broke between 2.6.32-22.33 and 2.6.32-22.35 .... That kernel was deleted from the proposed repo already so you'll need to download it from launchpad and install manually - and remember to do dkms if you need to to be on the safe side... (if you use and dkms based module such as nividia current)...

Thank you to everyone who has reported this issue. We have confirmed the regression and identified the patch that caused the problem. It has been reverted and confirmed to solve the problem. A new kernel package is currently being built and will be available soon. We apologize for the inconvenience.

Thanks for the quick turn around...

One thing that does concern me is why the kernel never went through proposed... or do I just misunderstand the point of the proposed apt repository?

I have no problem running my desktop on proposed and filing bug reports before they hit updates/security but if something core like the kernel never hit proposed in the first place it defeats the purpose of changing my apt sources it would seem....

Which part was reverted... or more specifically is the CVE identified involved and is the fix for that reverted in the kernel?

Could you please post the new kernel package link here when ready?

Because, right now, the kernel won't install, I can't remove it and I can't downgrade neither...

Pretty stuck, kind of...

Thanks.

Well IF my problem is the same as you guys...

When I try to update the kernel, the update process freeze after "found memtest86+ image"... And then, nothing happens.

If I try to remove the kernel, I get a "Sub-process /usr/bin/dpkg returned an error code (1)"

Of course, I can't install an older version neither (the new one isn't remove)...

If this is not the same problem, could you please tell me if that bug has been report? Can't find it and not sure what bug I must be looking for, to be honest...

I'll echo James Hogarth's concerns here that whatever QA happened with this update, if any, obviously didn't include any QEMU/KVM testing. After updating to 2.6.32-22.35, I was unable to get qemu-kvm to run at all, regardless of which options I used. Didn't anybody try running KVM on the new kernel after applying a KVM-related patch?

My VM host was down for an hour this afternoon as a result of applying what was supposed to be a "long-term stable" update. I was bit last year by a KVM update with an obvious data loss bug (see bug #404394), so after today's bug, I'm regretting my choice of Ubuntu for my VM hosts.

I too would like to know how in the world this update skipped the -proposed repo. Kernel updates not being qa'd in an LTS release is ... scary.

Security updates are QA'd through a separate process (-updates goes through -proposed). Mistakes were made when doing the testing for these updates (note that more than just 10.04's kernel was tested and published, and that not all hardware fails to run KVM with the 10.04 kernel).

The issue was this commit, which has been reverted for the current builds. ETA should be close to 4 hours:
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-lucid.git;a=commitdiff;h=0a5699fe34fbc179242d717c61a0592dd50065dc

Installing the prior kernel should be a viable work-around:
  sudo apt-get install linux-image-2.6.32-21-generic

Again, we apologize for the inconvenience.

Ok, I don't think I had the same problem then you guys but anyway, for my freezing problem (update fail on the grub part), here what I did :

Restart.
Choose 2.6.32-22 (recovery mode)
Repair broken packages
Update grub bootloader
Resume normal boot

- You will be at the command line at this point.

Reboot

Everything should be ok.

Sorry if i'm not in the right bug but since I talked about my problem here...

Thanks for the quick triage and fix :-)

Mistakes happen... it's inevitable... the important thing is how they are dealt with ;-)

Besides we test updates on non-critical systems that can be rolled back *before* pushing out to important systems for a reason right? ;-)

Incidentally does this mean that cve for kvm applies to the kernel about to hit lucid still? And if so does a new bug need to be raised to cover that security issue?

Still no fix?

I'm using KVM at 3 servers. Very bad, there was no Q/A. So many problems with KVM and ubuntu. Now I'm thinking to change the distri.

https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-June/001101.html

As presently understood, CVE-2010-0419 is relatively minor (guest crash from a privileged guest process -- not really a privilege escalation). As it is re-triaged, a better fix will be developed, tested, and published.

Fair enough - thanks for all the quick feedback :)

I've downgraded the kernel as Kees Cook mentioned.
>Installing the prior kernel should be a viable work-around:
> sudo apt-get install linux-image-2.6.32-21-generic
Stiill no success with creating a VM.
Is there someting else to do? Thanks.

2.6.32-22.36 (server) still generates 100% load. 2.6.32-22.36 (preempt) is not working. only 2.6.32-21.32 works with apparmor reload. not very satisfying.

Since upgrading to the newer kernel I have tried different versions but can't get my kvm working again. Even the above mentioned kernel versions didn't work for me. @Martin: how exactly apparmor has influenced your setup. I even tried to move all the libvirt related profiles to disabled or stopped apparmor at all. Nothing brought back my kvm-machines to boot. Every hint will be appreciated.

Shame on me. Belief it or not, I just haven't loaded the kvm/kvm-amd modules proberly! Perhaps someone else has overseen that detail too ;-)

The problem is back. Just installed Kubuntu 10.04 yesterday, completely updated. Ran this:

kvm -m 1023 -hda xp-64-clean.qcow2 -cdrom isos/xp-64.iso -boot d -cpu qemu64 -net nic,model=ne2k_pci -net user -redir tcp:2222:22

And it gave me this:

"Could not open option rom 'pxe-ne2k_pci.bin': No such file or directory"

I downloaded the rom file and placed that in /usr/share/kvm and the problem went away. But that shouldn't be necessary.

Bo: Install kvm-pxe. Nothing to do with this bug, but you might consider a new bug (or finding an existing one) about turning that Suggests into a Recommends.