Following some unknown problems, I had recently several XenServer machines (different clusters, different sites and customers, and even different versions) with a VDI-END-of-File issues. It means that while you can start the VM correctly, perform XenMotion to another server you are unable to do any storage-migration task – neither Storage XenMotion, nor VDI copy or VM-move commands. In some cases, snapshots taken from the “ill” disks were misbehaving just the same. This is rather frustrating, because the way to solve it is by cloning the disk into a new one, and your hands are bound.
The Xen Project team is pleased to announce the first Test Day for 4.5 Release Candidate 1 will be held on October 29, 2014. The 4.5 release is just a few weeks away, so this is an important event in our development calendar.
Test Days insure that the upcoming release is ready for production. It also allows power users to test out the upcoming release in their own environment.
The recent XSA-108 vulnerability resulted in a lot of media coverage, which ended up stress-testing some of our policy and security related processes. During the embargo period of XSA-108, the Xen Project Security Team was faced with some difficult questions of policy interpretation, as well as practical issues related to pre-disclosure list membership applications.
Back in 2013 Citrix made XenServer fully open source. As part of that work the previously closed Windows drivers for paravirtual devices were opened up and made available to the community on . These drivers were still very much tied to XenServer though because of assumptions that were made about the platform and reliance on certain patches carried in the XenServer patch queues.
There has an unusual amount of media attention to XSA-108 during the embargo period (which ended Wednesday) — far more than any of the previous security issues the Xen Project has reported. It began when a blogger complained that Amazon was telling customers it would be rebooting VMs in certain regions before a specific date. Other media outlets picked it up and noticed that the date happened to coincide with the release of XSA-108, and conjectured that the reboots had something to do with that.
The Xen Project Security Team today disclosed details of the Xen Security Advisory 108 / CVE-2014-7188 (Improper MSR range used for x2APIC emulation). The Xen Project does not normally comment on specific vulnerabilities other than issuing security advisories. However, given wide interest in this case, we believe it is helpful to provide more context.
After several days offline, the Xen Project blog has returned!
Our blog had been subjected to malicious activities, so we had to take it down and remedy the situation. We’re back now, and although there are a few minor issues to address, we are ready to move forward.
A few things you may notice: