I must apologise for the poor response to this bug report. It should have been fixed long ago, and it was fixed upstream in April. While there are an overwhelming number of bugs against the kernel, this regression should have been treated as a particularly high priority.
My understanding is that disabling scatter/gather on netfront in domU (ethtool -K eth0 sg off) will prevent it from triggering these bugs, but at a substantial performance impact. In practice, disabling TSO in domU (ethtool -K eth0 tso off) should also work and will have a smaller performance impact. However, a malicious domU would still be able to crash dom0. As Ian requested, the netback fixes were included in Linux 3.2.47 and thus should appear in the wheezy-proposed-updates suite shortly. Aside from that, any regression that occurred as a result of a security update may also be fixed in a security update, and I hope we will be able to provide such updates for both Debian 6 (squeeze) and 7 (wheezy) in the next few weeks. Ben. -- Ben Hutchings Tomorrow will be cancelled due to lack of interest.
signature.asc
Description: This is a digitally signed message part
