Kernel commit 0366100 [1] modified xen-netback and introduced a regression where the Domain-0 will sometimes completely cut network traffic to the vif interface of a DomU. As an example, we got one or two lockups every day to some Ubuntu-10.04 DomUs, while Gentoo DomU running recent kernels never locked up, and some Windows DomU running GPL-PV network drivers never locked too: this started after upgrading our Domain-0 systems from gentoo-sources-3.7.4 to gentoo-sources-3.7.10.

That commit addresses CVE-2013-0216 [2] and XSA-39 [3] and is present in all linux versions >= 3.7.8. As far as I can tell the same behavior is present up to and including the current 3.8.5 kernel, so current users of the 3.7.x branch have no means of upgrading to a "stable" release.

Since this is causing complete network failure for some Xen guests I'd ask the current gentoo-sources-3.7.10 to be marked unstable.

The regression seems to be known and a fix is being discussed[4] but while we wait I'd ask to either revert commit 0366100 in recent gentoo-sources and/or restore a gentoo-sources ebuild >=3.7.1 and <=3.7.7 so we have a working version to use.

[1] https://github.com/torvalds/linux/commit/036610027dd4ada9996ded5a80b75dd8911980af
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0216
[3] http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html
[4] http://www.spinics.net/lists/netdev/msg230714.html