Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode
On 01/05/2018 05:26 PM, Shaun Reitan wrote: > I can confirm the issue with 2.6.32-696.18.7.el6.x86_64, but mine looks > alittle different... Maybe because i'm using pvgrub. > > = Init TPM Front > Tpmfront:Error Unable to read device/vtpm/0/backend-id during tpmfront > initialization! error = ENOENT > Tpmfront:Info Shutting down tpmfront > close blk: backend=/local/domain/0/backend/vbd/14/51712 node=device/vbd/51712 > close blk: backend=/local/domain/0/backend/vbd/14/51728 node=device/vbd/51728 > [root@devhost1]# > > -- > Shaun Reitan > NDCHost.com You need to add earlyprintk=xen. ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode
I can confirm the issue with 2.6.32-696.18.7.el6.x86_64, but mine looks alittle different... Maybe because i'm using pvgrub. = Init TPM Front Tpmfront:Error Unable to read device/vtpm/0/backend-id during tpmfront initialization! error = ENOENT Tpmfront:Info Shutting down tpmfront close blk: backend=/local/domain/0/backend/vbd/14/51712 node=device/vbd/51712 close blk: backend=/local/domain/0/backend/vbd/14/51728 node=device/vbd/51728 [root@devhost1]# -- Shaun Reitan NDCHost.com -- Original Message -- From: "Sarah Newman"To: "Discussion about the virtualization on CentOS" Sent: 2018-01-05 12:39:21 AM Subject: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode Problems start before any of the kaiser code executes, though it could still be related to CONFIG_KAISER since that has effects beyond kaiser.c. --- (early) Initializing cgroup subsys cpuset (early) Initializing cgroup subsys cpu (early) Linux version 2.6.32-696.18.7.el6.x86_64 (mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) ) #1 SMP Thu Jan 4 17:31:22 UTC 2018 (early) Command line: ro console=hvc0 rootflags=barrier=0 crashkernel=auto SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=us earlyprintk=xen (early) KERNEL supported cpus: (early) Intel GenuineIntel (early) AMD AuthenticAMD (early) Centaur CentaurHauls (early) 1 multicall(s) failed: cpu 0 (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1 (early) Call Trace: (early) [] ? xen_mc_flush+0x1c3/0x250 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_set_pmd_hyper+0x9d/0xc0 (early) [] ? early_ioremap_init+0x98/0x133 (early) [] ? setup_arch+0x40/0xca6 (early) [] ? vprintk_default+0xe/0x10 (early) [] ? printk+0x4f/0x52 (early) [] ? start_kernel+0xdc/0x43b (early) [] ? reserve_early+0x30/0x39 (early) [] ? x86_64_start_reservations+0x125/0x129 (early) [] ? xen_start_kernel+0x4fe/0x505 (early) [ cut here ] (early) WARNING: at arch/x86/xen/multicalls.c:182 xen_mc_flush+0x21f/0x250() (Not tainted) (early) Modules linked in: (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1 (early) Call Trace: (early) [] ? warn_slowpath_common+0x91/0xe0 (early) [] ? __raw_callee_save_xen_restore_fl+0x11/0x1e (early) [] ? warn_slowpath_null+0x1a/0x20 (early) [] ? xen_mc_flush+0x21f/0x250 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_set_pmd_hyper+0x9d/0xc0 (early) [] ? early_ioremap_init+0x98/0x133 (early) [] ? setup_arch+0x40/0xca6 (early) [] ? vprintk_default+0xe/0x10 (early) [] ? printk+0x4f/0x52 (early) [] ? start_kernel+0xdc/0x43b (early) [] ? reserve_early+0x30/0x39 (early) [] ? x86_64_start_reservations+0x125/0x129 (early) [] ? xen_start_kernel+0x4fe/0x505 (early) ---[ end trace a7919e7f17c0a725 ]--- (early) ACPI in unprivileged domain disabled (early) released 0 pages of unused memory (early) BIOS-provided physical RAM map: (early) Xen: - 000a (usable) (early) Xen: 000a - 0010 (reserved) (early) Xen: 0010 - 2000 (usable) (early) bootconsole [xenboot0] enabled ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] Centos 7 Kernel 3.10.0-693.11.6.el7.x86_64 does not boot PV
Broken! [0.00] Initializing cgroup subsys cpuset [0.00] Initializing cgroup subsys cpu [0.00] Initializing cgroup subsys cpuacct [0.00] Linux version 3.10.0-693.11.6.el7.x86_64 (buil...@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Thu Jan 4 01:06:37 UTC 2018 [0.00] Command line: root=/dev/xvda ro crashkernel=auto rhgb [0.00] ACPI in unprivileged domain disabled [0.00] e820: BIOS-provided physical RAM map: [0.00] Xen: [mem 0x-0x0009] usable [0.00] Xen: [mem 0x000a-0x000f] reserved [0.00] Xen: [mem 0x0010-0x0001007f] usable [0.00] NX (Execute Disable) protection: active [0.00] DMI not present or invalid. [0.00] e820: last_pfn = 0x100800 max_arch_pfn = 0x4 [0.00] e820: last_pfn = 0x10 max_arch_pfn = 0x4 [0.00] RAMDISK: [mem 0x02423000-0x02e8dfff] [0.00] NUMA turned off [0.00] Faking a node at [mem 0x-0x0001007f] [0.00] NODE_DATA(0) allocated [mem 0xff7fb000-0xff821fff] [0.00] Reserving 161MB of memory at 720MB for crashkernel (System RAM: 4103MB) [0.00] Zone ranges: [0.00] DMA [mem 0x1000-0x00ff] [0.00] DMA32[mem 0x0100-0x] [0.00] Normal [mem 0x1-0x1007f] [0.00] Movable zone start for each node [0.00] Early memory node ranges [0.00] node 0: [mem 0x1000-0x0009] [0.00] node 0: [mem 0x0010-0x1007f] [0.00] Initmem setup node 0 [mem 0x1000-0x1007f] [0.00] SFI: Simple Firmware Interface v0.81 http://simplefirmware.org [0.00] No local APIC present [0.00] APIC: disable apic facility [0.00] APIC: switched to apic NOOP [0.00] smpboot: Allowing 4 CPUs, 0 hotplug CPUs [0.00] PM: Registered nosave memory: [mem 0x000a-0x000f] [0.00] e820: cannot find a gap in the 32bit address range [0.00] e820: PCI devices with unassigned 32bit BARs may break! [0.00] e820: [mem 0x10090-0x100cf] available for PCI devices [0.00] Booting paravirtualized kernel on Xen [0.00] Xen version: 4.4.4-30.el6 (preserve-AD) [0.00] setup_percpu: NR_CPUS:5120 nr_cpumask_bits:4 nr_cpu_ids:4 nr_node_ids:1 [0.00] PERCPU: Embedded 35 pages/cpu @8800ff40 s104536 r8192 d30632 u524288 [0.00] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes) [0.00] Built 1 zonelists in Node order, mobility grouping on. Total pages: 1034090 [0.00] Policy zone: Normal [0.00] Kernel command line: root=/dev/xvda ro crashkernel=auto rhgb [0.00] PID hash table entries: 4096 (order: 3, 32768 bytes) [0.00] Memory: 3916620k/4202496k available (6916k kernel code, 388k absent, 285488k reserved, 4551k data, 1800k init) [0.00] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1 [0.00] x86/pti: Xen PV detected, disabling PTI protection [0.00] Hierarchical RCU implementation. [0.00] RCU restricting CPUs from NR_CPUS=5120 to nr_cpu_ids=4. [0.00] NR_IRQS:327936 nr_irqs:48 0 [0.00] Console: colour dummy device 80x25 [0.00] console [tty0] enabled [0.00] console [hvc0] enabled [0.00] allocated 17301504 bytes of page_cgroup [0.00] please try 'cgroup_disable=memory' option if you don't want memory cgroups [0.00] installing Xen timer for CPU 0 [0.00] tsc: Fast TSC calibration using PIT [0.00] tsc: Detected 2000.135 MHz processor [0.002000] Calibrating delay loop (skipped), value calculated using timer frequency.. 4000.23 BogoMIPS (lpj=2000116) [0.002000] pid_max: default: 32768 minimum: 301 [0.002000] Security Framework initialized [0.002000] SELinux: Initializing. [0.002000] Yama: becoming mindful. [0.002410] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes) [0.004872] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes) [0.006027] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes) [0.006063] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes) [0.006562] Initializing cgroup subsys memory [0.006594] Initializing cgroup subsys devices [0.006604] Initializing cgroup subsys freezer [0.006613] Initializing cgroup subsys net_cls [0.006621] Initializing cgroup subsys blkio [0.006630] Initializing cgroup subsys perf_event [0.006639] Initializing cgroup subsys hugetlb [0.006648] Initializing cgroup subsys pids [0.006655] Initializing cgroup subsys net_prio [0.006747] FEATURE SPEC_CTRL Not Present [0.006755] FEATURE IBPB_SUPPORT Not Present [0.006764] CPU: Physical Processor ID: 0 [0.006770]
Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode
Forgot to post my domU config (xm/xend format): import os, re arch = os.uname()[4] if re.search('64', arch): arch_libdir = 'lib64' else: arch_libdir = 'lib' name = 'domU' bootloader = '/usr/bin/pygrub' extra = '(hd0,0)/grub/menu.lst' maxmem = 4096 memory = 1024 vcpus=2 vif = [ 'mac=00:16:3E:AA:BB:CC, bridge=brXXX, vifname=domU.0', 'mac=AA:00:00:AA:BB:CC, bridge=brYYY, vifname=domU.1' ] disk = [ 'tap2:aio:/dev/VolGroup/Volume,xvda,w', 'tap2:aio:/dev/VolGroup/Volume-b,xvdb,w' ] on_poweroff = 'destroy' on_reboot = 'destroy' on_crash= 'preserve' device_model = '/usr/' + arch_libdir + '/xen/bin/qemu-dm' boot='cd' vfb = [ 'type=vnc, vnclisten=0.0.0.0, vncpasswd=RR, vncdisplay=NN' ] nographic=0 stdvga=0 serial='pty' monitor=0 localtime=0 usb=1 usbdevice='tablet' El Viernes 05/01/2018 a las 18:05, Ricardo J. Barberis escribió: > A CentOS 6.9 domU with kernel 2.6.32-696.18.7.el6.x86_64 also fails to boot > on a CentOS 6.9 dom0 with kernel 4.9.63-29.el6.x86_64 and xen > 4.4.4-34.el6.x86_64 > > Xen logs lines like these (among others): > > /var/log/xen/xend.log:[2018-01-05 17:55:45 2357] WARNING (XendDomainInfo:583) > Could not unpause blktap disk: ('unpause', '-p11520', '-m4') failed (5632 ) > > /var/log/messages:Jan 5 17:55:45 xvm16n00 tapdisk[11520]: > tap-err:tapdisk_vbd_resume: resume request for unpaused vbd > aio:/dev/VolGroup/Volume > > > Xenctx for vCPU 0 says: > > [root@dom0 ~] # /usr/lib64/xen/bin/xenctx -s > System.map-2.6.32-696.18.7.el6.x86_64 13 0 rip: 812b7872 > __memcpy_fromio+0x12 > flags: 1202 i nz > rsp: 81a03e00 > rax: rcx: 0004 rdx: 0010 > rbx: ff40 rsi: ff40 rdi: 81a03e68 > rbp: 81a03e48r8: r9: 7ff0 > r10: r11: r12: 81a03e58 > r13: ff40 r14: ff41 r15: 81a03e68 > cs: e033ss: e02bds: es: > fs: @ > gs: @ 81c25000/ > Code (instr addr 812b7872) > 00 00 00 55 48 89 e5 e8 57 e8 29 00 89 d2 48 89 d1 48 c1 e9 02 a5 f6 > c2 02 74 02 66 a5 f6 c2 > > Stack: > 0004 812b7872 > 0001e030 00010002 81a03e48 e02b > 812b7869 81a03eb8 81c80153 > 81a03e98 81c872a0 > > Call Trace: > [] __memcpy_fromio+0x12 <-- > [] __memcpy_fromio+0x12 > [] __memcpy_fromio+0x9 > [] dmi_scan_machine+0x139 > [] setup_arch+0x424 > [] vprintk_default+0xe > [] printk+0x4f > [] start_kernel+0xdc > [] x86_64_start_reservations+0x125 > [] xen_start_kernel+0x4fe > > > And my domU has similar boot messages as Sarah Newman's: > > (early) Initializing cgroup subsys cpuset > (early) Initializing cgroup subsys cpu > (early) Linux version 2.6.32-696.18.7.el6.x86_64 > (mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat > 4.4.7-18) (GCC) ) #1 SMP Thu Jan 4 17:31:22 UTC 2018 > (early) Command line: ro root=/dev/xvda3 rd_NO_LUKS rd_NO_LVM rd_NO_MD > SYSFONT=latarcyrheb-sun16 crashkernel=auto LANG=en_US.UTF-8 KEYBOARDTYPE=pc > KEYTABLE=us rd_NO_DM earlyprintk=xen (hd0,0)/grub/menu.lst > (early) KERNEL supported cpus: > (early) Intel GenuineIntel > (early) AMD AuthenticAMD > (early) Centaur CentaurHauls > (early) 1 multicall(s) failed: cpu 0 > (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1 > (early) Call Trace: > (early) [] ? xen_mc_flush+0x1c3/0x250 > (early) [] ? xen_extend_mmu_update+0xde/0x1b0 > (early) [] ? xen_set_pmd_hyper+0x9d/0xc0 > (early) [] ? early_ioremap_init+0x98/0x133 > (early) [] ? setup_arch+0x40/0xca6 > (early) [] ? vprintk_default+0xe/0x10 > (early) [] ? printk+0x4f/0x52 > (early) [] ? start_kernel+0xdc/0x43b > (early) [] ? reserve_early+0x30/0x39 > (early) [] ? x86_64_start_reservations+0x125/0x129 > (early) [] ? xen_start_kernel+0x4fe/0x505 > (early) [ cut here ] > (early) WARNING: at arch/x86/xen/multicalls.c:182 xen_mc_flush+0x21f/0x250() > (Not tainted) > (early) Modules linked in: > (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1 > (early) Call Trace: > (early) [] ? warn_slowpath_common+0x91/0xe0 > (early) [] ? __raw_callee_save_xen_restore_fl+0x11/0x1e > (early) [] ? warn_slowpath_null+0x1a/0x20 > (early) [] ? xen_mc_flush+0x21f/0x250 > (early) [] ? xen_extend_mmu_update+0xde/0x1b0 > (early) [] ? xen_extend_mmu_update+0xde/0x1b0 > (early) [] ? xen_set_pmd_hyper+0x9d/0xc0 > (early) [] ? early_ioremap_init+0x98/0x133 > (early) [] ? setup_arch+0x40/0xca6 > (early) [] ? vprintk_default+0xe/0x10 > (early) [] ? printk+0x4f/0x52 > (early) [] ? start_kernel+0xdc/0x43b > (early) [] ? reserve_early+0x30/0x39 > (early) [] ?
Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode
A CentOS 6.9 domU with kernel 2.6.32-696.18.7.el6.x86_64 also fails to boot on a CentOS 6.9 dom0 with kernel 4.9.63-29.el6.x86_64 and xen 4.4.4-34.el6.x86_64 Xen logs lines like these (among others): /var/log/xen/xend.log:[2018-01-05 17:55:45 2357] WARNING (XendDomainInfo:583) Could not unpause blktap disk: ('unpause', '-p11520', '-m4') failed (5632 ) /var/log/messages:Jan 5 17:55:45 xvm16n00 tapdisk[11520]: tap-err:tapdisk_vbd_resume: resume request for unpaused vbd aio:/dev/VolGroup/Volume Xenctx for vCPU 0 says: [root@dom0 ~] # /usr/lib64/xen/bin/xenctx -s System.map-2.6.32-696.18.7.el6.x86_64 13 0 rip: 812b7872 __memcpy_fromio+0x12 flags: 1202 i nz rsp: 81a03e00 rax: rcx: 0004 rdx: 0010 rbx: ff40 rsi: ff40 rdi: 81a03e68 rbp: 81a03e48r8: r9: 7ff0 r10: r11: r12: 81a03e58 r13: ff40 r14: ff41 r15: 81a03e68 cs: e033ss: e02bds: es: fs: @ gs: @ 81c25000/ Code (instr addr 812b7872) 00 00 00 55 48 89 e5 e8 57 e8 29 00 89 d2 48 89 d1 48 c1 e9 02 a5 f6 c2 02 74 02 66 a5 f6 c2 Stack: 0004 812b7872 0001e030 00010002 81a03e48 e02b 812b7869 81a03eb8 81c80153 81a03e98 81c872a0 Call Trace: [] __memcpy_fromio+0x12 <-- [] __memcpy_fromio+0x12 [] __memcpy_fromio+0x9 [] dmi_scan_machine+0x139 [] setup_arch+0x424 [] vprintk_default+0xe [] printk+0x4f [] start_kernel+0xdc [] x86_64_start_reservations+0x125 [] xen_start_kernel+0x4fe And my domU has similar boot messages as Sarah Newman's: (early) Initializing cgroup subsys cpuset (early) Initializing cgroup subsys cpu (early) Linux version 2.6.32-696.18.7.el6.x86_64 (mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) ) #1 SMP Thu Jan 4 17:31:22 UTC 2018 (early) Command line: ro root=/dev/xvda3 rd_NO_LUKS rd_NO_LVM rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto LANG=en_US.UTF-8 KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM earlyprintk=xen (hd0,0)/grub/menu.lst (early) KERNEL supported cpus: (early) Intel GenuineIntel (early) AMD AuthenticAMD (early) Centaur CentaurHauls (early) 1 multicall(s) failed: cpu 0 (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1 (early) Call Trace: (early) [] ? xen_mc_flush+0x1c3/0x250 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_set_pmd_hyper+0x9d/0xc0 (early) [] ? early_ioremap_init+0x98/0x133 (early) [] ? setup_arch+0x40/0xca6 (early) [] ? vprintk_default+0xe/0x10 (early) [] ? printk+0x4f/0x52 (early) [] ? start_kernel+0xdc/0x43b (early) [] ? reserve_early+0x30/0x39 (early) [] ? x86_64_start_reservations+0x125/0x129 (early) [] ? xen_start_kernel+0x4fe/0x505 (early) [ cut here ] (early) WARNING: at arch/x86/xen/multicalls.c:182 xen_mc_flush+0x21f/0x250() (Not tainted) (early) Modules linked in: (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1 (early) Call Trace: (early) [] ? warn_slowpath_common+0x91/0xe0 (early) [] ? __raw_callee_save_xen_restore_fl+0x11/0x1e (early) [] ? warn_slowpath_null+0x1a/0x20 (early) [] ? xen_mc_flush+0x21f/0x250 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_set_pmd_hyper+0x9d/0xc0 (early) [] ? early_ioremap_init+0x98/0x133 (early) [] ? setup_arch+0x40/0xca6 (early) [] ? vprintk_default+0xe/0x10 (early) [] ? printk+0x4f/0x52 (early) [] ? start_kernel+0xdc/0x43b (early) [] ? reserve_early+0x30/0x39 (early) [] ? x86_64_start_reservations+0x125/0x129 (early) [] ? xen_start_kernel+0x4fe/0x505 (early) ---[ end trace a7919e7f17c0a725 ]--- (early) ACPI in unprivileged domain disabled (early) released 0 pages of unused memory (early) BIOS-provided physical RAM map: (early) Xen: - 000a (usable) (early) Xen: 000a - 0010 (reserved) (early) Xen: 0010 - 0001 (usable) (early) bootconsole [xenboot0] enabled El Viernes 05/01/2018 a las 05:39, Sarah Newman escribió: > Problems start before any of the kaiser code executes, though it could > still be related to CONFIG_KAISER since that has effects beyond kaiser.c. > > --- > (early) Initializing cgroup subsys cpuset > (early) Initializing cgroup subsys cpu > (early) Linux version 2.6.32-696.18.7.el6.x86_64 > (mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat > 4.4.7-18) (GCC) ) #1 SMP Thu Jan 4 17:31:22 UTC 2018 > (early) Command line: ro console=hvc0 rootflags=barrier=0 crashkernel=auto > SYSFONT=latarcyrheb-sun16
Re: [CentOS] Intel Flaw
On 5 January 2018 at 12:53, Chris Olsonwrote: > How does the latest Intel flaw relate to CentOS 6.x systems > that run under VirtualBox hosted on Windows 7 computers? Given > the virtual machine degree of separation from the hardware, can Supposedly a virtual machine can detect and leak out in various ways. Both Xen and qemu are working through patches to deal with this. Other virtual software vendors are probably working on this also. I am not sure why the patches to the operating system do not stop this but it seems to do with how the modern CPU does virtualization which makes the Windows 7 patches not applicable. > this issue actually be detected and exploited in the operating > systems that run virtually? If there is a slow down associated > with the fix, how much might it impact the virtual systems? > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Intel Flaw
-Original Message- From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Chris Olson Subject: [CentOS] Intel Flaw >How does the latest Intel flaw relate to CentOS 6.x systems that run under >VirtualBox > hosted on Windows 7 computers? My computer is an much older AMD Athlon X2-250, 3.0ghz dual core, 02-2012 Windows 10 Pro (15063.850) I just manually patched my system w/ the security only update from Microsoft. Used the Pass Mark CPU test... Before patch 1626, 1323 after patch or an 18.6% loss in speed. Looking for a better test utility for Linux, but on my tested Linux boxen, doesn't seem to be any change But I'm using sysbench. Probably not the best utility in this case. Regards, Richard Zimmerman River Bend Hose Specialty, Inc. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Intel Flaw
How does the latest Intel flaw relate to CentOS 6.x systems that run under VirtualBox hosted on Windows 7 computers? Given the virtual machine degree of separation from the hardware, can this issue actually be detected and exploited in the operating systems that run virtually? If there is a slow down associated with the fix, how much might it impact the virtual systems? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754
> On Jan 5, 2018, at 9:02 AM, Johnny Hugheswrote: > > I have released everything for CentOS-6 that has been released upstream > in RHEL source code. > > I will continue to do so when they release new sources. > > NOTE: We will NOT be releasing anything for CentOS versions before > CentOS-6 (ie, CentOS-2.1, 3.x, 4.x, 5.x releases in vault that are past > EOL will not get updates) > > CentOS-6 and CentOS-7 will continue to get updates based on the specific > version of RHEL source code released. > Thanks, > Johnny Hughes Thanks - do you know if anything else is expected to be released soon for CentOS 6 or 7? Noam ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754
I have released everything for CentOS-6 that has been released upstream in RHEL source code. I will continue to do so when they release new sources. NOTE: We will NOT be releasing anything for CentOS versions before CentOS-6 (ie, CentOS-2.1, 3.x, 4.x, 5.x releases in vault that are past EOL will not get updates) CentOS-6 and CentOS-7 will continue to get updates based on the specific version of RHEL source code released. Thanks, Johnny Hughes On 01/04/2018 04:41 PM, Warren Young wrote: > On Jan 4, 2018, at 12:18 PM, Walter H.wrote: >> >> will there be updates for these CVEs for CentOS 6? > > Red Hat hasn’t released them all yet. Quoting Christopher Robinson in the > thread for this here: > > https://access.redhat.com/errata/RHSA-2018:0007 > > "We will be pushing errata out as soon as they have passed our QA team's > testing. The more modern versions were easier to backport patches from > upstream, and as you progress backwards the fixes change from a backporting > exercise into a complete rewrite. We expect all packages for RHEL7 to be > available shortly, with RHEL6 following closely behind.” > > Robinson’s reply then goes into other ramifications which don’t impact CentOS > for one reason or another, except insofar as CentOS’s speed in responding to > this is gated in large part by Red Hat’s ability to respond. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] CentOS-virt - Kernel Side-Channel Attacks
On Thu, Jan 4, 2018 at 7:12 PM, Sarah Newmanwrote: > On 01/04/2018 10:49 AM, Akemi Yagi wrote: >> On Thu, Jan 4, 2018 at 9:51 AM, wrote: >> >>> Please patch the CentOS-virt Kernel to fix the >>> Kernel Side-Channel Attacks vulnerabilities. >>> >>> The latest CentOS-virt kernel was released in November, as seen below. >>> >>> kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30 >>> >>> https://access.redhat.com/security/vulnerabilities/speculativeexecution >>> http://mirror.centos.org/centos/7/virt/x86_64/xen/ >>> >> >> As far as I can see, the patches for >> KAISER (Kernel Address >> Isolation to have Side-channels Efficiently Removed) will appear in >> kernel 4.9.75. Looks like it will be released soon upstream (kernel.org). >> > > To my best knowledge KAISER doesn't matter for Xen Dom0's given they run in > PV mode, and KAISER isn't enabled for PV guests. But it will be important if anyone is running the CentOS kernel in their HVM domUs (as guest kernels can be attacked using SP3 by guest user space without the KPTI patches). I'm sure Johnny will get to it as soon as he has the opportunity. -George ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] CentOS-announce Digest, Vol 155, Issue 1
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2018:0007 Important CentOS 7 kernel Security Update (Karanbir Singh) 2. CESA-2018:0012 Important CentOS 7 microcode_ctl Security Update (Karanbir Singh) 3. CESA-2018:0014 Important CentOS 7 linux-firmware Security Update (Karanbir Singh) 4. [Infra] - planned outage : All services (Fabian Arrotin) 5. CESA-2018:0013 Important CentOS 6 microcode_ctl Security Update (Johnny Hughes) 6. CESA-2018:0008 Important CentOS 6 kernel Security Update (Johnny Hughes) 7. CESA-RHSA-2018:0024 Important CentOS 6 qemu-kvm Security Update (Johnny Hughes) 8. CESA-2018:0030 Important CentOS 6 libvirt Security Update (Johnny Hughes) 9. CESA-2018:0029 Important CentOS 7 libvirt Security Update (Johnny Hughes) 10. CESA-2018:0023 Important CentOS 7 qemu-kvmSecurity Update (Johnny Hughes) -- Message: 1 Date: Thu, 4 Jan 2018 11:36:27 + From: Karanbir SinghTo: CentOS Announcements List Subject: [CentOS-announce] CESA-2018:0007 Important CentOS 7 kernel SecurityUpdate Message-ID: Content-Type: text/plain; charset=utf-8 CentOS Errata and Security Advisory 2018:0007 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:0007 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 320ab3bd00bd1f051c69f65f2d4cd6ab64585f977d9cd7a52e64e8f8147894fc kernel-3.10.0-693.11.6.el7.x86_64.rpm 0eefdec5447d3ed2781f30d093e22f4654e8af201e1e8058a57876d1baf2ee64 kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm 5137d0db8632342edfb355ce5bb0a4b4b80d5ffd4b9950bb8dcfcd78e4b8a9dc kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm 882a6522bdafaa697173ff7adedd2cd6ceee5c4a6aa0cd1cb4cf042789420c78 kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm 9c0d7753c649d68cd25b212ee573cec37dc2211891444224e502128fcffdf301 kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm d2005d6a85f2ddd627290dd4cd4d2084215ef45cd8b3f66077b68fe2b0cce61e kernel-doc-3.10.0-693.11.6.el7.noarch.rpm 34d8682b2df1e47c9675f913fbfb129420cce219beaf7985c607a69ccdb3e064 kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm fd3eaf598546bcb502e5e7293d0301b48774c9358dd320b7e53bd042dfae7094 kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm 3c53034adc4c942a02f1dd72f0adf688f558867caf086b5b239169262b75f570 kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm 91153ae59d0acf585201b9a5b453ed8e6504651bf114e3c21c725ce42c8675c5 kernel-tools-libs-devel-3.10.0-693.11.6.el7.x86_64.rpm 8ef1d6c1ef77af60bbb680fa58b1d15f7901c21220c7e5db05ed56f7b17c perf-3.10.0-693.11.6.el7.x86_64.rpm b1f7bf92063bce0cec6286845686bc6ef96db126bdaa8987703b21a736a1a509 python-perf-3.10.0-693.11.6.el7.x86_64.rpm Source: b7756ceda51a35942e03d553f0ec6049ba2520c89e0d66e8e2cdae88f6db0d6a kernel-3.10.0-693.11.6.el7.src.rpm Note: 1) This is a widespread issue with potentially huge impact, we appreciate any help in spreading the word around so maximum number of users are able to find out, and patch their systems. 2) Upstream is curating information around this issue at https://access.redhat.com/security/vulnerabilities/speculativeexecution - information on that page would be helpful for most people on CentOS Linux as well. 3) Please reach out to us at #centos on irc.freenode.net for any feedback, comments, questions or concerns. -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -- Message: 2 Date: Thu, 4 Jan 2018 11:40:52 + From: Karanbir Singh To: CentOS Announcements List Subject: [CentOS-announce] CESA-2018:0012 Important CentOS 7 microcode_ctl Security Update Message-ID: Content-Type: text/plain; charset=utf-8 CentOS Errata and Security Advisory 2018:0012 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:0012 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: ccb96b47da6ce420c39a38d09e57adcc7ab3696c721d081fee94298f19fc6cab microcode_ctl-2.1-22.2.el7.x86_64.rpm Source:
[CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode
Problems start before any of the kaiser code executes, though it could still be related to CONFIG_KAISER since that has effects beyond kaiser.c. --- (early) Initializing cgroup subsys cpuset (early) Initializing cgroup subsys cpu (early) Linux version 2.6.32-696.18.7.el6.x86_64 (mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) ) #1 SMP Thu Jan 4 17:31:22 UTC 2018 (early) Command line: ro console=hvc0 rootflags=barrier=0 crashkernel=auto SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=us earlyprintk=xen (early) KERNEL supported cpus: (early) Intel GenuineIntel (early) AMD AuthenticAMD (early) Centaur CentaurHauls (early) 1 multicall(s) failed: cpu 0 (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1 (early) Call Trace: (early) [] ? xen_mc_flush+0x1c3/0x250 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_set_pmd_hyper+0x9d/0xc0 (early) [] ? early_ioremap_init+0x98/0x133 (early) [] ? setup_arch+0x40/0xca6 (early) [] ? vprintk_default+0xe/0x10 (early) [] ? printk+0x4f/0x52 (early) [] ? start_kernel+0xdc/0x43b (early) [] ? reserve_early+0x30/0x39 (early) [] ? x86_64_start_reservations+0x125/0x129 (early) [] ? xen_start_kernel+0x4fe/0x505 (early) [ cut here ] (early) WARNING: at arch/x86/xen/multicalls.c:182 xen_mc_flush+0x21f/0x250() (Not tainted) (early) Modules linked in: (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1 (early) Call Trace: (early) [] ? warn_slowpath_common+0x91/0xe0 (early) [] ? __raw_callee_save_xen_restore_fl+0x11/0x1e (early) [] ? warn_slowpath_null+0x1a/0x20 (early) [] ? xen_mc_flush+0x21f/0x250 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_extend_mmu_update+0xde/0x1b0 (early) [] ? xen_set_pmd_hyper+0x9d/0xc0 (early) [] ? early_ioremap_init+0x98/0x133 (early) [] ? setup_arch+0x40/0xca6 (early) [] ? vprintk_default+0xe/0x10 (early) [] ? printk+0x4f/0x52 (early) [] ? start_kernel+0xdc/0x43b (early) [] ? reserve_early+0x30/0x39 (early) [] ? x86_64_start_reservations+0x125/0x129 (early) [] ? xen_start_kernel+0x4fe/0x505 (early) ---[ end trace a7919e7f17c0a725 ]--- (early) ACPI in unprivileged domain disabled (early) released 0 pages of unused memory (early) BIOS-provided physical RAM map: (early) Xen: - 000a (usable) (early) Xen: 000a - 0010 (reserved) (early) Xen: 0010 - 2000 (usable) (early) bootconsole [xenboot0] enabled ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt