Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode

[Sarah Newman]

On 01/05/2018 05:26 PM, Shaun Reitan wrote:
> I can confirm the issue with 2.6.32-696.18.7.el6.x86_64, but mine looks 
> alittle different... Maybe because i'm using pvgrub.
> 
> = Init TPM Front 
> Tpmfront:Error Unable to read device/vtpm/0/backend-id during tpmfront 
> initialization! error = ENOENT
> Tpmfront:Info Shutting down tpmfront
> close blk: backend=/local/domain/0/backend/vbd/14/51712 node=device/vbd/51712
> close blk: backend=/local/domain/0/backend/vbd/14/51728 node=device/vbd/51728
> [root@devhost1]#
> 
> -- 
> Shaun Reitan
> NDCHost.com

You need to add earlyprintk=xen.

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode

[Shaun Reitan]

I can confirm the issue with 2.6.32-696.18.7.el6.x86_64, but mine looks 
alittle different... Maybe because i'm using pvgrub.


= Init TPM Front 
Tpmfront:Error Unable to read device/vtpm/0/backend-id during tpmfront 
initialization! error = ENOENT

Tpmfront:Info Shutting down tpmfront
close blk: backend=/local/domain/0/backend/vbd/14/51712 
node=device/vbd/51712
close blk: backend=/local/domain/0/backend/vbd/14/51728 
node=device/vbd/51728

[root@devhost1]#

--
Shaun Reitan
NDCHost.com

-- Original Message --
From: "Sarah Newman" 
To: "Discussion about the virtualization on CentOS" 


Sent: 2018-01-05 12:39:21 AM
Subject: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot 
in Xen PV mode


Problems start before any of the kaiser code executes, though it could 
still be related to CONFIG_KAISER since that has effects beyond 
kaiser.c.


---
(early) Initializing cgroup subsys cpuset
(early) Initializing cgroup subsys cpu
(early) Linux version 2.6.32-696.18.7.el6.x86_64 
(mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat 
4.4.7-18) (GCC) ) #1 SMP Thu

Jan 4 17:31:22 UTC 2018
(early) Command line: ro console=hvc0 rootflags=barrier=0 
crashkernel=auto SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=us 
earlyprintk=xen

(early) KERNEL supported cpus:
(early)   Intel GenuineIntel
(early)   AMD AuthenticAMD
(early)   Centaur CentaurHauls
(early) 1 multicall(s) failed: cpu 0
(early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1
(early) Call Trace:
(early)  [] ? xen_mc_flush+0x1c3/0x250
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_set_pmd_hyper+0x9d/0xc0
(early)  [] ? early_ioremap_init+0x98/0x133
(early)  [] ? setup_arch+0x40/0xca6
(early)  [] ? vprintk_default+0xe/0x10
(early)  [] ? printk+0x4f/0x52
(early)  [] ? start_kernel+0xdc/0x43b
(early)  [] ? reserve_early+0x30/0x39
(early)  [] ? x86_64_start_reservations+0x125/0x129
(early)  [] ? xen_start_kernel+0x4fe/0x505
(early) [ cut here ]
(early) WARNING: at arch/x86/xen/multicalls.c:182 
xen_mc_flush+0x21f/0x250() (Not tainted)

(early) Modules linked in:
(early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1
(early) Call Trace:
(early)  [] ? warn_slowpath_common+0x91/0xe0
(early)  [] ? 
__raw_callee_save_xen_restore_fl+0x11/0x1e

(early)  [] ? warn_slowpath_null+0x1a/0x20
(early)  [] ? xen_mc_flush+0x21f/0x250
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_set_pmd_hyper+0x9d/0xc0
(early)  [] ? early_ioremap_init+0x98/0x133
(early)  [] ? setup_arch+0x40/0xca6
(early)  [] ? vprintk_default+0xe/0x10
(early)  [] ? printk+0x4f/0x52
(early)  [] ? start_kernel+0xdc/0x43b
(early)  [] ? reserve_early+0x30/0x39
(early)  [] ? x86_64_start_reservations+0x125/0x129
(early)  [] ? xen_start_kernel+0x4fe/0x505
(early) ---[ end trace a7919e7f17c0a725 ]---
(early) ACPI in unprivileged domain disabled
(early) released 0 pages of unused memory
(early) BIOS-provided physical RAM map:
(early)  Xen:  - 000a (usable)
(early)  Xen: 000a - 0010 (reserved)
(early)  Xen: 0010 - 2000 (usable)
(early) bootconsole [xenboot0] enabled
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Centos 7 Kernel 3.10.0-693.11.6.el7.x86_64 does not boot PV

[Shaun Reitan]

Broken!

[0.00] Initializing cgroup subsys cpuset
[0.00] Initializing cgroup subsys cpu
[0.00] Initializing cgroup subsys cpuacct
[0.00] Linux version 3.10.0-693.11.6.el7.x86_64 
(buil...@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 
4.8.5-16) (GCC) ) #1 SMP Thu Jan 4 01:06:37 UTC 2018

[0.00] Command line: root=/dev/xvda ro crashkernel=auto rhgb
[0.00] ACPI in unprivileged domain disabled
[0.00] e820: BIOS-provided physical RAM map:
[0.00] Xen: [mem 0x-0x0009] usable
[0.00] Xen: [mem 0x000a-0x000f] reserved
[0.00] Xen: [mem 0x0010-0x0001007f] usable
[0.00] NX (Execute Disable) protection: active
[0.00] DMI not present or invalid.
[0.00] e820: last_pfn = 0x100800 max_arch_pfn = 0x4
[0.00] e820: last_pfn = 0x10 max_arch_pfn = 0x4
[0.00] RAMDISK: [mem 0x02423000-0x02e8dfff]
[0.00] NUMA turned off
[0.00] Faking a node at [mem 
0x-0x0001007f]

[0.00] NODE_DATA(0) allocated [mem 0xff7fb000-0xff821fff]
[0.00] Reserving 161MB of memory at 720MB for crashkernel 
(System RAM: 4103MB)

[0.00] Zone ranges:
[0.00]   DMA  [mem 0x1000-0x00ff]
[0.00]   DMA32[mem 0x0100-0x]
[0.00]   Normal   [mem 0x1-0x1007f]
[0.00] Movable zone start for each node
[0.00] Early memory node ranges
[0.00]   node   0: [mem 0x1000-0x0009]
[0.00]   node   0: [mem 0x0010-0x1007f]
[0.00] Initmem setup node 0 [mem 0x1000-0x1007f]
[0.00] SFI: Simple Firmware Interface v0.81 
http://simplefirmware.org

[0.00] No local APIC present
[0.00] APIC: disable apic facility
[0.00] APIC: switched to apic NOOP
[0.00] smpboot: Allowing 4 CPUs, 0 hotplug CPUs
[0.00] PM: Registered nosave memory: [mem 0x000a-0x000f]
[0.00] e820: cannot find a gap in the 32bit address range
[0.00] e820: PCI devices with unassigned 32bit BARs may break!
[0.00] e820: [mem 0x10090-0x100cf] available for PCI 
devices

[0.00] Booting paravirtualized kernel on Xen
[0.00] Xen version: 4.4.4-30.el6 (preserve-AD)
[0.00] setup_percpu: NR_CPUS:5120 nr_cpumask_bits:4 nr_cpu_ids:4 
nr_node_ids:1
[0.00] PERCPU: Embedded 35 pages/cpu @8800ff40 s104536 
r8192 d30632 u524288
[0.00] PV qspinlock hash table entries: 256 (order: 0, 4096 
bytes)
[0.00] Built 1 zonelists in Node order, mobility grouping on.  
Total pages: 1034090

[0.00] Policy zone: Normal
[0.00] Kernel command line: root=/dev/xvda ro crashkernel=auto 
rhgb

[0.00] PID hash table entries: 4096 (order: 3, 32768 bytes)
[0.00] Memory: 3916620k/4202496k available (6916k kernel code, 
388k absent, 285488k reserved, 4551k data, 1800k init)
[0.00] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, 
Nodes=1

[0.00] x86/pti: Xen PV detected, disabling PTI protection
[0.00] Hierarchical RCU implementation.
[0.00]  RCU restricting CPUs from NR_CPUS=5120 to nr_cpu_ids=4.
[0.00] NR_IRQS:327936 nr_irqs:48 0
[0.00] Console: colour dummy device 80x25
[0.00] console [tty0] enabled
[0.00] console [hvc0] enabled
[0.00] allocated 17301504 bytes of page_cgroup
[0.00] please try 'cgroup_disable=memory' option if you don't 
want memory cgroups

[0.00] installing Xen timer for CPU 0
[0.00] tsc: Fast TSC calibration using PIT
[0.00] tsc: Detected 2000.135 MHz processor
[0.002000] Calibrating delay loop (skipped), value calculated using 
timer frequency.. 4000.23 BogoMIPS (lpj=2000116)

[0.002000] pid_max: default: 32768 minimum: 301
[0.002000] Security Framework initialized
[0.002000] SELinux:  Initializing.
[0.002000] Yama: becoming mindful.
[0.002410] Dentry cache hash table entries: 524288 (order: 10, 
4194304 bytes)
[0.004872] Inode-cache hash table entries: 262144 (order: 9, 2097152 
bytes)
[0.006027] Mount-cache hash table entries: 8192 (order: 4, 65536 
bytes)
[0.006063] Mountpoint-cache hash table entries: 8192 (order: 4, 
65536 bytes)

[0.006562] Initializing cgroup subsys memory
[0.006594] Initializing cgroup subsys devices
[0.006604] Initializing cgroup subsys freezer
[0.006613] Initializing cgroup subsys net_cls
[0.006621] Initializing cgroup subsys blkio
[0.006630] Initializing cgroup subsys perf_event
[0.006639] Initializing cgroup subsys hugetlb
[0.006648] Initializing cgroup subsys pids
[0.006655] Initializing cgroup subsys net_prio
[0.006747] FEATURE SPEC_CTRL Not Present
[0.006755] FEATURE IBPB_SUPPORT Not Present
[0.006764] CPU: Physical Processor ID: 0
[0.006770] 

Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode

[Ricardo J. Barberis]

Forgot to post my domU config (xm/xend format):

import os, re
arch = os.uname()[4]
if re.search('64', arch):
arch_libdir = 'lib64'
else:
arch_libdir = 'lib'

name = 'domU'
bootloader = '/usr/bin/pygrub'
extra = '(hd0,0)/grub/menu.lst'
maxmem = 4096
memory = 1024
vcpus=2

vif = [ 'mac=00:16:3E:AA:BB:CC, bridge=brXXX, vifname=domU.0', 
'mac=AA:00:00:AA:BB:CC, bridge=brYYY, vifname=domU.1' ]
disk = [ 'tap2:aio:/dev/VolGroup/Volume,xvda,w', 
'tap2:aio:/dev/VolGroup/Volume-b,xvdb,w' ]

on_poweroff = 'destroy'
on_reboot   = 'destroy'
on_crash= 'preserve'

device_model = '/usr/' + arch_libdir + '/xen/bin/qemu-dm'
boot='cd'
vfb = [ 'type=vnc, vnclisten=0.0.0.0, vncpasswd=RR, vncdisplay=NN' ]
nographic=0
stdvga=0
serial='pty'
monitor=0
localtime=0
usb=1
usbdevice='tablet'


El Viernes 05/01/2018 a las 18:05, Ricardo J. Barberis escribió:
> A CentOS 6.9 domU with kernel 2.6.32-696.18.7.el6.x86_64 also fails to boot
> on a CentOS 6.9 dom0 with kernel 4.9.63-29.el6.x86_64 and xen
> 4.4.4-34.el6.x86_64
>
> Xen logs lines like these (among others):
>
> /var/log/xen/xend.log:[2018-01-05 17:55:45 2357] WARNING (XendDomainInfo:583) 
> Could not unpause blktap disk: ('unpause', '-p11520', '-m4') failed (5632  )
>
> /var/log/messages:Jan  5 17:55:45 xvm16n00 tapdisk[11520]: 
> tap-err:tapdisk_vbd_resume: resume request for unpaused vbd 
> aio:/dev/VolGroup/Volume
>
>
> Xenctx for vCPU 0 says:
>
> [root@dom0 ~] # /usr/lib64/xen/bin/xenctx -s
> System.map-2.6.32-696.18.7.el6.x86_64 13 0 rip: 812b7872
> __memcpy_fromio+0x12
> flags: 1202 i nz
> rsp: 81a03e00
> rax:    rcx: 0004   rdx: 0010
> rbx: ff40   rsi: ff40   rdi: 81a03e68
> rbp: 81a03e48r8: r9: 7ff0
> r10:    r11:    r12: 81a03e58
> r13: ff40   r14: ff41   r15: 81a03e68
>  cs: e033ss: e02bds: es: 
>  fs:  @ 
>  gs:  @ 81c25000/
> Code (instr addr 812b7872)
> 00 00 00 55 48 89 e5 e8 57 e8 29 00 89 d2 48 89 d1 48 c1 e9 02  a5 f6
> c2 02 74 02 66 a5 f6 c2
>
> Stack:
>  0004   812b7872
>  0001e030 00010002 81a03e48 e02b
>  812b7869 81a03eb8 81c80153 
>   81a03e98 81c872a0 
>
> Call Trace:
>   [] __memcpy_fromio+0x12  <--
>   [] __memcpy_fromio+0x12
>   [] __memcpy_fromio+0x9
>   [] dmi_scan_machine+0x139
>   [] setup_arch+0x424
>   [] vprintk_default+0xe
>   [] printk+0x4f
>   [] start_kernel+0xdc
>   [] x86_64_start_reservations+0x125
>   [] xen_start_kernel+0x4fe
>
>
> And my domU has similar boot messages as Sarah Newman's:
>
> (early) Initializing cgroup subsys cpuset
> (early) Initializing cgroup subsys cpu
> (early) Linux version 2.6.32-696.18.7.el6.x86_64 
> (mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat 
> 4.4.7-18) (GCC) ) #1 SMP Thu Jan 4 17:31:22 UTC 2018
> (early) Command line: ro root=/dev/xvda3 rd_NO_LUKS rd_NO_LVM rd_NO_MD 
> SYSFONT=latarcyrheb-sun16 crashkernel=auto LANG=en_US.UTF-8 KEYBOARDTYPE=pc 
> KEYTABLE=us rd_NO_DM 
earlyprintk=xen (hd0,0)/grub/menu.lst 
> (early) KERNEL supported cpus:
> (early)   Intel GenuineIntel
> (early)   AMD AuthenticAMD
> (early)   Centaur CentaurHauls
> (early) 1 multicall(s) failed: cpu 0
> (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1
> (early) Call Trace:
> (early)  [] ? xen_mc_flush+0x1c3/0x250
> (early)  [] ? xen_extend_mmu_update+0xde/0x1b0
> (early)  [] ? xen_set_pmd_hyper+0x9d/0xc0
> (early)  [] ? early_ioremap_init+0x98/0x133
> (early)  [] ? setup_arch+0x40/0xca6
> (early)  [] ? vprintk_default+0xe/0x10
> (early)  [] ? printk+0x4f/0x52
> (early)  [] ? start_kernel+0xdc/0x43b
> (early)  [] ? reserve_early+0x30/0x39
> (early)  [] ? x86_64_start_reservations+0x125/0x129
> (early)  [] ? xen_start_kernel+0x4fe/0x505
> (early) [ cut here ]
> (early) WARNING: at arch/x86/xen/multicalls.c:182 xen_mc_flush+0x21f/0x250() 
> (Not tainted)
> (early) Modules linked in: 
> (early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1
> (early) Call Trace:
> (early)  [] ? warn_slowpath_common+0x91/0xe0
> (early)  [] ? __raw_callee_save_xen_restore_fl+0x11/0x1e
> (early)  [] ? warn_slowpath_null+0x1a/0x20
> (early)  [] ? xen_mc_flush+0x21f/0x250
> (early)  [] ? xen_extend_mmu_update+0xde/0x1b0
> (early)  [] ? xen_extend_mmu_update+0xde/0x1b0
> (early)  [] ? xen_set_pmd_hyper+0x9d/0xc0
> (early)  [] ? early_ioremap_init+0x98/0x133
> (early)  [] ? setup_arch+0x40/0xca6
> (early)  [] ? vprintk_default+0xe/0x10
> (early)  [] ? printk+0x4f/0x52
> (early)  [] ? start_kernel+0xdc/0x43b
> (early)  [] ? reserve_early+0x30/0x39
> (early)  [] ? 

Re: [CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode

[Ricardo J. Barberis]

A CentOS 6.9 domU with kernel 2.6.32-696.18.7.el6.x86_64 also fails to boot on
a CentOS 6.9 dom0 with kernel 4.9.63-29.el6.x86_64 and xen 4.4.4-34.el6.x86_64

Xen logs lines like these (among others):

/var/log/xen/xend.log:[2018-01-05 17:55:45 2357] WARNING (XendDomainInfo:583) 
Could not unpause blktap disk: ('unpause', '-p11520', '-m4') failed (5632  )

/var/log/messages:Jan  5 17:55:45 xvm16n00 tapdisk[11520]: 
tap-err:tapdisk_vbd_resume: resume request for unpaused vbd 
aio:/dev/VolGroup/Volume


Xenctx for vCPU 0 says:

[root@dom0 ~] # /usr/lib64/xen/bin/xenctx -s 
System.map-2.6.32-696.18.7.el6.x86_64 13 0
rip: 812b7872 __memcpy_fromio+0x12 
flags: 1202 i nz
rsp: 81a03e00
rax:    rcx: 0004   rdx: 0010
rbx: ff40   rsi: ff40   rdi: 81a03e68
rbp: 81a03e48r8: r9: 7ff0
r10:    r11:    r12: 81a03e58
r13: ff40   r14: ff41   r15: 81a03e68
 cs: e033ss: e02bds: es: 
 fs:  @ 
 gs:  @ 81c25000/
Code (instr addr 812b7872)
00 00 00 55 48 89 e5 e8 57 e8 29 00 89 d2 48 89 d1 48 c1 e9 02  a5 f6 c2 02 
74 02 66 a5 f6 c2 

Stack:
 0004   812b7872
 0001e030 00010002 81a03e48 e02b
 812b7869 81a03eb8 81c80153 
  81a03e98 81c872a0 

Call Trace:
  [] __memcpy_fromio+0x12  <--
  [] __memcpy_fromio+0x12 
  [] __memcpy_fromio+0x9 
  [] dmi_scan_machine+0x139 
  [] setup_arch+0x424 
  [] vprintk_default+0xe 
  [] printk+0x4f 
  [] start_kernel+0xdc 
  [] x86_64_start_reservations+0x125 
  [] xen_start_kernel+0x4fe 


And my domU has similar boot messages as Sarah Newman's:

(early) Initializing cgroup subsys cpuset
(early) Initializing cgroup subsys cpu
(early) Linux version 2.6.32-696.18.7.el6.x86_64 
(mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-18) 
(GCC) ) #1 SMP Thu Jan 4 17:31:22 UTC 2018
(early) Command line: ro root=/dev/xvda3 rd_NO_LUKS rd_NO_LVM rd_NO_MD 
SYSFONT=latarcyrheb-sun16 crashkernel=auto LANG=en_US.UTF-8 KEYBOARDTYPE=pc 
KEYTABLE=us rd_NO_DM 
earlyprintk=xen (hd0,0)/grub/menu.lst
(early) KERNEL supported cpus:
(early)   Intel GenuineIntel
(early)   AMD AuthenticAMD
(early)   Centaur CentaurHauls
(early) 1 multicall(s) failed: cpu 0
(early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1
(early) Call Trace:
(early)  [] ? xen_mc_flush+0x1c3/0x250
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_set_pmd_hyper+0x9d/0xc0
(early)  [] ? early_ioremap_init+0x98/0x133
(early)  [] ? setup_arch+0x40/0xca6
(early)  [] ? vprintk_default+0xe/0x10
(early)  [] ? printk+0x4f/0x52
(early)  [] ? start_kernel+0xdc/0x43b
(early)  [] ? reserve_early+0x30/0x39
(early)  [] ? x86_64_start_reservations+0x125/0x129
(early)  [] ? xen_start_kernel+0x4fe/0x505
(early) [ cut here ]
(early) WARNING: at arch/x86/xen/multicalls.c:182 xen_mc_flush+0x21f/0x250() 
(Not tainted)
(early) Modules linked in:
(early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1
(early) Call Trace:
(early)  [] ? warn_slowpath_common+0x91/0xe0
(early)  [] ? __raw_callee_save_xen_restore_fl+0x11/0x1e
(early)  [] ? warn_slowpath_null+0x1a/0x20
(early)  [] ? xen_mc_flush+0x21f/0x250
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_set_pmd_hyper+0x9d/0xc0
(early)  [] ? early_ioremap_init+0x98/0x133
(early)  [] ? setup_arch+0x40/0xca6
(early)  [] ? vprintk_default+0xe/0x10
(early)  [] ? printk+0x4f/0x52
(early)  [] ? start_kernel+0xdc/0x43b
(early)  [] ? reserve_early+0x30/0x39
(early)  [] ? x86_64_start_reservations+0x125/0x129
(early)  [] ? xen_start_kernel+0x4fe/0x505
(early) ---[ end trace a7919e7f17c0a725 ]---
(early) ACPI in unprivileged domain disabled
(early) released 0 pages of unused memory
(early) BIOS-provided physical RAM map:
(early)  Xen:  - 000a (usable)
(early)  Xen: 000a - 0010 (reserved)
(early)  Xen: 0010 - 0001 (usable)
(early) bootconsole [xenboot0] enabled


El Viernes 05/01/2018 a las 05:39, Sarah Newman escribió:
> Problems start before any of the kaiser code executes, though it could
> still be related to CONFIG_KAISER since that has effects beyond kaiser.c.
>
> ---
> (early) Initializing cgroup subsys cpuset
> (early) Initializing cgroup subsys cpu
> (early) Linux version 2.6.32-696.18.7.el6.x86_64 
> (mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat 
> 4.4.7-18) (GCC) ) #1 SMP Thu Jan 4 17:31:22 UTC 2018
> (early) Command line: ro console=hvc0 rootflags=barrier=0 crashkernel=auto 
> SYSFONT=latarcyrheb-sun16 

Re: [CentOS] Intel Flaw

[Stephen John Smoogen]

On 5 January 2018 at 12:53, Chris Olson  wrote:
> How does the latest Intel flaw relate to CentOS 6.x systems
> that run under VirtualBox hosted on Windows 7 computers? Given
> the virtual machine degree of separation from the hardware, can

Supposedly a virtual machine can detect and leak out in various ways.
Both Xen and qemu are working through patches to deal with this. Other
virtual software vendors are probably working on this also. I am not
sure why the patches to the operating system do not stop this but it
seems to do with how the modern CPU does virtualization which makes
the Windows 7 patches not applicable.

> this issue actually be detected and exploited in the operating
> systems that run virtually?  If there is a slow down associated
> with the fix, how much might it impact the virtual systems?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel Flaw

[Richard Zimmerman]

-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Chris Olson
Subject: [CentOS] Intel Flaw

>How does the latest Intel flaw relate to CentOS 6.x systems that run under 
>VirtualBox 
> hosted on Windows 7 computers? 

My computer is  an much older AMD Athlon X2-250, 3.0ghz dual core, 02-2012
Windows 10 Pro (15063.850)

I just manually patched my system w/ the security only update from Microsoft. 
Used the Pass Mark CPU test... 

Before patch 1626, 1323 after patch or an 18.6% loss in speed.

Looking for a better test utility for Linux, but on my tested Linux boxen, 
doesn't seem to be any change But I'm using sysbench. Probably not the best 
utility in this case.

Regards,

Richard Zimmerman
River Bend Hose Specialty, Inc.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Intel Flaw

[Chris Olson]

How does the latest Intel flaw relate to CentOS 6.x systems
that run under VirtualBox hosted on Windows 7 computers? Given
the virtual machine degree of separation from the hardware, can
this issue actually be detected and exploited in the operating
systems that run virtually?  If there is a slow down associated
with the fix, how much might it impact the virtual systems?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754

[Noam Bernstein]

> On Jan 5, 2018, at 9:02 AM, Johnny Hughes  wrote:
> 
> I have released everything for CentOS-6 that has been released upstream
> in RHEL source code.
> 
> I will continue to do so when they release new sources.
> 
> NOTE:  We will NOT be releasing anything for CentOS versions before
> CentOS-6 (ie, CentOS-2.1, 3.x, 4.x, 5.x releases in vault that are past
> EOL will not get updates)
> 
> CentOS-6 and CentOS-7 will continue to get updates based on the specific
> version of RHEL source code released.
> Thanks,
> Johnny Hughes

Thanks - do you know if anything else is expected to be released soon for 
CentOS 6 or 7?

Noam




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754

[Johnny Hughes]

I have released everything for CentOS-6 that has been released upstream
in RHEL source code.

I will continue to do so when they release new sources.

NOTE:  We will NOT be releasing anything for CentOS versions before
CentOS-6 (ie, CentOS-2.1, 3.x, 4.x, 5.x releases in vault that are past
EOL will not get updates)

CentOS-6 and CentOS-7 will continue to get updates based on the specific
version of RHEL source code released.
Thanks,
Johnny Hughes

On 01/04/2018 04:41 PM, Warren Young wrote:
> On Jan 4, 2018, at 12:18 PM, Walter H.  wrote:
>>
>> will there be updates for these CVEs for CentOS 6?
> 
> Red Hat hasn’t released them all yet.  Quoting Christopher Robinson in the 
> thread for this here:
> 
> https://access.redhat.com/errata/RHSA-2018:0007
> 
> "We will be pushing errata out as soon as they have passed our QA team's 
> testing. The more modern versions were easier to backport patches from 
> upstream, and as you progress backwards the fixes change from a backporting 
> exercise into a complete rewrite. We expect all packages for RHEL7 to be 
> available shortly, with RHEL6 following closely behind.”
> 
> Robinson’s reply then goes into other ramifications which don’t impact CentOS 
> for one reason or another, except insofar as CentOS’s speed in responding to 
> this is gated in large part by Red Hat’s ability to respond.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] CentOS-virt - Kernel Side-Channel Attacks

[George Dunlap]

On Thu, Jan 4, 2018 at 7:12 PM, Sarah Newman  wrote:
> On 01/04/2018 10:49 AM, Akemi Yagi wrote:
>> On Thu, Jan 4, 2018 at 9:51 AM,  wrote:
>>
>>> Please patch the CentOS-virt Kernel to fix the
>>> Kernel Side-Channel Attacks vulnerabilities.
>>>
>>> The latest CentOS-virt kernel was released in November, as seen below.
>>>
>>> kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30
>>>
>>> https://access.redhat.com/security/vulnerabilities/speculativeexecution
>>> http://mirror.centos.org/centos/7/virt/x86_64/xen/
>>>
>>
>> As far as I can see, the patches for
>> KAISER (Kernel Address
>> Isolation to have Side-channels Efficiently Removed) will appear in
>> kernel 4.9.75. Looks like it will be released soon upstream (kernel.org).
>>
>
> To my best knowledge KAISER doesn't matter for Xen Dom0's given they run in 
> PV mode, and KAISER isn't enabled for PV guests.

But it will be important if anyone is running the CentOS kernel in
their HVM domUs (as guest kernels can be attacked using SP3 by guest
user space without the KPTI patches).

I'm sure Johnny will get to it as soon as he has the opportunity.

 -George
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] CentOS-announce Digest, Vol 155, Issue 1

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2018:0007 Important CentOS 7 kernel Security Update
  (Karanbir Singh)
   2. CESA-2018:0012 Important CentOS 7 microcode_ctl   Security
  Update (Karanbir Singh)
   3. CESA-2018:0014 Important CentOS 7 linux-firmware  Security
  Update (Karanbir Singh)
   4. [Infra] - planned outage : All services (Fabian Arrotin)
   5. CESA-2018:0013 Important CentOS 6 microcode_ctl   Security
  Update (Johnny Hughes)
   6. CESA-2018:0008 Important CentOS 6 kernel Security Update
  (Johnny Hughes)
   7. CESA-RHSA-2018:0024 Important CentOS 6 qemu-kvm   Security
  Update (Johnny Hughes)
   8. CESA-2018:0030 Important CentOS 6 libvirt Security Update
  (Johnny Hughes)
   9. CESA-2018:0029 Important CentOS 7 libvirt Security Update
  (Johnny Hughes)
  10. CESA-2018:0023 Important CentOS 7 qemu-kvmSecurity Update
  (Johnny Hughes)


--

Message: 1
Date: Thu, 4 Jan 2018 11:36:27 +
From: Karanbir Singh 
To: CentOS Announcements List 
Subject: [CentOS-announce] CESA-2018:0007 Important CentOS 7 kernel
SecurityUpdate
Message-ID: 
Content-Type: text/plain; charset=utf-8

CentOS Errata and Security Advisory 2018:0007 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0007

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
320ab3bd00bd1f051c69f65f2d4cd6ab64585f977d9cd7a52e64e8f8147894fc
kernel-3.10.0-693.11.6.el7.x86_64.rpm
0eefdec5447d3ed2781f30d093e22f4654e8af201e1e8058a57876d1baf2ee64
kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm
5137d0db8632342edfb355ce5bb0a4b4b80d5ffd4b9950bb8dcfcd78e4b8a9dc
kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm
882a6522bdafaa697173ff7adedd2cd6ceee5c4a6aa0cd1cb4cf042789420c78
kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm
9c0d7753c649d68cd25b212ee573cec37dc2211891444224e502128fcffdf301
kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm
d2005d6a85f2ddd627290dd4cd4d2084215ef45cd8b3f66077b68fe2b0cce61e
kernel-doc-3.10.0-693.11.6.el7.noarch.rpm
34d8682b2df1e47c9675f913fbfb129420cce219beaf7985c607a69ccdb3e064
kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm
fd3eaf598546bcb502e5e7293d0301b48774c9358dd320b7e53bd042dfae7094
kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm
3c53034adc4c942a02f1dd72f0adf688f558867caf086b5b239169262b75f570
kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm
91153ae59d0acf585201b9a5b453ed8e6504651bf114e3c21c725ce42c8675c5
kernel-tools-libs-devel-3.10.0-693.11.6.el7.x86_64.rpm
8ef1d6c1ef77af60bbb680fa58b1d15f7901c21220c7e5db05ed56f7b17c
perf-3.10.0-693.11.6.el7.x86_64.rpm
b1f7bf92063bce0cec6286845686bc6ef96db126bdaa8987703b21a736a1a509
python-perf-3.10.0-693.11.6.el7.x86_64.rpm


Source:
b7756ceda51a35942e03d553f0ec6049ba2520c89e0d66e8e2cdae88f6db0d6a
kernel-3.10.0-693.11.6.el7.src.rpm

Note:
1) This is a widespread issue with potentially huge impact, we
appreciate any help in spreading the word around so maximum number of
users are able to find out, and patch their systems.

2) Upstream is curating information around this issue at
https://access.redhat.com/security/vulnerabilities/speculativeexecution
- information on that page would be helpful for most people on CentOS
Linux as well.

3) Please reach out to us at #centos on irc.freenode.net for any
feedback, comments, questions or concerns.

-- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc


--

Message: 2
Date: Thu, 4 Jan 2018 11:40:52 +
From: Karanbir Singh 
To: CentOS Announcements List 
Subject: [CentOS-announce] CESA-2018:0012 Important CentOS 7
microcode_ctl   Security Update
Message-ID: 
Content-Type: text/plain; charset=utf-8

CentOS Errata and Security Advisory 2018:0012 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0012

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
ccb96b47da6ce420c39a38d09e57adcc7ab3696c721d081fee94298f19fc6cab
microcode_ctl-2.1-22.2.el7.x86_64.rpm


Source:

[CentOS-virt] Centos 6 2.6.32-696.18.7.el6.x86_64 does not boot in Xen PV mode

[Sarah Newman]

Problems start before any of the kaiser code executes, though it could still be 
related to CONFIG_KAISER since that has effects beyond kaiser.c.

---
(early) Initializing cgroup subsys cpuset
(early) Initializing cgroup subsys cpu
(early) Linux version 2.6.32-696.18.7.el6.x86_64 
(mockbu...@c1bl.rdu2.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-18) 
(GCC) ) #1 SMP Thu
Jan 4 17:31:22 UTC 2018
(early) Command line: ro console=hvc0 rootflags=barrier=0 crashkernel=auto 
SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=us earlyprintk=xen
(early) KERNEL supported cpus:
(early)   Intel GenuineIntel
(early)   AMD AuthenticAMD
(early)   Centaur CentaurHauls
(early) 1 multicall(s) failed: cpu 0
(early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1
(early) Call Trace:
(early)  [] ? xen_mc_flush+0x1c3/0x250
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_set_pmd_hyper+0x9d/0xc0
(early)  [] ? early_ioremap_init+0x98/0x133
(early)  [] ? setup_arch+0x40/0xca6
(early)  [] ? vprintk_default+0xe/0x10
(early)  [] ? printk+0x4f/0x52
(early)  [] ? start_kernel+0xdc/0x43b
(early)  [] ? reserve_early+0x30/0x39
(early)  [] ? x86_64_start_reservations+0x125/0x129
(early)  [] ? xen_start_kernel+0x4fe/0x505
(early) [ cut here ]
(early) WARNING: at arch/x86/xen/multicalls.c:182 xen_mc_flush+0x21f/0x250() 
(Not tainted)
(early) Modules linked in:
(early) Pid: 0, comm: swapper Not tainted 2.6.32-696.18.7.el6.x86_64 #1
(early) Call Trace:
(early)  [] ? warn_slowpath_common+0x91/0xe0
(early)  [] ? __raw_callee_save_xen_restore_fl+0x11/0x1e
(early)  [] ? warn_slowpath_null+0x1a/0x20
(early)  [] ? xen_mc_flush+0x21f/0x250
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_extend_mmu_update+0xde/0x1b0
(early)  [] ? xen_set_pmd_hyper+0x9d/0xc0
(early)  [] ? early_ioremap_init+0x98/0x133
(early)  [] ? setup_arch+0x40/0xca6
(early)  [] ? vprintk_default+0xe/0x10
(early)  [] ? printk+0x4f/0x52
(early)  [] ? start_kernel+0xdc/0x43b
(early)  [] ? reserve_early+0x30/0x39
(early)  [] ? x86_64_start_reservations+0x125/0x129
(early)  [] ? xen_start_kernel+0x4fe/0x505
(early) ---[ end trace a7919e7f17c0a725 ]---
(early) ACPI in unprivileged domain disabled
(early) released 0 pages of unused memory
(early) BIOS-provided physical RAM map:
(early)  Xen:  - 000a (usable)
(early)  Xen: 000a - 0010 (reserved)
(early)  Xen: 0010 - 2000 (usable)
(early) bootconsole [xenboot0] enabled
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt