I was looking to see if XSA-384 was in testing for CentOS Virt and so far
it doesn't look like it is yet. From the patch, it looks like it touches
x86 code. Can anyone push a build with this version?
Thanks.
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure
On 12/12/19 8:25 AM, George Dunlap wrote:
> On Mon, Dec 2, 2019 at 5:08 PM Kevin Stange wrote:
>> I don't really think we should drop a release before its security
>> support ends, unless we have *really clear* communication to repo users
>> as to the life cycles of th
On 12/2/19 11:08 AM, Kevin Stange wrote:
> On 11/28/19 12:12 PM, George Dunlap wrote:
>> Hey all,
>>
>> This mail has been a long time in coming, but with the upcoming
>> expiration of security support for Xen 4.8, it's time to start thinking
>> about what our
pdates. When 4.13.1 is released it would
become "stable," 4.11 would be deprecated and 4.12 would become "legacy."
However, during the transitional period maybe we need to commit to
supporting 4.10 until its security support ends.
--
Kevin Stan
x/kernel/git/stable/linux.git/commit/?id=987156381c5f875d75ef1f7cc29994d82f646dad
That's 4.9.124, so yes, 4.9.177 has it.
--
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter and Cloud Services
800 S Wells, Suite 190 | Chicago, IL 60607
312.602.2689 X203 | Fax:
8-12127
> and CVE-2019-11091.
Just to reiterate, these fixes are in 4.9.177 but the mitigations
generally require cooperation from Xen, and Xen 4.6 builds from CentOS
do not contain fixes for disclosed issues from May 2018 onward.
For proper mitigation, you need to upgrade to Xen 4.8 or ne
the entire
remaining lifetime of EL6, but will come up slightly short of EL7's.
However that means bumping two divergent kernels periodically for each
set of repos.
Based on recent history (4.4, 4.9) we can probably expect both 4.14 and
4.19 to become 6 year kernels extending to Jan 2024 and Dec 20
is Xen 4.12.
--
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter and Cloud Services
800 S Wells, Suite 190 | Chicago, IL 60607
312.602.2689 X203 | Fax: 312.602.2688
ke...@steadfast.net | www.steadfast.net
___
CentOS-virt
mmand line because that is
how it knows to scan the initramfs for the microcode.
>
> Am 2018-09-19 20:08, schrieb Kevin Stange:
>> On 9/19/18 1:55 AM, Christoph wrote:
>>>
>>> Hi
>>>
>>> can someone say me how to update the µcode of the cpu with xen?
>>
ing. See this file for info:
/usr/share/doc/microcode_ctl/README.caveats
You can test that the initramfs has the microcode by running cpio:
cpio -t < /boot/initramfs-4.9.112-32.el7.x86_64.img
If there is a GenuineIntel.bin you should be good. If you get spammed
with errors, then it isn't included.
seabios updates because HVM guests cannot boot using the new Red Hat
version.
The best workaround for now is probably to either set up
yum-plugin-priorities and set a high priority on the centos-virt-xen*
repo, or exclude=libvirt* seabios* in your base and updates repos.
--
Kevin Stange
Chie
he IRC discussion I found in my log indicates that it was removed
because it didn't apply cleanly due to changes when updating to 4.9.75,
yet I don't think anyone independently validated that the changes made
are equivalent to the patch that was removed. I was never able to
reproduce this issue, so I did
On 01/19/2018 06:17 AM, Pasi Kärkkäinen wrote:
> On Thu, Jan 18, 2018 at 11:48:35AM -0600, Kevin Stange wrote:
>> Hi,
>>
>
> Hi,
>
>> I am very sorry to do this on short notice, but obviously Meltdown and
>> Spectre are a lot more than anyone was really ex
On 01/18/2018 11:48 AM, Kevin Stange wrote:
> Hi,
>
> I am very sorry to do this on short notice, but obviously Meltdown and
> Spectre are a lot more than anyone was really expecting to come down the
> pipeline. Xen 4.4 has been EOL upstream for about a year now and I have
&g
ot protect the guest from itself, but protects the domains from
each other. Long term, your best bet is to try to get up to a new
version of Xen that is under upstream security support, probably 4.8.
--
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter and Clou
and provide feedback if possible so we can get this package
moved to release fairly soon.
Currently in the release repo is 4.4.4-27 as of last week, which
contains all relevant patches through XSA-230.
--
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter and Cloud
On 09/06/2017 05:21 PM, Kevin Stange wrote:
> On 09/06/2017 08:40 AM, Johnny Hughes wrote:
>> On 09/05/2017 02:26 PM, Kevin Stange wrote:
>>> On 09/04/2017 05:27 PM, Johnny Hughes wrote:
>>>> On 09/04/2017 03:59 PM, Kevin Stange wrote:
>>>>>
On 09/06/2017 08:40 AM, Johnny Hughes wrote:
> On 09/05/2017 02:26 PM, Kevin Stange wrote:
>> On 09/04/2017 05:27 PM, Johnny Hughes wrote:
>>> On 09/04/2017 03:59 PM, Kevin Stange wrote:
>>>> On 09/02/2017 08:11 AM, Johnny Hughes wrote:
>>>>&g
On 09/04/2017 05:27 PM, Johnny Hughes wrote:
> On 09/04/2017 03:59 PM, Kevin Stange wrote:
>> On 09/02/2017 08:11 AM, Johnny Hughes wrote:
>>> On 09/01/2017 02:41 PM, Kevin Stange wrote:
>>>> On 08/31/2017 07:50 AM, PJ Welsh wrote:
>>>>> A recently cre
On 09/02/2017 08:11 AM, Johnny Hughes wrote:
> On 09/01/2017 02:41 PM, Kevin Stange wrote:
>> On 08/31/2017 07:50 AM, PJ Welsh wrote:
>>> A recently created and fully functional CentOS 7.3 VM fails to boot
>>> after applying CR updates:
>>
>>> Server
On 09/01/2017 02:41 PM, Kevin Stange wrote:
> On 08/31/2017 07:50 AM, PJ Welsh wrote:
>> A recently created and fully functional CentOS 7.3 VM fails to boot
>> after applying CR updates:
>
>> Server OS is CentOS 7.3 using Xen (no CR updates):
>> rpm -qa xen\*
>>
ugepages_size=2048kB
[1.971425] 11685 total pagecache pages
[1.971430] 0 pages in swap cache
[1.971437] Swap cache stats: add 0, delete 0, find 0/0
[1.971444] Free swap = 0kB
[1.971451] Total swap = 0kB
[1.971456] 4196255 pages RAM
[1.971462] 0 pages HighMem/MovableOnly
[1.
to do that here.
As far as I know, nothing really gets pushed back upstream. Most often
the patches are just plucked from upstream mailing lists before they get
merged into an official upstream release.
--
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter an
-235 disclosed today only affects ARM and isn't going to be added to
these packages.
Thanks.
--
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter and Cloud Services
800 S Wells, Suite 190 | Chicago, IL 60607
312.602.2689 X203 | Fax: 312.602.2688
ke...@steadfast.net
On 07/20/2017 03:14 PM, Piotr Gackiewicz wrote:
> On Thu, 20 Jul 2017, Kevin Stange wrote:
>
>> On 07/20/2017 05:31 AM, Piotr Gackiewicz wrote:
>>> On Wed, 19 Jul 2017, Johnny Hughes wrote:
>>>
>>>> On 07/19/2017 09:23 AM, Johnny Hughes wrote:
>>&g
n environment, and on testing server
> mentioned
> above.
>
> After recompiling recent 4.9.34 with SLAB - everything works well on
> that testing machine.
> A will try to test 4.9.38 with the same config on my production servers.
I was having page allocation failures on 4.
nel.
This kernel is tracking an upstream LTS kernel and building for Xen
specific functionality. Personally, I would stick with the base kernels
for CentOS as they're intended to run KVM and are maintained longer than
upstream LTS kernels.
--
Kevin Stange
Chief Technology Officer
Steadfast | Mana
w.
https://buildlogs.centos.org/centos/7/virt/x86_64/xen-46/
https://buildlogs.centos.org/centos/6/virt/x86_64/xen-44/
https://buildlogs.centos.org/centos/6/virt/x86_64/xen-46/
If you have an opportunity to test it and check for issues, it would be
appreciated.
--
Kevin Stange
Chief Technology Officer
> <https://buildlogs.centos.org/centos/7/virt/x86_64/xen/>
> >
> > (or from /6/ as well for CentOS-6)
> >
> > Not sure why it did not go out on the signing run .. will check
> that server.
> >
> >
> >
> >
On 03/27/2017 04:03 PM, Kevin Stange wrote:
> On 03/25/2017 02:35 PM, Sarah Newman wrote:
>> On 03/16/2017 04:22 PM, Kevin Stange wrote:
>>
>>>> I still can't rest assured the NIC issue is fixed, but no 4.4 or 4.9
>>>> server has yet had a NIC issue,
On 03/25/2017 02:35 PM, Sarah Newman wrote:
> On 03/16/2017 04:22 PM, Kevin Stange wrote:
>
>>> I still can't rest assured the NIC issue is fixed, but no 4.4 or 4.9
>>> server has yet had a NIC issue, with some being up almost a full month.
>>> It looks promisi
On 02/24/2017 11:51 AM, Kevin Stange wrote:
> On 02/21/2017 05:32 PM, Kevin Stange wrote:
>> On 02/21/2017 11:50 AM, Johnny Hughes wrote:
>>> On 02/21/2017 11:47 AM, Johnny Hughes wrote:
>>>>
>>>>
>>>> Kevin,
>>>>
>>>
On 02/21/2017 05:32 PM, Kevin Stange wrote:
> On 02/21/2017 11:50 AM, Johnny Hughes wrote:
>> On 02/21/2017 11:47 AM, Johnny Hughes wrote:
>>>
>>>
>>> Kevin,
>>>
>>> Please try the 4.9.11-22 kernel that I just released for CentOS-6 (along
ntly I've moved most of my servers onto the 4.4 kernel from xen
made easy and they've been stable. I have some indications of an issue
with one of my 3.18 servers right now which required it to be rebooted,
so I'm going to bring the 4.9 kernel up on that server to see how it
does. It may take a few weeks
gt;
>> ___
>> CentOS-virt mailing list
>> CentOS-virt@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-virt
>>
>
>
>
>
> _______
> CentOS-virt mail
On 02/12/2017 05:07 PM, Adi Pircalabu wrote:
> On 11/02/17 06:29, Kevin Stange wrote:
>> On 01/30/2017 06:41 PM, Kevin Stange wrote:
>>> On 01/30/2017 06:12 PM, Adi Pircalabu wrote:
>>>> On 31/01/17 10:49, Kevin Stange wrote:
>>>>> You said 3.x kernels
On 01/30/2017 06:41 PM, Kevin Stange wrote:
> On 01/30/2017 06:12 PM, Adi Pircalabu wrote:
>> On 31/01/17 10:49, Kevin Stange wrote:
>>> You said 3.x kernels specifically. The kernel on Xen Made Easy now is a
>>> 4.4 kernel. Any chance you have tested with that
On 01/30/2017 06:12 PM, Adi Pircalabu wrote:
> On 31/01/17 10:49, Kevin Stange wrote:
>> You said 3.x kernels specifically. The kernel on Xen Made Easy now is a
>> 4.4 kernel. Any chance you have tested with that one?
>
> Not yet, however the future Xen nodes we'll dep
On 01/30/2017 04:17 PM, Adi Pircalabu wrote:
> On 28/01/17 05:21, Kevin Stange wrote:
>> On 01/27/2017 06:08 AM, Karel Hendrych wrote:
>>> Have you tried to eliminate all power management features all over?
>>
>> I've been trying to find and disable all power man
On 01/30/2017 02:15 PM, Johnny Hughes wrote:
> On 01/30/2017 12:59 PM, Kevin Stange wrote:
>> On 01/30/2017 03:18 AM, Jinesh Choksi wrote:
>>>> Are there other kernel options that might be useful to try?
>>>
>>> pci=nomsi
>>>
>>> htt
aged from his repo.
On a related note, does the SIG have plans to replace the 3.18 kernel
which is marked as projected EOL of January 2017
(https://www.kernel.org/category/releases.html)?
--
Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter and Cloud Services
herboards with
different PCIe bridges (5520 vs C600) experiencing the same issues.
> I've been using Intel NICs with Xen/CentOS for ages with no issues.
I figured that must be so. Everyone uses Intel NICs. If this was a
common issue, it would probably be causing a lot of people a lot of trouble
On 01/26/2017 02:08 PM, Kevin Stange wrote:
> On 01/26/2017 09:35 AM, Johnny Hughes wrote:
>> On 01/26/2017 09:32 AM, Johnny Hughes wrote:
>>> On 01/25/2017 11:49 AM, Kevin Stange wrote:
>>>> On 01/24/2017 11:16 AM, Kevin Stange wrote:
>>>>> On 01/
On 01/26/2017 09:35 AM, Johnny Hughes wrote:
> On 01/26/2017 09:32 AM, Johnny Hughes wrote:
>> On 01/25/2017 11:49 AM, Kevin Stange wrote:
>>> On 01/24/2017 11:16 AM, Kevin Stange wrote:
>>>> On 01/24/2017 09:10 AM, Konrad Rzeszutek Wilk wrote:
>>>>
On 01/24/2017 11:16 AM, Kevin Stange wrote:
> On 01/24/2017 09:10 AM, Konrad Rzeszutek Wilk wrote:
>> On Tue, Jan 24, 2017 at 09:29:39PM +0800, -=X.L.O.R.D=- wrote:
>>> Kevin Stange,
>>> It can be either kernel or update the NIC driver or firmware of the NI
On 01/24/2017 09:10 AM, Konrad Rzeszutek Wilk wrote:
> On Tue, Jan 24, 2017 at 09:29:39PM +0800, -=X.L.O.R.D=- wrote:
>> Kevin Stange,
>> It can be either kernel or update the NIC driver or firmware of the NIC
>> card. Hope that helps!
>>
>> Xlord
>> -Ori
ed elsewhere in our facility are
stable under CentOS 6's standard kernel. This affects more than one
server of each type, so I don't believe it is a hardware failure, or
else it's a hardware design flaw.
Has anyone experienced similar issues with this configuration, and if
so, does anyone have tips
47 matches
Mail list logo