[Kernel-packages] [Bug 1585434] Re: ecryptfs_decrypt_page: Error attempting to read lower page; rc = [-4]
Hello. Today, I've noticed two entries about 'ecryptfs_decrypt_page' and 'ecryptfs_readpage' errors in `/var/log/syslog` file. I have no idea if there was/is more such entries. However, it looks this way: ,[ ✖ Error ] | kernel: [25312.360714] ecryptfs_decrypt_page: Error attempting to read lower page; rc = [-4] | kernel: [25312.360724] ecryptfs_readpage: Error decrypting page; rc = [-4] ` There was not any system slowdowns, freezing etc. Anyway, `/home` partition was encrypted during installation with eCryptfs (vide `/home/.ecryptfs/t4/.Private`). Here are some technical informations about system: ,[ ✖ lsb_release ] | Distributor ID: Ubuntu | Description: Ubuntu 16.04.6 LTS | Release: 16.04 | Codename: xenial | --- | Linux:4.4.0-173-generic | Architecture: i686/x86_32 ` It seems, that I'm not only one Xenial user who's seeing these errors (I mean another comments, for example #16 by Stefan Wagner etc). Thanks, best regards. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1585434 Title: ecryptfs_decrypt_page: Error attempting to read lower page; rc = [-4] Status in linux package in Ubuntu: Confirmed Bug description: ecryptfs_decrypt_page: Error attempting to read lower page; rc = [-4] ecryptfs_readpage: Error decrypting page; rc = [-4] I dont' have this issue showing in dmesg when using 3.19 kernel, only with later kernels. Is it related to selecting encrypted home on install or something? I don't notice any issues with performance because of it or have any other error messages. I am using default ubuntu xenial 16.04 with unity. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-22-generic 4.4.0-22.40 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: cooloutac 2054 F pulseaudio /dev/snd/pcmC0D0p: cooloutac 2054 F...m pulseaudio /dev/snd/controlC0: cooloutac 2054 F pulseaudio CurrentDesktop: Unity Date: Tue May 24 22:38:44 2016 EcryptfsInUse: Yes HibernationDevice: RESUME=UUID=0118ec29-2bd5-4cbc-9800-9c04bbe083d1 InstallationDate: Installed on 2016-05-20 (5 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) IwConfig: enp2s0no wireless extensions. lono wireless extensions. MachineType: Dell Inc. Studio XPS 7100 ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-22-generic root=UUID=fcd92967-7d59-44bf-bb88-06efa6fac5f7 ro ipv6.disable=1 quiet splash RelatedPackageVersions: linux-restricted-modules-4.4.0-22-generic N/A linux-backports-modules-4.4.0-22-generic N/A linux-firmware1.157 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 09/10/2010 dmi.bios.vendor: Dell Inc. dmi.bios.version: A06 dmi.board.name: 0NWWY0 dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 3 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA06:bd09/10/2010:svnDellInc.:pnStudioXPS7100:pvr:rvnDellInc.:rn0NWWY0:rvrA00:cvnDellInc.:ct3:cvr: dmi.product.name: Studio XPS 7100 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1585434/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838090] Re: Ubuntu 16.04: read access incorrectly implies 'm' rule
*** This bug is a duplicate of bug 1658219 *** https://bugs.launchpad.net/bugs/1658219 Hello. I would like to note, that when Linux kernel has been updated to 4.4.0-160.188 version[1] (with, among others, patches for LP:#1658219 and LP:#1838090), I've had to update a few profiles (such as Audacious, Parole, Xorg, Logrotate etc.), because of a lot of "DENIED" entries in system log files. If it's about access controls (vide 'requested{denied}_mask'): most new rules required 'm' (memory map as executable), but some of them needed 'k' (file locking) etc.) However, it seems everything is okay now and I hope, that there will be no such issues anymore. Anyway, Mr Tyler Hicks was right: "users with custom policy have some reasonable expectation that upgrading to the new Ubuntu release or kernel version will require them to update their custom policy". By the way; what is an impact of these changes? (I mean LP:#1658219 and LP:#1838090). Does it means, that now, use of 'm' and 'k' access is secured/restricted/checked correctly by AppArmor? And one more thing: this problem is related to v4.4 kernel only, right? Thanks, best regards. __ [1] https://launchpad.net/ubuntu/+source/linux/4.4.0-160.188 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1838090 Title: Ubuntu 16.04: read access incorrectly implies 'm' rule Status in AppArmor: Invalid Status in linux package in Ubuntu: New Status in linux source package in Xenial: Confirmed Bug description: I've already been corresponding with jjohansen privately via email on this, filing a bug here based on our conversation. To summarize the email thread: I was poking around some stuff today, and noticed that it seems like the 'm' rule doesn't actually do anything. I've tested this on two separate machines, both running Ubuntu 16.04: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.6 LTS Release: 16.04 Codename: xenial PoC: $ sudo dmesg -c $ cp /bin/ls /tmp $ echo "/tmp/ls { > /** r, > }" > /tmp/tmp.ls $ sudo apparmor_parser -C -r /tmp/tmp.ls $ /tmp/ls . $ sudo dmesg [1746349.392925] audit: type=1400 audit(1562018298.880:81): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/tmp/ls" pid=28205 comm="apparmor_parser" There are no "ALLOWED" messages stating that we're missing the necessary "mr," rule for mmap'ing shared objects such as libc. As a follow-up, even with an empty profile running in complain mode, I do not see any mention of needing the 'm' rule in the requested / denied mask, it just asks for read access: [1748198.369441] audit: type=1400 audit(1562020148.006:82): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/tmp/ls" pid=28677 comm="apparmor_parser" [1748203.023838] audit: type=1400 audit(1562020152.662:83): apparmor="ALLOWED" operation="open" profile="/tmp/ls" name="/etc/ld.so.cache" pid=28678 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [1748203.023877] audit: type=1400 audit(1562020152.662:84): apparmor="ALLOWED" operation="open" profile="/tmp/ls" name="/lib/x86_64-linux-gnu/libselinux.so.1" pid=28678 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [1748203.023945] audit: type=1400 audit(1562020152.662:85): apparmor="ALLOWED" operation="open" profile="/tmp/ls" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=28678 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [1748203.023998] audit: type=1400 audit(1562020152.662:86): apparmor="ALLOWED" operation="open" profile="/tmp/ls" name="/lib/x86_64-linux-gnu/libpcre.so.3.13.2" pid=28678 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [1748203.024039] audit: type=1400 audit(1562020152.662:87): apparmor="ALLOWED" operation="open" profile="/tmp/ls" name="/lib/x86_64-linux-gnu/libdl-2.23.so" pid=28678 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [1748203.024076] audit: type=1400 audit(1562020152.662:88): apparmor="ALLOWED" operation="open" profile="/tmp/ls" name="/lib/x86_64-linux-gnu/libpthread-2.23.so" pid=28678 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I tested this on Ubuntu 12.04, 18.04, and 19.04, and the expected behavior is indeed there. Seems like a regression in specifically 16.04. Response from jjohansen: "This bug was fixed in Ubuntu in the Ubuntu zesty kernel (4.10) but the fix was for a different issue and never cherry-picked back to Xenial. We are going to need a bug report to get this fixed in the Xenial kernel. So please do file a bug report. I can then attach the patch and send it to the kt for inclusion in the next SRU." To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1838090/+subsc
[Kernel-packages] [Bug 1658219] Re: flock not mediated by 'k'
Hello. I would like to note, that when Linux kernel has been updated to 4.4.0-160.188 version[1] (with, among others, patches for LP:#1658219 and LP:#1838090), I've had to update a few profiles (such as Audacious, Parole, Xorg, Logrotate etc.), because of a lot of "DENIED" entries in system log files. If it's about access controls (vide 'requested{denied}_mask'): most new rules required 'm' (memory map as executable), but some of them needed 'k' (file locking) etc.) However, it seems everything is okay now and I hope, that there will be no such issues anymore. Anyway, Mr Tyler Hicks was right: "users with custom policy have some reasonable expectation that upgrading to the new Ubuntu release or kernel version will require them to update their custom policy". By the way; what is an impact of these changes? (I mean LP:#1658219 and LP:#1838090). Does it means, that now, use of 'm' and 'k' access is secured/restricted/checked correctly by AppArmor? And one more thing: this problem is related to v4.4 kernel only, right? Thanks, best regards. __ [1] https://launchpad.net/ubuntu/+source/linux/4.4.0-160.188 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1658219 Title: flock not mediated by 'k' Status in AppArmor: In Progress Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Committed Status in linux source package in Yakkety: Won't Fix Bug description: $ cat ./apparmor.profile #include profile test { #include /bin/bash ixr, /dev/pts/* rw, /usr/bin/flock ixr, # Not blocked: # aa-exec -p test -- flock -w 1 /tmp/test.lock -c true /tmp/test.lock rw, } $ sudo apparmor_parser -r ./apparmor.profile $ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes yes $ ls -l /tmp/test.lock -rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock The flock command uses flock(LOCK_EX) and I expected it to be blocked due to the lack of 'k'. apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic kernel on amd64. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1790688] Re: x86/pti: 32-bit x86 systems support already available.
Hello H Buus. Thank You for a comment. According to BUGs with call traces from 'kern.log' file (I mean especially 'unable to handle kernel NULL pointer dereference at 0008' messages etc.) I think you should report all these informations on the linux-kernel mailing list (please see 1). Also, I think, that the kernel-team mailing list is a good place -maybe even better than 'lkml' - to report, because this mailing list is used to coordinate and plan kernel uploads for Ubuntu (please see 2). I hope, that 'PTI' will be backported soon, to the Linux kernel used in 16.04 LTS Release and x86_32/i386 architecture. Thanks, best regards. _ 1.: https://lkml.org/ 2.: https://lists.ubuntu.com/archives/kernel-team/ -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1790688 Title: x86/pti: 32-bit x86 systems support already available. Status in linux package in Ubuntu: Triaged Bug description: Hello. This is a very good news: 'PTI' support for x86-32 architecture is available. Linux kernel v4.19 release candidate, finally have Kernel Page-Table Isolation ('PTI', previously known as 'KAISER') support. As we know, 'PTI' provides protection against attack, known as the "Meltdown" (CVE-2017-5754), that breaks isolation between user applications and the operating system etc. However, this protection - needed for "Meltdown" mitigation - wasn't available on 32-bit x86 systems. Until now. So, I would like to ask a question: are there any plans to backport Kernel Page-Table Isolation patches for Linux kernels available in "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I'm asking, because it seems, that pretty much no developers run 32-bit any more. However, there still are many 32-bit users out there. For more informations about how 'PTI' was implemented, created for 32 bit x86 architecture, please check - for example - commit '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32") and these messages on lkml mailing list and lwn.net website (which contains summary of the first half of the 4.19 kernel merge window): ✗ http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html ('PTI' on x86-32; PATCH v.8) ✗ https://lwn.net/Articles/762566/ (See "Architecture-specific" changes) I would like to send a big "Thank You" to Mr Joerg Roedel (and Others, of course) for his amazing work - a whole raft of measures and patches to make this possible - to enable 'PTI' mitigation on x86-32 architecture etc. Thanks, best regards. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1815776] Re: nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed to build
Hello. Once agains - I'm sorry for writing post by post, but there is a very interesting comment I found, while checking patches/fixes in Linux v4.4.0-143.169 version (see '1.'). This is excatly the same error, that happened when I updated kernel to the latest '-proposed' release etc. In both cases, it's about "Processing triggers for linux- image-4.4.0-143-generic" and bad return status for 'nvidia' module build. So, maybe the whole problem with building 'nvidia' module is related with "signing: only install a signed kernel (LP: #1764794)" (see '2.')? Thanks, best regards. _ [1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1764794/comments/6 [2] https://launchpad.net/ubuntu/+source/linux/4.4.0-143.169 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to nvidia-graphics-drivers-384 in Ubuntu. https://bugs.launchpad.net/bugs/1815776 Title: nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed to build Status in nvidia-graphics-drivers-384 package in Ubuntu: Confirmed Bug description: fails on latest kernel 134 on get_user_pages calls. Arguments changed for the function between -142 and -143 kernels. common/inc/nv-mm.h includes a macro to deal with this problem, but it is not working. ProblemType: Package DistroRelease: Ubuntu 16.04 Package: nvidia-384 (not installed) ProcVersionSignature: Ubuntu 4.4.0-142.168-generic 4.4.167 Uname: Linux 4.4.0-142-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 DKMSKernelVersion: 4.4.0-143-generic Date: Wed Feb 13 10:15:20 2019 DuplicateSignature: dkms:nvidia-384:384.130-0ubuntu0.16.04.1:/var/lib/dkms/nvidia-384/384.130/build/common/inc/nv-mm.h:49:35: error: too few arguments to function ‘get_user_pages’ InstallationDate: Installed on 2011-08-11 (2743 days ago) InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1) PackageVersion: 384.130-0ubuntu0.16.04.1 RelatedPackageVersions: dpkg 1.18.4ubuntu1.5 apt 1.2.29ubuntu0.1 SourcePackage: nvidia-graphics-drivers-384 Title: nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed to build UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.modprobe.d.nvidia-384_hybrid.conf: [deleted] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/+bug/1815776/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1815776] Re: nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed to build
Hello. There is a similar raport about failed 'nvidia_304' module build on latest '-proposed' v4.4.0-143-generic kernel: ✗ https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics- drivers-304/+bug/1815858 Mentioned issue happened on both: amd64 and i385/i686 architectures. Best regards. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to nvidia-graphics-drivers-384 in Ubuntu. https://bugs.launchpad.net/bugs/1815776 Title: nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed to build Status in nvidia-graphics-drivers-384 package in Ubuntu: Confirmed Bug description: fails on latest kernel 134 on get_user_pages calls. Arguments changed for the function between -142 and -143 kernels. common/inc/nv-mm.h includes a macro to deal with this problem, but it is not working. ProblemType: Package DistroRelease: Ubuntu 16.04 Package: nvidia-384 (not installed) ProcVersionSignature: Ubuntu 4.4.0-142.168-generic 4.4.167 Uname: Linux 4.4.0-142-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 DKMSKernelVersion: 4.4.0-143-generic Date: Wed Feb 13 10:15:20 2019 DuplicateSignature: dkms:nvidia-384:384.130-0ubuntu0.16.04.1:/var/lib/dkms/nvidia-384/384.130/build/common/inc/nv-mm.h:49:35: error: too few arguments to function ‘get_user_pages’ InstallationDate: Installed on 2011-08-11 (2743 days ago) InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1) PackageVersion: 384.130-0ubuntu0.16.04.1 RelatedPackageVersions: dpkg 1.18.4ubuntu1.5 apt 1.2.29ubuntu0.1 SourcePackage: nvidia-graphics-drivers-384 Title: nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed to build UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.modprobe.d.nvidia-384_hybrid.conf: [deleted] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/+bug/1815776/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1790688] Re: x86/pti: 32-bit x86 systems support already available.
Hello. I would like to note, that "Meltdown" mitigation - for i386 architecture - among others improvements, is already available in OpenBSD 6.4 release (see "Security improvements" section [in:] https://www.openbsd.org/64.html). Best regards. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1790688 Title: x86/pti: 32-bit x86 systems support already available. Status in linux package in Ubuntu: Triaged Bug description: Hello. This is a very good news: 'PTI' support for x86-32 architecture is available. Linux kernel v4.19 release candidate, finally have Kernel Page-Table Isolation ('PTI', previously known as 'KAISER') support. As we know, 'PTI' provides protection against attack, known as the "Meltdown" (CVE-2017-5754), that breaks isolation between user applications and the operating system etc. However, this protection - needed for "Meltdown" mitigation - wasn't available on 32-bit x86 systems. Until now. So, I would like to ask a question: are there any plans to backport Kernel Page-Table Isolation patches for Linux kernels available in "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I'm asking, because it seems, that pretty much no developers run 32-bit any more. However, there still are many 32-bit users out there. For more informations about how 'PTI' was implemented, created for 32 bit x86 architecture, please check - for example - commit '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32") and these messages on lkml mailing list and lwn.net website (which contains summary of the first half of the 4.19 kernel merge window): ✗ http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html ('PTI' on x86-32; PATCH v.8) ✗ https://lwn.net/Articles/762566/ (See "Architecture-specific" changes) I would like to send a big "Thank You" to Mr Joerg Roedel (and Others, of course) for his amazing work - a whole raft of measures and patches to make this possible - to enable 'PTI' mitigation on x86-32 architecture etc. Thanks, best regards. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1790688] Re: x86/pti: 32-bit x86 systems support already available.
** Summary changed: - x86/pti: 32-Bit x86 systems support already available. + x86/pti: 32-bit x86 systems support already available. ** Description changed: Hello. - Linux kernel v4.19 release candidate [1], finally have kernel page-table - isolation ('PTI', previously known as 'KAISER') support for x86_32 - architecture. As we know, 'PTI' provides protection against attack, - known as the "Meltdown" (CVE-2017-5754), that breaks isolation between - user applications and the operating system etc. However, kernel page- - table isolation wasn't available on 32-Bit x86 systems. Until now. + This is a very good news: 'PTI' support for x86-32 architecture is + available. Linux kernel v4.19 release candidate, finally have Kernel + Page-Table Isolation ('PTI', previously known as 'KAISER') support. As + we know, 'PTI' provides protection against attack, known as the + "Meltdown" (CVE-2017-5754), that breaks isolation between user + applications and the operating system etc. However, this protection - + needed for "Meltdown" mitigation - wasn't available on 32-bit x86 + systems. Until now. So, I would like to ask a question: are there any plans to backport - kernel page-table isolation patches for Linux kernels available in - "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean - x86_32 bit architecture, of course. I'm asking, because it seems, that - pretty much no developers run 32-bit any more. However, there still are - many 32-bit users out there. + Kernel Page-Table Isolation patches for Linux kernels available in + "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I'm + asking, because it seems, that pretty much no developers run 32-bit any + more. However, there still are many 32-bit users out there. - For more informations about how 'PTI' was implementing on 32-Bit x86 - architecture, plase check - for example - commit '7757d607c6b31' - ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32"). Here are - messages about 'PTI' support (PATCH v7, v8) for x86_32 [1]. Next, 'PTI' - fixes for x86-32 [2] and more patches related to 'x86/mm/pti' [3]. There - is also a short report for the first half of the 4.19 kernel merge - window [4]. + For more informations about how 'PTI' was implemented, created for 32 + bit x86 architecture, please check - for example - commit + '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for + x86_32") and these messages on lkml mailing list and lwn.net website + (which contains summary of the first half of the 4.19 kernel merge + window): - I'm sorry for such a long message, but I'm very happy that 'PTI' support - is already available for x86_32 architecture and I hope, that it will be - backported to all Ubuntu LTS releases etc. + ✗ http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html ('PTI' on x86-32; PATCH v.8) + ✗ https://lwn.net/Articles/762566/ (See "Architecture-specific" changes) + + I would like to send a big "Thank You" to Mr Joerg Roedel (and Others, + of course) for his amazing work - a whole raft of measures and patches + to make this possible - to enable 'PTI' mitigation on x86-32 + architecture etc. Thanks, best regards. - __ - - [1] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03578.html (please see every next patches etc.) - http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03181.html - http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html - [2] http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05516.html - [3] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03161.html - [4] https://lwn.net/Articles/762566/ (See "Architecture-specific" changes) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1790688 Title: x86/pti: 32-bit x86 systems support already available. Status in linux package in Ubuntu: Triaged Bug description: Hello. This is a very good news: 'PTI' support for x86-32 architecture is available. Linux kernel v4.19 release candidate, finally have Kernel Page-Table Isolation ('PTI', previously known as 'KAISER') support. As we know, 'PTI' provides protection against attack, known as the "Meltdown" (CVE-2017-5754), that breaks isolation between user applications and the operating system etc. However, this protection - needed for "Meltdown" mitigation - wasn't available on 32-bit x86 systems. Until now. So, I would like to ask a question: are there any plans to backport Kernel Page-Table Isolation patches for Linux kernels available in "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I'm asking, because it seems, that pretty much no developers run 32-bit any more. However, there still are many 32-bit users out there. For more informations about how 'PTI' was implemented, created for 32 bit x86 architecture, please check - for example - commit '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE
[Kernel-packages] [Bug 1790688] Re: x86/pti: 32-Bit x86 systems support already available.
Hello. One more thing: since kernel page-table isolation is already available on 32-Bit x86 systems (see Bug Description), maybe "SpectreAndMeltdown" information page (see 1.) should be updated, because of such a statement (see "Current Status"): "No fix is currently available for Meltdown on 32-bit x86; moving to a 64-bit kernel is the currently recommended mitigation." Maybe, it could be changed to note, that: "32-bit x86 finally have kernel page-table isolation support to mitigate "Meltdown". It is already available in Linux kernel v4.19". Or above statement, available on "SpectreAndMeltdown" page, could be changed to: "Fix/mitigation for Meltdown on 32-bit x86 is already available in Linux v4.19 kernel". But that's just my opinion. Best regards. __ 1. https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown#Current_Status -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1790688 Title: x86/pti: 32-Bit x86 systems support already available. Status in linux package in Ubuntu: Confirmed Bug description: Hello. Linux kernel v4.19 release candidate [1], finally have kernel page- table isolation ('PTI', previously known as 'KAISER') support for x86_32 architecture. As we know, 'PTI' provides protection against attack, known as the "Meltdown" (CVE-2017-5754), that breaks isolation between user applications and the operating system etc. However, kernel page-table isolation wasn't available on 32-Bit x86 systems. Until now. So, I would like to ask a question: are there any plans to backport kernel page-table isolation patches for Linux kernels available in "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean x86_32 bit architecture, of course. I'm asking, because it seems, that pretty much no developers run 32-bit any more. However, there still are many 32-bit users out there. For more informations about how 'PTI' was implementing on 32-Bit x86 architecture, plase check - for example - commit '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32"). Here are messages about 'PTI' support (PATCH v7, v8) for x86_32 [1]. Next, 'PTI' fixes for x86-32 [2] and more patches related to 'x86/mm/pti' [3]. There is also a short report for the first half of the 4.19 kernel merge window [4]. I'm sorry for such a long message, but I'm very happy that 'PTI' support is already available for x86_32 architecture and I hope, that it will be backported to all Ubuntu LTS releases etc. Thanks, best regards. __ [1] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03578.html (please see every next patches etc.) http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03181.html http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html [2] http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05516.html [3] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03161.html [4] https://lwn.net/Articles/762566/ (See "Architecture-specific" changes) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1790688] Re: x86/pti: 32-Bit x86 systems support already available.
** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1790688 Title: x86/pti: 32-Bit x86 systems support already available. Status in linux package in Ubuntu: Confirmed Bug description: Hello. Linux kernel v4.19 release candidate [1], finally have kernel page- table isolation ('PTI', previously known as 'KAISER') support for x86_32 architecture. As we know, 'PTI' provides protection against attack, known as the "Meltdown" (CVE-2017-5754), that breaks isolation between user applications and the operating system etc. However, kernel page-table isolation wasn't available on 32-Bit x86 systems. Until now. So, I would like to ask a question: are there any plans to backport kernel page-table isolation patches for Linux kernels available in "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean x86_32 bit architecture, of course. I'm asking, because it seems, that pretty much no developers run 32-bit any more. However, there still are many 32-bit users out there. For more informations about how 'PTI' was implementing on 32-Bit x86 architecture, plase check - for example - commit '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32"). Here are messages about 'PTI' support (PATCH v7, v8) for x86_32 [1]. Next, 'PTI' fixes for x86-32 [2] and more patches related to 'x86/mm/pti' [3]. There is also a short report for the first half of the 4.19 kernel merge window [4]. I'm sorry for such a long message, but I'm very happy that 'PTI' support is already available for x86_32 architecture and I hope, that it will be backported to all Ubuntu LTS releases etc. Thanks, best regards. __ [1] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03578.html (please see every next patches etc.) http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03181.html http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html [2] http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05516.html [3] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03161.html [4] https://lwn.net/Articles/762566/ (See "Architecture-specific" changes) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1790688] [NEW] x86/pti: 32-Bit x86 systems support already available.
Public bug reported: Hello. Linux kernel v4.19 release candidate [1], finally have kernel page-table isolation ('PTI', previously known as 'KAISER') support for x86_32 architecture. As we know, 'PTI' provides protection against attack, known as the "Meltdown" (CVE-2017-5754), that breaks isolation between user applications and the operating system etc. However, kernel page- table isolation wasn't available on 32-Bit x86 systems. Until now. So, I would like to ask a question: are there any plans to backport kernel page-table isolation patches for Linux kernels available in "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean x86_32 bit architecture, of course. I'm asking, because it seems, that pretty much no developers run 32-bit any more. However, there still are many 32-bit users out there. For more informations about how 'PTI' was implementing on 32-Bit x86 architecture, plase check - for example - commit '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32"). Here are messages about 'PTI' support (PATCH v7, v8) for x86_32 [1]. Next, 'PTI' fixes for x86-32 [2] and more patches related to 'x86/mm/pti' [3]. There is also a short report for the first half of the 4.19 kernel merge window [4]. I'm sorry for such a long message, but I'm very happy that 'PTI' support is already available for x86_32 architecture and I hope, that it will be backported to all Ubuntu LTS releases etc. Thanks, best regards. __ [1] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03578.html (please see every next patches etc.) http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03181.html http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html [2] http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05516.html [3] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03161.html [4] https://lwn.net/Articles/762566/ (See "Architecture-specific" changes) ** Affects: linux (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: i386 meltdown pti spectre x86-32 ** Description changed: Hello. Linux kernel v4.19 release candidate [1], finally have kernel page-table isolation ('PTI', previously known as 'KAISER') support for x86_32 architecture. As we know, 'PTI' provides protection against attack, known as the "Meltdown" (CVE-2017-5754), that breaks isolation between user applications and the operating system etc. However, kernel page- table isolation wasn't available on 32-Bit x86 systems. Until now. So, I would like to ask a question: are there any plans to backport kernel page-table isolation patches for Linux kernels available in "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean x86_32 bit architecture, of course. I'm asking, because it seems, that pretty much no developers run 32-bit any more. However, there still are many 32-bit users out there. - For more informations about how 'PTI' implementing on 32-Bit x86 + For more informations about how 'PTI' was implementing on 32-Bit x86 architecture looks like, plase check - for example - commit '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32"). Here are messages about 'PTI' support (PATCH v7, v8) for x86_32 [1]. Next, 'PTI' fixes for x86-32 [2] and more patches related to 'x86/mm/pti' [3]. There is also a short report for the first half of the 4.19 kernel merge window [4]. I'm sorry for such a long message, but I'm very happy that 'PTI' support is already available for x86_32 architecture and I hope, that it will be backported to all Ubuntu LTS releases etc. Thanks, best regards. __ [1] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03578.html (please see every next patches etc.) http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03181.html http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html [2] http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05516.html [3] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03161.html [4] https://lwn.net/Articles/762566/ (See "Architecture-specific" changes) ** Description changed: Hello. Linux kernel v4.19 release candidate [1], finally have kernel page-table isolation ('PTI', previously known as 'KAISER') support for x86_32 architecture. As we know, 'PTI' provides protection against attack, known as the "Meltdown" (CVE-2017-5754), that breaks isolation between user applications and the operating system etc. However, kernel page- table isolation wasn't available on 32-Bit x86 systems. Until now. So, I would like to ask a question: are there any plans to backport kernel page-table isolation patches for Linux kernels available in "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean x86_32 bit architecture, of course. I'm asking, because it seems, that pretty much no developers run 32-bit any more. However, there still are many 32-bit users out there. For more informat
[Kernel-packages] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging
Hello. I just wanto to confirm: everything seems to be okay after updating Linux kernel to v4.4.0-123-generic. However, I would like to ask a question about 'intel-microcode' and 'amd64-microcode' packages. During system updating process via apt(8), there was an information that "The following NEW packages will be installed" etc. and it was about two mentioned 'microcode' packages. I did not have these packages installed, until then. It's an Intel processor, but it seems, that Intel Corporation will not publish any microcode updates for some processor. Intel reveals (on Apr. 3., 2018) list of processors that won't receive Meltdown and Spectre patches. It seems, that some of older processors won't receive microcode updates designed to mitigate the vulnerabilities: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown etc. So, I would like to ask if it was normal, that apt(8) installed such a packages? And why both since it's an Intel processor? Can I remove both packages (since there is no changes related to the microcode and "Spectre & Meltdown" mitigation; just 'revision' change in '/proc/cpuinfo' virtual file or/and dmesg(1) etc.)? In sum two questions: ✗ why apt(8) installed two 'microcode' packages during Linux kernel v4.4.0-123-generic updates? ✗ can 'intel/amd64-microcode' packages be removed (since there is no difference with "Spectre & Meltdown" mitigations)? I apologize for asking such a questions here, but this bug is about 'ibrs/ibpb' (a method to "Spectre & Meltdown" mitigation etc.) and Linux kernel update (v4.4.0-123-generic) during which, two 'microcode' packages were installed. Thanks, best regards. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1755627 Title: ibrs/ibpb fixes result in excessive kernel logging Status in linux package in Ubuntu: Fix Committed Status in linux source package in Trusty: Fix Committed Status in linux source package in Xenial: Fix Committed Status in linux source package in Artful: Fix Committed Bug description: Since at least kernel 4.4.0-116, every invocation of `sysctl -a` results in kernel logs similar to the following: % sysctl -a &>/dev/null; dmesg -T | tail -8 [Wed Mar 14 00:06:36 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:06:36 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:06:36 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:06:36 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:06:36 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:06:36 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:06:36 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:06:36 2018] read cpu 1 ibrs val 0 The output varies with the number of CPUs. After digging a bit, it turns out this is triggered upon every read of `kernel.ibrs_dump`: % for i in {1..3}; do sysctl kernel.ibrs_dump; dmesg -T | tail -8; echo; sleep 1; done kernel.ibrs_dump = 0 [Wed Mar 14 00:08:48 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:48 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:48 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:48 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:48 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:48 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:48 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:48 2018] read cpu 1 ibrs val 0 kernel.ibrs_dump = 0 [Wed Mar 14 00:08:49 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:49 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:49 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:49 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:49 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:49 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:49 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:49 2018] read cpu 1 ibrs val 0 kernel.ibrs_dump = 0 [Wed Mar 14 00:08:50 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:50 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:50 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:50 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:50 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:50 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:50 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:50 2018] read cpu 1 ibrs val 0 Those tests were against an EC2 instance running Ubuntu 4.4.0-116.140-generic 4.4.98 per /proc/version_signature Normally this would not be the biggest concern but we have tooling that gathers instance info on a schedule, including sysctl output, thus resulting in the kernel ring buffer being full of nothing but said output in most cases and hindering live troubleshooting as a result. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755627/+subscr
[Kernel-packages] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging
Hello. Yes, Mr. Kamal Mostafa is right. Linux kernel v4.4.0-123.147 will contain a fix for all of these issues with, for example, '/var/log/syslog' flooding with 'ibrs_dump', 'use_ibrs/ibpb' and 'sysctl_ibrs{,ibpb}_enabled' entries. Now, a "proposed" kernel is v4.4.0-122.146 with a fix for "Redpine: WiFi scan stopping issue observed with BLE (LP: #1757435)". Anyway, next kernel version, mentioned above will be updated, at last, to the v4.4.128 stable release (current version, available e.g. in 16.04 LTS is v4.4.117) and will contain this patch, of course: * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627) - SAUCE: remove ibrs_dump sysctl interface So, we have to wait a little more, because so-called "master-next" branch (with all needed patches for already mentioned v4.4.128 Stable release) was updated only 24 hours ago. Additionally, there will be also a couple of 'x86/spectre' and 'x86/retpoline' patches (mainly in v4.4.118). Thanks, best regards. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1755627 Title: ibrs/ibpb fixes result in excessive kernel logging Status in linux package in Ubuntu: Fix Committed Status in linux source package in Trusty: Fix Committed Status in linux source package in Xenial: Fix Committed Status in linux source package in Artful: Fix Committed Bug description: Since at least kernel 4.4.0-116, every invocation of `sysctl -a` results in kernel logs similar to the following: % sysctl -a &>/dev/null; dmesg -T | tail -8 [Wed Mar 14 00:06:36 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:06:36 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:06:36 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:06:36 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:06:36 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:06:36 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:06:36 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:06:36 2018] read cpu 1 ibrs val 0 The output varies with the number of CPUs. After digging a bit, it turns out this is triggered upon every read of `kernel.ibrs_dump`: % for i in {1..3}; do sysctl kernel.ibrs_dump; dmesg -T | tail -8; echo; sleep 1; done kernel.ibrs_dump = 0 [Wed Mar 14 00:08:48 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:48 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:48 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:48 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:48 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:48 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:48 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:48 2018] read cpu 1 ibrs val 0 kernel.ibrs_dump = 0 [Wed Mar 14 00:08:49 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:49 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:49 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:49 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:49 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:49 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:49 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:49 2018] read cpu 1 ibrs val 0 kernel.ibrs_dump = 0 [Wed Mar 14 00:08:50 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:50 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:50 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:50 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:50 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:50 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:50 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:50 2018] read cpu 1 ibrs val 0 Those tests were against an EC2 instance running Ubuntu 4.4.0-116.140-generic 4.4.98 per /proc/version_signature Normally this would not be the biggest concern but we have tooling that gathers instance info on a schedule, including sysctl output, thus resulting in the kernel ring buffer being full of nothing but said output in most cases and hindering live troubleshooting as a result. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755627/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging
Hello. Today, I noticed the same entries in a log files such as '/var/log/syslog' and via dmesg(1) on 16.04 LTS Release (i386/x86_32 arch) with v4.4.0-120-generic (4.4.117) Linux kernel. The one thing, that is different is 'use_ibrs' value. In my case it's: [~]$ sudo dmesg [ 464.877859] use_ibrs = 0, use_ibpb = 4 [ 467.893757] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [ 467.893762] use_ibrs = 4, use_ibpb = 4 (...) I'm writing about this, because I don't see '0' in any of the above posts etc. Anyway, as Mr Kamal Mostafa wrote, I will wait for a "-proposed" kernel. Thanks, best regards. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1755627 Title: ibrs/ibpb fixes result in excessive kernel logging Status in linux package in Ubuntu: Fix Committed Status in linux source package in Trusty: Fix Committed Status in linux source package in Xenial: Fix Committed Status in linux source package in Artful: Fix Committed Bug description: Since at least kernel 4.4.0-116, every invocation of `sysctl -a` results in kernel logs similar to the following: % sysctl -a &>/dev/null; dmesg -T | tail -8 [Wed Mar 14 00:06:36 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:06:36 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:06:36 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:06:36 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:06:36 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:06:36 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:06:36 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:06:36 2018] read cpu 1 ibrs val 0 The output varies with the number of CPUs. After digging a bit, it turns out this is triggered upon every read of `kernel.ibrs_dump`: % for i in {1..3}; do sysctl kernel.ibrs_dump; dmesg -T | tail -8; echo; sleep 1; done kernel.ibrs_dump = 0 [Wed Mar 14 00:08:48 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:48 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:48 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:48 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:48 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:48 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:48 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:48 2018] read cpu 1 ibrs val 0 kernel.ibrs_dump = 0 [Wed Mar 14 00:08:49 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:49 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:49 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:49 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:49 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:49 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:49 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:49 2018] read cpu 1 ibrs val 0 kernel.ibrs_dump = 0 [Wed Mar 14 00:08:50 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:50 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:50 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:50 2018] read cpu 1 ibrs val 0 [Wed Mar 14 00:08:50 2018] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0 [Wed Mar 14 00:08:50 2018] use_ibrs = 4, use_ibpb = 4 [Wed Mar 14 00:08:50 2018] read cpu 0 ibrs val 0 [Wed Mar 14 00:08:50 2018] read cpu 1 ibrs val 0 Those tests were against an EC2 instance running Ubuntu 4.4.0-116.140-generic 4.4.98 per /proc/version_signature Normally this would not be the biggest concern but we have tooling that gathers instance info on a schedule, including sysctl output, thus resulting in the kernel ring buffer being full of nothing but said output in most cases and hindering live troubleshooting as a result. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755627/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1751021] Re: retpoline abi files are empty on i386
** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1751021 Title: retpoline abi files are empty on i386 Status in linux package in Ubuntu: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Committed Status in linux source package in Artful: Fix Committed Bug description: The .retpoline files in the current abi are actually blank. This is due to incorrect handling in retpoline-extract. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1751021/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748936] Re: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.)
** Tags added: kernel-fixed-upstream ** Changed in: linux (Ubuntu) Status: Fix Released => Confirmed ** Summary changed: - kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.) + kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels; i386/x86_32 ("Spectre & Meltdown") -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748936 Title: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels; i386/x86_32 ("Spectre & Meltdown") Status in linux package in Ubuntu: Confirmed Bug description: Hello. It seems, that 'kaslr' option is responsible for issues with system booting. The latest working kernel is v4.4.0-112.135. Every next release: v4.4.0-113.136 and v4.4.0-115.139 are unable to boot if 'kaslr' option is in use etc. Everything is described in my previous bug report (please see 1.), but I've decided to create a new one, because it seems, that some of the "Spectre & Meltdown" patches are not compatible with kASLR and are responsible for this regressions. Thanks, best regards. [1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot when 'kaslr' option is in use.
** Summary changed: - Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs). + Linux 4.4.0-113.136 (i386/x86_32): failed to boot when 'kaslr' option is in use. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot when 'kaslr' option is in use. Status in linux package in Ubuntu: Confirmed Status in linux source package in Xenial: Confirmed Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on an USB keyboard were in- active. After several seconds, the BusyBox shell screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the USB keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: → Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. → Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E" series. So, I don't know if mentioned patches are good for this type of processor etc.? Especially on i386/x86_32 architecture. ● UPDATE/WARNING: It seems, that 'kaslr' option is responsible for this issue. After booting the latest v4.4.0-115.139 kernel, I've had the same problems as described above. However, after removing 'kaslr' option from a command line via GRUB menu, system started normally etc. The latest, working kernel with 'kaslr' option is v4.4.0-112.135. According to all of this I think, that 'kaslr' is not compatible with some "Spectre & Meltdown" mitigation patches and fixes etc. ✗ Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ✗ Architecture: i386/x86_32 ✗ PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1751021] Re: retpoline abi files are empty on i386
Hello. Retpoline file, is not empty now. After update Linux kernel to the v4.4.0.117.123 (v4.4.114) version in 16.04 LTS Release (i386/x86_32 architecture), '/boot/retpoline-4.4.0-117-generic' file contains some data etc. (2,0K size). Previous files (see post #4) are empty, of course. Thanks. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1751021 Title: retpoline abi files are empty on i386 Status in linux package in Ubuntu: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Committed Status in linux source package in Artful: Fix Committed Bug description: The .retpoline files in the current abi are actually blank. This is due to incorrect handling in retpoline-extract. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1751021/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).
Hello. I apologize for not testing the latest v4.16 kernel, but I've decided to wait for an update to the v4.4 kernel used in "Xenial". And it seems, that everything is okay now and 'kaslr' option is working again. After update Linux kernel to the v4.4.0-117-generic (v4.4.114) version, system boots normally. I've done some tests: ● boot system via GRUB (add 'kaslr' option and press 'CTRL + X') ● edit '/etc/default/grub' file and add 'kaslr' option to the 'GRUB_CMDLINE_LINUX_DEFAULT=' Everything is fine, system starts normally etc. There is no problem, as I've described in my post #4. So, some of the patches (see 1.) fixed this issue. Thanks, best regards. _ 1. https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/xenial/commit/?id=fc74a5c4a98418105b4b246b935e3be90d6a635c ** Tags added: kernel-fixed-upstream ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu Xenial) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs). Status in linux package in Ubuntu: Confirmed Status in linux source package in Xenial: Confirmed Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on an USB keyboard were in- active. After several seconds, the BusyBox shell screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the USB keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: → Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. → Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E" series. So, I don't know if mentioned patches are good for this type of processor etc.? Especially on i386/x86_32 architecture. ● UPDATE/WARNING: It seems, that 'kaslr' option is responsible for this issue. After booting the latest v4.4.0-115.139 kernel, I've had the same problems as described above. However, after removing 'kaslr' option from a command line via GRUB menu, system started normally etc. The latest, working kernel with 'kaslr' option is v4.4.0-112.135. According to all of this I think, that 'kaslr' is not compatible with some "Spectre & Meltdown" mitigation patches and fixes etc. ✗ Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ✗ Architecture: i386/x86_32 ✗ PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748936] Re: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.)
Hello. It seems, that everything is okay now and 'kaslr' option is working again. After update Linux kernel to the v4.4.0-117-generic (v4.4.114) version, system boots normally. So, some of the patches (see 1.) fixed this issue. Thanks, best regards. _ 1. https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/xenial/commit/?id=fc74a5c4a98418105b4b246b935e3be90d6a635c -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748936 Title: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.) Status in linux package in Ubuntu: Fix Released Bug description: Hello. It seems, that 'kaslr' option is responsible for issues with system booting. The latest working kernel is v4.4.0-112.135. Every next release: v4.4.0-113.136 and v4.4.0-115.139 are unable to boot if 'kaslr' option is in use etc. Everything is described in my previous bug report (please see 1.), but I've decided to create a new one, because it seems, that some of the "Spectre & Meltdown" patches are not compatible with kASLR and are responsible for this regressions. Thanks, best regards. [1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748936] Re: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.)
Linux kernel v4.4.0-117-generic (v4.4.114) works okay and 'kaslr' option can be used again. ** Changed in: linux (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748936 Title: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.) Status in linux package in Ubuntu: Fix Released Bug description: Hello. It seems, that 'kaslr' option is responsible for issues with system booting. The latest working kernel is v4.4.0-112.135. Every next release: v4.4.0-113.136 and v4.4.0-115.139 are unable to boot if 'kaslr' option is in use etc. Everything is described in my previous bug report (please see 1.), but I've decided to create a new one, because it seems, that some of the "Spectre & Meltdown" patches are not compatible with kASLR and are responsible for this regressions. Thanks, best regards. [1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1751021] Re: retpoline abi files are empty on i386
Hello. I've noticed this issue with blank '/boot/retpoline-*' files in 16.04 LTS Release (i386/x86_32) after Linux kernel update to the v4.4.0-115 version. (Generally, I've started to seeing these files when "Spectre_V12" patches were available for i386 architecture. I wanted to ask a question or report a bug about it etc.) So, these files are empty and it looks this way on 16.04 LTS Release: [~]$ ls -al /boot/retpoline-4.4.0-11* -rw-r--r-- 1 root root 0 lut 11 19:00 /boot/retpoline-4.4.0-115-generic -rw-r--r-- 1 root root 0 lut 13 00:14 /boot/retpoline-4.4.0-116-generic [~]$ uname -m i686 Thanks, best regards. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1751021 Title: retpoline abi files are empty on i386 Status in linux package in Ubuntu: In Progress Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Committed Status in linux source package in Artful: Fix Committed Bug description: The .retpoline files in the current abi are actually blank. This is due to incorrect handling in retpoline-extract. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1751021/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).
Here is a new, separate bug report about 'kASLR' and system booting issues (v4.4.0-113.136 - v4.4.0-115-generic kernel versions): ● https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs). Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Incomplete Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on an USB keyboard were in- active. After several seconds, the BusyBox shell screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the USB keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: → Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. → Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E" series. So, I don't know if mentioned patches are good for this type of processor etc.? Especially on i386/x86_32 architecture. ● UPDATE/WARNING: It seems, that 'kaslr' option is responsible for this issue. After booting the latest v4.4.0-115.139 kernel, I've had the same problems as described above. However, after removing 'kaslr' option from a command line via GRUB menu, system started normally etc. The latest, working kernel with 'kaslr' option is v4.4.0-112.135. According to all of this I think, that 'kaslr' is not compatible with some "Spectre & Meltdown" mitigation patches and fixes etc. ✗ Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ✗ Architecture: i386/x86_32 ✗ PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).
Good day, Mr Salisbury. Yes, I can test the latest kernel, but I have a few very naive questions (I just want to be sure for one hundred percent etc.) So, because it's an i386/x86_32 architecture I should: ✗ download 'linux-headers-4.16.0-041600rc1-generic_4.16.0-041600rc1.201802120030_i386.deb' and 'linux-image-4.16.0-041600rc1-generic_4.16.0-041600rc1.201802120030_i386.deb' packages; ✗ use, for example, dpkg(1) command to install these two packages ($ sudo dpkg -i ...); ✗ add "kaslr" option to the '/etc/default/grub' file (in 'GRUB_CMDLINE_LINUX_DEFAULT' option); ✗ update GRUB with update-grub(8) command to generate a grub2 config file etc.; ✗ reboot. Once again: I apologize for such a naive questions. Mr Salisbury, can You confirm if what I've wrote is okay? Generally: is it a proper way to test the latest kernel? And what about dpkg(1) command: I should use '-i, --install' action only, right? I'm asking, because there is - for example - a 'gdebi' package, which is a simple tool to install deb files etc. Geez, what a shame... Thanks. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs). Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Incomplete Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on an USB keyboard were in- active. After several seconds, the BusyBox shell screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the USB keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: → Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. → Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E" series. So, I don't know if mentioned patches are good for this type of processor etc.? Especially on i386/x86_32 architecture. ● UPDATE/WARNING: It seems, that 'kaslr' option is responsible for this issue. After booting the latest v4.4.0-115.139 kernel, I've had the same problems as described above. However, after removing 'kaslr' option from a command line via GRUB menu, system started normally etc. The latest, working kernel with 'kaslr' option is v4.4.0-112.135. According to all of this I think, that 'kaslr' is not compatible with some "Spectre & Meltdown" mitigation patches and fixes etc. ✗ Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ✗ Architecture: i386/x86_32 ✗ PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748936] [NEW] kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.)
Public bug reported: Hello. It seems, that 'kaslr' option is responsible for issues with system booting. The latest working kernel is v4.4.0-112.135. Every next release: v4.4.0-113.136 and v4.4.0-115.139 are unable to boot if 'kaslr' option is in use etc. Everything is described in my previous bug report (please see 1.), but I've decided to create a new one, because it seems, that some of the "Spectre & Meltdown" patches are not compatible with kASLR and are responsible for this regressions. Thanks, best regards. [1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710 ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Tags: i386 kaslr linux meltdown spectre ** Changed in: linux (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748936 Title: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.) Status in linux package in Ubuntu: Confirmed Bug description: Hello. It seems, that 'kaslr' option is responsible for issues with system booting. The latest working kernel is v4.4.0-112.135. Every next release: v4.4.0-113.136 and v4.4.0-115.139 are unable to boot if 'kaslr' option is in use etc. Everything is described in my previous bug report (please see 1.), but I've decided to create a new one, because it seems, that some of the "Spectre & Meltdown" patches are not compatible with kASLR and are responsible for this regressions. Thanks, best regards. [1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).
** Description changed: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on an USB keyboard were in- active. After several seconds, the BusyBox shell screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the USB keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: - ✗ Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. - ✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. + → Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. + → Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E" series. So, I don't know if mentioned patches are good for this type of processor etc.? Especially on i386/x86_32 architecture. - I hope, that all mitigations and fixes for "Metldown & Spectre_v1.2" - atacks will be available for 32-bit x86 architecture. (OpenSUSE - Developers are working on such a fixes/patches, right?) If I could - provide some more informations, please let me know. Here are some - technical informations: + ● UPDATE/WARNING: It seems, that 'kaslr' option is responsible for this + issue. After booting the latest v4.4.0-115.139 kernel, I've had the same + problems as described above. However, after removing 'kaslr' option from + a command line via GRUB menu, system started normally etc. The latest, + working kernel with 'kaslr' option is v4.4.0-112.135. According to all + of this I think, that 'kaslr' is not compatible with some "Spectre & + Meltdown" mitigation patches and fixes etc. - ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 - ● Architecture: i386/x86_32 - ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] + ✗ Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 + ✗ Architecture: i386/x86_32 + ✗ PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html ** Tags added: kaslr -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs). Status in linux package in Ubuntu: Confirmed Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on an USB keyboard were in- active. After several seconds, the BusyBox shell screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the USB keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).
Hello. There is the same problem with a new, latest Linux 4.4.0-115-generic kernel (updated today). I've tried to boot system with 'nosplash' option (set via GRUB etc.) and it seems, that there is a problem with: Gave up waiting for root device. Common problems: - Boot args (cat /proc/cmdline) - Check rootdelay= (did the system wait long enough?) - Check root= (did the system wait for the right device?) - Missing modules (cat /proc/modules; ls /dev) ALERT! UUID=* does not exist. Dropping to a shell! BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) Enter 'help' for a lost of built-in commands. (initramfs) _ However, I've decided try to boot v4.4.0-115-generic kernel once again, because above 'ALERT!' message was very interesting for me, but this time, without 'kaslr' option. So, in a GRUB menu I removed this option and press CTRL + x. Everything was okay - system boot normally. It seems, that there is a problem with a 'kaslr' in latest 16.04 LTS Release kernels (I'm having this problem since update to the v4.4.0-113.136 kernel version. Should I create a new bug report about 'kaslr' and latest kernel versions? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs). Status in linux package in Ubuntu: Confirmed Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on an USB keyboard were in- active. After several seconds, the BusyBox shell screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the USB keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: ✗ Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. ✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E" series. So, I don't know if mentioned patches are good for this type of processor etc.? Especially on i386/x86_32 architecture. I hope, that all mitigations and fixes for "Metldown & Spectre_v1.2" atacks will be available for 32-bit x86 architecture. (OpenSUSE Developers are working on such a fixes/patches, right?) If I could provide some more informations, please let me know. Here are some technical informations: ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ● Architecture: i386/x86_32 ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).
** Summary changed: - Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell. + Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs). ** Description changed: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, - plymouth freezes during start, and keys on a keyboard were in-active. - After several seconds, the BusyBox screen appeared. It looks this way: + plymouth freezes during start, and keys on an USB keyboard were in- + active. After several seconds, the BusyBox shell screen appeared. It + looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- - Unfortunately, the keyboard does not work and does not respond. The only - way to solve this issue is a "hard reset" and in GRUB menu choosing an - earlier kernel, which is linux 4.4.0-112.135. Now, everything works + Unfortunately, the USB keyboard does not work and does not respond. The + only way to solve this issue is a "hard reset" and in GRUB menu choosing + an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: ✗ Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. ✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as - '/var/log/syslog' or '/var/log/kern.log'. Maybe only that one (but I - have no idea if it's important)? + '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E" + series. So, I don't know if mentioned patches are good for this type of + processor etc.? Especially on i386/x86_32 architecture. - ✗ PCI: Using host bridge windows from ACPI; if necessary, use - "pci=nocrs" and report a bug - - If I could provide some more informations, please let me know. Here are - some technical informations: + I hope, that all mitigations and fixes for "Metldown & Spectre_v1.2" + atacks will be available for 32-bit x86 architecture. (OpenSUSE + Developers are working on such a fixes/patches, right?) If I could + provide some more informations, please let me know. Here are some + technical informations: ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ● Architecture: i386/x86_32 ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs). Status in linux package in Ubuntu: Confirmed Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on an USB keyboard were in- active. After several seconds, the BusyBox shell screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the USB keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: ✗ Crashes in early boot, especially ar
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell.
Please see "Ubuntu Kernel Bot (ubuntu-kernel-bot)" comment and answer. ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell. Status in linux package in Ubuntu: Confirmed Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on a keyboard were in-active. After several seconds, the BusyBox screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: ✗ Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. ✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. Maybe only that one (but I have no idea if it's important)? ✗ PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug If I could provide some more informations, please let me know. Here are some technical informations: ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ● Architecture: i386/x86_32 ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell.
Hi. I can not enter mentioned command, because during system boot plymouth freezes and keyboard is unresponsive. After several seconds plymouth disappears and BusyBox v1.22.1 "console" appears (here, keyboard does not work and does not respond either). The only solution is to use hard reboot and choose an earlier v4.4.0-112.135 Linux kernel in GRUB menu etc. Maybe I can execute 'apport-collect 1748710' command in v4.4.0-112.135 kernel? But this issue appeared after update to the "-proposed" kernel: v4.4.0-112.135. Thanks. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1748710 Title: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell. Status in linux package in Ubuntu: Confirmed Bug description: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on a keyboard were in-active. After several seconds, the BusyBox screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: ✗ Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. ✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. Maybe only that one (but I have no idea if it's important)? ✗ PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug If I could provide some more informations, please let me know. Here are some technical informations: ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ● Architecture: i386/x86_32 ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1748710] [NEW] Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell.
Public bug reported: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on a keyboard were in-active. After several seconds, the BusyBox screen appeared. It looks this way: ,-- | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) | Enter 'help' for a list of built-in commands. | | (initramfs) _ `-- Unfortunately, the keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: ✗ Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. ✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. Maybe only that one (but I have no idea if it's important)? ✗ PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug If I could provide some more informations, please let me know. Here are some technical informations: ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 ● Architecture: i386/x86_32 ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express bridge [1458:026f] Thanks, regards. 1. https://lists.ubuntu.com/archives/xenial- changes/2018-February/020108.html ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: i386 linux meltdown spectre xenial ** Description changed: Hello. On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to the 4.4.0-113.136 version (xenial-proposed). However, after reboot, plymouth freezes during start, and keys on a keyboard were in-active. After several seconds, the BusyBox screen appeared. It looks this way: - ✗ ✗ BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash) ✗ Enter 'help' for a list of built-in commands. ✗ ✗ (initramfs) _ - ✗ Unfortunately, the keyboard does not work and does not respond. The only way to solve this issue is a "hard reset" and in GRUB menu choosing an earlier kernel, which is linux 4.4.0-112.135. Now, everything works okay. Proposed update to the Linux 4.4.0-113.136 contains many new updates (please see 1.) It's an i386/x86_32 architecture, which does not contain PTI yet, right? I'm asking, because mentioned -proposed updates contains a couple of PTI-related patches and bugs in PTI can cause a few different signatures of crashes etc. For example: - ✓ Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. - ✓ Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. + ● Crashes in early boot, especially around CPU bringup. Bugs in the trampoline code or mappings cause these. + ● Userspace segfaults early in boot, sometimes manifesting as mount(8) failing to mount the rootfs. These have tended to be TLB invalidation issues. Usually invalidating the wrong PCID, or otherwise missing an invalidation. NOTE: if it's about PCID, which is mentioned in a second point, there is one patch in -proposed update: "x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the cause of a boot failure? There are no errors in log files, such as '/var/log/syslog' or '/var/log/kern.log'. Maybe only that one (but I have no idea if it's important)? ✗ PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug If I could provide some more informations, please let me know. Here are some technical informations: - ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98 - ● Architecture: i386/x86_32 - ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73
[Kernel-packages] [Bug 1556419] Re: nf_conntrack: automatic helper assignment is deprecated
Hi. The same problem here. Release 16.04.2 LTS, iptables 1.6.0-2ubuntu3 etc. I noticed this one in dmesg entry: $ sudo dmesg |grep iptables [ 1168.282586] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. I have one more problem with this release; when iptables is in use (with very simple rules) there is not internet connection. But using ufw firewall, everything seems to work OK. Thanks. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1556419 Title: nf_conntrack: automatic helper assignment is deprecated Status in iptables package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Bug description: Get this logged into journalctl (since a moment): kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-13-generic 4.4.0-13.29 ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5 Uname: Linux 4.4.0-13-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: oem1942 F pulseaudio /dev/snd/pcmC0D0p: oem1942 F...m pulseaudio /dev/snd/controlC0: oem1942 F pulseaudio CurrentDesktop: GNOME Date: Sat Mar 12 14:52:09 2016 HibernationDevice: RESUME=UUID=0a9ca7f0-6eeb-4b21-b70f-670fa600de16 IwConfig: eth0 no wireless extensions. eth1 no wireless extensions. lono wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 002: ID 046d:c062 Logitech, Inc. M-UAS144 [LS1 Laser Mouse] Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: ASUSTEK COMPUTER INC P5W DH Deluxe ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=7c755ed6-51cc-4b75-88ac-9c75acf82749 ro RelatedPackageVersions: linux-restricted-modules-4.4.0-13-generic N/A linux-backports-modules-4.4.0-13-generic N/A linux-firmware1.156 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/22/2010 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 3002 dmi.board.asset.tag: To Be Filled By O.E.M. dmi.board.name: P5W DH Deluxe dmi.board.vendor: ASUSTeK Computer INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Asset-1234567890 dmi.chassis.type: 3 dmi.chassis.vendor: Chassis Manufacture dmi.chassis.version: Chassis Version dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd07/22/2010:svnASUSTEKCOMPUTERINC:pnP5WDHDeluxe:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5WDHDeluxe:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion: dmi.product.name: P5W DH Deluxe dmi.product.version: System Version dmi.sys.vendor: ASUSTEK COMPUTER INC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1556419/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1540807] [NEW] ArpON ver. 2.7: the DARPI and -d (--darpi) flag bug.
Public bug reported: Hello. Because on Ubuntu 12.04 LTS an ArpON package is pretty outdated (ver. 2.0-2.1 0) I've decided to use a version from a Vivid release - 2.7. It seems that ArpON ver. 2.7 has a bug related to a DARPI anti Arp Poisoning techniques. Because I am using a DHCP method to obtain an IP address I needed to use a DARPI method (Dynamin Arp Inspect.) instead of SARPI (Static Arp Inspect). After installation via 'apt-get' utility, configuring "arpon" file from '/etc/default/' directory and uncomment line responsible for a DARPI method, ArpON failed to start with a following error: $ sudo /etc/init.d/arpon start * Starting anti ARP poisoning daemon arpon 20:38:55 PID = /usr/bin/arpon: invalid option -- 'd' [fail] For a DARPI method a line in the '/etc/default/arpon' file looks this way: DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -d". According to the Ubuntu manpage[1] '-g' flag stands for "Works in logging mode", since '-d' flag means "Manages Arp Cache dynamically". Everything should work okay, but it does not. I've tried many possibilities, configurations etc. And it seems, that a new ArpON 2.7 version requires a '-D' flag instead '-d'. So, now there must be the '-D' flag not '-d'. After this small change everything started to work okay: $ sudo /etc/init.d/arpon start * Starting anti ARP poisoning daemon arpon 20:43:32 PID =[OK] One more test, to be one hundred percent sure: after running '/etc/init.d/arpon status' command, status of anti ARP poisoning daemon arpon is [OK]. Here are some technical details: * Ubuntu 3.2.0-98.138-generic-pae 3.2.75 ('cat /proc/version_signature' command result) * lsb_release -rd Description: Ubuntu 12.04.5 LTS Release: 12.04 * arpon: 2.7.2-1 By the way: ArpON sometimes crashed with "SIGSEGV in pthread_kill()" (after user login), but I will have to create a new bug report. Best regards. _ [1] http://manpages.ubuntu.com/manpages/trusty/man8/arpon.8.html ** Affects: arpon (Ubuntu) Importance: Undecided Status: New ** Tags: arpon darpi -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1540807 Title: ArpON ver. 2.7: the DARPI and -d (--darpi) flag bug. Status in arpon package in Ubuntu: New Bug description: Hello. Because on Ubuntu 12.04 LTS an ArpON package is pretty outdated (ver. 2.0-2.1 0) I've decided to use a version from a Vivid release - 2.7. It seems that ArpON ver. 2.7 has a bug related to a DARPI anti Arp Poisoning techniques. Because I am using a DHCP method to obtain an IP address I needed to use a DARPI method (Dynamin Arp Inspect.) instead of SARPI (Static Arp Inspect). After installation via 'apt-get' utility, configuring "arpon" file from '/etc/default/' directory and uncomment line responsible for a DARPI method, ArpON failed to start with a following error: $ sudo /etc/init.d/arpon start * Starting anti ARP poisoning daemon arpon 20:38:55 PID = /usr/bin/arpon: invalid option -- 'd' [fail] For a DARPI method a line in the '/etc/default/arpon' file looks this way: DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -d". According to the Ubuntu manpage[1] '-g' flag stands for "Works in logging mode", since '-d' flag means "Manages Arp Cache dynamically". Everything should work okay, but it does not. I've tried many possibilities, configurations etc. And it seems, that a new ArpON 2.7 version requires a '-D' flag instead '-d'. So, now there must be the '-D' flag not '-d'. After this small change everything started to work okay: $ sudo /etc/init.d/arpon start * Starting anti ARP poisoning daemon arpon 20:43:32 PID =[OK] One more test, to be one hundred percent sure: after running '/etc/init.d/arpon status' command, status of anti ARP poisoning daemon arpon is [OK]. Here are some technical details: * Ubuntu 3.2.0-98.138-generic-pae 3.2.75 ('cat /proc/version_signature' command result) * lsb_release -rd Description: Ubuntu 12.04.5 LTS Release: 12.04 * arpon: 2.7.2-1 By the way: ArpON sometimes crashed with "SIGSEGV in pthread_kill()" (after user login), but I will have to create a new bug report. Best regards. _ [1] http://manpages.ubuntu.com/manpages/trusty/man8/arpon.8.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/arpon/+bug/1540807/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1540807] Re: ArpON ver. 2.7: the DARPI and -d (--darpi) flag bug.
Change package to arpon. ** Package changed: linux (Ubuntu) => arpon (Ubuntu) ** Description changed: Hello. Because on Ubuntu 12.04 LTS an ArpON package is pretty outdated (ver. 2.0-2.1 0) I've decided to use a version from a Vivid release - 2.7. It seems that ArpON ver. 2.7 has a bug related to a DARPI anti Arp Poisoning techniques. Because I am using a DHCP method to obtain an IP address I needed to use a DARPI method (Dynamin Arp Inspect.) instead of SARPI (Static Arp Inspect). After installation via 'apt-get' utility, configuring "arpon" file from '/etc/default/' directory and uncomment line responsible for a DARPI method, ArpON failed to start with a following error: $ sudo /etc/init.d/arpon start * Starting anti ARP poisoning daemon arpon 20:38:55 PID = /usr/bin/arpon: invalid option -- 'd' [fail] - For a DARPI method line in the '/etc/default/arpon' file looks this way: - DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -d". According to the - Ubuntu manpage[1] '-g' flag stands for "Works in logging mode", since - '-d' flag means "Manages Arp Cache dynamically". Everything should work - okay, but it does not. I've tried many possibilities, configurations - etc. + For a DARPI method a line in the '/etc/default/arpon' file looks this + way: DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -d". According to + the Ubuntu manpage[1] '-g' flag stands for "Works in logging mode", + since '-d' flag means "Manages Arp Cache dynamically". Everything should + work okay, but it does not. I've tried many possibilities, + configurations etc. And it seems, that a new ArpON 2.7 version requires a '-D' flag instead '-d'. So, now there must be the '-D' flag not '-d'. After this small change everything started to work okay: $ sudo /etc/init.d/arpon start * Starting anti ARP poisoning daemon arpon 20:43:32 PID =[OK] One more test, to be one hundred percent sure: after running '/etc/init.d/arpon status' command, status of anti ARP poisoning daemon arpon is [OK]. Here are some technical details: * Ubuntu 3.2.0-98.138-generic-pae 3.2.75 ('cat /proc/version_signature' command result) * lsb_release -rd -Description: Ubuntu 12.04.5 LTS -Release: 12.04 + Description: Ubuntu 12.04.5 LTS + Release: 12.04 * arpon: 2.7.2-1 By the way: ArpON sometimes crashed with "SIGSEGV in pthread_kill()" (after user login), but I will have to create a new bug report. Best regards. _ [1] http://manpages.ubuntu.com/manpages/trusty/man8/arpon.8.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1540807 Title: ArpON ver. 2.7: the DARPI and -d (--darpi) flag bug. Status in arpon package in Ubuntu: New Bug description: Hello. Because on Ubuntu 12.04 LTS an ArpON package is pretty outdated (ver. 2.0-2.1 0) I've decided to use a version from a Vivid release - 2.7. It seems that ArpON ver. 2.7 has a bug related to a DARPI anti Arp Poisoning techniques. Because I am using a DHCP method to obtain an IP address I needed to use a DARPI method (Dynamin Arp Inspect.) instead of SARPI (Static Arp Inspect). After installation via 'apt-get' utility, configuring "arpon" file from '/etc/default/' directory and uncomment line responsible for a DARPI method, ArpON failed to start with a following error: $ sudo /etc/init.d/arpon start * Starting anti ARP poisoning daemon arpon 20:38:55 PID = /usr/bin/arpon: invalid option -- 'd' [fail] For a DARPI method a line in the '/etc/default/arpon' file looks this way: DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -d". According to the Ubuntu manpage[1] '-g' flag stands for "Works in logging mode", since '-d' flag means "Manages Arp Cache dynamically". Everything should work okay, but it does not. I've tried many possibilities, configurations etc. And it seems, that a new ArpON 2.7 version requires a '-D' flag instead '-d'. So, now there must be the '-D' flag not '-d'. After this small change everything started to work okay: $ sudo /etc/init.d/arpon start * Starting anti ARP poisoning daemon arpon 20:43:32 PID =[OK] One more test, to be one hundred percent sure: after running '/etc/init.d/arpon status' command, status of anti ARP poisoning daemon arpon is [OK]. Here are some technical details: * Ubuntu 3.2.0-98.138-generic-pae 3.2.75 ('cat /proc/version_signature' command result) * lsb_release -rd Description: Ubuntu 12.04.5 LTS Release: 12.04 * arpon: 2.7.2-1 By the way: ArpON sometimes crashed with "SIGSEGV in pthread_kill()" (after user login), but I will have to create a new bug report. Best regards. _ [1] http://manpages.ubuntu.com/manpages/trusty/man8/arpon.8.html To manage notifications about this bug go to: https