Sorry sorry. It seems it was too late last nicht. Stefan
Am 10.06.2014 10:03, schrieb Kir Kolyshkin: > On 06/10/2014 12:49 AM, Stefan Priebe - Profihost AG wrote: >> Am 10.06.2014 02:37, schrieb Kir Kolyshkin: >>> On 06/08/2014 08:32 AM, Stefan Priebe - Profihost AG wrote: >>>> Am 07.06.2014 um 11:12 schrieb Kir Kolyshkin <k...@openvz.org >>>> <mailto:k...@openvz.org>>: >>>> >>>>> On 06/06/2014 09:48 PM, Stefan Priebe - Profihost AG wrote: >>>>>> Oh sorry. My fault. Yes it's the same with 090.2 >>>>> I tried to reproduce it locally on an CentOS x86_64 box with the >>>>> following set of commands, >>>>> (checking that every one of those succeeds): >>>>> >>>>> yum -y update >>>>> yum -u install yum-utils >>>>> rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ >>>>> wget >>>>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/vzkernel-2.6.32-042stab090.2.src.rpm >>>>> >>>>> yum-builddep -y vzkernel-2.6.32-042stab090.2.src.rpm >>>>> rpmbuild --rebuild vzkernel-2.6.32-042stab090.2.src.rpm >>>>> >>>>> The end result is built kernel packages. >>>>> >>>>> So, then I tried building from source+patch: >>>>> >>>>> wget >>>>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/patches/patch-042stab090.2-combined.gz >>>>> >>>>> wget >>>>> https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.32.tar.xz >>>>> tar xf linux-2.6.32.tar.xz >>>>> cd linux-2.6.32 >>>>> gzip -dc ../patch-042stab090.2-combined.gz | patch -p1 >>>>> wget >>>>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/configs/config-2.6.32-042stab090.2.x86_64 >>>>> >>>>> mv config-2.6.32-042stab090.2.x86_64 .config >>>>> make oldconfig >>>>> make -j16 >>>>> >>>>> Same result -- it was built w/o errors. >>>>> >>>>> So, I was not able to reproduce your issue in either way. >>>>> >>>>> *Two questions:* >>>>> >>>>> 1. Can you please describe how you build the kernel (including the >>>>> build >>>>> environment description), in a way so I will be able to reproduce it >>>>> locally >>>>> (for example, something similar to the above)? >>>> Mhm debian 7.5 using a custom config. But while looking through the >>>> source code i was not able to der a >>>> reason why it shouldn't work. >>> I am also building kernels for Debian as well (although I am using >>> gcc-4.4.6 from CentOS 6 >>> and I recommend everyone to do the same -- Red Hat kernels are somewhat >>> sensitive to the >>> version of gcc being used -- but I think it's not the cause of the >>> problem here) >>> >>> It's probably because of your .config. Is it possible that you share it? >>> Alternatively, do a diff >>> between your config and ours, maybe something will look suspicious. For >>> example, you have >>> CONFIG_NETFILTER_XTABLES=m instead of y, it might cause this (not >>> tested). >> No it's not something obvious like this. I already checked that. The >> problem is indeed the config. If i copy yours it's working fine. Mine >> was until 0.88 too. But i don't get which option can cause this. >> >> My config is here: >> http://pastebin.com/raw.php?i=8KwWzwJR > > My guess was suddenly right. > > Compared your config to ours, here's one of the changes: > > -CONFIG_NETFILTER_XTABLES=m > +CONFIG_NETFILTER_XTABLES=y > > You either have to revert it to m, or apply the following one-liner: > > --- linux-2.6.32/kernel/kmod.c.old 2014-06-10 04:00:11.516427311 -0400 > +++ linux-2.6.32/kernel/kmod.c 2014-06-10 04:00:01.146853184 -0400 > @@ -286,6 +286,8 @@ > > return false; > } > +EXPORT_SYMBOL(module_payload_allowed); > + > #endif /* CONFIG_VE_IPTABLES */ > > int ve0_request_module(const char *name,...) > > >> >>> As for the patches you have, I doubt it is the cause, but it might be. >>> >>> Just a general note -- when filing a bug report, it is a good thing to >>> provide >>> everything that can help to reproduce it. So, instead of just saying "I >>> got such error >>> compiling such kernel" you can say "I got such error compiling such >>> kernel on >>> an Ubuntu xx.xx using gcc x.x.x, attached are my .config and the patches >>> I apply >>> on top of yours". This is in your own interest, if you want the issue to >>> be solved. >>> >>>> >>>>> 2. (Just curious) What is the reason you are building your own kernels >>>>> instead of relying on packaged binaries that we release? Sorry if I >>>>> already >>>>> asked. >>>> Needed some tweaks newer intel 10gbe drivers, ISO vfs support inside >>>> guest >>> I'd suggest using fuseiso for that. >>> >>>> , netconsole build inside kernel instead of module... >>>> >>>> Stefan >>>> >>>>> Kir. >>>>> >>>>>> Stefan >>>>>> >>>>>> Excuse my typo sent from my mobile phone. >>>>>> >>>>>> Am 07.06.2014 um 06:23 schrieb Kir Kolyshkin <k...@openvz.org >>>>>> <mailto:k...@openvz.org>>: >>>>>> >>>>>>> Kostya, can you please take a quick look? >>>>>>> >>>>>>> Stefan, >>>>>>> >>>>>>> Did you have the same problem with 090.2? This release (090.3) only >>>>>>> patches futex code >>>>>>> and has nothing to do with iptables. >>>>>>> >>>>>>> Also, please refrain from using private emails (or announce@) -- >>>>>>> instead use either users@ >>>>>>> mailing list or bugzilla. Thanks! >>>>>>> >>>>>>> Kir. >>>>>>> >>>>>>> -------- Original Message -------- >>>>>>> Subject: Re: [Announce] [security] Kernel RHEL6 042stab090.3 >>>>>>> Date: Sat, 7 Jun 2014 00:27:37 +0200 >>>>>>> From: Stefan Priebe <s.pri...@profihost.ag> >>>>>>> To: Kir Kolyshkin <k...@openvz.org>, "annou...@openvz.org" >>>>>>> <annou...@openvz.org> >>>>>>> >>>>>>> >>>>>>> >>>>>>> while compiling i always get: >>>>>>> ERROR: "module_payload_allowed" [net/netfilter/x_tables.ko] >>>>>>> undefined! >>>>>>> >>>>>>> Stefan >>>>>>> Am 06.06.2014 21:05, schrieb Kir Kolyshkin: >>>>>>>> OpenVZ project released an updated RHEL6 based kernel. Read >>>>>>>> below for >>>>>>>> more information. Everyone is advised to update. >>>>>>>> >>>>>>>> >>>>>>>> Changes and Download >>>>>>>> ==================== >>>>>>>> * Security fix for CVE-2014-3153 >>>>>>>> >>>>>>>> https://openvz.org/Download/kernel/rhel6/042stab090.3 >>>>>>>> >>>>>>>> >>>>>>>> Bug reporting >>>>>>>> ============= >>>>>>>> Use http://bugzilla.openvz.org/ to report any bugs found. >>>>>>>> >>>>>>>> >>>>>>>> Other sources of info on updates >>>>>>>> ================================ >>>>>>>> See http://wiki.openvz.org/News to view all the news (including >>>>>>>> updates) >>>>>>>> online. There you can also find RSS/Atom feed links. >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> OpenVZ team >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Announce mailing list >>>>>>>> annou...@openvz.org >>>>>>>> https://lists.openvz.org/mailman/listinfo/announce >>>>>>> > _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
