Problem with latest kernel?

General support questions
ChrisE
Posts: 4
Joined: 2015/08/02 20:46:46

Re: Problem with latest kernel?

Post by ChrisE » 2018/01/05 21:04:52

The "nopti" flag doesn't appear to make any difference, I can't believe RH isn't going to fix it until the next point release.

For the time being I've built a 4.9.75 kernel which seems to work fine on CentOS 6 and CentOS 7 Xen PV guests. I would share it but it's not RPM packaged. Hopefully Johnny will soon build this officially for CentOS-Virt then you have the option of running that kernel inside guests.

I did notice this on boot, which is something that needs fixing in Xen itself..

------------[ cut here ]------------
WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:226 note_page+0x328/0x330
x86/mm: Found insecure W+X mapping at address ffff880000000000/0xffff880000000000
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.75 #1
0000000000000000 ffffffff8171f04c 0000000000000000 ffffc9000038fda8
0000000000000000 ffffc9000038fda8 ffffc9000038fd98 ffffffff810dbc9e
ffffc9000038fdc8 000000e281125abc 0000000000000023 ffffc9000038fec8
Call Trace:
[<ffffffff8171f04c>] ? dump_stack+0x60/0x94
[<ffffffff810dbc9e>] ? __warn+0xfe/0x120
[<ffffffff810dbd79>] ? warn_slowpath_fmt+0x49/0x50
[<ffffffff81065e98>] ? note_page+0x328/0x330
[<ffffffff81065fea>] ? walk_pmd_level+0x14a/0x1d0
[<ffffffff810662b4>] ? ptdump_walk_pgd_level_core+0x244/0x2a0
[<ffffffff81c81190>] ? rest_init+0x80/0x80
[<ffffffff81c811ba>] ? kernel_init+0x2a/0x100
[<ffffffff81c87751>] ? ret_from_fork+0x41/0x50
---[ end trace 9e7031a081fed20d ]---

bkamen
Posts: 34
Joined: 2009/12/06 20:48:46
Location: Central Illinois, USA

Re: Problem with latest kernel?

Post by bkamen » 2018/01/06 06:50:21

I just updated 2 Atom systems.

One of them went funky after yum update ran fine. (I was able to request a reboot -- but then had to hard power cycle. That machines is ok)

The other system seems to lock up on step 7/8 of the update doing cleanup -- I had to power cycle...
The system came back up complaining about an unclean shutdown and /dev/sdc needing FSCK (the /boot).

So I ran FSCK which seemed to not need a lot.

Rebooted -- grub.conf is gone putting me into the grub shell. Now I need help. EDIT: I fixed by hand booting a rescue disk. Crisis averted.

I'll post in another thread -- but thought I'd mention it happening here..

-Ben
Last edited by bkamen on 2018/01/11 09:53:40, edited 1 time in total.

midluk
Posts: 1
Joined: 2018/01/06 10:50:55

Re: Problem with latest kernel?

Post by midluk » 2018/01/06 10:56:20

According to the Xen Project Spectre/Meltdown FAQ:
Interestingly, guest kernels running in 64-bit PV mode are not vulnerable to attack using SP3, because 64-bit PV guests already run in a KPTI-like mode.
So it seems as if there is no additional security risk (at least for the guest) to not run the new fixed kernel with kpti on xen 64-bit PV.

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: Problem with latest kernel?

Post by Whoever » 2018/01/06 17:05:49

Frankly, this is very bad.

This will put people off using CentOS and Red Hat. How can one recommend Red Hat/CentOS over other distributions after this debacle?

I realize that CentOS relies on volunteers, but someone at Red Hat should be wondering how secure their job is right now.

Some time ago, I vowed to use KVM or XEN when buying a virtual private server, because the update between versions of CentOS 6.x broke it when using OpenVZ (the network scripts did not work). Perhaps Ubuntu is the answer?

chanchal_panda
Posts: 1
Joined: 2018/01/07 07:35:08

Re: Problem with latest kernel?

Post by chanchal_panda » 2018/01/07 07:38:22

Can some one post the grub menu kernel line after the update??
Along with it mode of virtualisation you used in your host will also help.
I think I have a fix for this. Need those detail to confirm the fix
Keep trying with Open Eyes & Mind. Every problem has a solution for sure!!!

ttanski
Posts: 3
Joined: 2018/01/05 20:48:33

Re: Problem with latest kernel?

Post by ttanski » 2018/01/10 13:31:17

Grub entry:

title CentOS (2.6.32-696.18.7.el6.x86_64)
root (hd0)
kernel /boot/vmlinuz-2.6.32-696.18.7.el6.x86_64 root=LABEL=centos_root ro crashkernel=auto LANG=en_US.UTF-8 KEYTABLE=us
initrd /boot/initramfs-2.6.32-696.18.7.el6.x86_64.img

This is on a 64-bit PV guest (CentOS 6.9) running in AWS.

themiz
Posts: 5
Joined: 2018/01/05 12:58:11

Re: Problem with latest kernel?

Post by themiz » 2018/01/11 10:28:51

Similar here:

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-696.18.7.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-696.18.7.el6.x86_64 ro root=UUID=xxxxxxxxxxx rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=it_IT.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc console=hvc0 KEYTABLE=it crashkernel=auto rhgb quiet
initrd /initramfs-2.6.32-696.18.7.el6.x86_64.img

Centos 6.9 PV, Xenserver 7.1, on premises infrastructure.

themiz
Posts: 5
Joined: 2018/01/05 12:58:11

Re: Problem with latest kernel?

Post by themiz » 2018/01/15 17:42:38

Any news ?

ttanski
Posts: 3
Joined: 2018/01/05 20:48:33

Re: Problem with latest kernel?

Post by ttanski » 2018/01/17 14:20:12

At least it is officially on RedHat's radar now ...

https://access.redhat.com/solutions/3312501

User avatar
toracat
Site Admin
Posts: 7518
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Problem with latest kernel?

Post by toracat » 2018/01/27 18:25:25

The problem should be fixed in the latest kernel update 2.6.32-696.20.1.el6.

Changelog entry [2.6.32-696.20.1.el6]:

[x86] pti/mm: Fix XEN PV boot failure (Waiman Long) [1519799 1519802] {CVE-2017-5754}
CentOS Forum FAQ

Post Reply