[BlueOnyx:21651] Re: Aventurin{e} 6108R & BlueOnyx: Sceptre / Meltdown and Kernels

2018-01-07 Thread Simone Capra 

Thanks! That solved my issue!


Simone Capra

Il 08/01/2018 01.02, Michael Stauber ha scritto:

Hi Simone,


I cannot see the updated kernel even after a complete yum clean/update!

When i do:

# cat /boot/grub/grub.conf|grep title
title OpenVZ (2.6.32-042stab127.2)

You're already good. You do already have 2.6.32-042stab127.2, which is
the latest official OpenVZ kernel that fixes Sceptre/Meltown. Looks like
you skipped 2.6.32-042stab126.666 (my unofficial update) and went
straight to the latest official one.

So ... all is good. Make sure that the box is running
2.6.32-042stab127.2 (check with "uname -r") and if not: Simply reboot
and all is well.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21650] Re: Aventurin{e} 6108R & BlueOnyx: Sceptre / Meltdown and Kernels

2018-01-07 Thread Michael Stauber 
Hi Simone,

> I cannot see the updated kernel even after a complete yum clean/update!
> 
> When i do:
> 
> # cat /boot/grub/grub.conf|grep title
> title OpenVZ (2.6.32-042stab127.2)
You're already good. You do already have 2.6.32-042stab127.2, which is
the latest official OpenVZ kernel that fixes Sceptre/Meltown. Looks like
you skipped 2.6.32-042stab126.666 (my unofficial update) and went
straight to the latest official one.

So ... all is good. Make sure that the box is running
2.6.32-042stab127.2 (check with "uname -r") and if not: Simply reboot
and all is well.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21649] Re: Aventurin{e} 6108R Sceptre / Meltdown: Official Kernel out

2018-01-07 Thread Michael Stauber 
Hi all,

Just a quick heads up for the Aventurin{e} 6108R users:

The official OpenVZ 6 kernel that patches Sceptre/Meltown is now out.
The version number for that is 2.6.32-042stab127.2.

If you already installed my unofficial "hotwired" 2.6.32-042stab126.666
and rebooted, then you do *not* need to worry. You are already good.

A diff between the official 2.6.32-042stab127.2 and the unofficial
2.6.32-042stab126.666 also shows that the OpenVZ kernel maintainers
applied the *exact* same patches.

diff -ruN ./arch/x86/mm/pgtable.c ../linux-16-to-vz/arch/x86/mm/pgtable.c
--- ./arch/x86/mm/pgtable.c 2018-01-07 04:22:45.057056298 +0100
+++ ../linux-16-to-vz/arch/x86/mm/pgtable.c 2018-01-05
08:13:54.251837657 +0100
@@ -325,8 +325,8 @@
pgd_mop_up_pmds(mm, pgd);
pgd_dtor(pgd);
paravirt_pgd_free(mm, pgd);
-   free_pages((unsigned long)pgd, PGD_ALLOCATION_ORDER);
mm->nr_ptds--;
+   free_pages((unsigned long)pgd, PGD_ALLOCATION_ORDER);
 }

 int ptep_set_access_flags(struct vm_area_struct *vma,

The only difference is the ordering of a single line, which (in this
context) doesn't seem to matter.

Do you need to switch to the official kernel (via a regular "yum
update") and do another reboot? I'd say: No, that's not necessary.

You're good for now as it is, provided you're running at least
2.6.32-042stab126.666.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21648] Re: Aventurin{e} 6108R & BlueOnyx: Sceptre / Meltdown and Kernels

2018-01-07 Thread Simone Capra 

Thank you Michael!

I am having a problem with three boxes that are 6106R upgraded to 6108R.

I cannot see the updated kernel even after a complete yum clean/update!

When i do:

# cat /boot/grub/grub.conf|grep title
title OpenVZ (2.6.32-042stab127.2)
title OpenVZ (2.6.32-042stab126.2)
title OpenVZ (2.6.32-042stab123.3)

# cat /etc/build
build 20170225 for a 6108R in en_US

# yum clean all
Loaded plugins: blueonyx, protectbase, security
Cleaning repos: Aventurine OS-Templates OS-Updates openvz-kernel-rhel6 
openvz-utils sl sl-security

Cleaning up Everything

# yum update
Loaded plugins: blueonyx, protectbase, security
Setting up Update Process
Aventurine   | 3.1 kB 00:00
Aventurine/primary_db    | 443 kB 00:00
OS-Templates | 2.5 kB 00:00
OS-Templates/primary_db  |  13 kB 00:00
OS-Updates   | 2.5 kB 00:00
OS-Updates/primary_db    | 9.5 kB 00:00
openvz-kernel-rhel6  | 2.8 kB 00:00
openvz-kernel-rhel6/primary_db   | 9.1 kB 00:00
openvz-utils | 2.5 kB 00:00
openvz-utils/primary_db  |  27 kB 00:00
sl   | 3.7 kB 00:00
sl/primary_db    | 4.4 MB 00:03
sl-security  | 2.9 kB 00:00
sl-security/primary_db   | 5.5 MB 00:04
56 packages excluded due to repository protections
No Packages marked for Update

# yum list installed | grep kernel
dracut-kernel.noarch   004-409.el6_8.2 @sl-security/6.3
kernel-headers.x86_64  2.6.32-696.18.7.el6 @sl-security/6.3
vzkernel.x86_64    2.6.32-042stab123.3 
@openvz-kernel-rhel6/6.3
vzkernel.x86_64    2.6.32-042stab126.2 
@openvz-kernel-rhel6/6.3
vzkernel.x86_64    2.6.32-042stab127.2 
@openvz-kernel-rhel6/6.3
vzkernel-firmware.noarch   2.6.32-042stab127.2 
@openvz-kernel-rhel6/6.3



I do not find the new kernel ... Maybe i'm getting this problem for the 
stab127.2 installed?


THANKS in advance


Simone Capra

Il 06/01/2018 02.46, Michael Stauber ha scritto:

Hi all,

As you all might be aware from the news of the last few days: Major
flaws have been uncovered in Intel CPUs and to some degree also in CPUs
from other manufacturers such as AMD.

All OS vendors and maintainers have rushed to kick Updates out of the
door that address these vulnerabilities. By this time CentOS and
Scientific Linux kernel updates are out.

Please make sure that your BlueOnyx servers are fully updated and *also*
make sure that they are now actually running the latest kernel. This
might require a reboot so that the updated kernel installed via the last
YUM update gets put into effect.

You can check this way which kernel you are currently running and what
the latest kernel used upon boot is:

Current Kernel:

uname -r

Newest installed Kernel:

cat /boot/grub/grub.conf|grep title


Aventurin{e} 6108R:


Parallels is giving the EL7 kernel a higher priority than the EL6
kernel. And neither of them is (so far) available to the public. Which
is far from being ideal.

However: A third party has taken the latest OpenVZ EL6 kernel
(2.6.32-042stab126.2) and has patched it with the security updates from
the RedHat 2.6.32-696-18.7 kernel.

I took the SRPM of that third party OpenVZ kernel, examined it and the
patches and although I am no kernel expert I think this might be OK. At
least until the time that OpenVZ releases an official OpenVZ 6 kernel
that fixes the issues in a way that they deem best.

I am running several nodes with the new kernel myself and so far I
encountered no problems aside from the expected performance impact that
all of these fixes introduce.

The fixed (unofficial) OpenVZ 6 kernel for Aventurin{e} 6108R is now in
the OS-Updates YUM repository and has the version number
2.6.32-042stab126.666. The latest "bad" kernel (with the security flaws)
is named 2.6.32-042stab126.2.

As noted above: After the updated Kernel has been installed via "yum
update" you do need to reboot in order for the new kernel to be put into
effect.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21647] Re: Aventurin{e} 6108R & BlueOnyx: Sceptre / Meltdown and Kernels

2018-01-07 Thread Richard Barker 
Thank you that is what I did and everything was back up and working 
correctly in under 15 mins.


RC

--

/*Richard C. Barker Sr.
CEO & President
1-813-873-8942
ProBass Networks Inc. */
www.probassnetworks.net 
www.probass.net 
***
DISCLAIMER : -
This e-mail is confidential and intended only for the use
of the individual or entity named above and may contain
information that is privileged. If you are not the intended
recipient, you are notified that any dissemination, distribution
or copying of this e-mail is strictly prohibited. If you have
received this email in error, please notify us immediately
by return email or telephone and destroy the original message.

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21646] Re: Aventurin{e} 6108R & BlueOnyx: Sceptre / Meltdown and Kernels

2018-01-07 Thread Colin Jack 
Hi Chris,

What I notice is that if the VPS's are "suspended" which appears to be 
the first option that will be attempted in a reboot of the node, they 
will not boot into the new kernel themselves.  Not to mention the delay 
in the shutdown process (can take a LOG time).

Therefore, what I have been doing in order to speed up the process is 
issue a shutdown for all the virtuals, then issue the reboot.  This can 
be done in a one-line like this:
for VE in $(vzlist -Ha -o veid); do vzctl stop $VE; done && reboot

Nice way of doing it. Thanks for sharing.

Regards

Colin 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21645] Re: Aventurin{e} 6108R & BlueOnyx: Sceptre / Meltdown and Kernels

2018-01-07 Thread Chris Gebhardt - VIRTBIZ Internet 


On 1/6/2018 2:30 PM, Michael Stauber wrote:

Hi Richard,


Question, should I stop all VPS's then reboot Aventurin{e} or Just
reboot?


When you do a reboot, it will suspend or stop all VPS, too. Which - on a
box with many VPS's can take a while. Hence it could give you the
impression that the reboot might not be working as it takes so bloody long.

You can either choose to do /sbin/reboot and wait it out, or you can do
"/sbin/service vz stop" to stop all VPS's and then do /sbin/reboot. That
gives you a slightly better chance to judge when the reboot actually
kicks in.

All things considered: Either way is fine.


What I notice is that if the VPS's are "suspended" which appears to be 
the first option that will be attempted in a reboot of the node, they 
will not boot into the new kernel themselves.  Not to mention the delay 
in the shutdown process (can take a LOG time).


Therefore, what I have been doing in order to speed up the process is 
issue a shutdown for all the virtuals, then issue the reboot.  This can 
be done in a one-line like this:

for VE in $(vzlist -Ha -o veid); do vzctl stop $VE; done && reboot


--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx