Bug#592519: initramfs-tools: COMPRESS option should be more flexible
On Fri, 2020-09-25 at 14:19 -0300, Rogério Brito wrote: > Package: initramfs-tools > Version: 0.139 > Followup-For: Bug #592519 > X-Debbugs-Cc: b...@debian.org, m...@debian.org, debian-kernel@lists.debian.org > > > Hi. > > In a similar vein to what was reported by Roger Shimizu, it takes ages to > compress with xz on an armel system with only 128MB of RAM. By default, > (which is what is used) xz uses level 6 compression and that is what takes a > lot of time to compress. > > I switched to gzip and the initrd is quite larger. I just performed some > tests with perf stat running 3 times a lot of commands to compress my > current initrd.img-5.8.0-1-marvell and I found xz -0 both to be faster than > gzip -9 *and* generating a smaller file as a result. [...] Try zstd? If you still feel you need this flexibility, I'm open to taking a patch that allows specifying the compression level *only*. I don't want to allow specifying arbitrary options. Ben. -- Ben Hutchings This sentence contradicts itself - no actually it doesn't. signature.asc Description: This is a digitally signed message part
Bug#970984: linux-image-5.8.0-2-amd64: Please replace console scrollback
Package: src:linux Version: 5.8.10-1 Severity: normal X-Debbugs-Cc: Asher Gordon Dear Maintainer, After upgrading to linux-image-5.8.0-2, I noticed that scrollback is no longer available in the console. A quick look at the changelog ('apt changelog linux-image-amd64') indicates that this was done to fix CVE-2020-14390. Surely however, there must be a better way to fix this than simply removing this code entirely? It is pretty annoying not having scrollback, and I'm sure I'm not the only one who would like scrollback replaced. Thanks, Asher -- Package-specific info: ** Version: Linux version 5.8.0-2-amd64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.0-9) 10.2.0, GNU ld (GNU Binutils for Debian) 2.35) #1 SMP Debian 5.8.10-1 (2020-09-19) ** Command line: BOOT_IMAGE=/vmlinuz root=/dev/sda1 rw quiet splash ** Tainted: I (2048) * workaround for bug in platform firmware applied ** Kernel log: Unable to read kernel log; any relevant messages should be attached ** Model information sys_vendor: Libiquity product_name: Taurinus X200 product_version: 1.0 chassis_vendor: Libiquity chassis_version: bios_vendor: coreboot bios_version: CBET4000 4.0 board_vendor: Libiquity board_name: Taurinus X200 board_version: 1.0 ** Loaded modules: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device fuse ctr ccm bnep btusb btrtl ath9k btbcm btintel ath9k_common ath9k_hw bluetooth ath coretemp kvm_intel mac80211 uvcvideo snd_hda_codec_conexant snd_hda_codec_generic kvm jitterentropy_rng videobuf2_vmalloc snd_hda_intel videobuf2_memops snd_intel_dspcfg videobuf2_v4l2 videobuf2_common snd_hda_codec drbg cfg80211 videodev aes_generic snd_hda_core snd_hwdep crypto_simd irqbypass cryptd glue_helper snd_pcm mc sg iTCO_wdt serio_raw intel_pmc_bxt iTCO_vendor_support pcspkr ansi_cprng snd_timer watchdog nvram ledtrig_audio snd ecdh_generic ecc libaes libarc4 soundcore rfkill ac evdev acpi_cpufreq binfmt_misc ecryptfs parport_pc ppdev lp parport ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 btrfs blake2b_generic xor zstd_decompress zstd_compress raid6_pq libcrc32c crc32c_generic sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common i915 ahci libahci i2c_algo_bit libata drm_kms_helper cec ehci_pci uhci_hcd scsi_mod drm ehci_hcd psmouse e1000e usbcore i2c_i801 i2c_smbus lpc_ich ptp pps_core usb_common battery video button ** PCI devices: 00:00.0 Host bridge [0600]: Intel Corporation Mobile 4 Series Chipset Memory Controller Hub [8086:2a40] (rev 07) Subsystem: Lenovo ThinkPad T400 [17aa:20e0] Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 00:02.0 VGA compatible controller [0300]: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller [8086:2a42] (rev 07) (prog-if 00 [VGA controller]) Subsystem: Lenovo Mobile 4 Series Chipset Integrated Graphics Controller [17aa:20e4] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- Kernel driver in use: i915 Kernel modules: i915 00:02.1 Display controller [0380]: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller [8086:2a43] (rev 07) Subsystem: Lenovo Mobile 4 Series Chipset Integrated Graphics Controller [17aa:20e4] Control: I/O- Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 00:19.0 Ethernet controller [0200]: Intel Corporation 82567LM Gigabit Network Connection [8086:10f5] (rev 03) Subsystem: Lenovo ThinkPad T400 [17aa:20ee] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- Kernel driver in use: e1000e Kernel modules: e1000e 00:1a.0 USB controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #4 [8086:2937] (rev 03) (prog-if 00 [UHCI]) Subsystem: Lenovo ThinkPad T400 [17aa:20f0] Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- Kernel driver in use: uhci_hcd Kernel modules: uhci_hcd 00:1a.1 USB controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 [8086:2938] (rev 03) (prog-if 00 [UHCI]) Subsystem: Lenovo ThinkPad T400 [17aa:20f0] Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- Kernel driver in use: uhci_hcd Kernel modules: uhci_hcd 00:1a.2
Bug#968335: kernel hangs on linux-image-4.19.0-10-amd64
I have also seen a number of systems hang after upgrading to this kernel version. It appears to happen when the system has docker containers running, possibly related to the virtual ethernet devices. On some systems, I can trigger the bug within an hour or two of uptime. Rolling back to 4.19.0-9 resolves the problem. I also tried 4.19.0-11 from buster-proposed-updates on one system, and the system seems to be stable on that kernel as well. -Mike
Bug#592519: initramfs-tools: COMPRESS option should be more flexible
Package: initramfs-tools Version: 0.139 Followup-For: Bug #592519 X-Debbugs-Cc: b...@debian.org, m...@debian.org, debian-kernel@lists.debian.org Hi. In a similar vein to what was reported by Roger Shimizu, it takes ages to compress with xz on an armel system with only 128MB of RAM. By default, (which is what is used) xz uses level 6 compression and that is what takes a lot of time to compress. I switched to gzip and the initrd is quite larger. I just performed some tests with perf stat running 3 times a lot of commands to compress my current initrd.img-5.8.0-1-marvell and I found xz -0 both to be faster than gzip -9 *and* generating a smaller file as a result. Here are some results that I gathered. I didn't wait for xz with the default -6 level to finish... | compressor | time | size | |--++--| | gzip -9nk| 69.264 | 5980207 | | gzip -nk | 34.468 | 5995619 | | xz -0k | 35.280 | 5000752 | | xz -1k | 45.351 | 4868388 | | xz --check=crc32 -1k | 44.902 | 4868384 | | bzip2 -k | 51.750 | 5709152 | | uncompressed | 0 | 12965376 | Passing an option to xz (or, in general, to any compressor) would be, indeed, very nice. OTOH, on a fast machine, I would like to use something like xz -9e (that is, maximum compression---probably overkill for not so large files---but with "extreme" searches for more compression). Thanks, Rogério Brito. -- Rogério Brito : rbrito@{ime.usp.br,gmail.com} : GPG key 4096R/BCFC http://cynic.cc/blog/ : github.com/rbrito : profiles.google.com/rbrito DebianQA: http://qa.debian.org/developer.php?login=rbrito%40ime.usp.br
Bug#970736: linux-image-5.7.0-0.bpo.2-amd64 also crashes
I upgraded to linux-image-5.7.0-0.bpo.2-amd64 from buster-backports, and observed another crash: [164111.200474] general protection fault, probably for non-canonical address 0x72f851fc45fa91dd: [#1] SMP NOPTI [164111.210876] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.7.0-0.bpo.2-amd64 #1 Debian 5.7.10-1~bpo10+1 [164111.220169] Hardware name: PC Engines apu3/apu3, BIOS v4.12.0.2 06/28/2020 [164111.227268] RIP: 0010:kmem_cache_alloc+0x74/0x220 [164111.232168] Code: 9e 01 00 00 4d 8b 06 65 49 8b 50 08 65 4c 03 05 aa 1e 7a 44 49 8b 28 48 85 ed 0f 84 89 01 00 00 41 8b 46 20 49 8b 3e 48 01 e8 <48> 8b 18 48 89 c1 49 33 9e 70 01 00 00 48 89 e8 48 0f c9 48 31 cb [164111.251087] RSP: 0018:ba90800c8e10 EFLAGS: 00010206 [164111.256500] RAX: 72f851fc45fa91dd RBX: RCX: 7fdb [164111.263808] RDX: 03eddd90 RSI: 0a20 RDI: 00032a90 [164111.271103] RBP: 72f851fc45fa916d R08: 8dc32acb2a90 R09: 8dc324e75000 [164111.278401] R10: 8dc235478040 R11: R12: 0a20 [164111.285705] R13: bbc4c2cd R14: 8dc307d66a80 R15: 8dc307d66a80 [164111.293122] FS: () GS:8dc32ac8() knlGS: [164111.301431] CS: 0010 DS: ES: CR0: 80050033 [164111.307357] CR2: 7ffdf448cb38 CR3: 35722000 CR4: 000406e0 [164111.307939] [ cut here ] [164111.314702] Call Trace: [164111.314719] [164111.314791] __build_skb+0x1d/0x50 [164111.314801] __netdev_alloc_skb+0xbd/0x150 [164111.314829] cdc_mbim_rx_fixup+0x1e2/0x578 [cdc_mbim] [164111.314856] ? usbnet_update_max_qlen+0x8/0x70 [usbnet] [164111.314875] usbnet_bh+0xd8/0x2c0 [usbnet] [164111.319750] VFS: brelse: Trying to free free buffer [164111.322356] tasklet_action_common.isra.20+0x5a/0x100 [164111.324890] WARNING: CPU: 3 PID: 7662 at fs/buffer.c:1179 __brelse+0x1d/0x20 [164111.328049] __do_softirq+0xdf/0x2e5 [164111.328267] [ cut here ] [164111.328279] kernel BUG at fs/ext4/inode.c:1717! [164111.332223] Modules linked in: xt_nat xt_tcpudp nft_compat veth nft_counter xt_conntrack bridge nf_conntrack_netlink xfrm_user xfrm_algo overlay cdc_mbim cdc_wdm cdc_ncm 8021q garp stp mrp llc amd64_edac_mod edac_mce_amd cdc_ether option usbnet mii kvm_amd usb_wwan usbserial kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel libaes crypto_simd cryptd glue_helper k10temp evdev pcspkr sp5100_tco fam15h_power sg ccp watchdog rng_core nft_reject_inet nf_reject_ipv4 leds_gpio nf_reject_ipv6 button nft_reject acpi_cpufreq nft_ct nft_masq nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 sch_fq_codel nf_tables nfnetlink ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod sd_mod t10_pi crc_t10dif crct10dif_generic ahci libahci xhci_pci ehci_pci libata xhci_hcd ehci_hcd sdhci_pci cqhci sdhci crct10dif_pclmul crct10dif_common [164111.332483] usbcore [164111.337503] ? ioapic_ack_level+0x6d/0x150 [164111.342832] igb scsi_mod mmc_core crc32c_intel i2c_piix4 i2c_algo_bit dca ptp usb_common pps_core gpio_keys [164111.347112] irq_exit+0xa3/0xb0 [164111.352136] CPU: 3 PID: 7662 Comm: https-jsse-nio- Not tainted 5.7.0-0.bpo.2-amd64 #1 Debian 5.7.10-1~bpo10+1 [164111.357388] do_IRQ+0x56/0xe0 [164111.364586] Hardware name: PC Engines apu3/apu3, BIOS v4.12.0.2 06/28/2020 [164111.368361] common_interrupt+0xf/0xf [164111.373144] RIP: 0010:__brelse+0x1d/0x20 [164111.377859] [164111.466113] Code: 00 00 e8 46 ff ff ff 31 c0 c3 0f 1f 00 0f 1f 44 00 00 8b 47 60 85 c0 74 05 f0 ff 4f 60 c3 48 c7 c7 a0 35 50 bc e8 7e 20 da ff <0f> 0b c3 0f 1f 44 00 00 55 53 48 c7 c3 80 a8 02 00 65 48 03 1d b2 [164111.468475] RIP: 0010:cpuidle_enter_state+0xbe/0x3f0 [164111.472692] RSP: 0018:ba90862779d8 EFLAGS: 00010286 [164111.482731] Code: e8 c7 93 a9 ff 80 7c 24 13 00 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 d5 02 00 00 31 ff e8 79 ec af ff fb 66 0f 1f 44 00 00 <85> ed 0f 88 42 02 00 00 48 63 c5 4c 8b 3c 24 4c 2b 7c 24 08 48 8d [164111.486012] RAX: RBX: 8dc3259e1f70 RCX: [164111.496133] RSP: 0018:ba9080083e70 EFLAGS: 0246 ORIG_RAX: ffdc [164111.499244] RDX: 8dc32ada9900 RSI: 8dc32ad99ac8 RDI: 8dc32ad99ac8 [164111.506305] RAX: 8dc32acacc00 RBX: 8dc323738800 RCX: 001f [164111.510129] RBP: 0002a880 R08: 94ff583d7fa5 R09: 0003 [164111.514191] RDX: 95421dc88d10 RSI: 803d74ed RDI: [164111.516440] R10: R11: ba9086277880 R12: 8dc3259e1f70 [164111.535443] RBP: 0002 R08: 0002 R09: 0002c480 [164111.540613] R13: 8dc324aa2700 R14: 0018247e R15: 8dc324aa27d8 [164111.546014] R10:
Re: Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
Dear Henrique, It be great to get your input, hence repinging (; Especially as linux-firmware is the common upstream source, it be ideal to ship the amd64 mircrocode out of our firmware packages. Thanks for letting us know. kind regards, maximilian On Sun, Sep 20, 2020 at 10:36:12AM +0200, maximilian attems wrote: > Dear Henrique, dear debian kernel maintainers, Cc: Michael, > > Would you agree to generate the amd64-firmware packages directly out of the > debian > linux-firmware source package? > > This way the microcode would be updated on every linux-firmware non-free > upload? > I am asking as it keeps nugging me to have to outcomment the updates of that > microcode in the changelog (there is again a new one for the upcoming > 20200918). > > Would you want to be added in counterpart to the uploaders of > firmware-nonfree? > > Thank you very much for your amd64 microcode work. > > kind regards, > maximilian > > On Tue, Sep 15, 2020 at 04:55:43PM +0200, Michael Musenbrock wrote: > > Source: firmware-nonfree > > Severity: important > > > > Dear maintainer, > > > > first of all thanks for maintaining and packaging the linux-firmware files > > repository as debian packages. > > > > We currently need to manually obtain the > > linux-firmware.git:amd/amd_sev_fam17h_model3xh.sbin [1] file on > > our AMD EPYC servers. The firmware files containing the AMD SEV firmware > > closing security vulnerabilities [2] > > and fixes bugs and adds improvements to the AMD SEV implementation. > > > > I'm most likely unqualified for legal questions but the LICENSE.amd-sev [3] > > reads quite similar to the already > > added amdgpu license [4]. So I hope this is not the reason, why those files > > were not added in the past. > > > > The severity was choosen because it fixes a security vulnerability, please > > change accordingly if you think > > it is wrong. > > > > Thanks in advance. Best regards, > > michael > > > > [1] > > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd > > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9836 > > [3] > > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amd-sev > > [4] > > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amdgpu > > signature.asc Description: PGP signature