[Users] [Announce] [security] Kernel RHEL6 042stab090.3

Kir Kolyshkin kir at openvz.org
Mon Jun 9 17:37:01 PDT 2014 

On 06/08/2014 08:32 AM, Stefan Priebe - Profihost AG wrote:
>
> Am 07.06.2014 um 11:12 schrieb Kir Kolyshkin <kir at openvz.org 
> <mailto:kir at openvz.org>>:
>
>> On 06/06/2014 09:48 PM, Stefan Priebe - Profihost AG wrote:
>>> Oh sorry. My fault. Yes it's the same with 090.2
>>
>> I tried to reproduce it locally on an CentOS x86_64 box with the 
>> following set of commands,
>> (checking that every one of those succeeds):
>>
>>     yum -y update
>>     yum -u install yum-utils
>>     rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
>>     wget 
>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/vzkernel-2.6.32-042stab090.2.src.rpm
>>     yum-builddep -y vzkernel-2.6.32-042stab090.2.src.rpm
>>     rpmbuild --rebuild vzkernel-2.6.32-042stab090.2.src.rpm
>>
>> The end result is built kernel packages.
>>
>> So, then I tried building from source+patch:
>>
>>     wget 
>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/patches/patch-042stab090.2-combined.gz
>>     wget https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.32.tar.xz
>>     tar xf linux-2.6.32.tar.xz
>>     cd linux-2.6.32
>>     gzip -dc ../patch-042stab090.2-combined.gz | patch -p1
>>     wget 
>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/configs/config-2.6.32-042stab090.2.x86_64
>>     mv config-2.6.32-042stab090.2.x86_64 .config
>>     make oldconfig
>>     make -j16
>>
>> Same result -- it was built w/o errors.
>>
>> So, I was not able to reproduce your issue in either way.
>>
>> *Two questions:*
>>
>> 1. Can you please describe how you build the kernel (including the build
>> environment description), in a way so I will be able to reproduce it 
>> locally
>> (for example, something similar to the above)?
>
> Mhm debian 7.5 using a custom config. But while looking through the 
> source code i was not able to der a
> reason why it shouldn't work.

I am also building kernels for Debian as well (although I am using 
gcc-4.4.6 from CentOS 6
and I recommend everyone to do the same -- Red Hat kernels are somewhat 
sensitive to the
version of gcc being used -- but I think it's not the cause of the 
problem here)

It's probably because of your .config. Is it possible that you share it? 
Alternatively, do a diff
between your config and ours, maybe something will look suspicious. For 
example, you have
CONFIG_NETFILTER_XTABLES=m instead of y, it might cause this (not tested).

As for the patches you have, I doubt it is the cause, but it might be.

Just a general note -- when filing a bug report, it is a good thing to 
provide
everything that can help to reproduce it. So, instead of just saying "I 
got such error
compiling such kernel" you can say "I got such error compiling such 
kernel on
an Ubuntu xx.xx using gcc x.x.x, attached are my .config and the patches 
I apply
on top of yours". This is in your own interest, if you want the issue to 
be solved.

>
>> 2. (Just curious) What is the reason you are building your own kernels
>> instead of relying on packaged binaries that we release? Sorry if I 
>> already
>> asked.
>
> Needed some tweaks newer intel 10gbe drivers, ISO vfs support inside guest

I'd suggest using fuseiso for that.

> , netconsole build inside kernel instead of module...
>
> Stefan
>
>> Kir.
>>
>>>
>>> Stefan
>>>
>>> Excuse my typo sent from my mobile phone.
>>>
>>> Am 07.06.2014 um 06:23 schrieb Kir Kolyshkin <kir at openvz.org 
>>> <mailto:kir at openvz.org>>:
>>>
>>>> Kostya, can you please take a quick look?
>>>>
>>>> Stefan,
>>>>
>>>> Did you have the same problem with 090.2? This release (090.3) only 
>>>> patches futex code
>>>> and has nothing to do with iptables.
>>>>
>>>> Also, please refrain from using private emails (or announce@) -- 
>>>> instead use either users@
>>>> mailing list or bugzilla. Thanks!
>>>>
>>>> Kir.
>>>>
>>>> -------- Original Message --------
>>>> Subject: 	Re: [Announce] [security] Kernel RHEL6 042stab090.3
>>>> Date: 	Sat, 7 Jun 2014 00:27:37 +0200
>>>> From: 	Stefan Priebe <s.priebe at profihost.ag>
>>>> To: 	Kir Kolyshkin <kir at openvz.org>, "announce at openvz.org" 
>>>> <announce at openvz.org>
>>>>
>>>>
>>>>
>>>> while compiling i always get:
>>>> ERROR: "module_payload_allowed" [net/netfilter/x_tables.ko] undefined!
>>>>
>>>> Stefan
>>>> Am 06.06.2014 21:05, schrieb Kir Kolyshkin:
>>>> > OpenVZ project released an updated RHEL6 based kernel. Read below for
>>>> > more information. Everyone is advised to update.
>>>> >
>>>> >
>>>> > Changes and Download
>>>> > ====================
>>>> > * Security fix for CVE-2014-3153
>>>> >
>>>> >https://openvz.org/Download/kernel/rhel6/042stab090.3
>>>> >
>>>> >
>>>> > Bug reporting
>>>> > =============
>>>> > Usehttp://bugzilla.openvz.org/   to report any bugs found.
>>>> >
>>>> >
>>>> > Other sources of info on updates
>>>> > ================================
>>>> > Seehttp://wiki.openvz.org/News   to view all the news (including updates)
>>>> > online. There you can also find RSS/Atom feed links.
>>>> >
>>>> >
>>>> > Regards,
>>>> >    OpenVZ team
>>>> >
>>>> > _______________________________________________
>>>> > Announce mailing list
>>>> >Announce at openvz.org
>>>> >https://lists.openvz.org/mailman/listinfo/announce
>>>>
>>>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20140609/ae1ad0c9/attachment.html>

More information about the Users mailing list