[Users] [Announce] [security] Kernel RHEL6 042stab090.3

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Tue Jun 10 00:49:02 PDT 2014 

Am 10.06.2014 02:37, schrieb Kir Kolyshkin:
> On 06/08/2014 08:32 AM, Stefan Priebe - Profihost AG wrote:
>>
>> Am 07.06.2014 um 11:12 schrieb Kir Kolyshkin <kir at openvz.org
>> <mailto:kir at openvz.org>>:
>>
>>> On 06/06/2014 09:48 PM, Stefan Priebe - Profihost AG wrote:
>>>> Oh sorry. My fault. Yes it's the same with 090.2
>>>
>>> I tried to reproduce it locally on an CentOS x86_64 box with the
>>> following set of commands,
>>> (checking that every one of those succeeds):
>>>
>>>     yum -y update
>>>     yum -u install yum-utils
>>>     rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
>>>     wget
>>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/vzkernel-2.6.32-042stab090.2.src.rpm
>>>     yum-builddep -y vzkernel-2.6.32-042stab090.2.src.rpm
>>>     rpmbuild --rebuild vzkernel-2.6.32-042stab090.2.src.rpm
>>>
>>> The end result is built kernel packages.
>>>
>>> So, then I tried building from source+patch:
>>>
>>>     wget
>>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/patches/patch-042stab090.2-combined.gz
>>>     wget https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.32.tar.xz
>>>     tar xf linux-2.6.32.tar.xz
>>>     cd linux-2.6.32
>>>     gzip -dc ../patch-042stab090.2-combined.gz | patch -p1
>>>     wget
>>> http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/configs/config-2.6.32-042stab090.2.x86_64
>>>     mv config-2.6.32-042stab090.2.x86_64 .config
>>>     make oldconfig
>>>     make -j16
>>>
>>> Same result -- it was built w/o errors.
>>>
>>> So, I was not able to reproduce your issue in either way.
>>>
>>> *Two questions:*
>>>
>>> 1. Can you please describe how you build the kernel (including the build
>>> environment description), in a way so I will be able to reproduce it
>>> locally
>>> (for example, something similar to the above)?
>>
>> Mhm debian 7.5 using a custom config. But while looking through the
>> source code i was not able to der a
>> reason why it shouldn't work.
> 
> I am also building kernels for Debian as well (although I am using
> gcc-4.4.6 from CentOS 6
> and I recommend everyone to do the same -- Red Hat kernels are somewhat
> sensitive to the
> version of gcc being used -- but I think it's not the cause of the
> problem here)
> 
> It's probably because of your .config. Is it possible that you share it?
> Alternatively, do a diff
> between your config and ours, maybe something will look suspicious. For
> example, you have
> CONFIG_NETFILTER_XTABLES=m instead of y, it might cause this (not tested).

No it's not something obvious like this. I already checked that. The
problem is indeed the config. If i copy yours it's working fine. Mine
was until 0.88 too. But i don't get which option can cause this.

My config is here:
http://pastebin.com/raw.php?i=8KwWzwJR

> As for the patches you have, I doubt it is the cause, but it might be.
> 
> Just a general note -- when filing a bug report, it is a good thing to
> provide
> everything that can help to reproduce it. So, instead of just saying "I
> got such error
> compiling such kernel" you can say "I got such error compiling such
> kernel on
> an Ubuntu xx.xx using gcc x.x.x, attached are my .config and the patches
> I apply
> on top of yours". This is in your own interest, if you want the issue to
> be solved.
> 
>>  
>>
>>> 2. (Just curious) What is the reason you are building your own kernels
>>> instead of relying on packaged binaries that we release? Sorry if I
>>> already
>>> asked.
>>
>> Needed some tweaks newer intel 10gbe drivers, ISO vfs support inside guest
> 
> I'd suggest using fuseiso for that.
> 
>> , netconsole build inside kernel instead of module...
>>
>> Stefan
>>
>>> Kir.
>>>
>>>>
>>>> Stefan
>>>>
>>>> Excuse my typo sent from my mobile phone.
>>>>
>>>> Am 07.06.2014 um 06:23 schrieb Kir Kolyshkin <kir at openvz.org
>>>> <mailto:kir at openvz.org>>:
>>>>
>>>>> Kostya, can you please take a quick look?
>>>>>
>>>>> Stefan,
>>>>>
>>>>> Did you have the same problem with 090.2? This release (090.3) only
>>>>> patches futex code
>>>>> and has nothing to do with iptables.
>>>>>
>>>>> Also, please refrain from using private emails (or announce@) --
>>>>> instead use either users@
>>>>> mailing list or bugzilla. Thanks!
>>>>>
>>>>> Kir.
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: 	Re: [Announce] [security] Kernel RHEL6 042stab090.3
>>>>> Date: 	Sat, 7 Jun 2014 00:27:37 +0200
>>>>> From: 	Stefan Priebe <s.priebe at profihost.ag>
>>>>> To: 	Kir Kolyshkin <kir at openvz.org>, "announce at openvz.org"
>>>>> <announce at openvz.org>
>>>>>
>>>>>
>>>>>
>>>>> while compiling i always get:
>>>>> ERROR: "module_payload_allowed" [net/netfilter/x_tables.ko] undefined!
>>>>>
>>>>> Stefan
>>>>> Am 06.06.2014 21:05, schrieb Kir Kolyshkin:
>>>>> > OpenVZ project released an updated RHEL6 based kernel. Read below for
>>>>> > more information. Everyone is advised to update.
>>>>> >
>>>>> >
>>>>> > Changes and Download
>>>>> > ====================
>>>>> > * Security fix for CVE-2014-3153
>>>>> >
>>>>> > https://openvz.org/Download/kernel/rhel6/042stab090.3
>>>>> >
>>>>> >
>>>>> > Bug reporting
>>>>> > =============
>>>>> > Use http://bugzilla.openvz.org/  to report any bugs found.
>>>>> >
>>>>> >
>>>>> > Other sources of info on updates
>>>>> > ================================
>>>>> > See http://wiki.openvz.org/News  to view all the news (including updates)
>>>>> > online. There you can also find RSS/Atom feed links.
>>>>> >
>>>>> >
>>>>> > Regards,
>>>>> >    OpenVZ team
>>>>> >
>>>>> > _______________________________________________
>>>>> > Announce mailing list
>>>>> > Announce at openvz.org
>>>>> > https://lists.openvz.org/mailman/listinfo/announce
>>>>>
>>>>>
>>>
>

More information about the Users mailing list