OVH Community, your new community space.

Patch party: Linux Kernel


OVHelp
08-09-2009, 18:02
Quote Originally Posted by derchris
I made a script once, where it would download the latest kernel from kernel.org, and do all the stuff required in order to be able to compile the kernel.
If I can find it in one of my backups I will post it here.
Did you ever end up finding that script mate?

OVHelp
15-08-2009, 01:07
Quote Originally Posted by derchris
I made a script once, where it would download the latest kernel from kernel.org, and do all the stuff required in order to be able to compile the kernel.
If I can find it in one of my backups I will post it here.
Much appreciated mate!

derchris
14-08-2009, 23:16
I made a script once, where it would download the latest kernel from kernel.org, and do all the stuff required in order to be able to compile the kernel.
If I can find it in one of my backups I will post it here.

freshwire
14-08-2009, 22:54
I skip a few of those steps and add some of my own. Something more like this:

$ cd /wherever/
$ wget http://www.kernel.org/......
$ gunzip/bunzip ....
$ tar -xvf ....
$ cd linux...
$ cp /boot/config .config
$ make menuconfig
(and select/change a few things inc the modules support)
$ make
$ make modules
$ make modules_install
$ make install
$ *organise /boot/ to ensure sexyness if needed*
$ *edit /boot/grub/menu.lst*

OVHelp
14-08-2009, 22:48
If I wanted to update to the latest; would following the below provide the correct setup:

1. cd /usr/src
2. wget http://www.kernel.org/pub/linux/kern...h-2.6.30.4.bz2
3. tar xf linux-2.6.25.tar.bz2
4. cd linux-2.6.25
5. make mrproper
6. wget ftp://ftp.ovh.net/made-in-ovh/bzImag...xx-std-ipv4-64
7. mv 2.6-config-xxxx-std-ipv4-64 .config
8. make menuconfig
9.
Scroll down to "Load alternate kernel config file", choose ".config" (the one you just downloaded) and hit Enter.

At this point if you want to enable module support then press Y at the "Loadable module support" option.

Once you are done, press ESC ESC to exit, making sure you say "Yes" when it asks if you want to save changes to the .config file.
10. make
11. cp arch/x86/boot/bzImage /boot/bzImage-linux-2.6.30.4
12. nano /etc/lilo.conf
13. edit in image=/boot/bzImage-linux-2.6.30.4
14. lilo

and finally reboot
Sound correct?

freshwire
14-08-2009, 22:44
Quote Originally Posted by derchris
Was that for me?
And where do I complain?
I don't run a OVH kernel.
I'm always on the latest greatest.
This is nice, but why are you so behind kernel updates?
I mean, even the stock Distributions have a more recent kernel in their repository then you.
If you are not complaining then indeed I am sorry. The forum last few days is fully of complaining so I am quick to think this currently.

Myatu
14-08-2009, 22:25
@ derchris: They're probably backported. Proxmox does the same, to avoid breaking certain things but still keeping security high.

@ OVHhelp: It's the "NULL Pointer" vulnerability being patched here (would be nice if OVH actually mentions this stuff). Have a read at http://lwn.net/Articles/347006/, particularly:

Code:
- The SOCKOPS_WRAP macro defined in include/linux/net.h, which appears correct
  at first glance, was actually affected. This includes PF_APPLETALK, PF_IPX,
  PF_IRDA, PF_X25 and PF_AX25 families.

- Initializations were missing in other protocols, including PF_BLUETOOTH,
  PF_IUCV, PF_INET6 (with IPPROTO_SCTP), PF_PPPOX and PF_ISDN.
As you can see, IPv6 is known to be affected. IPv4 is not known to be affected (but does not exclude the possibility).

derchris
14-08-2009, 22:15
Quote Originally Posted by monkey56657
The fact they provide kernel updates its nice. Really self managed server you are supposed to do it. And yet you complain they are slow ?
Was that for me?
And where do I complain?
I don't run a OVH kernel.
I'm always on the latest greatest.

freshwire
14-08-2009, 22:10
The fact they provide kernel updates its nice. Really self managed server you are supposed to do it. And yet you complain they are slow ?

OVHelp
14-08-2009, 22:04
As I am a IPv4 user, would there be any benifits (speed/hardware/performance wise) upgrading to new 2.6.28.4?

Also on a side-note - using netboot takes the hassle out of upgrading manually, apart from the fact that if the server reboots it goes back to old hardcoded kernel - is that the only difference?

derchris
14-08-2009, 21:43
Quote Originally Posted by Andy
Because the OVH distributions are fully configured for use. It takes time to move to new updated Kernels when they are released because they have to pre-configure them all.
Well, it takes OVH 7-9 months to compile a kernel ?

- Version 6 for 2.6.27.10 grs (Release: Date: Thu Dec 18 09:13:59 2008 -0800)
- Version 2.6.28.4 for std 3 (Release: Date: Fri Feb 6 13:47:45 2009 -0800)

That they provide a custom kernel is ok, but not needed.
And in this case even not really helpful for users who don't know Linux that good.
You can see all the Kernel module threads.

Andy
14-08-2009, 20:09
Quote Originally Posted by derchris
This is nice, but why are you so behind kernel updates?
I mean, even the stock Distributions have a more recent kernel in their repository then you.
Because the OVH distributions are fully configured for use. It takes time to move to new updated Kernels when they are released because they have to pre-configure them all.

OVHelp
14-08-2009, 19:46
I to am left asking myself the same thing - official stable is now up to 2.6.30.4.

Is there any harm in moving up to a custom version myself? I only see to reap the benifits here no?

derchris
14-08-2009, 18:58
This is nice, but why are you so behind kernel updates?
I mean, even the stock Distributions have a more recent kernel in their repository then you.

mgv
14-08-2009, 18:26
Hello,
A security bug was found on some function of
kernel. There are also feats that can be
root access on a server with a simple shell. In the
case of our servers, if you're running IPv6 you
are vulnerable and need to update your kernel
server urgently.

If you are netboot, just reboot the server.

If you are hard core on the server, download
the kernel on our public ftp
ftp://ftp.ovh.net/made-in-ovh/bzImage/
The 2.6.27.10-kernel 2.6.28.4-grs std were recompiled
with the source code patched against this security bug.

Once updated, you must find:
- Version 6 for 2.6.27.10 grs
- Version 2.6.28.4 for std 3

If you are in IPv4, you do not need to update
the kernel, but if it does not eat bread ...

About the bug:
http://archives.neohapsis.com/archiv...9-08/0174.html

Amicalement
Octave

oles@ovh.net
14-08-2009, 18:24
Hello,

A security bug was found in some of the kernel functions. There are also exploits that can have root access on a server with a simple shell. In the case of our servers, if you're running IPv6 you are vulnerable and we must update the kernel of your server as an emergency.

If you are in netboot, just reboot the server.

If you have affected kernel on the server, you should download the kernel on our public ftp
ftp://ftp.ovh.net/made-in-ovh/bzImage/
The kernels 2.6.27.10-grs 2.6.28.4-std have been recompiled with the source code patched against this security bug.

Once updated, you must find:
- version 6 for 2.6.27.10 grs
- version 3 for 2.6.28.4 std

If you are on IPv4, you do not need to update the kernel.

Information about the bug:
http://archives.neohapsis.com/archiv...9-08/0174.html

Regards,
Octave