Xen devel - Jan 2008 - Xen 3.1.3 and Linux Kernel 2.6.18.8

Currently, linux kernel 2.6.18 is used for Xen 3.1.x.

Would it be possible (or advisable) to make kernel 2.6.18.8 the default 
for Xen 3.1.3 - just as it was done with the Xen 3.0.x branch and 
kernels like 2.6.16.26 & 2.6.16.33?  There are quite a few security (and 
regular) bugs fixed in the 2.6.18.x point releases.

Thanks.

-- 
Joshua West
Systems Engineer
Brandeis University
http://www.brandeis.edu


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Feel free to submit a patch that throws the upgrade to .8 into the
kernel''s
patches/ directory, within the 3.1-testing repository.

 -- Keir

On 15/1/08 19:32, "Joshua West" <jwest@brandeis.edu> wrote:
> Currently, linux kernel 2.6.18 is used for Xen 3.1.x.
> 
> Would it be possible (or advisable) to make kernel 2.6.18.8 the default
> for Xen 3.1.3 - just as it was done with the Xen 3.0.x branch and
> kernels like 2.6.16.26 & 2.6.16.33?  There are quite a few security
(and
> regular) bugs fixed in the 2.6.18.x point releases.
> 
> Thanks.


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi;

15 Oca 2008 Sal tarihinde, Joshua West şunları yazmıştı:
> Currently, linux kernel 2.6.18 is used for Xen 3.1.x.
>
> Would it be possible (or advisable) to make kernel 2.6.18.8 the default
> for Xen 3.1.3 - just as it was done with the Xen 3.0.x branch and
> kernels like 2.6.16.26 & 2.6.16.33?  There are quite a few security
(and
> regular) bugs fixed in the 2.6.18.x point releases.
As i wrote long ago to list, just upgrading to plain .8 not solves all 
security related issues of 2.6.18.x kernels, for example Pardus Xen packages 
currently top on .8 and we still have lots of CVEish patches in our package 
[1].

Please do not misunderstand but i really recommend stick with your distro 
packages instead of xensource provided ones if you care about security. 

[1] 
http://svn.pardus.org.tr/pardus/devel/kernel-xen/dom0/kernel-dom0/files/CVE/
http://svn.pardus.org.tr/pardus/devel/kernel-xen/domU/kernel-domU/files/CVE/

Cheers
-- 
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi Keir;

15 Oca 2008 Sal tarihinde, Keir Fraser şunları yazmıştı:
> Feel free to submit a patch that throws the upgrade to .8 into the
kernel''s
> patches/ directory, within the 3.1-testing repository.
Although needed modifications are simple, resulting patch is quite big (214 
K). So what i did is follows;

After applying this;

diff -r 0918b4bbffbb buildconfigs/mk.linux-2.6-xen
--- a/buildconfigs/mk.linux-2.6-xen	Tue Jan 15 11:19:14 2008 +0000
+++ b/buildconfigs/mk.linux-2.6-xen	Wed Jan 16 14:53:41 2008 +0200
@@ -1,5 +1,5 @@ LINUX_SERIES = 2.6
 LINUX_SERIES = 2.6
-LINUX_VER    = 2.6.18
+LINUX_VER    = 2.6.18.8
 
 EXTRAVERSION ?= xen
 
and that

diff -r 0918b4bbffbb patches/linux-2.6.18/series
--- a/patches/linux-2.6.18/series	Tue Jan 15 11:19:14 2008 +0000
+++ b/patches/linux-2.6.18/series	Wed Jan 16 14:54:51 2008 +0200
@@ -7,7 +7,6 @@ i386-mach-io-check-nmi.patch
 i386-mach-io-check-nmi.patch
 net-csum.patch
 net-gso-5-rcv-mss.patch
-net-gso-6-linear-segmentation.patch
 pmd-shared.patch
 rename-TSS_sysenter_esp0-SYSENTER_stack_esp0.patch
 xen-hotplug.patch

# hg rm patches/linux-2.6.18/net-gso-6-linear-segmentation.patch

and 

# hg mv patches/linux-2.6.18/ patches/linux-2.6.18.8

is enough to update .8 if i''m not missing something else.

Cheers
-- 
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Where does the 2.6.18.8 patch itself come from, and where do you place it in
the patches series file?

 -- Keir


On 16/1/08 12:56, "S.Çağlar Onur" <caglar@pardus.org.tr> wrote:
> Hi Keir;
> 
> 15 Oca 2008 Sal tarihinde, Keir Fraser şunları yazmıştı:
>> Feel free to submit a patch that throws the upgrade to .8 into the
kernel''s
>> patches/ directory, within the 3.1-testing repository.
> 
> Although needed modifications are simple, resulting patch is quite big (214
> K). So what i did is follows;
> 
> After applying this;
> 
> diff -r 0918b4bbffbb buildconfigs/mk.linux-2.6-xen
> --- a/buildconfigs/mk.linux-2.6-xen Tue Jan 15 11:19:14 2008 +0000
> +++ b/buildconfigs/mk.linux-2.6-xen Wed Jan 16 14:53:41 2008 +0200
> @@ -1,5 +1,5 @@ LINUX_SERIES = 2.6
>  LINUX_SERIES = 2.6
> -LINUX_VER    = 2.6.18
> +LINUX_VER    = 2.6.18.8
>  
>  EXTRAVERSION ?= xen
>  
> and that
> 
> diff -r 0918b4bbffbb patches/linux-2.6.18/series
> --- a/patches/linux-2.6.18/series Tue Jan 15 11:19:14 2008 +0000
> +++ b/patches/linux-2.6.18/series Wed Jan 16 14:54:51 2008 +0200
> @@ -7,7 +7,6 @@ i386-mach-io-check-nmi.patch
>  i386-mach-io-check-nmi.patch
>  net-csum.patch
>  net-gso-5-rcv-mss.patch
> -net-gso-6-linear-segmentation.patch
>  pmd-shared.patch
>  rename-TSS_sysenter_esp0-SYSENTER_stack_esp0.patch
>  xen-hotplug.patch
> 
> # hg rm patches/linux-2.6.18/net-gso-6-linear-segmentation.patch
> 
> and 
> 
> # hg mv patches/linux-2.6.18/ patches/linux-2.6.18.8
> 
> is enough to update .8 if i''m not missing something else.
> 
> Cheers


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi;

16 Oca 2008 Çar tarihinde şunları yazmıştınız:
> Where does the 2.6.18.8 patch itself come from, and where do you place it
> in the patches series file?
>
>  -- Keir
I bumped the neededed LINUX_VER from 2.6.18 to 2.6.18.8 instead of using 
2.6.18.8 patch, so it fetches 2.6.18.8 tarball. Do you prefer using 
incremantal patch instead of tarball?

Cheers
-- 
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 16/1/08 13:25, "S.Çağlar Onur" <caglar@pardus.org.tr> wrote:
> 16 Oca 2008 Çar tarihinde şunları yazmıştınız:
>> Where does the 2.6.18.8 patch itself come from, and where do you place
it
>> in the patches series file?
>> 
>>  -- Keir
> 
> I bumped the neededed LINUX_VER from 2.6.18 to 2.6.18.8 instead of using
> 2.6.18.8 patch, so it fetches 2.6.18.8 tarball. Do you prefer using
> incremantal patch instead of tarball?
Oh, my mistake. It''s fine as-is then!

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

I get a build failure in mm/page_alloc.c. Probably some files in the sparse
tree need updating with .8 changes?

 -- Keir

On 16/1/08 12:56, "S.Çağlar Onur" <caglar@pardus.org.tr> wrote:
> Hi Keir;
> 
> 15 Oca 2008 Sal tarihinde, Keir Fraser şunları yazmıştı:
>> Feel free to submit a patch that throws the upgrade to .8 into the
kernel''s
>> patches/ directory, within the 3.1-testing repository.
> 
> Although needed modifications are simple, resulting patch is quite big (214
> K). So what i did is follows;
> 
> After applying this;
> 
> diff -r 0918b4bbffbb buildconfigs/mk.linux-2.6-xen
> --- a/buildconfigs/mk.linux-2.6-xen Tue Jan 15 11:19:14 2008 +0000
> +++ b/buildconfigs/mk.linux-2.6-xen Wed Jan 16 14:53:41 2008 +0200
> @@ -1,5 +1,5 @@ LINUX_SERIES = 2.6
>  LINUX_SERIES = 2.6
> -LINUX_VER    = 2.6.18
> +LINUX_VER    = 2.6.18.8
>  
>  EXTRAVERSION ?= xen
>  
> and that
> 
> diff -r 0918b4bbffbb patches/linux-2.6.18/series
> --- a/patches/linux-2.6.18/series Tue Jan 15 11:19:14 2008 +0000
> +++ b/patches/linux-2.6.18/series Wed Jan 16 14:54:51 2008 +0200
> @@ -7,7 +7,6 @@ i386-mach-io-check-nmi.patch
>  i386-mach-io-check-nmi.patch
>  net-csum.patch
>  net-gso-5-rcv-mss.patch
> -net-gso-6-linear-segmentation.patch
>  pmd-shared.patch
>  rename-TSS_sysenter_esp0-SYSENTER_stack_esp0.patch
>  xen-hotplug.patch
> 
> # hg rm patches/linux-2.6.18/net-gso-6-linear-segmentation.patch
> 
> and 
> 
> # hg mv patches/linux-2.6.18/ patches/linux-2.6.18.8
> 
> is enough to update .8 if i''m not missing something else.
> 
> Cheers


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi;

16 Oca 2008 Çar tarihinde, Keir Fraser şunları yazmıştı:
> I get a build failure in mm/page_alloc.c. Probably some files in the sparse
> tree need updating with .8 changes?
Yep, sorry for not seeing before (i''m building right now), following
solves
this issue;

diff -r 0918b4bbffbb linux-2.6-xen-sparse/mm/page_alloc.c
--- a/linux-2.6-xen-sparse/mm/page_alloc.c	Tue Jan 15 11:19:14 2008 +0000
+++ b/linux-2.6-xen-sparse/mm/page_alloc.c	Wed Jan 16 16:21:45 2008 +0200
@@ -2030,7 +2030,7 @@ static void __meminit free_area_init_cor
 		zone->zone_pgdat = pgdat;
 		zone->free_pages = 0;
 
-		zone->temp_priority = zone->prev_priority = DEF_PRIORITY;
+		zone->prev_priority = DEF_PRIORITY;
 
 		zone_pcp_init(zone);
 		INIT_LIST_HEAD(&zone->active_list);

Cheers
-- 
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Is this the *only* change in the .8 patch that affects any sparse tree file?

 -- Keir

On 16/1/08 14:22, "S.Çağlar Onur" <caglar@pardus.org.tr> wrote:
> Hi;
> 
> 16 Oca 2008 Çar tarihinde, Keir Fraser şunları yazmıştı:
>> I get a build failure in mm/page_alloc.c. Probably some files in the
sparse
>> tree need updating with .8 changes?
> 
> Yep, sorry for not seeing before (i''m building right now),
following solves
> this issue;
> 
> diff -r 0918b4bbffbb linux-2.6-xen-sparse/mm/page_alloc.c
> --- a/linux-2.6-xen-sparse/mm/page_alloc.c Tue Jan 15 11:19:14 2008 +0000
> +++ b/linux-2.6-xen-sparse/mm/page_alloc.c Wed Jan 16 16:21:45 2008 +0200
> @@ -2030,7 +2030,7 @@ static void __meminit free_area_init_cor
> zone->zone_pgdat = pgdat;
> zone->free_pages = 0;
>  
> -  zone->temp_priority = zone->prev_priority = DEF_PRIORITY;
> +  zone->prev_priority = DEF_PRIORITY;
>  
> zone_pcp_init(zone);
> INIT_LIST_HEAD(&zone->active_list);
> 
> Cheers


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi;

16 Oca 2008 Çar tarihinde, Keir Fraser şunları yazmıştı:
> Is this the *only* change in the .8 patch that affects any sparse tree
> file?
>
>  -- Keir
I''ll check again ASAP, by the way what i do is like that, if its wrong
please
yell.

First i use 2.6.18 as a base with current sparse tree and generate a Xen 
patches tree.

After that, i tried to patch this tree with 2.6.18.8 patch and check .rej 
files against sparse tree history to decide whether its needed or not etc.

Cheers
-- 
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Wed, 2008-01-16 at 16:50 +0200, S.Çağlar Onur wrote:
> Hi;
> 
> 16 Oca 2008 Çar tarihinde, Keir Fraser şunları yazmıştı: 
> > Is this the *only* change in the .8 patch that affects any sparse tree
> > file?
> >
> >  -- Keir
> 
> I''ll check again ASAP, by the way what i do is like that, if its
wrong please
> yell.
> 
> First i use 2.6.18 as a base with current sparse tree and generate a Xen 
> patches tree.
>
> After that, i tried to patch this tree with 2.6.18.8 patch and check .rej 
> files against sparse tree history to decide whether its needed or not etc.
That''s only half the story since that will only catch bits of the
2.6.18.8 patch which conflict with patches in the sparse tree.

You also need to use lsdiff or diffstat to determine which files are
patched by the 2.6.18.8 patch and then determine which of those are also
present in the sparse tree. Those are the files you then need to update
in the sparse tree otherwise the 2.6.18.8 patch will effectively be
reverted when the sparse tree is applied.

Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi;

16 Oca 2008 Çar tarihinde, Ian Campbell şunları yazmıştı:
> That''s only half the story since that will only catch bits of the
> 2.6.18.8 patch which conflict with patches in the sparse tree.
>
> You also need to use lsdiff or diffstat to determine which files are
> patched by the 2.6.18.8 patch and then determine which of those are also
> present in the sparse tree. Those are the files you then need to update
> in the sparse tree otherwise the 2.6.18.8 patch will effectively be
> reverted when the sparse tree is applied.
Got it and working on it, thanks :)

Cheers
-- 
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel