BitFolk Announcements January 2018

announce@mailman.bitfolk.com

1 participants
2 discussions

Spectre / Meltdown CPU bugs - short notice reboots will be needed, little other info yet

by Andy Smith

Hello, As you're probably aware, it turns out that pretty much every CPU made in the last 10 years is broken, and while this affects almost all computers, this is going to have a particularly nasty effect on virtualisation providers such as BitFolk. The Xen project last night released the first version of their advisory which is XSA-254: https://xenbits.xen.org/xsa/advisory-254.html This is with no embargo, because the original embargo had to be abandoned by the discoverers of the bugs. As you can see, unfortunately the Xen project have no resolutions for any of this available as yet. There's three different issues here: 1. SP1/Spectre (CVE-2017-5753) 2. SP2/Spectre (CVE-2017-5715) 3. SP3/Meltdown (CVE-2017-5754) There isn't any known resolution for (1) yet. Xen are working on mitigations for (2). It's possible to avoid (3) by going to HVM mode, but that is a huge change that brings other problems with it. It can also be avoided by running in PVH mode, but very few guest kernels will be new enough to support that. Xen are hoping to come up with a way to run PV-inside-PVH but they're not ready with that yet. There will likely be other strategies to fix or mitigate these issues in the coming days. So I'm afraid there currently is no concrete plan because there is very little information available yet. All I can tell you is that there will be a need for short-notice reboots to apply relevant fixes. I will post again when there is any useful information. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

6 years, 10 months

Latest CentOS 7 kernel doesn't boot under Xen PV - workaround available

by Andy Smith

Hi, I haven't had chance to personally check this out but apparently the latest CentOS 7 kernel package doesn't boot under Xen PV: https://bugs.centos.org/view.php?id=13763 This may be highly relevant to you because an update was just pushed out for the KPTI feature (to help mitigate Spectre/Meltdown etc in Linux). As mentioned in that bug report, there are patches to fix this but they haven't yet been applied to the main CentOS kernel package. In the mean time you can use the kernel package from the CentOSPlus repository which does have this fix and the KPTI one. https://wiki.centos.org/AdditionalResources/Repositories/CentOSPlus All of this was researched by a customer having the problem today and it resolved it for them. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

6 years, 10 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

BitFolk Announcements January 2018