Announcement

Collapse
No announcement yet.

Meltdown and Spectre

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Meltdown and Spectre

    So I manually did yum clean all && and yum update on my servers that have cloudlinux and kernelcare. They all did install the latest patched version of the cloudlinux kernel.

    I am just wondering hwo and when kernelcare switches to the new kernel, or do I need to do an actual reboot?

    How long does it take before kernelcare switches to the new kernel?
    Tags: None
  • #2
    Sure here is one but I already ran yum update and I saw that it installed a new cloudlinux kernel

    uname -a
    Linux XXXX.XXX.XXX 2.6.32-673.26.1.lve1.4.25.el6.x86_64 #1 SMP Wed Apr 5 16:33:01 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux

    Comment

    • #3
      Here is the output of some commands too

      /usr/bin/kcarectl --update
      Kernel is safe
      XXX [~]# /usr/bin/kcarectl --info
      kpatch-state: patch is applied
      kpatch-for: Linux version 2.6.32-673.26.1.lve1.4.25.el6.x86_64 (mockbuild@build.cloudlinux.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) ) #1 SMP Wed Apr 5 16:33:01 EDT 2017
      kpatch-build-time: Wed Dec 6 05:54:33 2017
      kpatch-description: 210-;2.6.32-773.26.1.lve1.4.46.el6

      Comment

      • #4
        Hmm maybe this was an issue, I reran yum update and saw this

        Transaction couldnt start:
        installing package kernel-1:2.6.32-896.16.1.lve1.4.49.el6.x86_64 needs 2MB on the /boot filesystem

        [(installing package kernel-1:2.6.32-896.16.1.lve1.4.49.el6.x86_64 needs 2MB on the /boot filesystem, (9, /boot, 1265664L))]

        But I see
        /dev/sda1 190M 125M 56M 70% /boot

        Comment

        • #5
          Hmm after getting yum to update the kernel and running /usr/bin/kcarectl --update I still get

          Yum updated kernel to
          Installed:
          kernel.x86_64 1:2.6.32-896.16.1.lve1.4.49.el6

          /usr/bin/kcarectl --info
          kpatch-state: patch is applied
          kpatch-for: Linux version 2.6.32-673.26.1.lve1.4.25.el6.x86_64 (mockbuild@build.cloudlinux.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) ) #1 SMP Wed Apr 5 16:33:01 EDT 2017
          kpatch-build-time: Wed Dec 6 05:54:33 2017
          kpatch-description: 210-;2.6.32-773.26.1.lve1.4.46.el6

          XXX [/boot]# /usr/bin/kcarectl --update
          Kernel is safe

          Comment

          • #6
            Mark,

            KernelCare does not actually "switch" to the newly installed (by yum update) kernel - it is not possible without reboot.
            What it does is binary patching the running one so that vulnerable procedures are replaced by patched ones in memory.
            Thats the reason your system still reports to be running an old kernel when you issue uname -r
            At the same time, KernelCare does its patching so that you can see that Kernel is safe in kcarectl output.

            Comment

            Previous template Next
            Working...
            X