Mailinglist Archive: opensuse (929 mails)

< Previous Next >
[opensuse] Re: SUSE-SU-2014:0459-1: important: Security update for Linux Kernel
opensuse-security@xxxxxxxxxxxx wrote:
An update that solves 6 vulnerabilities and has 28 fixes is
now available. It includes one version update.

Description:


The SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to fix various bugs and security issues.

------------------------------------------------------------
------------ WARNING: If you are running KVM with PCI
pass-through on a system with one of the following Intel
chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or
X58 (revisions 0x12, 0x13, 0x22), please make sure to read
the following support document before installing this
update:
https://www.suse.com/support/kb/doc.php?id=7014344
<https://www.suse.com/support/kb/doc.php?id=7014344> . You
will have to update your KVM setup to no longer make use
of PCI pass-through before rebooting to the updated
kernel.
------------------------------------------------------------

The above doesn't seem to be a security update as a rare hw problem.

The listed test on the linked page doesn't seem to work correctly.

It doesn't echo that my system is 'affected', (even though it is).

It seems the "-q" option is at fault.
w/-q:
# /sbin/lspci -nn | grep -qE '8086:(340[36].*rev 13|3405.*rev (12|13|22))' && echo "Interrupt remapping is broken"
#

w/o -q:
# /sbin/lspci -nn | grep -E '8086:(340[36].*rev 13|3405.*rev (12|13|22))' && echo "Interrupt remapping is broken"
00:00.0 Host bridge [0600]: Intel Corporation 5520 I/O Hub to ESI Port [8086:3406] (rev 13)
Interrupt remapping is broken

looks like it has something to do with the pipefail section in bash, as
this works:

# grep -qE '8086:(340[36].*rev 13|3405.*rev (12|13|22))' < <(lspci -nn) && echo "Interrupt remapping is broken"
Interrupt remapping is broken

FWIW, having run this HW for 4+ years, I've never seen any of the warning
messages that they indicate are symptoms of this problem, I did
see the warning in the kernel about the problem and that my kernel
was then marked tainted -- EVEN THOUGH, interrupt remapping had
been turned off! ...

Why implement a workaround that taints your kernel? I.e. isn't the workaround
supposed to protect your kernel from becoming tainted?


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages