~alpine/devel

7 3

Re: [alpine-devel] Notes on Alpine 2.4.2 in Amazon EC2

Dean Takemori <deant@hawaii.rr.com>
Details
Message ID
<AD06D92E-72DF-4FF2-83CC-F8BC93BF0AF9@hawaii.rr.com>
Sender timestamp
1341049124
DKIM signature
missing
Download raw message
> From: Natanael Copa <ncopa_at_alpinelinux.org> 
> Date: Wed, 30 May 2012 21:45:37 +0200
> 
> On Wed, 30 May 2012 23:25:53 +0530 
> "V.Krishn" <vkrishn4_at_gmail.com> wrote: 
> 
> > On Tuesday, May 29, 2012 08:39:56 PM Natanael Copa wrote: 
> > > On Sun, 27 May 2012 09:00:47 -0700 
> > > 
> > > Nathan Angelacos <nangel_at_alpinelinux.org> wrote: 
> > > > * Booting the 64bit kernel reports: 
> > > > can only boot x86 32 PAE kernels, not xen-3.0-x86_64 
> > > > Error 13: Invalid or unsupported executable format 
> > > 
> > > I built a kernel dedicated for virtual guests. One of the goals is 
> > > to make it as small as possible. I have no idea if it even boots at 
> > > this point but feedback is welcome. 
> > > 
> > > I'd like it to include drivers for qemu/kvm, xen, vmware, virtualbox 
> > > and hyper-v guests. 
> > > 
> > > It is in edge/testing and is named linux-virt-grsec. 
> > > 
> > 
> > Can we see a bootable iso in edge/releases or a wiki help page on how 
> > to create one. It would be great to have a lighter iso suited for 
> > virtual guests. I could test using kvm and install/test pmreader on 
> > it. (http://insteps.net/pr/a/pmwiki/Apps/PmReader-help-v1-1) 
> 
> I built one for testing 
> http://dev.alpinelinux.org/~ncopa/alpine/alpine-virt/ 

Hi,

I've tried the alpine-virt-120531-x86.iso as a PV guest under 
Xen (32 and 64 bit Centos 5 and 64 bit Fedora 17), and it appears
to run up against this bug:

https://bugzilla.redhat.com/show_bug.cgi?id=829016#c4

Namely "unable to handle kernel paging request" in atomic64_read_cx8

Looks like a patch is going in for upstream:

http://lists.xen.org/archives/html/xen-devel/2012-06/msg00486.html

But for current Alpine, if it's not too much trouble, could you guys 
generate a kernel/iso with CONFIG_TRANSPARENT_HUGEPAGE=n

Thanks,

-dean takemori


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] Notes on Alpine 2.4.2 in Amazon EC2

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20120702084028.6a0938d3@ncopa-desktop.nor.wtbts.net>
In-Reply-To
<AD06D92E-72DF-4FF2-83CC-F8BC93BF0AF9@hawaii.rr.com> (view parent)
Sender timestamp
1341211228
DKIM signature
missing
Download raw message
On Fri, 29 Jun 2012 23:38:44 -1000
Dean Takemori <deant@hawaii.rr.com> wrote:

> > From: Natanael Copa <ncopa_at_alpinelinux.org> 
> > Date: Wed, 30 May 2012 21:45:37 +0200
> > 
> > On Wed, 30 May 2012 23:25:53 +0530 
> > "V.Krishn" <vkrishn4_at_gmail.com> wrote: 
> > 
> > > On Tuesday, May 29, 2012 08:39:56 PM Natanael Copa wrote: 
> > > > On Sun, 27 May 2012 09:00:47 -0700 
> > > > 
> > > > Nathan Angelacos <nangel_at_alpinelinux.org> wrote: 
> > > > > * Booting the 64bit kernel reports: 
> > > > > can only boot x86 32 PAE kernels, not xen-3.0-x86_64 
> > > > > Error 13: Invalid or unsupported executable format 
> > > > 
> > > > I built a kernel dedicated for virtual guests. One of the goals
> > > > is to make it as small as possible. I have no idea if it even
> > > > boots at this point but feedback is welcome. 
> > > > 
> > > > I'd like it to include drivers for qemu/kvm, xen, vmware,
> > > > virtualbox and hyper-v guests. 
> > > > 
> > > > It is in edge/testing and is named linux-virt-grsec. 
> > > > 
> > > 
> > > Can we see a bootable iso in edge/releases or a wiki help page on
> > > how to create one. It would be great to have a lighter iso suited
> > > for virtual guests. I could test using kvm and install/test
> > > pmreader on it.
> > > (http://insteps.net/pr/a/pmwiki/Apps/PmReader-help-v1-1) 
> > 
> > I built one for testing 
> > http://dev.alpinelinux.org/~ncopa/alpine/alpine-virt/ 
> 
> Hi,
> 
> I've tried the alpine-virt-120531-x86.iso as a PV guest under 
> Xen (32 and 64 bit Centos 5 and 64 bit Fedora 17), and it appears
> to run up against this bug:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=829016#c4

Great! I never got the x86 PV guest working but never found out why.
Thanks!

> Namely "unable to handle kernel paging request" in atomic64_read_cx8
> 
> Looks like a patch is going in for upstream:
> 
> http://lists.xen.org/archives/html/xen-devel/2012-06/msg00486.html
> 
> But for current Alpine, if it's not too much trouble, could you guys 
> generate a kernel/iso with CONFIG_TRANSPARENT_HUGEPAGE=n

I think I would prefer apply that patch if it works.

Could we test the patch first? I can apply it to the linux-virt-grsec
first, create a new alpine-virt iso and if successful try it on the
default kernel too.

Thanks!

> Thanks,
> 
> -dean takemori
> 
> 
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
> 



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] Notes on Alpine 2.4.2 in Amazon EC2

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20120702092757.5cf1d3a6@ncopa-desktop.nor.wtbts.net>
In-Reply-To
<AD06D92E-72DF-4FF2-83CC-F8BC93BF0AF9@hawaii.rr.com> (view parent)
Sender timestamp
1341214077
DKIM signature
missing
Download raw message
On Fri, 29 Jun 2012 23:38:44 -1000
Dean Takemori <deant@hawaii.rr.com> wrote:

> > From: Natanael Copa <ncopa_at_alpinelinux.org> 
> > Date: Wed, 30 May 2012 21:45:37 +0200
> > 
> > On Wed, 30 May 2012 23:25:53 +0530 
> > "V.Krishn" <vkrishn4_at_gmail.com> wrote: 
> > 
> > > On Tuesday, May 29, 2012 08:39:56 PM Natanael Copa wrote: 
> > > > On Sun, 27 May 2012 09:00:47 -0700 
> > > > 
> > > > Nathan Angelacos <nangel_at_alpinelinux.org> wrote: 
> > > > > * Booting the 64bit kernel reports: 
> > > > > can only boot x86 32 PAE kernels, not xen-3.0-x86_64 
> > > > > Error 13: Invalid or unsupported executable format 
> > > > 
> > > > I built a kernel dedicated for virtual guests. One of the goals
> > > > is to make it as small as possible. I have no idea if it even
> > > > boots at this point but feedback is welcome. 
> > > > 
> > > > I'd like it to include drivers for qemu/kvm, xen, vmware,
> > > > virtualbox and hyper-v guests. 
> > > > 
> > > > It is in edge/testing and is named linux-virt-grsec. 
> > > > 
> > > 
> > > Can we see a bootable iso in edge/releases or a wiki help page on
> > > how to create one. It would be great to have a lighter iso suited
> > > for virtual guests. I could test using kvm and install/test
> > > pmreader on it.
> > > (http://insteps.net/pr/a/pmwiki/Apps/PmReader-help-v1-1) 
> > 
> > I built one for testing 
> > http://dev.alpinelinux.org/~ncopa/alpine/alpine-virt/ 
> 
> Hi,
> 
> I've tried the alpine-virt-120531-x86.iso as a PV guest under 
> Xen (32 and 64 bit Centos 5 and 64 bit Fedora 17), and it appears
> to run up against this bug:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=829016#c4
> 
> Namely "unable to handle kernel paging request" in atomic64_read_cx8
> 
> Looks like a patch is going in for upstream:
> 
> http://lists.xen.org/archives/html/xen-devel/2012-06/msg00486.html

Seems like that patch is fixing an issue introduced by a patch that we
don't use at all so it does not apply.

> But for current Alpine, if it's not too much trouble, could you guys 
> generate a kernel/iso with CONFIG_TRANSPARENT_HUGEPAGE=n

Yeah, I think this is what we need to do for now.

-nc
> 
> Thanks,
> 
> -dean takemori
> 
> 
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
> 



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] Notes on Alpine 2.4.2 in Amazon EC2

Dean Takemori <deant@hawaii.rr.com>
Details
Message ID
<6C602F38-7571-4239-9DA1-5513BE8D3BE9@hawaii.rr.com>
In-Reply-To
<20120702092757.5cf1d3a6@ncopa-desktop.nor.wtbts.net> (view parent)
Sender timestamp
1341820567
DKIM signature
missing
Download raw message
On Jul 1, 2012, at 9:27 PM, Natanael Copa wrote:

> On Fri, 29 Jun 2012 23:38:44 -1000
> Dean Takemori <deant@hawaii.rr.com> wrote:

> Seems like that patch is fixing an issue introduced by a patch that we
> don't use at all so it does not apply.
> 
>> But for current Alpine, if it's not too much trouble, could you guys 
>> generate a kernel/iso with CONFIG_TRANSPARENT_HUGEPAGE=n
> 
> Yeah, I think this is what we need to do for now.

I just tried the current edge/testing linux-virt-grsec kernel.
It boots just fine under VirtualBox-4.1.18 and KVM (64 bit Fedora 17 host)

But under Xen (64 bit Fedora 17 host), it stops at

	 * Mounting boot media failed.
	initramfs emergency recovery shell launched. Type 'exit' to continue boot
	sh: can't access tty; job control turned off
	/ #

I have not had the time to investigate further.

-dean takemori


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] Notes on Alpine 2.4.2 in Amazon EC2

Details
Message ID
<20120712023024.NOQDR.61095.root@hrndva-web05-z02>
In-Reply-To
<6C602F38-7571-4239-9DA1-5513BE8D3BE9@hawaii.rr.com> (view parent)
Sender timestamp
1342060224
DKIM signature
missing
Download raw message
---- Dean Takemori <deant@hawaii.rr.com> wrote: 
> I just tried the current edge/testing linux-virt-grsec kernel.
> It boots just fine under VirtualBox-4.1.18 and KVM (64 bit Fedora 17 host)
> 
> But under Xen (64 bit Fedora 17 host), it stops at
> 
> 	 * Mounting boot media failed.
> 	initramfs emergency recovery shell launched. Type 'exit' to continue boot
> 	sh: can't access tty; job control turned off
> 	/ #
> 
> I have not had the time to investigate further.

I got a bit further; I had to bump up the memory of the domU and explicitly
add "root=/dev/xvda3 modules=ext4" to the kernel boot line, but the PV domU
booted further, this time crashing with:

+ exec /bin/busybox switch_root /sysroot /sbin/init
[    0.273065] ------------[ cut here ]------------
[    0.273071] kernel BUG at /home/buildozer/aports/testing/linux-virt-grsec/src/linux-3.3/mm/filemap.c:135!
[    0.273077] invalid opcode: 0000 [#1] SMP 
[    0.273082] Modules linked in: loop ext4 mbcache jbd2 crc16
[    0.273091] 
[    0.273093] Pid: 1, comm: busybox Not tainted 3.3.8-grsec #5-Alpine  
[    0.273099] EIP: 0061:[<c10785d2>] EFLAGS: 00010006 CPU: 0
[    0.273106] EIP is at __delete_from_page_cache+0x99/0xfa
[    0.273110] EAX: 00000050 EBX: dffc1fc0 ECX: 00003a2d EDX: 00000009
[    0.273114] ESI: df0598a4 EDI: df0598b4 EBP: df441c48 ESP: df441c40
[    0.273127]  DS: 0068 ES: 0068 FS: 00d8 GS: 0000 SS: 0069
[    0.273131] Process busybox (pid: 1, ti=df43836c task=df438000 task.ti=df43836c)
[    0.273136] Stack:
[    0.273138]  dffc1fc0 00000000 df441c5c c1078737 dffc1fc0 df0598a4 00000000 df441c6c
[    0.273148]  c1080177 dffc1fc0 00000000 df441cd4 c1080244 00000000 00000000 00000000
[    0.273156]  ffffffff df0598a4 0000000e 00000000 dffc1fc0 dffc1fe0 dffc2000 dffc2020
[    0.273165] Call Trace:
[    0.273169]  [<c1078737>] delete_from_page_cache+0x2a/0x4c
[    0.273175]  [<c1080177>] truncate_inode_page+0x74/0x7d
[    0.273180]  [<c1080244>] truncate_inode_pages_range+0xc4/0x2a0
[    0.273185]  [<c108042c>] truncate_inode_pages+0xc/0x10
[    0.273190]  [<c10b524a>] evict+0xa0/0x128
[    0.273194]  [<c10b5443>] iput+0x144/0x149
[    0.273198]  [<c10b2c3a>] d_kill+0xa8/0xc4
[    0.273201]  [<c10b3190>] dput+0x114/0x11e
[    0.273206]  [<c10a3666>] fput+0x155/0x166
[    0.273210]  [<c108fcbd>] remove_vma+0x30/0x4f
[    0.273214]  [<c1090e9e>] exit_mmap+0xc1/0xd7
[    0.273219]  [<c1025687>] mmput+0x3f/0xbc
[    0.273222]  [<c10a6f7c>] flush_old_exec+0x6d3/0x77f
[    0.273227]  [<c10a6244>] ? kernel_read+0x2e/0x38
[    0.273232]  [<c10d547c>] load_elf_binary+0x272/0x10b0
[    0.273237]  [<c108e343>] ? get_user_pages+0x34/0x3b
[    0.273241]  [<c10a67a0>] ? get_arg_page+0x4a/0xd9
[    0.273245]  [<c10a67c7>] ? get_arg_page+0x71/0xd9
[    0.273249]  [<c10a74d2>] ? copy_strings+0x1e5/0x22d
[    0.273253]  [<c10a5feb>] search_binary_handler+0x85/0x220
[    0.273257]  [<c10a7a53>] do_execve_common+0x434/0x613
[    0.273262]  [<c108de9a>] ? handle_mm_fault+0x30f/0x325
[    0.273266]  [<c10a7c3d>] do_execve+0xb/0xd
[    0.273271]  [<c100f035>] sys_execve+0x2c/0x53
[    0.273275]  [<c1268072>] ptregs_execve+0x12/0x20
[    0.273281]  [<c1267285>] ? syscall_call+0x7/0xb
[    0.273284] Code: c7 43 04 00 00 00 00 ff 4e 3c e8 82 e5 00 00 8b 03 a9 00 00 08 00 74 0c ba 17 00 00 00 89 d8 e8 6d e5 00 00 8b 43 0c 85 c0 78 02 <0f> 0b 8b 03 a8 10 74 52 8b 46 4c f6 40 10 01 75 49 ba 0a 00 00 
[    0.273333] EIP: [<c10785d2>] __delete_from_page_cache+0x99/0xfa SS:ESP 0069:df441c40
[    0.273341] ---[ end trace c574191b879d9f8e ]---
[    0.273394] Kernel panic - not syncing: Attempted to kill init!


I'm investigating

-dean takemori


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] Notes on Alpine 2.4.2 in Amazon EC2

Details
Message ID
<20120719023654.W90EK.8662.root@hrndva-web05-z02>
In-Reply-To
<20120712023024.NOQDR.61095.root@hrndva-web05-z02> (view parent)
Sender timestamp
1342665414
DKIM signature
missing
Download raw message
I'm not going to mention how many re-configure/compile cycles I tried, but I was 
unable to generate a 3.3.8 + grsecurity kernel that worked as a Paravirtualized
guest under Xen.  I suspect that version of the grsecurity patch either has a bug
or trips one in somewhere in the kernel or toolchain.

I have been able to create a 3.4.5 + grsecurity kernel that boots as PV domU under
Xen.  It also boots under VirtualBox and KVM.

Attached is the APKBUILD and kernelconfig that I used;  Note that the kernelconfig
attached has grsec's RBAC turned on as that's my intended usage for Alpine.

-dean takemori

Re: [alpine-devel] Notes on Alpine 2.4.2 in Amazon EC2

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20120719082941.437b6e90@ncopa-desktop.nor.wtbts.net>
In-Reply-To
<20120719023654.W90EK.8662.root@hrndva-web05-z02> (view parent)
Sender timestamp
1342679381
DKIM signature
missing
Download raw message
On Wed, 18 Jul 2012 22:36:54 -0400
<deant@hawaii.rr.com> wrote:
 
> I'm not going to mention how many re-configure/compile cycles I
> tried, but I was unable to generate a 3.3.8 + grsecurity kernel that
> worked as a Paravirtualized guest under Xen.  I suspect that version
> of the grsecurity patch either has a bug or trips one in somewhere in
> the kernel or toolchain.

Thats what i suspect too. Got the x86_64 running though.

> I have been able to create a 3.4.5 + grsecurity kernel that boots as
> PV domU under Xen.  It also boots under VirtualBox and KVM.

Very nice!
 
> Attached is the APKBUILD and kernelconfig that I used;  Note that the
> kernelconfig attached has grsec's RBAC turned on as that's my
> intended usage for Alpine.

Will have a look at it when I get a chance.

Thank you very much for sharing!

> -dean takemori

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] Notes on Alpine 2.4.2 in Amazon EC2

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20120720182228.0b350c2f@alpinelinux.org>
In-Reply-To
<20120719023654.W90EK.8662.root@hrndva-web05-z02> (view parent)
Sender timestamp
1342801348
DKIM signature
missing
Download raw message
On Wed, 18 Jul 2012 22:36:54 -0400
<deant@hawaii.rr.com> wrote:

> 
> I'm not going to mention how many re-configure/compile cycles I
> tried, but I was unable to generate a 3.3.8 + grsecurity kernel that
> worked as a Paravirtualized guest under Xen.  I suspect that version
> of the grsecurity patch either has a bug or trips one in somewhere in
> the kernel or toolchain.
> 
> I have been able to create a 3.4.5 + grsecurity kernel that boots as
> PV domU under Xen.  It also boots under VirtualBox and KVM.
> 
> Attached is the APKBUILD and kernelconfig that I used;  Note that the
> kernelconfig attached has grsec's RBAC turned on as that's my
> intended usage for Alpine.

I have only one comment to this: Excellent work!

Applied, using you as author. Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)