From owner-freebsd-security@freebsd.org Wed Mar 7 14:01:09 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA618F2EE52 for ; Wed, 7 Mar 2018 14:01:08 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 63E7875417 for ; Wed, 7 Mar 2018 14:01:07 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.15.2/8.15.2) with ESMTPS id w27E0wP5027228 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 7 Mar 2018 15:00:58 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.15.2/8.15.2/Submit) with ESMTP id w27E0w9a027225 for ; Wed, 7 Mar 2018 15:00:58 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Wed, 7 Mar 2018 15:00:58 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-18:02.ntp In-Reply-To: Message-ID: References: <20180307071008.B1366447B@freefall.freebsd.org> <3E55483F-40C9-478D-8539-B5B6C3C60FEA@FreeBSD.org> User-Agent: Alpine 2.21 (BSF 202 2017-01-01) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.fig.ol.no Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 14:01:09 -0000 On Wed, 7 Mar 2018 14:30+0100, Remko Lodder wrote: > > On 7 Mar 2018, at 12:50, David Chisnall wrote: > > > > Were these changes and the kernel changes tested together on Xen? > > After updating to -p7, I get about 10 seconds of uptime on a Xen > > VM before the kernel panics with a double fault and reboots. > > Disabling ntpd results in a stable system. On an AMD system > > without a hypervisor, I don’t see any instability. > > Hi David, > > We have no Xen setup as far as I know so in short; these changes were not tested on Xen as far as I know. > > Cheers > Remko Here's one of my systems, running ntpd on stable/11 r330228 on XenServer 7.3, and there have been no issues so far. Timekeeping is as good as can be expected. The XenServer host has Intel CPUs. $ uname -aKU FreeBSD somehost 11.1-STABLE FreeBSD 11.1-STABLE #0 r330228: Thu Mar 1 10:58:45 CET 2018 root@somehost:/usr/obj/usr/src/sys/XENGUEST amd64 1101511 1101511 $ w | head -1 2:18p.m. up 5 days, 1:23, 1 user, load averages: 0,18 0,20 0,17 Note, I run a custom kernel eliminating most of the unneeded stuff when running as a/an Xen guest, see https://ximalas.info/~trond/create-zfs/canmount/XENGUEST-amd64-stable-11 for details. -- Trond. From owner-freebsd-security@freebsd.org Wed Mar 7 13:29:29 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B58CBF2BCF1 for ; Wed, 7 Mar 2018 13:29:29 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from smtp-out.elvandar.org (smtp-out.elvandar.org [IPv6:2a01:7c8:aaba:ae::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46A127318B; Wed, 7 Mar 2018 13:29:29 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from mail2.jr-hosting.nl (mail-out.elvandar.org [IPv6:2a01:4f8:150:4451::2:25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-out.elvandar.org (Postfix) with ESMTPS id C1B1E4709A7; Wed, 7 Mar 2018 14:29:26 +0100 (CET) Received: from [172.20.20.62] (unknown [178.22.83.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.jr-hosting.org (Postfix) with ESMTPSA id B4DC81A6AAA; Wed, 7 Mar 2018 14:29:24 +0100 (CET) From: Remko Lodder Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_0426FA00-4B9E-486B-812A-82755615EBCB"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-18:02.ntp Date: Wed, 7 Mar 2018 14:29:23 +0100 In-Reply-To: <3E55483F-40C9-478D-8539-B5B6C3C60FEA@FreeBSD.org> Cc: freebsd-security@freebsd.org To: David Chisnall References: <20180307071008.B1366447B@freefall.freebsd.org> <3E55483F-40C9-478D-8539-B5B6C3C60FEA@FreeBSD.org> X-Mailer: Apple Mail (2.3445.5.20) X-Spamd-Result: default: False [-2.51 / 15.00] ARC_NA(0.00)[] HAS_ATTACHMENT(0.00)[] RCVD_VIA_SMTP_AUTH(0.00)[] FROM_EQ_ENVFROM(0.00)[] MX_GOOD(-0.01)[cached: mx1.elvandar.org] MIME_GOOD(-0.20)[multipart/signed,text/plain] RCPT_COUNT_TWO(0.00)[2] DMARC_POLICY_SOFTFAIL(0.10)[elvandar.org : No valid SPF, No valid DKIM,none] ONCE_RECEIVED(0.10)[] RCVD_COUNT_ONE(0.00)[1] BAYES_HAM(-3.00)[100.00%] MV_CASE(0.50)[] R_DKIM_NA(0.00)[] FROM_HAS_DN(0.00)[] TO_DN_SOME(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] MID_RHS_MATCH_FROM(0.00)[] RCVD_TLS_ALL(0.00)[] X-Rspamd-Server: glamredhel.elvandar.org X-Mailman-Approved-At: Wed, 07 Mar 2018 14:31:05 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 13:29:30 -0000 --Apple-Mail=_0426FA00-4B9E-486B-812A-82755615EBCB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 7 Mar 2018, at 12:50, David Chisnall wrote: >=20 > Were these changes and the kernel changes tested together on Xen? = After updating to -p7, I get about 10 seconds of uptime on a Xen VM = before the kernel panics with a double fault and reboots. Disabling = ntpd results in a stable system. On an AMD system without a hypervisor, = I don=E2=80=99t see any instability. >=20 > David >=20 >>=20 Hi David, We have no Xen setup as far as I know so in short; these changes were = not tested on Xen as far as I know. Cheers Remko --Apple-Mail=_0426FA00-4B9E-486B-812A-82755615EBCB Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUZm6tSR1fPPy/V/fqMPbslnzjLAFAlqf6TMACgkQqMPbslnz jLAqGRAAr3dl81D0M/JVIumsz4FemhPKn+zarf6Hf8jZjmj8hp+Bbho1mjwOK5Cg l4ogOFKR06H0aYJb3CROXYA8D9TNsH6aYV8FfvWHofPauS4VzoguIjUg8a/ZVxKr z+9szqVgQcDYCpIkOoMIy9fxzV1dpIp3JBLU+z+aezA+Tvy5Sy/ybtuiUeek+E2E Txbi0K2v2JgLCLxZnJ+BgElEf1SpNvClz6QdNjLxM4MO0R3iv/smdGTm757VgWEe KRN7hvFXzROXe7UMtrcnHQOddi1nHl9WOTy4kas9YVulaBC9I4XmM7tFHKHLLgH6 RC7BpMztjczK/ntxo95zbJsrUngKk0wvVmEzttMTEekCHC6WMNn6jb0PD6pZY8j6 xpeOL/3MJV+N+Sx/bqiWUWJ0gC7U4+Yc4U7YhUeFH3Hsgz4JmfD/N989FFJedJIA L/SayNdZTR39rWfdYCbcGrWpHM6ZDeRjQQ8V8/xXpPncrZpQuh5MjLcgmsl6zqjP gHU8vwcV1nfG82dO5j6qbcerlEVUvDexjlwe9ihYDFbto+lKUzB/aAiMyr4SudXa crT8E/v/NAwOLClTs/Nqdy4d3vxvO13wHIY+aoDff5dSkmxZOJc1DzHUC7CXBNX+ +s02esfTeQrrT5EuWMRn5S4pSy64yuXBX5dO6yVusXFejAosh7A= =YlTy -----END PGP SIGNATURE----- --Apple-Mail=_0426FA00-4B9E-486B-812A-82755615EBCB--