SCIENTIFIC-LINUX-USERS Archives

May 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
VirtualBox-5.0 and kernel kernel-2.6.32-642.el6 - was Re: Security ERRATA SL6 i386/x86_64 in testing
From:
Andrew C Aitchison <[log in to unmask]>
Reply To:
Andrew C Aitchison <[log in to unmask]>
Date:
Sat, 21 May 2016 09:11:35 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (121 lines) 
On Fri, 20 May 2016, Connie Sieh wrote:

> The following security errata are now located in "sl-testing".  These errata 
> were released after/during the release of RHEL 6.8 .  We require extra 
> testing for these errata.   Please test.
>
>   yum --enablerepo=sl-testing list
>   yum --enablerepo=sl-testing update <package>
>
> file-5.04-30.el6
> icedtea-web-1.6.2-1.el6
> kernel-2.6.32-642.el6

Not sure SL is the place to fix this SL6 users may wish to known.
The SL6.8 kernel-2.6.32-642.el6 makes the Oracle 
VirtualBox-5.0-5.0.20_106931_el6-1.src.rpm unhappy:

Executive summary:
Oracle VirtualBox-5.0 does not want to play with kernel-2.6.32-642.el6

Detailed version:

# /sbin/rcvboxdrv  setup
Stopping VirtualBox kernel modules                         [  OK  ]
Removing old VirtualBox kernel module                      [  OK  ]
Recompiling VirtualBox kernel modules                      [FAILED]
   (Look at /var/log/vbox-install.log to find out what went wrong)
tail  /var/log/vbox-install.log
         /bin/false)
mkdir -p /tmp/vbox.0/.tmp_versions ; rm -f /tmp/vbox.0/.tmp_versions/*
make -f scripts/Makefile.build obj=/tmp/vbox.0
   gcc -Wp,-MD,/tmp/vbox.0/linux/.VBoxNetFlt-linux.o.d  -nostdinc -isystem 
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/include -Iinclude 
-I/usr/src/kernels/2.6.32-642.el6.x86_64/include/uapi 
-I/usr/src/kernels/2.6.32-642.el6.x86_64/arch/x86/include 
-Iarch/include/generated -Iinclude -include 
/usr/src/kernels/2.6.32-642.el6.x86_64/include/linux/kconfig.h 
-D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs 
-fno-strict-aliasing -fno-common -Werror-implicit-function-declaration 
-Wno-format-security -fno-delete-null-pointer-checks -O2 -m64 
-mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time 
-maccumulate-outgoing-args -fstack-protector -DCONFIG_AS_CFI=1 
-DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 
-DCONFIG_AS_AVX=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables 
-mno-sse -mno-mmx -mno-sse2 -mno-3dnow -Wframe-larger-than=2048 
-Wno-unused-but-set-variable -fno-omit-frame-pointer 
-fno-optimize-sibling-calls -g -pg -Wdeclaration-after-statement 
-Wno-pointer-sign -fno-strict-overflow -fno-dwarf2-cfi-asm 
-fconserve-stack -include /tmp/vbox.0/include/VBox/SUPDrvMangling.h 
-I/lib/modules/2.6.32-642.el6.x86_64/build/include -I/tmp/vbox.0/ 
-I/tmp/vbox.0/include -I/tmp/vbox.0/r0drv/linux -I/tmp/vbox.0/vboxnetflt/ 
-I/tmp/vbox.0/vboxnetflt/include -I/tmp/vbox.0/vboxnetflt/r0drv/linux 
-D__KERNEL__ -DMODULE -DRT_OS_LINUX -DIN_RING0 -DIN_RT_R0 -DIN_SUP_R0 
-DVBOX -DRT_WITH_VBOX -DVBOX_WITH_HARDENING 
-Wno-declaration-after-statement -DRT_ARCH_AMD64 
-DVBOX_WITH_64_BITS_GUESTS  -DMODULE -D"KBUILD_STR(s)=#s" 
-D"KBUILD_BASENAME=KBUILD_STR(VBoxNetFlt_linux)" 
-D"KBUILD_MODNAME=KBUILD_STR(vboxnetflt)" -D"DEBUG_HASH=60" 
-D"DEBUG_HASH2=11" -c -o /tmp/vbox.0/linux/.tmp_VBoxNetFlt-linux.o 
/tmp/vbox.0/linux/VBoxNetFlt-linux.c
/tmp/vbox.0/linux/VBoxNetFlt-linux.c: In function vboxNetFltLinuxPacketHandler
/tmp/vbox.0/linux/VBoxNetFlt-linux.c:943: error: implicit declaration of function vlan_tx_tag_present
/tmp/vbox.0/linux/VBoxNetFlt-linux.c:953: error: implicit declaration of function vlan_tx_tag_get
make[2]: *** [/tmp/vbox.0/linux/VBoxNetFlt-linux.o] Error 1
make[1]: *** [_module_/tmp/vbox.0] Error 2
make: *** [vboxnetflt] Error 2

... so the 2.6.32-642 kernels no longer have the vlan_tx_tag_ defines


# egrep -4 "vlan_tx_tag_|VBOX_HAVE_SKB_VLAN" 
/usr/share/virtualbox/src/vboxhost/vboxnetflt/linux/VBoxNetFlt-linux.c
# endif
#endif

#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
# define VBOX_HAVE_SKB_VLAN
#else
# ifdef RHEL_RELEASE_CODE
#  if RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 2)
#   define VBOX_HAVE_SKB_VLAN
#  endif
# endif
#endif

#ifdef VBOX_HAVE_SKB_VLAN
# define vlan_tx_tag_get(skb)       skb_vlan_tag_get(skb)
# define vlan_tx_tag_present(skb)   skb_vlan_tag_present(skb)
#endif

#ifndef NET_IP_ALIGN
# define NET_IP_ALIGN 2
--
         /* Somehow skb_copy ignores mac_len */
         pBuf->mac_len = uMacLen;
# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27)
         /* Restore VLAN tag stripped by host hardware */
         if (vlan_tx_tag_present(pBuf) && skb_headroom(pBuf) >= 
VLAN_ETH_HLEN)
         {
             uint8_t *pMac = (uint8_t*)skb_mac_header(pBuf);
             struct vlan_ethhdr *pVHdr = (struct vlan_ethhdr *)(pMac - 
VLAN_HLEN);
#  if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)
--
#  else
             memmove(pVHdr, pMac, VLAN_ETH_ALEN * 2);
#  endif
             pVHdr->h_vlan_proto = RT_H2N_U16(ETH_P_8021Q);
             pVHdr->h_vlan_TCI   = RT_H2N_U16(vlan_tx_tag_get(pBuf));
             pBuf->mac_header   -= VLAN_HLEN;
             pBuf->mac_len      += VLAN_HLEN;
         }
# endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) */

So there is already lots of tweaking for kernel versions in this area;
we just need someone to add a tweak for this kernel.

-- 
Andrew C Aitchison

ATOM RSS1 RSS2