Yesterday, I wrote about a serious Linux kernel bug and fix. However, few readers like to know about patching running Linux kernel. Patching production kernel is a risky business. Following procedure will help you to fix the problem.
Step # 1: Make sure your product is affected
First find out if your product is affected by reported exploit. For example, vmsplice() but only affects RHEL 5.x but RHEL 4.x,3.x, and 2.1.x are not affected at all. You can always obtain this information by visiting vendors bug reporting system called bugzilla. Also make sure bug affects your architectures. For example, a bug may only affect 64 bit or 32 bit platform.
Step # 2: Apply patch
You better apply and test patch in a test environment. Please note that some vendors such as Redhat and Suse modifies or backports kernel. So it is good idea to apply patch to their kernel source code tree. Otherwise you can always grab and apply patch to latest kernel version.
Step # 3: How do I apply kernel patch?
These instructions require having the skills of a sysadmin. Personally, I avoid recompiling any kernel unless absolutely necessary. Most our production boxes (over 1400+) are powered by mix of RHEL 4 and 5. Wrong kernel option can disable hardware or may not boot system at all. If you don’t understand the internal kernel dependencies don’t try this on a production box.
Change directory to your kernel source code:
# cd linux-2.6.xx.yy
Download and save patch file as fix.vmsplice.exploit.patch:
# cat fix.vmsplice.exploit.patch
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
error = -EFAULT;
- if (unlikely(!base))
+ if (!access_ok(VERIFY_READ, base, len))
Now apply patch using patch command, enter:
# patch < fix.vmsplice.exploit.patch -p1
Now recompile and install Linux kernel.
I hope this quick and dirty guide will save someones time. On a related note Erek has unofficial patched RPMs for CentOS / RHEL distros. Sysadmin because even developers need heroes!!!
From my mail bag:
Where can I get free interactive access to HP-UX or Linux distro or UNIX shell access?
You can simply grab and try out any Linux / BSD / Solaris Live CD. However, some time you cannot install and use particular UNIX like os. So, if you want to try the latest technologies over the Internet? Try HP TestDrive program:
This program allows you to testdrive some of the hottest hardware and operating systems available today. Have you ever wanted to try out HP’s exciting 64-bit Integrity and PA-RISC technology? Get time on SMP x86 and Opteron ProLiant servers? Try out a Blade server. Try different Open Source operating systems such as FreeBSD, Suse, Redhat, Debian and other Linux distributions.
This program is perfect for students and new users to try out and learn basis of UNIX. You can also try and test your C/C++ programs using latest Intel compilers. It is intended for those users who want to sample the 32- and 64-bit servers running a variety of HP, UNIX, Linux and third-party operating systems and applications.
=> HP Test Drive Program [hp.com]
New Linux user often get this error. Let us say you haved downloaded the RPM file from net and saved to /tmp, you may get error – no no such file or directory – when the file is really downloaded and ls command can show the same.
Answer is pretty simple rpm command needs the full path to RPM command. Use pwd command to get full path and type the following commands:
Now install the rpm file:
rpm -ivh myrpm.rpm
or use full path:
rpm -ivh /tmp/myrpm.rpm
Running query on uninstalled rpm package
However if you run query on uninstalled package you will get an error:
# rpm -qi /tmp/bandwidth-0.12-1.el5.rf.x86_64.rpm
package bandwidth-0.12-1.el5.rf.x86_64.rpm is not installed
To query an uninstalled package pass -p option to rpm command.
# rpm -qip /tmp/bandwidth-0.12-1.el5.rf.x86_64.rpm
Name : bandwidth Relocations: (not relocatable)
Version : 0.12 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
Release : 1.el5.rf Build Date: Sat 28 Jul 2007 03:27:28 PM CDT
Install Date: (not installed) Build Host: lisse.leuven.wieers.com
Group : Applications/Internet Source RPM: bandwidth-0.12-1.el5.rf.src.rpm
Size : 30905 License: GPL
Signature : DSA/SHA1, Sat 28 Jul 2007 03:31:11 PM CDT, Key ID a20e52146b8d79e6
Packager : Dag Wieers
URL : http://home.comcast.net/~fbui/bandwidth.html
Summary : Artificial benchmark for measuring memory bandwidth
bandwidth is an artificial benchmark for measuring memory bandwidth,
useful for identifying a computer's weak areas.
Almost all new Linux wanna be guru (read as users who want to switch to Linux) asks a question:
I want to switch to Linux completely from Windows XP SP2. Which Linux version will be best – Redhat, SuSE, or other? I use my PC for:
Watching DVD / MP3
Iâ€™m also willing to spend a small amount of money if required to purchase Linux version.
Short answer is none. I canâ€™t suggest *distro* name.
Linux is all about choice and freedom. There are different Linux distribution exists with different goals. It is good idea to define your goals and select Linux distribution as per your requirements.
I like Redhat and Debian for server as they are rock solid stable and comes with good binary packaging system. Some will swear up by Knoppix Live CD.
Some people like Suse and other recommends Ubuntu. There are others who like to compile everything from scratch (Gentoo).
- Consider following factors while selecting Linux:
I recommend that you try out at least some different distributions. Go to distrowatch.com and look out What’s Hot and What’s NotMake sure your hardware is compatible with Linux. Download Live CD (list of all Live CD) and see if your hardware is compatible with Linux.Make sure good community support exists for your distro (for example check out Ubuntu community support forum)Get a good Linux book that teaches basis of LinuxLearn how to use search engine to find out solution to the problemsLearn to read man pages effectively and Linux commands to help you navigateContact your nearest Linux user group (LUG) and see what other members recommendsAsk a questions whenever in doubt, join Linux mailing lists and forums. When posting questions to a forum / newsgroup it is good idea to format the question and it’s content in a proper way in order to get a good answer. Make sure you provide all information while posting a question. (See more guideline – how to ask questions the smart way)Finally you can always donate a small amount of money to your favorite distro and/or to any other open source project.
- Your Linux skill level
- Linux as server / network admin workstation
- Running Linux on a new Hardware / Laptop
- Running Linux on an older machine (486/PI/PII/Celeron)
- Multilingual support (Hindi / Japanese language user interface)
- Running Linux on Office PC for email and office work
- Community support
- Commercial support
Surely, there are dozens of other reasons to select specific distro, so please do share your views and suggestions :D
If you would like to compare FreeBSD and Linux, then keep in mind following points:
* SMP support
* Support (community and vendor)
* Clean code and well documented API
* Amount of software/applications
* 3rd party apps support
|SMP support||Good (v5.x/6.x+)||Very Good (2.6+)|
|Security (out of box)||Very good||Good|
|Oracle/ERP apps||Not supported||Very good|
|Package management||Excellent (ports & binary)||Depends on distribution (Debian – excellent, RPM based – ok (go for yum))|
|Dell/IBM/HP server support||N/A (FreeBSD works with these vendors systems; at least I have very good experience with HP boxes)||Very good|
|Support (community and vendor)||Good||Good|
Based upon my personal experience I recommend FreeBSD for Internet server (webserver or mail servers). They are extremely stable. FreeBSD is known to handle heavy load efficiently.
However, if you are looking to run 4 or 8 way SMP server or Oracle database server, use Linux (go for RHEL or Suse enterprise Linux). Linux has excellent support from these vendors.
In addition, OpenBSD is my choice for firewall/NAT/DMZ. :D If anyone has more information, just comment it below.