Wim Coekaerts

Subscribe to Wim Coekaerts feed
Oracle Blogs
Updated: 13 hours 56 min ago

Using Oracle Ksplice for CVE-2018-8897 and CVE-2018-1087

Thu, 2018-05-10 17:15
Just the other day I was talking about using ksplice again and then just after these 2 new CVEs hit that are pretty significant. So, another quick # uptrack-upgrade and I don't have to worry about these CVEs any more.  Sure beats all those rebooting 'other' Linux OS servers. [root@vm1-phx opc]# uname -a Linux vm1-phx 4.1.12-112.16.4.el7uek.x86_64 #2 SMP Mon Mar 12 23:57:12 PDT 2018 x86_64 x86_64 x86_64 GNU/Linux [root@vm1-phx opc]# uptrack-uname -a Linux vm1-phx 4.1.12-124.14.3.el7uek.x86_64 #2 SMP Mon Apr 30 18:03:45 PDT 2018 x86_64 x86_64 x86_64 GNU/Linux [root@vm1-phx opc]# uptrack-upgrade The following steps will be taken: Install [92m63il8] CVE-2018-8897: Denial-of-service in KVM breakpoint handling. Install [3rt72vtm] CVE-2018-1087: KVM guest breakpoint privilege escalation. Go ahead [y/N]? y Installing [92m63il8] CVE-2018-8897: Denial-of-service in KVM breakpoint handling. Installing [3rt72vtm] CVE-2018-1087: KVM guest breakpoint privilege escalation. Your kernel is fully up to date. Effective kernel version is 4.1.12-124.14.5.el7uek

Oracle Ksplice and Oracle Linux reminder

Tue, 2018-05-08 22:37

For those of you that keep up with my blog and twitter musings... you know how much I love Ksplice. This morning I was connecting to one of my cloud VMs and did an uptrack-upgrade as it had been a while and I hadn't turned on automatic ksplice updates on this node. I was pleasantly reminded of the awesomeness that is Ksplice. 

Here's the output, a kernel from 2-MAR-2018, no reboot, just a quick # uptrack-upgrade and look at all the stuff that I am now protected against. A few seconds, no impact on apps, done. Now I know that there are some other projects out there that talk about being able to patch something here or there. But nothing comes even close to this. Not in terms of service, not in terms of patch complexity, not in terms of easy of use, etc, etc etc.

Remember, everyone using Oracle Linux in Oracle Cloud has full use of ksplice included at no extra cost and no extra configuration, every Oracle Linux instance is configured out of the box to use this. 

No other cloud provider has this service for their OSs. No other OS vendor provides this as a service for their own product at this level of sophistication and certainly not in any cloud environment. Best place to run Linux, best place to run Oracle Linux, all integrated, inclusive ... in Oracle Cloud Infrastructure.. Yes this is/sounds like marketing but.. fact is, it works and it's there.

[root@vm1-phx opc]# uname -a Linux vm1-phx 4.1.12-112.16.4.el7uek.x86_64 #2 SMP Mon Mar 12 23:57:12 PDT 2018 x86_64 x86_64 x86_64 GNU/Linux [root@vm1-phx opc]# uptrack-upgrade The following steps will be taken: Install [q0j0yb6c] KAISER/KPTI enablement for Ksplice. Install [afoeymft] Improve the interface to freeze tasks. Install [bohqh05m] CVE-2017-17052: Denial-of-service due to incorrect reference counting in fork. Install [eo2kqthd] Weakness when checking the keys in the XTS crypto algorithm. Install [nq1xhhj5] CVE-2018-7492: Denial-of-service when setting options for RDS over Infiniband socket. Install [b1gg8wsq] CVE-2017-7518: Privilege escalation in KVM emulation subsystem. Install [lzckru19] Information leak when setting crypto key using RNG algorithm. Install [npbx6wcr] Deadlock while queuing messages before remote node is up using RDS protocol. Install [4fmvm11y] NULL pointer dereference when using bind system call on RDS over Infiniband socket. Install [3eilpxc9] CVE-2017-14051: Denial-of-service in qla2xxx sysfs handler. Install [385b9ve0] Denial-of-service in SCSI Lower Level Drivers (LLD) infrastructure. Install [aaaqchtz] Denial-of-service when creating session in QLogic HBA Driver. Install [d0apeo6x] CVE-2017-16646: Denial-of-service when using DiBcom DiB0700 USB DVB devices. Install [5vzbq8ct] CVE-2017-15537: Information disclosure in FPU restoration after signal. Install [6qv3bfyi] Kernel panic in HyperV guest-to-host transport. Install [35rms9ga] Memory leak when closing VMware VMXNET3 ethernet device. Install [5gdk22so] Memory corruption in IP packet redirection. Install [6m4jnrwq] NULL pointer dereference in Hyper-V transport driver on allocation failure. Install [owihyva9] CVE-2018-1068: Privilege escalation in bridging interface. Install [buc7tc4q] Data-loss when writing to XFS filesystem. Install [kef372kx] Denial-of-service when following symlink in ext4 filesystem. Install [hb1vibbw] Denial-of-service during NFS server migration. Install [4cqic4y6] Denial-of-service during RDS socket operation. Install [4av6l7rd] Denial-of-service when querying ethernet statistics. Install [8irqvffd] Denial-of-service in Hyper-V utilities driver. Install [5ey3jcat] Denial-of-service in Broadcom NetXtreme-C/E network adapter. Install [npapntll] Denial-of-service when configuring SR-IOV virtual function. Install [s9mkcqwb] NULL pointer dereference during hardware reconfiguration in Cisco VIC Ethernet NIC driver. Install [470l2f6x] Kernel panic during asynchronous event registration in LSI Logic MegaRAID SAS driver. Install [cb7q8ihy] Kernel crash during PCI hotplug of Emulex LightPulse FibreChannel driver. Install [tztxs6wf] Kernel crash during Emulex LightPulse FibreChannel I/O. Install [o7drldhw] NULL pointer dereference during Emulex LightPulse FibreChannel removal. Install [t8a1epky] Hard lockup in Emulex LightPulse FibreChannel driver. Install [8du7f5q4] Deadlock during abort command in QLogic QLA2XXX driver. Install [rghn5nkz] Kernel crash when creating RDS-over-IPv6 sockets. Install [taix4vnz] CVE-2017-12146: Privilege escalation using a sysfs entry from platform driver. Install [60u6sewd] CVE-2017-17558: Buffer overrun in USB core via integer overflow. Install [2a1t0wfk] CVE-2017-16643: Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID parsing. Install [tcxwzxmf] CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check. Install [3qhfzsex] CVE-2018-1000199: Denial-of-service in hardware breakpoints. Go ahead [y/N]? y Installing [q0j0yb6c] KAISER/KPTI enablement for Ksplice. Installing [afoeymft] Improve the interface to freeze tasks. Installing [bohqh05m] CVE-2017-17052: Denial-of-service due to incorrect reference counting in fork. Installing [eo2kqthd] Weakness when checking the keys in the XTS crypto algorithm. Installing [nq1xhhj5] CVE-2018-7492: Denial-of-service when setting options for RDS over Infiniband socket. Installing [b1gg8wsq] CVE-2017-7518: Privilege escalation in KVM emulation subsystem. Installing [lzckru19] Information leak when setting crypto key using RNG algorithm. Installing [npbx6wcr] Deadlock while queuing messages before remote node is up using RDS protocol. Installing [4fmvm11y] NULL pointer dereference when using bind system call on RDS over Infiniband socket. Installing [3eilpxc9] CVE-2017-14051: Denial-of-service in qla2xxx sysfs handler. Installing [385b9ve0] Denial-of-service in SCSI Lower Level Drivers (LLD) infrastructure. Installing [aaaqchtz] Denial-of-service when creating session in QLogic HBA Driver. Installing [d0apeo6x] CVE-2017-16646: Denial-of-service when using DiBcom DiB0700 USB DVB devices. Installing [5vzbq8ct] CVE-2017-15537: Information disclosure in FPU restoration after signal. Installing [6qv3bfyi] Kernel panic in HyperV guest-to-host transport. Installing [35rms9ga] Memory leak when closing VMware VMXNET3 ethernet device. Installing [5gdk22so] Memory corruption in IP packet redirection. Installing [6m4jnrwq] NULL pointer dereference in Hyper-V transport driver on allocation failure. Installing [owihyva9] CVE-2018-1068: Privilege escalation in bridging interface. Installing [buc7tc4q] Data-loss when writing to XFS filesystem. Installing [kef372kx] Denial-of-service when following symlink in ext4 filesystem. Installing [hb1vibbw] Denial-of-service during NFS server migration. Installing [4cqic4y6] Denial-of-service during RDS socket operation. Installing [4av6l7rd] Denial-of-service when querying ethernet statistics. Installing [8irqvffd] Denial-of-service in Hyper-V utilities driver. Installing [5ey3jcat] Denial-of-service in Broadcom NetXtreme-C/E network adapter. Installing [npapntll] Denial-of-service when configuring SR-IOV virtual function. Installing [s9mkcqwb] NULL pointer dereference during hardware reconfiguration in Cisco VIC Ethernet NIC driver. Installing [470l2f6x] Kernel panic during asynchronous event registration in LSI Logic MegaRAID SAS driver. Installing [cb7q8ihy] Kernel crash during PCI hotplug of Emulex LightPulse FibreChannel driver. Installing [tztxs6wf] Kernel crash during Emulex LightPulse FibreChannel I/O. Installing [o7drldhw] NULL pointer dereference during Emulex LightPulse FibreChannel removal. Installing [t8a1epky] Hard lockup in Emulex LightPulse FibreChannel driver. Installing [8du7f5q4] Deadlock during abort command in QLogic QLA2XXX driver. Installing [rghn5nkz] Kernel crash when creating RDS-over-IPv6 sockets. Installing [taix4vnz] CVE-2017-12146: Privilege escalation using a sysfs entry from platform driver. Installing [60u6sewd] CVE-2017-17558: Buffer overrun in USB core via integer overflow. Installing [2a1t0wfk] CVE-2017-16643: Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID parsing. Installing [tcxwzxmf] CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check. Installing [3qhfzsex] CVE-2018-1000199: Denial-of-service in hardware breakpoints. Your kernel is fully up to date. Effective kernel version is 4.1.12-124.14.3.el7uek

Congestion Control algorithms in UEK5 preview - try out BBR

Sun, 2018-04-08 18:47

One of the new features in UEK5 is a new TCP congestion control management algorithm called BBR (bottleneck bandwidth and round-trip propagation time). You can find very good papers here and here.

Linux supports a large variety of congestion control algorithms,  bic, cubic, westwood, hybla, vegas,  h-tcp, veno, etc..

Wikipedia has some good information on them : https://en.wikipedia.org/wiki/TCP_congestion_control

Here is a good overview of the important ones, including BBR : https://blog.apnic.net/2017/05/09/bbr-new-kid-tcp-block/

The default algorithm used, for quite some time now, is cubic (and this will remain the default also in UEK5). But we now also include support for BBR. BBR was added in the mainline Linux kernel version 4.9. UEK5 picked it up because we based the UEK5 tree on mainline 4.14. Remember we have our kernels on github for easy access and reading. We don't do tar files, you get the whole thing with changelog - standard upstream kernel git with backports, fixes, etc...

We have seen very promising performance improvements using bbr when downloading or uploading large files over the WAN. So for cloud computing usage and moving data from on-premises to cloud or the other way around, this might (in some situations) provide a bit of a performance boost. I've measured 10% in some tests. Your mileage may vary. It certainly should help when you have packet loss.

One advantage is that you don't need to have both source and target systems run this kernel. So to test out BBR you can run OL7 on either side and install uek5 on it (see here) and just enable it on that system. Try ssh or netperf or wget of a large(ish) file.

All you have to do is:

- use an Oracle Linux 7 install on one of the 2 servers.

- install the UEK5 preview kernel and boot into that one

- use sysctl (as root) to modify the settings / enable BBR. You can do this online. No reboot required.

You should also set the queue discipline to fq instead of pfifo_fast(default).

# sysctl -w net.ipv4.tcp_congestion_control=bbr # sysctl -w net.core.default_qdisc=fq

if you want to go back to the defaults:

# sysctl -w net.ipv4.tcp_congestion_control=cubic # sysctl -w net.core.default_qdisc=pfifo_fast

(feel free to experiment with switching pfifo_fast vs fq as well).

If need be, this can be set on an individual socket level in Linux. If you have a specific application (like a webserver or a data transfer program), use setsockopt(). Something like:

sock = socket(AF_INET, SOCK_STREAM, 0); sockfd = accept(sock, ...); strcpy(optval, "bbr"); optlen = strlen(optval); if (setsockopt(sockfd, IPPROTO_TCP, TCP_CONGESTION, optval, optlen) < 0) error("setsockopt(TCP_CONGESTION) failed");

or you should be able to do the same in Python starting in Python 3.6+.

sock.setsockopt(socket.IPPROTO_IP, socket.TCP_CONGESTION,...)

Have fun playing with it. Let me know if/when you see advantages as well.

Running VirtualBox inside a VM instance in Oracle Cloud Infrastructure

Tue, 2018-04-03 16:15

OK - So don't ask "Why?"... Because... I can! :) would be the answer for the most part.

Oracle Cloud Infrastructure supports nested virtualization. When you create a VM instance in OCI, and you run Oracle Linux 7 with our kernel, you can create KVM or (soon you see how...) VirtualBox VMs inside. If you create a BM instance, you can install VirtualBox or use kvm as you normally would on a local server. Since, well, it's a bare metal server - full access to the hardware and its features.

VirtualBox has some very interesting built-in features which might make it useful to run remote (even when virtualized). One example would be the embedded vRDP server. It can do great remote audio and video (enable/tune videochannel), it makes it easy to take your local VirtualBox images and run them unmodified remotely, it lets you create smaller VMs that you constantly start/stop... you can use vagrant boxes, and it opens up the whole vagrant VirtualBox environment to a remote cloud. So aside from "Because I can"... there are actual good use cases for this!

How do you go about doing this. For the most part it's pretty trivial, installation of VirtualBox in a VM in OCI is no different than how you would install it on your local desktop or server. Configuring a guest VM in VirtualBox should be done using the command line (vboxmanage) instead of installing a full remote desktop and run vnc and such. It's a lot faster to do it using the command line. And then also, if you want to run VirtualBox in Bridged mode so that you have full access to the OCI native cloud network facilities (VCN/Subnet/IP addresses, even public IPs - without NAT) there are a few minor things you need to do.

Here are some of the steps to get going: I'm not a big screenshot guy so bear with me in text for the most part.

Step 1: Create an OCI VM and create/assign an extra VNIC to pass through to your VirtualBox VM.

If you don't already have an OCI account, you can go sign up and get a $300 credit trial account here. That should give you enough to get started.

Set up your account, create a Virtual Cloud Network (VCN) with its subnets and create a VM instance in one of the availability domains/regions. To test this out I created a VM.Standard2.2 shape instance with Oracle Linux 7. Once this instance is created, you can log in with user opc and get going.

When you log into your VM instance, and from the OCI web console you will see that you have a primary VNIC attached. This might show up as ens3 or so inside your VM. In the OCI web console the VNIC has a name (typically the primary VNIC's name is the same as your instance name), it has a private IP and if you decided to have it on a public network, a public ip address as well. All this stuff will be configured out of the box for you as part of your instance creation.

Since I want to show how to use a bridged network in VirtualBox, you will need a second VNIC. You can create that at this point, or you can come back later and do it once you are ready to start your VirtualBox VM. Just go to Attached VNICs in the webconsole (or use the OCI cli) and create a VNIC on a given VCN/Subnet.

create vnic

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The important information to jot down are the mac address and the private ip address of this newly created vnic. In the example 10.0.0.2 and 00:00:17:02:EB:EA  this info is needed later.

Step 2: Install and configure VirtualBox

With Oracle Linux 7 - this is a very easy process. Use yum to install VirtualBox and the dependencies for building the VirtualBox kernel modules and quickly download and install the Extension Pack and you're done:

# yum install -y kernel-uek-devel-`uname -r` gcc # yum install -y VirtualBox-5.2 # wget https://download.virtualbox.org/virtualbox/5.2.8/Oracle_VM_VirtualBox_Extension_Pack-5.2.8.vbox-extpack # vboxmanage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.2.8.vbox-extpack

That's it - you now have a fully functioning VirtualBox hypervisor installed on top of Oracle Linux 7 in an OCI VM instance.

Step 3: Create your first VirtualBox guest VM

The following instructions show you how to create a VM from the command line. The nice thing with using the command line is that you can clearly see what it takes for a VM to be configured and you can easily tweak the values (memory, disk,...).

First, you likely want to create a new VM from an install ISO. So upload your installation media to your OCI VM. I uploaded my Oracle Linux 7.5 preview image which you can get here.

Create your VirtualBox VM

# vboxmanage createvm --name oci-test --ostype oracle_64 --register # vboxmanage modifyvm oci-test --memory 4096 --vram 128 --ioapic on # vboxmanage modifyvm oci-test --boot1 dvd --boot2 disk --boot3 none --boot4 none # vboxmanage modifyvm oci-test --vrde on

Configure the Virtual Disk and Storage controllers (Feel free to attach an OCI Block Volume to your VM and put the VirtualBox virtual disks on that volume, of course). The example below creates a 40G virtual disk image and attaches the OL7.5 ISO as a DVD image.

# vboxmanage createhd --filename oci-test.vdi --size 40960 # vboxmanage storagectl oci-test --name "SATA Controller" --add sata --controller IntelAHCI # vboxmanage storageattach oci-test --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium oci-test.vdi # vboxmanage storagectl oci-test --name "IDE Controller" --add ide # vboxmanage storageattach oci-test --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium /home/opc/OracleLinux-R7-U5-BETA-Server-x86_64-dvd.iso

Configure the Bridged Network Adapter to directly connect to the OCI VNIC

This is a little more involved. You have to find out which network device was created on the VM host for this secondary VNIC.

# ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: ens3: mtu 9000 qdisc mq state UP qlen 1000 link/ether 00:00:17:02:3a:29 brd ff:ff:ff:ff:ff:ff inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic ens3 valid_lft 73962sec preferred_lft 73962sec 3: ens4: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:00:17:02:eb:ea brd ff:ff:ff:ff:ff:ff

Bring up this network adapter without an IP address and configure the MTU to 9000 (default mtu settings for VNICs in OCI)

# ip link set dev ens4 up # ip link set ens4 mtu 9000

Almost there... Now just create the NIC in VirtualBox and assign the mac address you recorded earlier to this NIC. It is very important to make sure you use that mac address, otherwise the networking will not allow traffic over the network. Note: don't use : for the mac address on the command line.

# vboxmanage modifyvm oci-test --nic1 bridged --bridgeadapter1 ens4 --macaddress1 00001702ebea

That's it. You now have a VirtualBox VM that can be started, will boot from install media, and be directly connected to the hosts network in OCI. There is no DHCP running on this network, so when you create your VirtualBox VM, you have to assign a static IP (use the one that was assigned as Private IP address (10.0.02 in the example above)).

Before you start your VM, open up the firewall on the host for remote RDP connections and do the same in the OCI console, modify the security list for your host primary VNIC to allow for port 3389 (RDP) traffic ingress.

# firewall-cmd --permanent --add-port=3389/tcp # firewall-cmd --reload

Start your VM in headless mode and use your favorite RDP client on your desktop or laptop to connect to the remote VirtualBox console.

# vboxmanage startvm oci-test --type headless

If you want to experiment with remote video/audio (for instance, play a youtube video inside your VM or play a movie file), enable the vrde video channel. Use the quality parameter to modify the compression/lossy ratio (improves performance) of the mjpeg stream.

# vboxmanage modifyvm oci-test --vrdevideochannel on # vboxmanage modifyvm oci-test --vrdevideochannelquality 70

Raspberry Pi 3 B Oracle Linux 7.4 ARM64 with UEK5 preview image available for download

Tue, 2018-04-03 10:07

A few weeks ago we released an Oracle Linux 7 Update 4 for ARM64 preview update on OTN. This updated ISO installs on Ampere X-Gene 3 (emag) and Cavium ThunderX / ThunderX2 -based systems (and it's also known to work on Qualcomm Centriq 2400-based servers).

Today we added the RPI3 (Raspberry Pi 3 Model B) disk image as well. The previous RPI3 image was still using Oracle Linux 7.3 as a base along with a 4.9 Linux kernel. The newly released image makes it current. It is the same Oracle Linux 7.4 package set as we released on the ISO and it uses the same UEK5 preview kernel (based on 4.14.30 right now).

The current image uses uboot and boots the kernel directly. We will do another update in the near future where we switch to uboot+efi and grub2, so that updating kernels will work the same way as we can do on the regular ARM server installs (where we boot with EFI -> grub2).

A few things to point out:

- OL7/ARM64 is a 64-bit only build. That makes binaries pretty large and the RPI3 only has 1GB of RAM so it's a bit of a stretch.

- X/gnome-shell doesn't work in this release, this is a known issue, when we move to 7.5 this will be resolved but our focus is mostly server and per the above, running a heavy GUI stack is hard on a 1GB system.

- We do not yet support the latest RPI3 Model B+.  Only the RPI3 Model B. We don't have a device tree/dtb file yet for the RPI3 Model B+.

Since it has all the same packages as the server one, you can run docker on the RPI3:

# cat /etc/oracle-release Oracle Linux Server release 7.4 # uname -a Linux rpi3 4.14.30-1.el7uek.aarch64 #1 SMP Mon Mar 26 23:11:30 PDT 2018 aarch64 aarch64 aarch64 GNU/Linux # yum install docker-engine # systemctl enable docker # systemctl start docker # docker pull oraclelinux:7-slim

And there you go a small Oracle Linux 7 for ARM image right on your rpi - directly from docker hub.

# docker pull oraclelinux:7-slim 7-slim: Pulling from library/oraclelinux eefac02db809: Pull complete Digest: sha256:fc684f5bbd1e46cfa28f56a0340026bca640d6188ee79ef36ab2d58d41636131 Status: Downloaded newer image for oraclelinux:7-slim

Oracle Linux 7 for ARM64 preview images on Docker Hub

Wed, 2018-03-21 14:08

A few days ago, we released the docker packages for OL7/ARM64. If you have an ARM64 server running OL7, you can just install docker as you would normally do on x64.

# yum install docker

Of course in order to use this you need some images on docker hub to get started with. While there are some Linux builds on Docker Hub already, we wanted to make sure you could get OL just like you can for x64. Both architectures will be built at same time going forward.

so you can do

# docker pull oraclelinux # docker pull oraclelinux:7 # docker pull oraclelinux:latest

or if you want the smaller version

# docker pull oraclelinux:7-slim # docker images REPOSITORY TAG IMAGE ID CREATED SIZE oraclelinux 7 b5e0e6470f16 2 hours ago 279MB oraclelinux latest b5e0e6470f16 2 hours ago 279MB oraclelinux 7-slim fdaeac435bbd 2 hours ago 146MB

yum-builddep and rpmbuild

Sun, 2018-03-18 13:10

I sometimes try to build an RPM from source (to patch something or try a patch). Since I do these things every now and then, I tend to forget stuff easily and it takes me a while to get back into it.

Anyway - I was trying to build lxc (example) earlier today and I wanted to patch the lxc-oracle template. So I log into my OL7 box and use yumdownloader to download the lxc source.

# yumdownloader --source lxc

Install the src rpm

# rpm -ivh lxc-1.1.5-2.0.9.el7.src.rpm

so I now have ~/rpmbuild/SPECS/lxc.spec ~/rpm/build/SOURCES/<bunch of patch files and the lxc-1.1.5.tar.gz)

Install rpmbuild (wasn't installed yet)

# yum install rpm-build

(I know - the rpm is called rpm-build but the binary is rpmbuild... odd. never figured out why in the world it couldn't just be the same - anyway)

Ok. So... my usual step is : 

# rpmbuild -bp SPECS/lxc.spec

I don't want to build binaries. Just create the whole BUILD/tree with patches applied

Here is where I always waste time. There are a bunch of build dependencies that are not yet installed and in the past I would *pretty stupid of me, thinking back* just go down the list one by one doing yum install <rpm needed> until rpmbuild stops complaining.

Turns out that yum-utils includes a tool called yum-builddep! Aha.

# yum-builddep SPECS/lxc.spec

Look at that! It goes and pulls in all the build dependency packages for you.

ok, back to # rpmbuild -bp SPECS/lxc.spec

and all is happy!  This is one I won't forget.

 

 

 

 

 

Updated Oracle Linux 7 update 4 ARM64/aarch64 with uek5 4.14.26-2

Sat, 2018-03-17 10:48

We refreshed the installation media for OL7/ARM64 with the latest uek5 preview build based on upstream stable 4.14.26 and added perf and tuned.

You can download it from the OTN  OL ARM webpage. Ignore the 4.14-14 in the text, that will get updated. We're also working on updating the Raspberry Pi 3 image to match the same version. Hopefully using grub2 there as well to make it easier to have a single image repo.

The arm64 yum repo on http://yum.oracle.com has also been updated.

A few things to point out :

Oracle Linux 7 for ARM64 is going to be a 64-bit only distribution (aarch64). All binaries are built 64-bit and we have no support in user space libraries nor in the kernel for 32-bit.

Our ARM port is sharing the same source code base as x64. There are minor architecture changes where required to build but we have a single source code repository from which we build both architectures. This is important because it makes it easy and clean and allows us to synchronize the two architectures without problem.

Our kernel on ARM64 is built using GCC 7.3 : Linux version 4.14.26-2.el7uek.aarch64 gcc version 7.3.0 20180125

We currently test on Ampere Computing and Cavium ThunderX® systems. We plan to add more processor types over time.

Oracle Linux UEK4 (4.1.12-112.16.4) errata kernel update compiled with retpoline support

Thu, 2018-03-15 10:57

Yesterday afternoon, we released a UEK4 update for both Oracle Linux 6 and Oracle Linux 7.

You can find the announcement mail here.

This update includes a number of generic fixes but most importantly it adds support for retpoline. In order to build this kernel, we also had to release updated versions of gcc which we did a little while ago. You can find more information in general about retpoline on various sites, Here's an article of a discussion on the kernel maillist.

Note, our UEK5 preview kernels (based on 4.14 stable) are also built with retpoline support.

You can find more information about our errata publicly here .

As always, keep checking the what's new page for new RPMs released on http://yum.oracle.com.

 

Oracle Linux 7 UEK5 preview 4.14.26

Wed, 2018-03-14 10:13

We just updated the UEK5 kernel preview to 4.14.26-1. The latest version is based on upstream stable 4.14.26 and can be found in our UEK5 preview channel.

The preview channel also has a number of other packages in it: an updated dtrace, updated daxctl and ndctl tools for persistent-memory.

Another thing I wanted to point out. We have had the source tree for UEK on oss.oracle.com for a long time in a git repo. We've always made sure that the changes are public, full git history both upstream and our own patches/bugfixes on top so it's very easy for anyone publicly to see what the source is. Not a tarball with just the end result source code, not a web-based only thing that's tedious to see what's up but standard git with all source, all commits. In order to make that a bit easier, we moved this to github.   Nothing different on the code side but this gives a nicer consolidated, cleaner view.

https://github.com/oracle/linux-uek

We use the exact same git repo/tree for Oracle Linux for x64 and for ARM64. This source tree also includes dtrace, etc...

Oracle Linux in Oracle Cloud Infrastructure and on-premises.

Sun, 2018-03-11 12:59

Oracle Cloud Infrastructure is a really great platform to run many types of operating systems on many compute instance shapes available with larger amounts of NVMe storage, lots of threads or cores and super fast networking. OCI lets you run pretty much any operating system (Windows, Ubuntu, CentOS, any Linux pretty much runs..and of course Oracle Linux). With the Emulation Mode VMs, you can go way back with old version and someone even showed OS2 running!

One really nice thing about OCI is the fact that Oracle Linux support is included at no additional cost. I wrote about this before. You can file SRs, you get support for OL5 extended support, you can use Oracle Enterprise Manager Cloud Control instances to manage the OS, you can use spacewalk, you can use kubernetes, docker, it's all included. We have local yum repository mirrors inside OCI regions for fast downloads of packages and also making sure you get these without incurring external network traffic. And of course, we do very frequent updates of the Oracle Linux images so that you can always start instance create with the latest and greatest updates. We have scripts to make life easier (such as oci-utils), we create RPMs for the OCI CLI, python SDK, terraform provider etc.. so you don't have to manually download scripts or tools and compile or install them, it's all there.

Another reason is that we all work very closely together to support you. The Oracle Cloud Infrastructure development team and  the Oracle Linux development team work hand in hand to figure out what went wrong, in the rare case something happens. We're one team towards our customers and partners.

Another nice thing with Oracle Linux in OCI is the on-premises angle. When you run Oracle Linux on your serves on-prem, you have access to the exact same code, packages, with a support subscription you have full Oracle support, and even without a support subscription you have access to the errata updates, and all the packages I mentioned here without a need for authorization keys or access codes. It's all right there. If you are an ISV that wants to package an application and embed an OS, OL is perfect (you can distribute it for free, you can decide to get support subscriptions when you need it without being forced to change OSs underneath) you can then take that exact same code and run it in a cloud environment, and in OCI in particular at no additional cost including full support. Create a VM image and distribute the entire image, no contract needed. You can provide that VM image on-premises or in the cloud. You can install it on bare-metal servers, it's not limited to VMs. And of course customers have the flexibility of moving between on-premises and Oracle Cloud without having to worry. Same code, predictable cost. Full support in both places.

Whether you are a developer, a customer with test and development systems, production systems, an ISV that creates solution bundles with an embedded OS... no difference. You don't have to worry about taking an RPM from your developer platform and install it on your production system. 

Want to play with docker images? They're on docker hub, they're on Oracle Container registry, free to use by anyone and everyone. Both in our cloud (and any cloud) and on-premises. Regularly updated images. For the exact some OS you can run in production, in test/dev, for developers, ISVs, anywhere. No distinction. And we have an OCI mirror of our Container registry, again, for fast access and  to ensure you don't create external network usage.

Sure there are other Linux distributions out there. Free ones, great, but if you need help, support, service levels for production, it's not offered. Commercial ones, well, no such flexibility, not even close. And if something goes wrong, you deal with at least 2 companies to figure out what happened.  1 call, 1 SR, on-prem, in cloud. Same code everywhere.

Public Oracle Linux yum server

Source code https://oss.oracle.com/sources/

Vagrant boxes

docker hub

ISO images

full public git repo with mainline and our commits, transparent. (not tar balls to actually try and obfuscate)

public service patch breakout for those that don't want to go through patch files for that other kernel 

 

Oracle Container Services for use with Kubernetes(1.9.1) 1.1.9

Tue, 2018-03-06 11:23

We just released Oracle Container Services for use with Kubernetes 1.1.9. This is based on Kubernetes 1.9.1.

There are also docker images to get going easily. You can download them from the Oracle Container Registry using standard docker commands. Please remember that we have OCR mirrors that provide fast performance (ocr-phx.oracle.com ocr-ash.oracle.com ocr-fra.oracle.com - I suggest using one of those alternative mirrors... at some point we will do traffic routing but right now it's still manual for this). For users trying out our OCSK8s (let me shorten it to that) in Oracle Cloud Infrastructure, do use the mirrors as they are hosted inside the OCI datacenters.

The individual packages are released in the Oracle Linux 7 add_ons channel  on yum.oracle.com.

Documentation can be found here. This release is also formally supported as part of Oracle Linux support.

Also of note, we are a certified platform/distribution in the Kubernetes Conformance program. See here.

Oracle Linux 7 UEK5 - preview updated from 4.14.20 to 4.14.23 for both x64 and arm64

Sat, 2018-03-03 11:54

latest update of uek5 preview is on https://yum.oracle.com

Oracle Linux 7 Server - Developer preview Unbreakable Enterprise Kernel Release 5

kernel-uek-4.14.23-1.el7uek - The Linux kernel (Update)

# rpm -q --changelog kernel-uek-4.14.23-1.el7uek | more

Remember - go check http://yum.oracle.com/whatsnew.html on a regular basis, good source to see what's been updated or added.

 

x86_64:
kernel-uek-4.14.23-1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.23-1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.23-1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.23-1.el7uek.x86_64.rpm

aarch64:
kernel-uek-4.14.23-1.el7uek.aarch64.rpm
kernel-uek-debug-4.14.23-1.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.23-1.el7uek.aarch64.rpm
kernel-uek-devel-4.14.23-1.el7uek.aarch64.rpm
kernel-uek-headers-4.14.23-1.el7uek.aarch64.rpm

 


Description of changes since last released kernel (4.14.20-1):


[4.14.23-1.el7uek]
- Xen: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Somasundaram Krishnasamy)  [Orabug: 27602172]
- dtrace: prefetch of arguments from stack breaks NOFAULT protection (Tomas Jedlicka)  [Orabug: 27593504]
- dtrace: remove use of flag SLAB_NOTRACK (Tomas Jedlicka)  [Orabug: 27415846]
- dtrace: update assembly routines to match 4.14.21 kernels (Tomas Jedlicka)  [Orabug: 27591318]
- uek-rpm: Set base_sublevel to 23 (Somasundaram Krishnasamy)  [Orabug: 27601642]
- Linux 4.14.23 (Greg Kroah-Hartman)
- microblaze: fix endian handling (Arnd Bergmann)
- m32r: fix endianness constraints (Geert Uytterhoeven)
- drm/i915/breadcrumbs: Ignore unsubmitted signalers (Chris Wilson)
- drm/amdgpu: add new device to use atpx quirk (Kai-Heng Feng)
- drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (Alex Deucher)
- drm/amdgpu: add atpx quirk handling (v2) (Alex Deucher)
- drm/amdgpu: only check mmBIF_IOV_FUNC_IDENTIFIER on tonga/fiji (Alex Deucher)
- drm/amdgpu: Add dpm quirk for Jet PRO (v2) (Alex Deucher)
- drm/amdgpu: disable MMHUB power gating on raven (Huang Rui)
- drm: Handle unexpected holes in color-eviction (Chris Wilson)
- drm/cirrus: Load lut in crtc_commit (Daniel Vetter)
- usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path (Yoshihiro Shimoda)
- usb: gadget: f_fs: Use config_ep_by_speed() (Jack Pham)
- usb: gadget: f_fs: Process all descriptors during bind (Jack Pham)
- Revert "usb: musb: host: don't start next rx urb if current one failed" (Bin Liu)
- usb: ldusb: add PIDs for new CASSY devices supported by this driver (Karsten Koop)
- usb: dwc3: ep0: Reset TRB counter for ep0 IN (Thinh Nguyen)
- usb: dwc3: gadget: Set maxpacket size for ep0 IN (Thinh Nguyen)
- usb: host: ehci: use correct device pointer for dma ops (Peter Chen)
- drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (Kai-Heng Feng)
- Add delay-init quirk for Corsair K70 RGB keyboards (Jack Stocker)
- arm64: cpufeature: Fix CTR_EL0 field definitions (Will Deacon)
- arm64: Disable unhandled signal log messages by default (Michael Weiser)
- arm64: Remove unimplemented syscall log message (Michael Weiser)
- usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() (AMAN DEEP)
- ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() (Shigeru Yoshida)
- PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (Casey Leedom)
- irqchip/mips-gic: Avoid spuriously handling masked interrupts (Matt Redfearn)
- irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (Shanker Donthineni)
- mm, swap, frontswap: fix THP swap if frontswap enabled (Huang Ying)
- x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (Arnd Bergmann)
- Kbuild: always define endianess in kconfig.h (Arnd Bergmann)
- iio: adis_lib: Initialize trigger before requesting interrupt (Lars-Peter Clausen)
- iio: buffer: check if a buffer has been set up when poll is called (Stefan Windfeldt-Prytz)
- iio: srf08: fix link error "devm_iio_triggered_buffer_setup" undefined (Andreas Klinger)
- iio: adc: stm32: fix stm32h7_adc_enable error handling (Fabrice Gasnier)
- RDMA/uverbs: Sanitize user entered port numbers prior to access it (Leon Romanovsky)
- RDMA/uverbs: Fix circular locking dependency (Leon Romanovsky)
- RDMA/uverbs: Fix bad unlock balance in ib_uverbs_close_xrcd (Leon Romanovsky)
- RDMA/uverbs: Protect from command mask overflow (Leon Romanovsky)
- RDMA/uverbs: Protect from races between lookup and destroy of uobjects (Leon Romanovsky)
- extcon: int3496: process id-pin first so that we start with the right status (Hans de Goede)
- PKCS#7: fix certificate blacklisting (Eric Biggers)
- PKCS#7: fix certificate chain verification (Eric Biggers)
- X.509: fix NULL dereference when restricting key with unsupported_sig (Eric Biggers)
- X.509: fix BUG_ON() when hash algorithm is unsupported (Eric Biggers)
- i2c: bcm2835: Set up the rising/falling edge delays (Eric Anholt)
- i2c: designware: must wait for enable (Ben Gardner)
- cfg80211: fix cfg80211_beacon_dup (Arnd Bergmann)
- MIPS: Drop spurious __unused in struct compat_flock (James Hogan)
- scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info (Tyrel Datwyler)
- xtensa: fix high memory/reserved memory collision (Max Filippov)
- MIPS: boot: Define __ASSEMBLY__ for its.S build (Kees Cook)
- kconfig.h: Include compiler types to avoid missed struct attributes (Kees Cook)
- arm64: mm: don't write garbage into TTBR1_EL1 register (Ard Biesheuvel)
- netfilter: drop outermost socket lock in getsockopt() (Paolo Abeni)
- Linux 4.14.22 (Greg Kroah-Hartman)
- vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems (Michal Hocko)
- mei: me: add cannon point device ids for 4th device (Tomas Winkler)
- mei: me: add cannon point device ids (Alexander Usyskin)
- crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (Kamil Konieczny)
- drm/i915: fix intel_backlight_device_register declaration (Arnd Bergmann)
- crypto: talitos - fix Kernel Oops on hashing an empty file (LEROY Christophe)
- hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (Jia-Ju Bai)
- powerpc/perf/imc: Fix nest-imc cpuhotplug callback failure (Anju T Sudhakar)
- PCI: rcar: Fix use-after-free in probe error path (Geert Uytterhoeven)
- xen: XEN_ACPI_PROCESSOR is Dom0-only (Jan Beulich)
- platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410 (Pali Rohár)
- x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (Karol Herbst)
- mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (Dave Young)
- usb: dwc3: of-simple: fix missing clk_disable_unprepare (Andreas Platschek)
- usb: dwc3: gadget: Wait longer for controller to end command processing (Vincent Pelletier)
- dmaengine: jz4740: disable/unprepare clk if probe fails (Tobias Jordan)
- drm/vc4: Release fence after signalling (Stefan Schake)
- ASoC: rsnd: ssi: fix race condition in rsnd_ssi_pointer_update (Jiada Wang)
- drm/armada: fix leak of crtc structure (Russell King)
- xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies. (Steffen Klassert)
- IB/mlx4: Fix RSS hash fields restrictions (Guy Levi)
- spi: sun4i: disable clocks in the remove function (Takuo Koguchi)
- ASoC: rockchip: disable clock on error (Stefan Potyra)
- staging: ccree: Uninitialized return in ssi_ahash_import() (Dan Carpenter)
- clk: fix a panic error caused by accessing NULL pointer (Cai Li)
- netfilter: xt_bpf: add overflow checks (Jann Horn)
- xfrm: Fix xfrm_input() to verify state is valid when (encap_type < 0) (Aviv Heller)
- dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved (Gustavo A. R. Silva)
- dmaengine: ioat: Fix error handling path (Christophe JAILLET)
- scsi: bfa: fix type conversion warning (Arnd Bergmann)
- scsi: bfa: fix access to bfad_im_port_s (Johannes Thumshirn)
- scsi: lpfc: Use after free in lpfc_rq_buf_free() (Dan Carpenter)
- gianfar: Disable EEE autoneg by default (Claudiu Manoil)
- 509: fix printing uninitialized stack memory when OID is empty (Eric Biggers)
- net: dsa: mv88e6xxx: Unregister MDIO bus on error path (Andrew Lunn)
- net: dsa: mv88e6xxx: Fix interrupt masking on removal (Andrew Lunn)
- net: ethernet: arc: fix error handling in emac_rockchip_probe (Branislav Radocaj)
- virtio_net: fix return value check in receive_mergeable() (Yunjian Wang)
- brcmfmac: Avoid build error with make W=1 (Andy Shevchenko)
- btrfs: Fix possible off-by-one in btrfs_search_path_in_tree (Nikolay Borisov)
- Btrfs: disable FUA if mounted with nobarrier (Omar Sandoval)
- btrfs: Fix quota reservation leak on preallocated files (Justin Maggard)
- locking/lockdep: Fix possible NULL deref (Peter Zijlstra)
- net: qualcomm: rmnet: Fix leak on transmit failure (Subash Abhinov Kasiviswanathan)
- KVM: VMX: fix page leak in hardware_setup() (Jim Mattson)
- VSOCK: fix outdated sk_state value in hvs_release() (Stefan Hajnoczi)
- net_sched: red: Avoid illegal values (Nogah Frankel)
- net_sched: red: Avoid devision by zero (Nogah Frankel)
- gianfar: fix a flooded alignment reports because of padding issue. (Zumeng Chen)
- nfp: fix port stats for mac representors (Pieter Jansen van Vuuren)
- ARM: dts: Fix elm interrupt compiler warning (Tony Lindgren)
- s390/dasd: prevent prefix I/O error (Stefan Haberland)
- s390/virtio: add BSD license to virtio-ccw (Michael S. Tsirkin)
- PM / runtime: Fix handling of suppliers with disabled runtime PM (Rafael J. Wysocki)
- powerpc/perf: Fix oops when grouping different pmu events (Ravi Bangoria)
- m68k: add missing SOFTIRQENTRY_TEXT linker section (Greg Ungerer)
- ipvlan: Add the skb->mark as flow4's member to lookup route (Gao Feng)
- bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown (Ray Jui)
- scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none (Will Deacon)
- iio: fix kernel-doc build errors (Randy Dunlap)
- iio: proximity: sx9500: Assign interrupt from GpioIo() (Andy Shevchenko)
- md/raid1/10: add missed blk plug (Shaohua Li)
- phylink: ensure we take the link down when phylink_stop() is called (Russell King)
- sfp: fix RX_LOS signal handling (Russell King)
- sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (Xin Long)
- md/raid5: correct degraded calculation in raid5_error (bingjingc)
- IB/core: Init subsys if compiled to vmlinuz-core (Dmitry Monakhov)
- RDMA/cma: Make sure that PSN is not over max allowed (Moni Shoua)
- i40iw: Correct ARP index mask (Mustafa Ismail)
- i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE (Mustafa Ismail)
- i40iw: Allocate a sdbuf per CQP WQE (Chien Tin Tung)
- KVM: arm/arm64: Fix spinlock acquisition in vgic_set_owner (Marc Zyngier)
- meson-gx-socinfo: Fix package id parsing (Arnaud Patard)
- IB/hfi1: Initialize bth1 in 16B rc ack builder (Dennis Dalessandro)
- pinctrl: sunxi: Fix A64 UART mux value (Andre Przywara)
- pinctrl: sunxi: Fix A80 interrupt pin bank (Andre Przywara)
- gpio: davinci: Assign first bank regs for unbanked case (Keerthy)
- gpio: 74x164: Fix crash during .remove() (Geert Uytterhoeven)
- net: mvpp2: allocate zeroed tx descriptors (Yan Markman)
- media: ov13858: Select V4L2_FWNODE (Sakari Ailus)
- media: s5k6aa: describe some function parameters (Mauro Carvalho Chehab)
- trace/xdp: fix compile warning: 'struct bpf_map' declared inside parameter list (Xie XiuQi)
- kvm: arm: don't treat unavailable HYP mode as an error (Ard Biesheuvel)
- pinctrl: denverton: Fix UART2 RTS pin mode (Andy Shevchenko)
- perf test: Fix test 21 for s390x (Thomas Richter)
- perf bench numa: Fixup discontiguous/sparse numa nodes (Satheesh Rajendran)
- perf top: Fix window dimensions change handling (Jiri Olsa)
- perf: Fix header.size for namespace events (Jiri Olsa)
- perf test shell: Fix check open filename arg using 'perf trace' on s390x (Thomas Richter)
- perf annotate: Do not truncate instruction names at 6 chars (Ravi Bangoria)
- perf help: Fix a bug during strstart() conversion (Namhyung Kim)
- perf record: Fix -c/-F options for cpu event aliases (Andi Kleen)
- ARM: dts: am437x-cm-t43: Correct the dmas property of spi0 (Peter Ujfalusi)
- ARM: dts: am4372: Correct the interrupts_properties of McASP (Peter Ujfalusi)
- ARM: dts: logicpd-somlv: Fix wl127x pinmux (Adam Ford)
- ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet (Adam Ford)
- ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen (Tony Lindgren)
- ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (Keerthy)
- ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (Tony Lindgren)
- serdev: fix receive_buf return value when no callback (Johan Hovold)
- usb: build drivers/usb/common/ when USB_SUPPORT is set (Randy Dunlap)
- usbip: keep usbip_device sockfd state in sync with tcp_socket (Shuah Khan)
- staging: iio: ad5933: switch buffer mode to software (Alexandru Ardelean)
- staging: iio: adc: ad7192: fix external frequency setting (Alexandru Ardelean)
- staging: fsl-mc: fix build testing on x86 (Arnd Bergmann)
- binder: replace "%p" with "%pK" (Todd Kjos)
- binder: check for binder_thread allocation failure in binder_poll() (Eric Biggers)
- staging: android: ashmem: Fix a race condition in pin ioctls (Ben Hutchings)
- ANDROID: binder: synchronize_rcu() when using POLLFREE. (Martijn Coenen)
- ANDROID: binder: remove WARN() for redundant txn error (Todd Kjos)
- dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock (Paolo Abeni)
- arm64: dts: add #cooling-cells to CPU nodes (Arnd Bergmann)
- ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag (Arnd Bergmann)
- video: fbdev/mmp: add MODULE_LICENSE (Arnd Bergmann)
- ASoC: ux500: add MODULE_LICENSE tag (Arnd Bergmann)
- net_sched: gen_estimator: fix lockdep splat (Eric Dumazet)
- net: avoid skb_warn_bad_offload on IS_ERR (Willem de Bruijn)
- rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (Sowmini Varadhan)
- rds: tcp: correctly sequence cleanup on netns deletion. (Sowmini Varadhan)
- netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert (Cong Wang)
- netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1() (Cong Wang)
- netfilter: on sockopt() acquire sock lock only in the required scope (Paolo Abeni)
- netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() (Dmitry Vyukov)
- netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (Eric Dumazet)
- netfilter: x_tables: fix int overflow in xt_alloc_table_info() (Dmitry Vyukov)
- kcov: detect double association with a single task (Dmitry Vyukov)
- KVM: x86: fix escape of guest dr6 to the host (Wanpeng Li)
- blk_rq_map_user_iov: fix error override (Douglas Gilbert)
- staging: android: ion: Switch from WARN to pr_warn (Laura Abbott)
- staging: android: ion: Add __GFP_NOWARN for system contig heap (Laura Abbott)
- crypto: x86/twofish-3way - Fix %rbp usage (Eric Biggers)
- media: pvrusb2: properly check endpoint types (Andrey Konovalov)
- selinux: skip bounded transition processing if the policy isn't loaded (Paul Moore)
- selinux: ensure the context is NUL terminated in security_context_to_sid_core() (Paul Moore)
- ptr_ring: try vmalloc() when kmalloc() fails (Jason Wang)
- ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE (Jason Wang)
- ALSA: bcd2000: Add a sanity check for invalid EPs (Takashi Iwai)
- ALSA: caiaq: Add a sanity check for invalid EPs (Takashi Iwai)
- ALSA: line6: Add a sanity check for invalid EPs (Takashi Iwai)
- drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all (Chris Wilson)
- dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify() (Jan Kara)
- blktrace: fix unlocked registration of tracepoints (Jens Axboe)
- sctp: set frag_point in sctp_setsockopt_maxseg correctly (Xin Long)
- xfrm: check id proto in validate_tmpl() (Cong Wang)
- xfrm: Fix stack-out-of-bounds read on socket policy lookup. (Steffen Klassert)
- RDMA/netlink: Fix general protection fault (Leon Romanovsky)
- KVM/x86: Check input paging mode when cs.l is set (Lan Tianyu)
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. (Tetsuo Handa)
- xfrm: skip policies marked as dead while rehashing (Florian Westphal)
- xfrm: fix rcu usage in xfrm_get_type_offload (Sabrina Dubroca)
- xfrm: don't call xfrm_policy_cache_flush while holding spinlock (Florian Westphal)
- esp: Fix GRO when the headers not fully in the linear part of the skb. (Steffen Klassert)
- mac80211_hwsim: validate number of different channels (Johannes Berg)
- cfg80211: check dev_set_name() return value (Johannes Berg)
- bpf: mark dst unknown on inconsistent {s, u}bounds adjustments (Daniel Borkmann)
- kcm: Only allow TCP sockets to be attached to a KCM mux (Tom Herbert)
- kcm: Check if sk_user_data already set in kcm_attach (Tom Herbert)
- vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (Jason Wang)
- usb: core: Add a helper function to check the validity of EP type in URB (Takashi Iwai)
- Linux 4.14.21 (Greg Kroah-Hartman)
- ovl: hash directory inodes for fsnotify (Amir Goldstein)
- ASoC: acpi: fix machine driver selection based on quirk (Pierre-Louis Bossart)
- mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb (yinbo.zhu)
- mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec (yinbo.zhu)
- mmc: sdhci-of-esdhc: disable SD clock for clock value 0 (yangbo lu)
- media: r820t: fix r820t_write_reg for KASAN (Arnd Bergmann)
- ARM: dts: Delete bogus reference to the charlcd (Linus Walleij)
- arm: dts: mt2701: Add reset-cells (Matthias Brugger)
- arm: dts: mt7623: Update ethsys binding (Matthias Brugger)
- ARM: dts: s5pv210: add interrupt-parent for ohci (Arnd Bergmann)
- arm64: dts: msm8916: Add missing #phy-cells (Bjorn Andersson)
- ARM: pxa/tosa-bt: add MODULE_LICENSE tag (Arnd Bergmann)
- ARM: dts: exynos: fix RTC interrupt for exynos5410 (Arnd Bergmann)
- Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS (Arnd Bergmann)
- scsi: core: check for device state in __scsi_remove_target() (Hannes Reinecke)
- x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages (Tony Luck)
- usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT (James Hogan)
- mvpp2: fix multicast address filter (Mikulas Patocka)
- ALSA: seq: Fix racy pool initializations (Takashi Iwai)
- ALSA: usb: add more device quirks for USB DSD devices (Daniel Mack)
- ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204 (Lassi Ylikojola)
- ALSA: hda/realtek: PCI quirk for Fujitsu U7x7 (Jan-Marek Glogowski)
- ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform (Kailang Yang)
- ALSA: hda/realtek - Add headset mode support for Dell laptop (Kailang Yang)
- ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (Kirill Marinushkin)
- ALSA: hda - Fix headset mic detection problem for two Dell machines (Hui Wang)
- mtd: nand: vf610: set correct ooblayout (Stefan Agner)
- 9p/trans_virtio: discard zero-length reply (Greg Kurz)
- Btrfs: fix unexpected -EEXIST when creating new inode (Liu Bo)
- Btrfs: fix use-after-free on root->orphan_block_rsv (Liu Bo)
- Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly (Liu Bo)
- Btrfs: fix extent state leak from tree log (Liu Bo)
- Btrfs: fix crash due to not cleaning up tree log block's dirty bits (Liu Bo)
- Btrfs: fix deadlock in run_delalloc_nocow (Liu Bo)
- dm: correctly handle chained bios in dec_pending() (NeilBrown)
- iscsi-target: make sure to wake up sleeping login worker (Florian Westphal)
- target/iscsi: avoid NULL dereference in CHAP auth error path (David Disseldorp)
- blk-wbt: account flush requests correctly (Jens Axboe)
- xprtrdma: Fix BUG after a device removal (Chuck Lever)
- xprtrdma: Fix calculation of ri_max_send_sges (Chuck Lever)
- drm/qxl: reapply cursor after resetting primary (Ray Strode)
- qxl: alloc & use shadow for dumb buffers (Gerd Hoffmann)
- arm64: proc: Set PTE_NG for table entries to avoid traversing them twice (Will Deacon)
- rtlwifi: rtl8821ae: Fix connection lost problem correctly (Larry Finger)
- mpls, nospec: Sanitize array index in mpls_label_ok() (Dan Williams)
- tracing: Fix parsing of globs with a wildcard at the beginning (Steven Rostedt (VMware))
- seq_file: fix incomplete reset on read from zero offset (Miklos Szeredi)
- xenbus: track caller request id (Joao Martins)
- xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (Simon Gaiser)
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Ilya Dryomov)
- console/dummy: leave .con_font_get set to NULL (Nicolas Pitre)
- video: fbdev: atmel_lcdfb: fix display-timings lookup (Johan Hovold)
- PCI: keystone: Fix interrupt-controller-node lookup (Johan Hovold)
- PCI: iproc: Fix NULL pointer dereference for BCMA (Ray Jui)
- PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode (Dongdong Liu)
- MIPS: Fix incorrect mem=X@Y handling (Marcin Nowakowski)
- MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN (Corentin Labbe)
- mm: Fix memory size alignment in devm_memremap_pages_release() (Jan H. Schönherr)
- mm: hide a #warning for COMPILE_TEST (Arnd Bergmann)
- ext4: correct documentation for grpid mount option (Ernesto A. Fernández)
- ext4: save error to disk in __ext4_grp_locked_error() (Zhouyi Zhou)
- ext4: fix a race in the ext4 shutdown path (Harshad Shirwadkar)
- jbd2: fix sphinx kernel-doc build warnings (Tobin C. Harding)
- Revert "apple-gmux: lock iGP IO to protect from vgaarb changes" (Lukas Wunner)
- mlx5: fix mlx5_get_vector_affinity to start from completion vector 0 (Sagi Grimberg)
- Revert "mmc: meson-gx: include tx phase in the tuning process" (Jerome Brunet)
- mmc: bcm2835: Don't overwrite max frequency unconditionally (Phil Elwell)
- mmc: sdhci: Implement an SDHCI-specific bounce buffer (Linus Walleij)
- mbcache: initialize entry->e_referenced in mb_cache_entry_create() (Alexander Potapenko)
- rtc-opal: Fix handling of firmware error codes, prevent busy loops (Stewart Smith)
- drm/radeon: adjust tested variable (Julia Lawall)
- drm/radeon: Add dpm quirk for Jet PRO (v2) (Alex Deucher)
- arm64: Add missing Falkor part number for branch predictor hardening (Shanker Donthineni)
- drm/ast: Load lut in crtc_commit (Daniel Vetter)
- drm/amd/powerplay: Fix smu_table_entry.handle type (Andrey Grodzovsky)
- drm/qxl: unref cursor bo when finished with it (Ray Strode)
- drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2) (Tom St Denis)
- drm/ttm: Don't add swapped BOs to swap-LRU list (Felix Kuehling)
- x86/entry/64: Fix CR3 restore in paranoid_exit() (Ingo Molnar)
- x86/cpu: Change type of x86_cache_size variable to unsigned int (Gustavo A. R. Silva)
- x86/spectre: Fix an error message (Dan Carpenter)
- x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang)
- selftests/x86/mpx: Fix incorrect bounds with old _sigfault (Rui Wang)
- x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]() (Andy Lutomirski)
- kmemcheck: rip it out for real (Michal Hocko)
- kmemcheck: rip it out (Levin, Alexander (Sasha Levin))
- kmemcheck: remove whats left of NOTRACK flags (Levin, Alexander (Sasha Levin))
- kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK (Levin, Alexander (Sasha Levin))
- kmemcheck: remove annotations (Levin, Alexander (Sasha Levin))
dependency (Peter Zijlstra)
- nospec: Move array_index_nospec() parameter checking into separate macro (Will Deacon)
- x86/speculation: Fix up array_index_nospec_mask() asm constraint (Dan Williams)
- x86/debug: Use UD2 for WARN() (Peter Zijlstra)
- x86/debug, objtool: Annotate WARN()-related UD2 as reachable (Josh Poimboeuf)
- objtool: Fix segfault in ignore_unreachable_insn() (Josh Poimboeuf)
- selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems (Dominik Brodowski)
- selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c (Dominik Brodowski)
- selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c (Dominik Brodowski)
- selftests/x86/pkeys: Remove unused functions (Ingo Molnar)
- selftests/x86: Clean up and document sscanf() usage (Dominik Brodowski)
- selftests/x86: Fix vDSO selftest segfault for vsyscall=none (Dominik Brodowski)
- x86/entry/64: Remove the unused 'icebp' macro (Borislav Petkov)
- x86/entry/64: Fix paranoid_entry() frame pointer warning (Josh Poimboeuf)
- x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly (Dominik Brodowski)
- x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros (Dominik Brodowski)
- x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases (Dominik Brodowski)
- x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro (Dominik Brodowski)
- x86/entry/64: Interleave XOR register clearing with PUSH instructions (Dominik Brodowski)
- x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro (Dominik Brodowski)
- x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions (Dominik Brodowski)
- x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (Dan Williams)
- PM: cpuidle: Fix cpuidle_poll_state_init() prototype (Rafael J. Wysocki)
- PM / runtime: Update links_count also if !CONFIG_SRCU (Lukas Wunner)
- x86/speculation: Clean up various Spectre related details (Ingo Molnar)
- KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (KarimAllah Ahmed)
- X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs (KarimAllah Ahmed)
- KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods (David Woodhouse)
- Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()" (David Woodhouse)
- x86/speculation: Correct Speculation Control microcode blacklist again (David Woodhouse)
- x86/speculation: Update Speculation Control microcode blacklist (David Woodhouse)
- x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (Nadav Amit)
- powerpc/mm/radix: Split linear mapping on hot-unplug (Balbir Singh)
- crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate (Artem Savkov)
- crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate (Artem Savkov)
- compiler-gcc.h: __nostackprotector needs gcc-4.4 and up (Geert Uytterhoeven)
- compiler-gcc.h: Introduce __optimize function attribute (Geert Uytterhoeven)
- x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (Dan Williams)
- x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface (Dan Williams)
- x86: PM: Make APM idle driver initialize polling state (Rafael J. Wysocki)
- x86/xen: init %gs very early to avoid page faults with stack protector (Juergen Gross)
- x86/kexec: Make kexec (mostly) work in 5-level paging mode (Kirill A. Shutemov)
- x86/gpu: add CFL to early quirks (Lucas De Marchi)
- drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5 (Anuj Phogat)
- drm/i915: add GT number to intel_device_info (Lionel Landwerlin)
- arm: spear13xx: Fix spics gpio controller's warning (Viresh Kumar)
- arm: spear13xx: Fix dmas cells (Viresh Kumar)
- arm: spear600: Add missing interrupt-parent of rtc (Viresh Kumar)
- arm: dts: mt7623: fix card detection issue on bananapi-r2 (Sean Wang)
- ARM: dts: nomadik: add interrupt-parent for clcd (Arnd Bergmann)
- ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property (Patrice Chotard)
- ARM: lpc3250: fix uda1380 gpio numbers (Arnd Bergmann)
- arm64: dts: msm8916: Correct ipc references for smsm (Bjorn Andersson)
- s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (Eugene Syromiatnikov)
- dma-buf: fix reservation_object_wait_timeout_rcu once more v2 (Christian König)
- powerpc: Fix DABR match on hash based systems (Benjamin Herrenschmidt)
- powerpc/xive: Use hw CPU ids when configuring the CPU queues (Cédric Le Goater)
- powerpc/mm: Flush radix process translations when setting MMU type (Alexey Kardashevskiy)
- powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove (Nathan Fontenot)
- powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all (Mahesh Salgaonkar)
- ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE (Gang He)
- mwifiex: resolve reset vs. remove()/shutdown() deadlocks (Brian Norris)
- PM / devfreq: Propagate error from devfreq_add_device() (Bjorn Andersson)
- swiotlb: suppress warning when __GFP_NOWARN is set (Christian König)
- cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin (Shilpasri G Bhat)
- RDMA/rxe: Fix rxe_qp_cleanup() (Bart Van Assche)
- RDMA/rxe: Fix a race condition in rxe_requester() (Bart Van Assche)
- RDMA/rxe: Fix a race condition related to the QP error state (Bart Van Assche)
- kselftest: fix OOM in memory compaction test (Arnd Bergmann)
- selftests: seccomp: fix compile error seccomp_bpf (Anders Roxell)
- IB/core: Avoid a potential OOPs for an unused optional parameter (Michael J. Ruhl)
- IB/core: Fix ib_wc structure size to remain in 64 bytes boundary (Bodong Wang)
- IB/core: Fix two kernel warnings triggered by rxe registration (Bart Van Assche)
- IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports (Jack Morgenstein)
- IB/qib: Fix comparison error with qperf compare/swap test (Mike Marciniszyn)
- IB/umad: Fix use of unprotected device pointer (Jack Morgenstein)
- scsi: smartpqi: allow static build ("built-in") (Steffen Weber)
- tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y (Randy Dunlap)

Oracle Linux 7 update 5 preview available for download

Sat, 2018-03-03 11:38

Oracle Linux 7 update 5 is in the works... and in order to give users a free sneak preview of what's coming we put a preview release out on OTN. We typically haven't done this in the past and just always released new update versions as they become generally available but some users like to try things out early on.

[disclaimer] This is a  preview - do not use production - [/disclaimer] ...

If you run into issues, do let us know, so we can make sure they are addressed before the GA release.

You can download it from OTN here.

MySQL 8.0.5 community edition preview for Oracle Linux 7 for ARM64 (preview)

Fri, 2018-03-02 13:00

We just published a build of MySQL 8.0.5 community server on yum.oracle.com, In the ARM64 "latest" repo.

We released an Oracle Linux 7.4 based preview for ARM64 servers a little while ago. See the announcement here.

A publicly available free download. No auth or access keys.

Once you have OL7.4 preview installed, you can get MySQL 8 going using the usual yum commands.

# yum install mysql-community-server

Oracle Linux 7 UEK5 - preview updated from 4.14.11 to 4.14.20

Wed, 2018-02-28 09:30

Just as FYI -

latest update of uek5 preview is on https://yum.oracle.com

Oracle Linux 7 Server - Developer preview Unbreakable Enterprise Kernel Release 5

kernel-uek-4.14.20-1.el7uek - The Linux kernel (Update)

This update has a bunch of fixes from us (typically see that with changelog entries containing "orabug" and it pulls in gregkh's stable 4.14.20 tree on top of 4.14.11.

# rpm -q --changelog kernel-uek-4.14.20-1.el7uek | more

Remember - go check http://yum.oracle.com/whatsnew.html on a regular basis, good source to see what's been updated or added.

Oracle Linux 7 UEK5 (Linux kernel 4.14) sneak preview

Sat, 2018-02-24 12:36

We just published an initial preview version of our next kernel-uek. This is based on upstream Linux 4.14 (latest stable -14). UEK4 is/was based on a 4.1 upstream Linux kernel.

If you want to try it out, you can just add the yum repo below on your  Oracle Linux 7-based system. If you don't have a quick OL7 environment, remember you can sign up for a free account on Oracle Cloud and quickly create an Oracle Linux 7 instance and do exactly the same.

There will be very regular updates of this preview kernel going forward so you can remain up to date with our development efforts. The source code is there as well and we are going to push the git repos onto github/oracle soon(ish).

All you have to do is add the following to your /etc/yum.repos.d/public-yum-ol7.repo file.

[ol7_developer_UEKR5] name=Oracle Linux $releasever UEK5 Development Packages ($basearch) baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_UEKR5/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1

and then upgrade your kernel

# yum upgrade kernel-uek

reboot and you are all set.

If you want the latest dtrace along with it, it's in the same repo, you can just do

# yum install dtrace-utils Do a dtrace -l, you can see there are over 5000 probes now!

 

oci-utils (oracle cloud infrastructure) for Oracle Linux package

Fri, 2018-02-23 10:53

We recently added another little utilities RPM for Oracle Linux 7 to our collection:

oci-utils is an Oracle Linux RPM that contains a set of scripts to make managing an OCI instance easier, from within the instance.

The current version provides tools that help with managing block volumes (attach, remove, automatic discovery), secondary vnic configuration, a script to query the public IP of an instances and a script that lets you query instance metadata key/value pairs without having to parse or read json.

# yum install oci-utils Package content:

Binaries:
/usr/bin/oci-iscsi-config /usr/bin/oci-metadata /usr/bin/oci-network-config /usr/bin/oci-public-ip System service
/etc/systemd/ocid.service /usr/libexec/ocid MAN pages
oci-iscsi-config(1) oci-metadata(1) oci-network-config(1) oci-public-ip(1) ocid(8)
Ideally you start the ocid service, it will monitor for any changes in block devices or vnic's attached or removed. Today, when you add a block device, you have to run a number of iscsiadm commands to actually discover it and attach it to your instance. When ocid is running, it will, on a regular basis, probe to see if these devices have been created through the OCI web console, cli or SDK. It will then automatically disover them for you.

oci-iscsi-config is a simple wrapper around iscsiadm that provides you with a single command to list and attach/detach devices without having to know the iscsiadm command syntax.

ex:

# oci-iscsi-config -s For full functionality of this utility the ocid service must be running The administrator can start it using this command: sudo systemctl start ocid.service ocid already running. Currently attached iSCSI devices: Target iqn.2015-02.oracle.boot:uefi Persistent portal: 169.254.0.2:3260 Current portal: 169.254.0.2:3260 State: running Attached device: sda Size: 46.6G Partitions: Device Size Filesystem Mountpoint sda1 544M vfat /boot/efi sda2 8G swap [SWAP] sda3 38G xfs /

<attach a 50G block volume in the OCI webconsole>

# oci-iscsi-config -s Currently attached iSCSI devices: Target iqn.2015-12.com.oracleiaas:31b78e27-0c73-43ff-98b9-0ced1722a08c Persistent portal: 169.254.2.2:3260 Current portal: 169.254.2.2:3260 State: running Attached device: sdb Size: 50G File system type: Unknown Mountpoint: Not mounted Target iqn.2015-02.oracle.boot:uefi Persistent portal: 169.254.0.2:3260 Current portal: 169.254.0.2:3260 State: running Attached device: sda Size: 46.6G Partitions: Device Size Filesystem Mountpoint sda1 544M vfat /boot/efi sda2 8G swap [SWAP] sda3 38G xfs /

You can see /dev/sdb now show up after a few seconds, without having to run any commands.

oci-network-config is similar

oci-network-config is similar # oci-network-config -s CONFIG ADDR SPREFIX SBITS VIRTRT NS IND IFACE VLTAG VLAN STATE MAC VNIC - 10.0.0.2 10.0.0.0 24 10.0.0.1 - 0 ens3 - - UP 02:00:17:01:ed:6b ocid1.vnic.oc1.iad.abuwcljs4ik52qrq7itbb32rwajjqddt7utla64t47fkkq7tebw5gknt5csa <add a secondary interface>
# oci-network-config -s CONFIG ADDR SPREFIX SBITS VIRTRT NS IND IFACE VLTAG VLAN STATE MAC VNIC - 10.0.0.2 10.0.0.0 24 10.0.0.1 - 0 ens3 - - UP 02:00:17:01:ed:6b ocid1.vnic.oc1.iad.abuwcljs4ik52qrq7itbb32rwajjqddt7utla64t47fkkq7tebw5gknt5csa ADD 10.0.0.3 10.0.0.0 24 10.0.0.1 - 1 ens4 - - UP 02:00:17:01:eb:53 ocid1.vnic.oc1.iad.abuwcljsxek2mqaotafcohdmvghzrzx3jiiwq3zo45fh65dvlkpinndfjvma oci-public-ip just contacts an internet facing server to return your public IP of your instance.

# oci-public-ip Public IP address: 129.213.44.98
oci-medata let's you pretty-print the instance metadata and query for a given key

# oci-metadata -g region Instance details: Region: iad (Ashburn, VA, USA) # oci-metadata -g state Instance details: Instance state: Running

An updated version in the near future will also use the SDK (if installed along with your pem key) to go and create a block device and attach it from within your instance and/or create a secondary vnic and automatically create and attach it.

One roadmap item is the ability to use dynamic groups and principals to allow for an instance with the right privileges to do the block volume create/secondary vnic create without a pem key.

give it a try.

Oracle Container Runtime for Docker 17.12

Thu, 2018-02-22 13:44

Busy news day!

We just updated our docker-engine rpm to version 17.12. As always you can find it in the Oracle Linux 7 preview channel on our yum server.

docker-engine-17.12.0.ol-1.0.1.el7.x86_64.rpm

We are currently cooking/baking "Oracle Container Services for Use with Kubernetes 1.9.1" stay tuned for that one as well.

oh and look for the docker-engine RPM on ARM soon too.

Oracle linux 7 for ARM64 updated to OL7.4

Thu, 2018-02-22 10:56

We just updated the Oracle Linux 7 for ARM64 content.

Oracle Linux 7 for ARM64 (64-bit only) is freely downloadable from OTN: here.

The release is now at the same level as x64 (Oracle Linux 7 update 4)

The ARM64 yum repositories are also updated with the latest content. Keep in mind that we have a devtool set release for ARM as well.

Two important features on the latest ARM ISO:

- first preview of UEK5. (Linux kernel 4.14.14+) as the default kernel

- gcc 7.2 and gcc 7.3 are included on the ISO (and in the yum repo) to have easy and free access to latest gcc for ARM64

Remember that our ARM port is a preview release, it's for test and development only, it's not a GA supported product today however it's on par with x64 in terms of packages and it's completely free to download and use. No need to get a vendor auth code or whatever others out there have.

 

Pages