Kernel panic after upgrade

bunchofreeds · March 18, 2019, 03:48:45 AM

This should help @Charles2019

https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities

Charles2019 · March 19, 2019, 01:32:06 AM

Quote from: bunchofreeds on March 18, 2019, 03:48:45 AM
This should help @Charles2019

https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities

So from my understanding, I am turning off the protection for Meltdown.

Has OPNSense been updated with this below?:
https://reviews.freebsd.org/rS329462

When can I enable the Meltdown protection again?

bunchofreeds · March 19, 2019, 02:17:54 AM

I'm not an expert in this and it would be best for one of the OPNsense / HardenedBSD team to answer this to provide certainty... but I understand you have an AMD Athlon CPU, and putting that against the chart supplied in the link I sent, then your CPU is not vulnerable to meltdown, being variants 3 and 3a. So disabling the meltdown specific mitigation's should be OK in your case, and having it enabled is in fact causing issue with your AMD CPU.

I have an Intel CPU, so this does need to be enabled for me across the board unfortunately.

TheGrandWazoo · March 22, 2019, 06:07:35 PM

Tired a new OVMF Firmware on the Proxmox or QEMU/KVM to see if that might fix the kernel panics and it did NOT. I had high hopes that the panics might have been because of old OVMF firmware (UEFI).

The project is based at https://github.com/tianocore/tianocore.github.io/wiki/edk-ii and by https://www.tianocore.org.

Actual builds are based at https://www.kraxel.org/repos/ You can extract the running code on any RPM service and replace the OVMF_CODE.fd and OVMF_VARS.fd with the OVMF_CODE-pure-efi.fd and OVMF_VARS-pure-efi.fd to just have the newest code. Mine was dated on Nov 2016. The new code did give me the ability to PXE boot via HTTP which was a big bonus for me.

One thing note with the issue at hand from the FAQ...
https://github.com/tianocore/tianocore.github.io/wiki/OVMF-FAQ#are-ovmf-releases-fully-uefi-compliant
Are OVMF releases fully UEFI compliant?

While the goal is to be as fully UEFI compliant as possible, you should not assume that an OVMF release is fully UEFI compliant unless the particular release states full compliance.

For virtual machines, there are some challenging areas in achieving full UEFI compliance. For example, UEFI 'non-volatile' variables may be difficult to fully support in some virtual machine environments if a flash memory device is not emulated.

This could be an issue with the previous change to the kernel and VM based UEFI.

Hope this helps.

-Waz

lattera · March 22, 2019, 06:09:17 PM

Can you post a screenshot of the panic?

TheGrandWazoo · March 22, 2019, 07:39:12 PM

Quote from: lattera on March 22, 2019, 06:09:17 PM
Can you post a screenshot of the panic?

I apologize, this does not effect 9.1.4 at this time. I was just trying to use the original 9.1 upgrade and ISO to see if a new version of UEFI would fix the issue.

Sorry for the confusion but if you still need it is 9.1-netmap version ok?

-Waz

lattera · March 26, 2019, 03:07:55 AM

I'll just leave this here. :)

Test ISO coming soon.

lattera · March 26, 2019, 03:18:42 PM

The ISO has been uploaded here: https://hardenedbsd.org/~shawn/opnsense/2019-03-26_hbsd_11-stable_disc1.iso

Can anyone interesting in running OPNsense 19.1 in a Hyper-V Gen2 instance please test?

Meik · March 26, 2019, 04:44:31 PM

Hi lattera,

the Attached Image ist the boot Screen and the Settings (German)
Secure Boot is of.

Hope this helps - Meik

Hyper-V Host: Window Server 2019, Dual XEON E5-2620 v2, Supermicro X9DR3-F Board, 64GB-ECC-Reg-Ram, NVMe-Storage-Pool with Linux optimised vhdx (-BlockSizeBytes 1MB)

lattera · March 26, 2019, 05:17:18 PM

Quote from: Meik on March 26, 2019, 04:44:31 PM
Hi lattera,

the Attached Image ist the boot Screen and the Settings (German)
Secure Boot is of.

Thanks for helping! What are the specs for your hardware? I'm primarily curious about CPU make and model.

TheGrandWazoo · March 26, 2019, 06:13:42 PM

Screenshots attached.

Meik · March 26, 2019, 06:39:28 PM

I've added the Hardware above.

i tested also on a Server 2012 R2, Gen2, Configuration Version 5.0, there installer works, Live-CD too
E3-1270 v3, Intel Board S1200RP, 32GB ECC RAM

On a Server 2016, Gen2, Configuration Version 8.0, it works like the Server 2012 R2
E3-1240 v5, Supermicro Board X11SSL-CF, 32GB ECC Ram

On the Server 2019 (above) i create a Gen2 Configuration Version 5.0, the same "error"

On a Windows 10 1809, Gen2 Configuration Version 9.0, the same error
i3-4150, Supermicro X10SLV-Q, 8GB RAM (a small PBX-Host)

Something that i can test? (for testing i removed the NIC from the configuration, set use other CPU-Version, error is the same)

lattera · March 26, 2019, 06:44:25 PM

Quote from: Meik on March 26, 2019, 06:39:28 PM
I've added the Hardware above.

i tested also on a Server 2012 R2, Gen2, Configuration Version 5.0, there installer works, Live-CD too
E3-1270 v3, Intel Board S1200RP, 32GB ECC RAM

On a Server 2016, Gen2, Configuration Version 8.0, it works like the Server 2012 R2
E3-1240 v5, Supermicro Board X11SSL-CF, 32GB ECC Ram

On the Server 2019 (above) i create a Gen2 Configuration Version 5.0, the same "error"

On a Windows 10 1809, Gen2 Configuration Version 9.0, the same error
i3-4150, Supermicro X10SLV-Q, 8GB RAM (a small PBX-Host)

Something that i can test? (for testing i removed the NIC from the configuration, set use other CPU-Version, error is the same)

Is this your processor, then? https://ark.intel.com/content/www/us/en/ark/products/52276/intel-xeon-processor-e3-1270-8m-cache-3-40-ghz.html

No need for changes on your end. A basic Gen2 config (with secure boot disabled) should be enough for testing.

Meik · March 26, 2019, 08:05:26 PM

no, the Windows Server 2012 R2 Host has a v3:
https://ark.intel.com/content/www/de/de/ark/products/75056/intel-xeon-processor-e3-1270-v3-8m-cache-3-50-ghz.html

the Windows Server 2016 a:
https://ark.intel.com/content/www/us/en/ark/products/88176/intel-xeon-processor-e3-1240-v5-8m-cache-3-50-ghz.html

the Windows Server 2019 a:
https://ark.intel.com/content/www/us/en/ark/products/75789/intel-xeon-processor-e5-2620-v2-15m-cache-2-10-ghz.html

JDtheHutt · March 27, 2019, 02:21:25 PM

I need to apologise. Seems my error was not the kernel panic. It started after my upgrade and exhibited similar behaviour to other reports, and also happened if booting on a live USB, so I assumed was the same.

However, turns out my SSD had suddenly begun failing and died the other day. Having finally sourced a replacement today, everything is now perfect. Not sure why the SSD was also causing the live USB boot to fail, but it was as no such issue with the new one and I've not changed anything else.

Config imported and back up and running in a few minutes. Amazing work from all involved in the development. Thank you!

Kernel panic after upgrade

bunchofreeds

March 18, 2019, 03:48:45 AM #150

Charles2019

March 19, 2019, 01:32:06 AM #151

bunchofreeds

March 19, 2019, 02:17:54 AM #152

TheGrandWazoo

March 22, 2019, 06:07:35 PM #153

lattera

March 22, 2019, 06:09:17 PM #154

TheGrandWazoo

March 22, 2019, 07:39:12 PM #155

lattera

March 26, 2019, 03:07:55 AM #156

lattera

March 26, 2019, 03:18:42 PM #157

Meik

March 26, 2019, 04:44:31 PM #158 Last Edit: March 26, 2019, 06:42:19 PM by Meik

lattera

March 26, 2019, 05:17:18 PM #159

TheGrandWazoo

March 26, 2019, 06:13:42 PM #160

Meik

March 26, 2019, 06:39:28 PM #161

lattera

March 26, 2019, 06:44:25 PM #162

Meik

March 26, 2019, 08:05:26 PM #163

JDtheHutt

March 27, 2019, 02:21:25 PM #164