Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Reluctant to apply the Kernel security update

  1. #1

    Default Reluctant to apply the Kernel security update

    I've had a security update for the Kernel available for a while now, but I'm reluctant to install it because I still don't see a matching driver and kernel module for my GPU in the Nvidia repositories.

    The version of the kernel that's available from the updater is 2.6.27.25, but the kernel module is only for version 2.6.27.23.

    Obviously running on an unpatched kernel is not a great idea, but I also know that updating the kernel without updating to the appropriate version of a kernel module is also a bad idea. I've seen plenty enough people complain about having problems after updating and ending up with missmatches to know I should seek the advice of people that know much more about this stuff than I do before just jumping right in.

    So... help?

  2. #2
    Join Date
    Mar 2008
    Location
    Phuket, Thailand
    Posts
    27,109
    Blog Entries
    40

    Default Re: Reluctant to apply the Kernel security update

    Take your time in your deliberations. ... When I was less familiar with openSUSE Linux, I've gone for many many months at times, before applying a kernel update. Apply it when you are ready, and don't rush it.

    The smart thing to do (which you have done already - so WELL DONE) is not to install the kernel update prematurely without giving it some thought and taking precautions.

    The precautions I take are:
    • backup /boot/grub/menu.lst before installing kernel
    • for each case (graphics, webcam, audio, wireless) where I might be using a proprietary driver, I ensure I have a binary of the driver ready to recompile/rebuild (with instructions) or I have an rpm ready that was pre-compiled against the new kernel (or I have a source rpm file that I know how to rebuild to create a new rpm)
    • after installing kernel but before rebooting, I check the updated /boot/grub/menu.lst against my backup of the previous (original) /boot/grub/menu.lst and confirm the changes make sense.
    • do this on a night when I have nothing that I can not cancel planned (I often would wait until the weekend) just in case I mess up
    • have a laptop or other PC handy, (or a liveCD that I can boot to) that can access the web in case I mess up
    • ensure I have the original installation DVD handy (which is also the emergency recovery DVD)

  3. #3
    brassy NNTP User

    Default Re: Reluctant to apply the Kernel security update

    i do NOT know how/why....but, something about the way my system is set
    up the last kernel update automatically did everything...by that i mean:

    -openSUSE updater told me that i should reboot soon after finishing

    -it downloaded and installed the new kernel

    -it downloaded the new kernel source

    -it built/compiled a new nVidia driver based on the new kernel

    -it set EVERYTHING up and then said it was finished

    -as instructed i rebooted, and EVERYTHING WORKED perfectly

    why? i have NO idea...but, someone here does!

    --
    brassy
    CAVEAT: The author of this posting does not warrant the accuracy,
    completeness, legality, or usefulness of its content and is not
    responsible for consequences resulting from its use.

  4. #4
    Camalen NNTP User

    Default Re: Reluctant to apply the Kernel security update

    Stephen Philbin wrote:

    > I've had a security update for the Kernel available for a while now, but
    > I'm reluctant to install it because I still don't see a matching driver
    > and kernel module for my GPU in the Nvidia repositories.


    Are you using nvidia repository? If yes and if you get no dependency errors
    (always check for any), just go ahead and update. If you get any conflict
    or dependency message, stop.

    I've been with a very old nvidia kernel module (installed from nvidia
    repository) since years and updating the kernel with no problem at all.

    Hey, this is a "non-guaranteed" advice, use with caution :-P

    Greetings,

    --
    Camalen

  5. #5

    Default Re: Reluctant to apply the Kernel security update

    Quote Originally Posted by Camalen View Post
    Are you using nvidia repository?
    Yes.
    Quote Originally Posted by Camalen View Post
    If yes and if you get no dependency errors
    (always check for any), just go ahead and update. If you get any conflict
    or dependency message, stop.

    I've been with a very old nvidia kernel module (installed from nvidia
    repository) since years and updating the kernel with no problem at all.

    Hey, this is a "non-guaranteed" advice, use with caution :-P

    Greetings,

    --
    Camalen
    Yeah. Your comments are indeed appreciated, but what you say doesn't really fill me with confidence.

    Since installing the Nvidia kernel module and driver, I have updated the kernel once before and that left me with non-matching versions of the kernel and the module. I haven't had any major problems since that update, but the difference in versions is more minor. I'm guessing it's more to do with luck, rather than design, that the non-matching versions have not caused any major problems.

    I think I'd better find my install disk and maybe find some more info before I do anything else.

  6. #6
    Join Date
    Jun 2008
    Location
    /dev/belgium
    Posts
    1,946

    Default Re: Reluctant to apply the Kernel security update

    if you don't want to wait so long until the repo adds a matching NV driver for the new kernel, it's better you install the NV driver manually, which is *very* easy to do. All you need is the kernel source and build environment like gcc, make, m4, etc

    I've never used the NV repo in my life and always manually re-install the NV drivers. So far during all those years it's been painless and very quick

  7. #7
    Join Date
    Mar 2008
    Location
    Phuket, Thailand
    Posts
    27,109
    Blog Entries
    40

    Default Re: Reluctant to apply the Kernel security update

    Quote Originally Posted by Stephen_Philbin View Post
    Since installing the Nvidia kernel module and driver, I have updated the kernel once before and that left me with non-matching versions of the kernel and the module. I haven't had any major problems since that update, but the difference in versions is more minor. I'm guessing it's more to do with luck, rather than design, that the non-matching versions have not caused any major problems.

    I think I'd better find my install disk and maybe find some more info before I do anything else.
    If it is the graphics that worry you, then the more linux knowledge you have, the less worrisome this will be. Now this won't help new users, but that is not the point of my input to this thread. Rather I am trying to provide information to give you more confidence.

    For nVidia, typically there are 3 graphic drivers that work:
    • vesa - a generic driver - works for nvidia, ati, intel and other graphic hardware. Its the most compatible, but also has the worst performance. It almost always survives a kernel update.
    • nv - the openGL (ie open source) graphic driver - average performance. It almost always survives a kernel update.
    • nvidia - the proprietary graphic driver (typically requires a separate install/build of the proprietary driver). It has the best performance. It is almost always broken by a kernel update and needs a rebuild/reinstall.


    In openSUSE the graphic tool for configuring the driver is called 'sax2'. sax2 will update one's PC's /etc/X11/xorg.conf file. Hence before running sax2, I always back up my /etc/X11/xorg.conf file so that I can restore the file if necessary.

    Sax2 should be run in run level 3 (ie log in with an ascii prompt). One can boot to an ascii prompt by typing "3" (no quotes) in the grub boot menu.

    Some examples of using sax2 with root permissions ....
    • first, for the vesa driver:
      sax2 -r -m 0=vesa
    • now for the openGL driver:
      sax2 -r -m 0=nv
    • now for the nvidia driver:
      sax2 -r -m 0=nvidia
      Note one must have already installed the nvidia rpm for one's new kernel, or built the nvidia driver from a binary against one's new kernel, before running that sax2 command.

    Note that I am assuming only one graphic device on the PC. One can tell what graphic devices are detected by sax2 by typing:
    sax2 -p
    Note that the command I gave was "zero equals driver".

    There are other options for use of sax2, which one can learn by typing:
    man sax2

  8. #8

    Default Re: Reluctant to apply the Kernel security update

    Quote Originally Posted by Stephen_Philbin View Post
    I've had a security update for the Kernel available for a while now, but I'm reluctant to install it because I still don't see a matching driver and kernel module for my GPU in the Nvidia repositories.

    The version of the kernel that's available from the updater is 2.6.27.25, but the kernel module is only for version 2.6.27.23.
    It's wise to be cautious. I waited and took a chance, and it's OK. One thing I did do, is download the latest nVIDIA driver so, in the event that the matching stuff didn't work, I could fallback to the by-hand trick of "init 3 ; sh NVIDIA...".

  9. #9
    Camalen NNTP User

    Default Re: Reluctant to apply the Kernel security update

    Stephen Philbin wrote:

    > Camalen;2019778 Wrote:
    >> Are you using nvidia repository?

    > Yes.


    O.K.

    > Yeah. Your comments are indeed appreciated, but what you say doesn't
    > really fill me with confidence.
    >
    > Since installing the Nvidia kernel module and driver, I have updated
    > the kernel once before and that left me with non-matching versions of
    > the kernel and the module. I haven't had any major problems since that
    > update, but the difference in versions is more minor. I'm guessing it's
    > more to do with luck, rather than design, that the non-matching versions
    > have not caused any major problems.


    Maybe. But if you fall into these problems while using nnidia repo packages,
    open a bugzilla and tell developers that YaST should warn people in such
    situation.

    A dependency error should be displayed to the user, if none, I would
    consider that a bug :-)

    > I think I'd better find my install disk and maybe find some more info
    > before I do anything else.


    No need to do that. You can go with another vga driver as others already
    told you. There are many situations that can leave you with no graphical
    session at all and you should be capable to handle that :-)

    Greetings,

    --
    Camalen

  10. #10

    Default Re: Reluctant to apply the Kernel security update

    I know it's been a while, but I've finally got back around to this issue of the graphics driver update. I figured it'd be better in the long-run if I just learn how to build the module for myself so that I don't have to rely on repositories (and the knowledge may come in handy elsewhere ).

    I already have gcc, make and M4 installed (I need them to build MySQL, Apache, PHP, Sendmail etc.), and I always install the kernel sources whenever I make the initial installation of Suse anyway. So I think I have the basic tools to build it with (let me know if I missed anything), but I don't really know what's what and how to put it together.

    For example, I thought the proprietary binary from Nvidia was the driver and that the module I need to build was just a sort of connector/bridge to allow my kernel communicate with the binary driver. By the sounds of what someone posted earlier, though, I get the impression that the module its self is the driver and is built to contain this binary from Nvidia.

    Anyway, I guess my questions now are

    1) Where do I get the latest (stable) binary from Nvidia so that I don't have to wait around for it to show up in the repo's?

    2) What are the steps I need to take to build a module out of the binary and kernel sources?

    3) What changes do I need to make after building the module to have the kernel make use of it, and what precautions should I take when doing it (such as backing up /etc/X11/xorg.conf)?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •