XenPV CentOS Latest Kernel updates/Meltdown + Spectre

Update 8/2/18:

CentOS 7 has a patch that has been released from the plus kernel team https://people.centos.org/toracat/kernel/7/plus/bug14347/ this will probably be pushed to the main repo soon.

Update 6/2/18:

CentOS 6 has been fixed and you can now use kernel 2.6.32-696.20.1.el6.x86_64 or newer

We are still looking at how CentOS 7 is progressing, if you wish to update this you can use the latest 4.x kernel which will resolve this issue, if you would rather stay on a 3.x kernel please check back for further updates.

Update 17/1/18:

Some further details on regarding the CentOS issue
CentOS 6 https://access.redhat.com/solutions/3312501
CentOS 7 https://bugs.centos.org/view.php?id=14347

Update 14/1/18:

Some new Kernels from Xen were released last week in order to resolve issue with new CentOS kernels booting, this is still currently in the testing branch, once this is moved to the normal CentOS repos we will notify customers for rebooting, however until then please still do not update your CentOS to the latest kernel.

Xen CentOS Latest Kernel updates

We are currently aware of issues when upgrading CentOS to the latest kernel updates, we believe these to be caused by changes for Meltdown + Spectre, this already is on CentOS mailing list, we are following this for updates https://lists.centos.org/pipermail/centos-virt/2018-January/005712.html

This may also affect other OS’s which are currently being investigated.

Meltdown + Spectre

We are currently investigating alongside other providers the best way to move forward regarding this, most likely we will have to update and reboot the host nodes, however we will update this with further information when we have it.

Update 5/1/18 20.30 : The below email was sent to all clients regarding our update for this issue.

Earlier this week, two new hardware vulnerabilities (Meltdown and Spectre) were widely reported in the media. They impact a number of Intel, AMD and ARM computing architectures.

We are working to provide the best mitigation to these issues. However not all patches have yet been issued and some updates are causing issues elsewhere.

Shared/Reseller Hosting/Shoutcast Customers

What will happen?
We will be rebooting our servers

The maintenance window is 06/1/18 – 9.30pm-10.30pm GMT, should this change it will be communicate via our status page gbstatus.com

How will it affect me?
Your shared/reseller/shoutcast services will be unavailable while this takes place, our website will also be unavailable during some of this time, we estimate the downtime should be around 5-10mins per server if all goes well

VPS Customers

What will happen?
We are still looking at the best way to mitigate this issue, it is likely that we will have to reboot all host nodes meaning all VPS will be rebooted.

IMPORTANT – We are aware of issues where clients are updating there VPS kernel, while this is recommended in the long term, this should not be completed until we have posted so on our blog gbstatus.com there are currently known issues with the latest CentOS kernels and Xen following this security patching.

Should we need to reboot nodes we will communicate this to you on a node by node basis via the email you have set in SolusVM (vps.dnsgb.net), please make sure your contact information is up to date in here, we will also update our blogs with any planned reboots.

How will it affect me?
Should we have to reboot VPS nodes there will be downtime while all VPS are shut down, and the host node rebooted, this time will depend on various factors but you should allow at least an hour.

As above there are currently issues with the latest CentOS kernels and Xen, updating and then rebooting your VPS will cause it to be unbootable, if you have a small timeout set in grub then you will need to contact support to boot your machine into an older kernel, if you have a longer timeout you can console in and boot to an older version

Dedicated Server Customers

Dedicated customers should update their servers kernels and reboot as soon possible as and when patches are available. Should there be any firmware issues that need to be applied we will contact you in separately regarding this.

Any other services are not affected