Being a good little sysadmin, I update my VPS regularly - I'm running Fedora Core 5 and use YUM for updating, but this question really applies to any distribution and any method of updating (yum, apt-get, rpm etc.)

Question : if I update the kernel of a VPS, does this have any impact on it's operation under XEN? I'm wondering whether XEN has any hooks into the kernel which could be disrupted by a kernel update.

Indeed, I'm starting to think that XEN loads the kernel from someone other than the kernel image on my system; if so, this means that my kernel upgrades are simply ignored.

I do notice the following console message whenever I boot my VPS :


************************************************** *************
** WARNING: Currently emulating unsupported memory accesses **
** in /lib/tls glibc libraries. The emulation is **
** slow. To ensure full performance you should **
** install a 'xen-friendly' (nosegneg) version of **
** the library, or disable tls support by executing **
** the following as root: **
** mv /lib/tls /lib/tls.disabled **
** Offending process: init (pid=1) **
************************************************** *************


The interesting thing here is that I have taken the suggested action (mv /lib/tls /lib/tls.disabled) but the message still comes up on boot.

Can any XEN experts explain what's going in here?

Thanks

Hi there,
for sure this will not be the most correct, definitive and resolutive answer to your problem:
at least kernel and glibc, in a VPS environment, should not be upgraded with stock
packages made available from your Linux distribution.

Look below:

shell$ uname -r
2.6.16.13-xenU-rimu6

The kernel clearly appears not to be a stock one. I'm pretty fresh here, perhaps RH guys
make available upgrades (for manual installation) for these components from time to time.

I'm not sure why that message comes up after you move /lib/tls away. I don't think the message is as serious as they make it out to be. I've seen talk of the xen developers removing it at some point IIRC.

The xen kernel we use is stock standard. the -rimuxx suffix is just a reminder for us so we know which kernel options are dis/en-abled.

Kernels on our VPSs need to be installed by us, from 'outside' your VPS on the host server. We typically do that when we update the xen version on your host server.

I'm hosted (I believe) on host47, a Xen instance running Debian Sarge, and my kernel is a year old...

lukewarm@gl1tch:~$ uname -a
Linux gl1tch.com 2.6.11.12-xenU-rimu1 #2 Wed Aug 17 22:28:35 UTC 2005 i686 GNU/Linux

I realize that 2.6.11.12 is a more recent kernel than the upstream Sarge kernel, 2.6.8-3 currently, but the Debian security team backports security fixes into their kernel.

What's the chance of getting either a more recent kernel version or some security patches backported to Rimuhosting's Xen kernel?

Thanks!

For libc, you can eliminate that message and the associated performance hit by installing a patched libc. In Debian, try the libc6-xen package.

I've noticed on some other distributions that this message comes up even with a patched libc, due to the use of the same types of instructions found in the unpatched libc in other programs and libraries. In this case, short of recompiling distribution packages or switching distributions, you don't have much of a recourse. However, remember that this message does not indicate the possibility of incorrect results; it only indicates potential performance degradation.