limetech

October 4, 2022

Add this to "Settings/SMB/SMB Extras/Samba extra configuration"

ntlm auth = Yes

Please report back if this solves connectivity issues.

September 27, 2022

We created a kernel patch in Unraid 6.11.1 to silence these messages.

September 27, 2022

8 hours ago, brandonhowlett said:

I can also confirm that attaching a monitor does not fix it.

Thanks anyway, @JorgeB.

Please go to Tools/System Devices and check the checkbox next to the ast device and then reboot and see if issue persists. If so, try same thing with the Intel display adapter. Checking the box for a device completely isolates it from the Linux kernel and we should be able to at least determine which is the culprit.

September 23, 2022

reserved

September 23, 2022

The 6.11 release includes bug fixes, update of base packages, update to 5.19.x Linux kernel, and minor feature improvements.

Sorry no major new feature but instead we are paying some "technical debt" and laying the groundwork necessary to add better third-party driver and ZFS support. Although, Samba is updated to version 4.17 and we're seeing some significant performance increases.

There are other improvements still a work-in-process which we will publish in patch releases:

better support for third-party drivers
better macOS integration
better Active Directory integration
additional VM Manager improvements

To upgrade:

First create a backup of your USB flash boot device: Main/Flash/Flash Backup
If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page.
If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page.
If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install:
```
https://unraid-dl.sfo2.cdn.digitaloceanspaces.com/stable/unRAIDServer.plg
```

Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report.

ALL USERS are encouraged to upgrade.

As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup".

Special thanks to all our beta testers and especially:

@bonienl for his continued refinement and updating of the Dynamix webGUI including new background downloading functionality.

@Squid for continued refinement of Community Apps and associated feed.

@dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood.

@ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. Also for working with us for better third-party driver integration (still a work-in-process).

@SimonF for several improvements including better handling of USB assignments to Virtual Machines.

@JorgeB for rigorous testing of storage subsystem

Version 6.11.0 2022-09-23

Improvements

With this release there have been many base package updates including several CVE mitigations.
The Linux kernel update includes mitigation for Processor MMIO stale-data vulnerabilities.
The plugin system has been refactored so that 'plugin install' can proceed in the background. This alleviates issue where a user may think installation has crashed and closes the window, when actually it has not crashed.
Many other webGUI improvements.
Added support for specifying custom VNC ports in VM manager form editor. Custom port number specified using XML editor will be preserved when switching to forms-based editor.
Spin down for non-rotational devices now places those devices in standby mode if supported by the device. Similarly, spin up, or any I/O to the device will restore normal operation.
Display NVMe device capabilities obtained from SMART info.
Added necessary kernel CONFIG options to support Sr-iov with mellanox connectx4+ cards
Merged Dynamix SSD Trim plugin into Unraid OS webGUI.
Preliminary support for cgroup2. Pass 'unraidcgroup2' on syslinux append line to activate.
Included perl in base distro.

Bug fixes

Fixed issue in VM manager where VM log can not open when VM name has an embedded '#' character.
Fixed issue where Parity check pause/resume on schedule was broken.
Fixed issue installing registration keys.
Updated 'samba' to address security mitigations. Also should get rid of kernel message complaining about "Attempt to set a LOCK_MAND lock via flock(2)."
Fixed issue switching from 'test' branch to 'next'.
Quit trying to spin down devices which do not support standby mode.
Fixed AD join issued caused by outdated cyras-sasl library
Do not start mcelog daemon if CPU is unsupported (most AMD processors).
Fix nginx not recognizing SSL certificate renewal.
wireguard: check the reachability of the gateway (next-hop) before starting the WG tunnel.
Ignore "ERROR:" strings mixed in "btrfs filesystem show" command output. This solves problem where libblkid could tag a parity disk as having btrfs file system because the place it looks for the "magic number" happens to matches btrfs. Subsequent "btrfs fi" commands will attempt to read btrfs metadata from this device which fails because there really is not a btrfs filesystem there.
Fixed bug in mover that prevented files from being moved from unRAID array to a cache pool (mode Prefer) if the share name contains a space.

Change Log vs. Unraid OS 6.10.3

Management:

Add sha256 checks of un-zipped files in unRAIDServer.plg.
bash: in /etc/profile omit "." (current directory) from PATH
docker: do not call 'docker stop' if there are no running containers
emhttpd: improve standby (spinning) support
mover: fixed issue preventing moving filed from array to cache if share name contains a space
rc.nginx: enable OCSP stapling on certs which include an OCSP responder URL
rc.nginx: compress 'woff' font files and instruct browser to cache
rc.wireguard: add better troubleshooting for WireGuard autostart
rc.S: support early load of plugin driver modules
SMB: fixed 'fruit' settings for the USB Flash boot device
SMB: remove NTLMv1 support since removed from Linux kernel
SMB: (temporarily) move vfs_fruit settings into separate /etc/samba/smb-fruit.conf file
SMB: (temporarily) get rid of Samba 'idmap_hash is deprecated' nag lines
startup: Prevent installing downgraded versions of packages which might exist in /boot/extra
upc: version v1.3.0
webgui: Plugin system update
- Detach frontend and backend operation
- Use nchan as communication channel
- Allow window to be closed while backend continues
- Use SWAL as window manager
- Added multi remove ability on Plugins page
- Added update all plugins with details
webgui: docker: use docker label as primary source for WebUI
- This makes the 'net.unraid.docker.webui' docker label the primary source when parsing the web UI address. If the docker label is missing, the template value will be used instead.
webgui: Update Credits.page
webgui: VM manager: Fix VM log can not open when VM name has an embedded '#'
webgui: Management Access page: add details for self-signed certs
webgui: Parity check: fix regression error
webgui: Remove session creation in scripts
webgui: Update ssh key regex
- Add support for ed25519/sk-ed25519
- Remove support for ecdsa (insecure)
- Use proper regex to check for valid key types
webgui: misc. style updates
webgui: Management access: HTTP port setting should always be enabled
webgui: Fix: preserve vnc port settings
webgui: Fix regression error in plugin system
webgui: Fix issue installing registration keys
webgui: Highlight case selection when custom image is selected
webgui: fix(upc): v1.4.2 apiVersion check regression
webgui: Update Disk Capabilities pages for NVME drives
webgui: chore(upc): v1.6.0
webgui: Plugin system and docker update
webgui: System info - style update
webgui: Plugins: keep header buttons in same position
webgui: Prevent overflow in container size for low resolutions
webgui: VM Manager: Add boot order to GUI and CD hot plug function
webgui: Docker Manager: add ability to specify shell with container label.
webgui: fix: Discord notification agent url
webgui: Suppress info icon in banner message when no info is available
webgui: Add Spindown message and use -n for identity if scsi drive.
webgui: Fix SAS Selftest
webgui: Fix plugin multi updates
webgui: UPS display enhancements:
- Add icon for each category
- Add translation in UPS section on dashboard
- Add Output voltage / frequency value
- Add coloring depending on settings
- Normalize units
- Make updates near real-time
- Added UPS model field
webgui: JQuery: version 3.6.1
webgui: JQueryUI: version 1.13.2
webgui: improved 'cache busting' on font file urls
webgui: Fixed: text color in docker popup window sometimes wrong
webgui: Fixed: show read errors during Read Check
webgui: VM Manager: Add USB Startup policy; add Missing USB support
webgui: Docker: fixed javascript error when no containers exist
webgui: added 3rd party system diagnostics
- added diagnostics for third party plugin packages
- added diagnostics for /dev/dri devices
- added diagnostics for /dev/dvb devices
- added diagnostics for nvidia devices

Linux kernel:

version 5.19.9 (CVE-2022-21123 (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166)
md/unraid: version 2.9.24
CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Passthrough
CONFIG_VIRTIO_IOMMU: Virtio IOMMU driver
CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver
CONFIG_FIREWIRE: FireWire driver stack
CONFIG_FIREWIRE_OHCI: OHCI-1394 controllers
CONFIG_FIREWIRE_SBP2: Storage devices (SBP-2 protocol)
CONFIG_FIREWIRE_NET: IP networking over 1394
CONFIG_INPUT_UINPUT: User level driver support
CONFIG_INPUT_JOYDEV: Joystick interface
CONFIG_INPUT_JOYSTICK: Joysticks/Gamepads
CONFIG_JOYSTICK_XPAD: X-Box gamepad support
CONFIG_JOYSTICK_XPAD_FF: X-Box gamepad rumble support
CONFIG_JOYSTICK_XPAD_LEDS: LED Support for Xbox360 controller 'BigX' LED
CONFIG_MLX5_TLS: Mellanox Technologies TLS Connect-X support
CONFIG_MLX5_ESWITCH: Mellanox Technologies MLX5 SRIOV E-Switch suppor
CONFIG_MLX5_CLS_ACT: MLX5 TC classifier action support
CONFIG_MLX5_TC_SAMPLE: MLX5 TC sample offload support
CONFIG_MLXSW_SPECTRUM: Mellanox Technologies Spectrum family support
CONFIG_NET_SWITCHDEV: Switch (and switch-ish) device support
CONFIG_TLS: Transport Layer Security support
CONFIG_TLS_DEVICE: Transport Layer Security HW offload
CONFIG_TLS_TOE: Transport Layer Security TCP stack bypass
CONFIG_VMD: Intel Volume Management Device Driver
added additional sensor drivers:
- CONFIG_AMD_SFH_HID: AMD Sensor Fusion Hub
- CONFIG_SENSORS_AQUACOMPUTER_D5NEXT: Aquacomputer D5 Next watercooling pump
- CONFIG_SENSORS_MAX6620: Maxim MAX6620 fan controller
- CONFIG_SENSORS_NZXT_SMART2: NZXT RGB & Fan Controller/Smart Device v2
- CONFIG_SENSORS_SBRMI: Emulated SB-RMI sensor
- CONFIG_SENSORS_SHT4x: Sensiron humidity and temperature sensors. SHT4x and compat.
- CONFIG_SENSORS_SY7636A: Silergy SY7636A
- CONFIG_SENSORS_INA238: Texas Instruments INA238
- CONFIG_SENSORS_TMP464: Texas Instruments TMP464 and compatible
- CONFIG_SENSORS_ASUS_WMI: ASUS WMI X370/X470/B450/X399
- CONFIG_SENSORS_ASUS_WMI_EC: ASUS WMI B550/X570
- CONFIG_SENSORS_ASUS_EC: ASUS EC Sensors
patch: add reference to missing firmware in drivers/bluetooth/btrtl.c
- rtl8723d_fw.bin
- rtl8761b_fw.bin
- rtl8761bu_fw.bin
- rtl8821c_fw.bin
- rtl8822cs_fw.bin
- rtl8822cu_fw.bin
CONFIG_BPF_UNPRIV_DEFAULT_OFF: Disable unprivileged BPF by default
patch: quirk for Team Group MP33 M.2 2280 1TB NVMe (globally duplicate IDs for nsid)
turn on all IPv6 kernel options:
- CONFIG_INET6_*
- CONFIG_IPV6_*
CONFIG_RC_CORE: Remote Controller support
CONFIG_SFC_SIENA: Solarflare SFC9000 support
CONFIG_SFC_SIENA_MCDI_LOGGING: Solarflare SFC9000-family MCDI logging support
CONFIG_SFC_SIENA_MCDI_MON: Solarflare SFC9000-family hwmon support
CONFIG_SFC_SIENA_SRIOV: Solarflare SFC9000-family SR-IOV support
CONFIG_ZRAM: Compressed RAM block device support
CONFIG_ZRAM_DEF_COMP_LZ4: Default ram compressor (lz4)
turn on all EDAC kernel options
- CONFIG_EDAC: EDAC (Error Detection And Correction) reporting
- CONFIG_EDAC_*

Base distro:

aaa_base: version 15.1
aaa_glibc-solibs: version 2.36
aaa_libraries: version 15.1
at: version 3.2.3
bind: version 9.18.6
btrfs-progs: version 5.19.1
ca-certificates: version 20220622
cifs-utils: version 7.0
coreutils: version 9.1
cracklib: version 2.9.8
cryptsetup: version 2.5.0
curl: version 7.85.0
cyrus-sasl: version 2.1.28
dbus: version 1.14.0
dhcpcd: version 9.4.1
dmidecode: version 3.4
docker: version 20.10.17 (CVE-2022-29526 CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804 CVE-2022-29162 CVE-2022-31030)
etc: version 15.1
ethtool: version 5.19
eudev: version 3.2.11
file: version 5.43
findutils: version 4.9.0
firefox: version 105.0.r20220922151854-x86_64 (AppImage)
fuse3: version 3.12.0
gawk: version 5.2.0
gdbm: version 1.23
git: version 2.37.3
glib2: version 2.72.3
glibc: version 2.36
glibc-zoneinfo: version 2022c
gnutls: version 3.7.7
gptfdisk: version 1.0.9
grep: version 3.8
gzip: version 1.12
hdparm: version 9.65
htop: version 3.2.1
icu4c: version 71.1
inotify-tools: version 3.22.6.0
iperf3: version 3.11
iproute2: version 5.19.0
iptables: version 1.8.8
jemalloc: version 5.3.0
json-c: version 0.16_20220414
json-glib: version 1.6.6
kmod: version 30
krb5: version 1.20
libaio: version 0.3.113
libarchive: version 3.6.1
libcap-ng: version 0.8.3
libcgroup: version 3.0.0
libdrm: version 2.4.113
libepoxy: version 1.5.10
libffi: version 3.4.2
libgcrypt: version 1.10.1
libgpg-error: version 1.45
libidn: version 1.41
libjpeg-turbo: version 2.1.4
libmnl: version 1.0.5
libnetfilter_conntrack: version 1.0.9
libnfnetlink: version 1.0.2
libnftnl: version 1.2.3
libnl3: version 3.7.0
libpng: version 1.6.38
libssh: version 0.10.4
libtasn1: version 4.19.0
libtirpc: version 1.3.3
liburcu: version 0.13.1
libusb: version 1.0.26
libwebp: version 1.2.4
libxml2: version 2.9.14
libxslt: version 1.1.36
libzip: version 1.9.2
logrotate: version 3.20.1
lsof: version 4.95.0
lzip: version 1.23
mc: version 4.8.28
mcelog: version 189
nano: version 6.4
nfs-utils: version 2.6.2
nghttp2: version 1.49.0
nginx: version 1.22.0
ntfs-3g: version 2022.5.17
ntp: version 4.2.8p15
oniguruma: version 6.9.8
openssh: version 9.0p1
openssl: version 1.1.1q (CVE-2022-1292 CVE-2022-2097 CVE-2022-2274)
openssl-solibs: version 1.1.1q (CVE-2022-1292)
p11-kit: version 0.24.1
pciutils: version 3.8.0
pcre2: version 10.40
perl: version 5.36.0
php: version 7.4.30 (CVE-2022-31625 CVE-2022-31626)
pkgtools: version 15.1
rpcbind: version 1.2.6
rsync: version 3.2.6
samba: version 4.17.0 (CVE-2022-2031 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-32742)
sqlite: version 3.39.3
sudo: version 1.9.11p3
sysfsutils: version 2.1.1
sysstat: version 12.6.0
sysvinit-scripts: version 15.1
talloc: version 2.3.4
tar: version 1.34
tevent: version 0.13.0
tree: version 2.0.2
util-linux: version 2.38.1
wayland: version 1.21.0
wget: version 1.21.3
xfsprogs: version 5.18.0
xz: version 5.2.6
zlib: version 1.2.12

September 19, 2022

On 9/16/2022 at 7:18 PM, JoeUnraidUser said:

Packages were removed such as glibc without any notice in the release notes. Only what has been updated is listed. If a package has been removed, it should also be listed. There should be a place that defines all the packages that are included in the distribution. This is important information to have since NerdPack and DevPack are no longer supported and the user now has to maintain their own additional slackware packages.

There was a new change in writing to .bash_profile while booting however it was not mentioned in the release notes and those of us that append to .bash_profile from the go file get overwritten by the change.

@limetech

First, you are running an -rc, you should post this in the Preleases Bug Report section.

re: glibc - was not removed, just updated. But 'stock' Unraid OS strips things like source code and header files which are unnecessary for normal usage (and always has). The kind of modifications you are doing are outside the scope of what we support. NerdPack and DevPack are deprecated because no one wants to maintain them. We did include directly in Unraid OS packages required from some of the more popular plugins which previously required NerdPack to be installed. Perl is one of them. If you are having issues with how we have perl installed, please post in the Prerelease forum and we can address it.

re: .bash_profile - that was modified to get rid of adding "." to PATH since it's a common security hole. It's not "overwritten" during boot so I don't know what could be causing any issues you are having with that.

September 13, 2022

Please see here:

September 9, 2022

pm-utils was replaced by elogind - sorry I don't use that tool so didn't notice the change.

try:

loginctl suspend

August 15, 2022

License key rootkits may be doing more than they claim, is this a risk you want to take with your data?

August 6, 2022

This should be fixed in 6.11.0-rc3

June 14, 2022

The primary purpose of this release is to address an issue seen with many HP Microserver Gen8/9 servers (and other platforms) where data corruption could occur if Intel VT-d is enabled.

ALL USERS are encouraged to update.

As always, please make a flash back up before upgrading: Main/Flash/Flash Backup.

While we have not identified the exact kernel commit that introduced this issue, we have identified a solution that involves changing the default IOMMU operational mode in the Linux kernel from "DMA Translation" to "Pass-through" (equivalent to "intel_iommu=pt" kernel option). At first, we thought the 'tg3' network driver was the culprit; however, upon thorough investigation, we think this is coincidental and we have also removed code that "blacklists" the tg3 driver.

Special thanks to @JorgeB who helped characterize and report this issue, as well as helping many people recover data when possible. Please refer to the Unraid OS 6.10.3-rc1 announcement post for more information.

Version 6.10.3 2022-06-14

Improvements

Fixed data corruption issue which could occur on some platforms, notably HP Microserver Gen8/9, when Intel VT-d was enabled. This was fixed by changing the Linux kernel default IOMMU operation mode from "DMA Translation" to "Pass-through".

Also removed 'tg3' blacklisting when Intel VT-d was enabled. This was added in an abundance of caution as all early reports of data corruption involved platforms which also (coincidentally) used 'tg3' network driver. If you created a blank 'config/modprobe.d/tg3.conf' file you may remove it.

Plugin authors: A plugin file may include a tag which displays a markdown formatted message when a new version is available. Use this to give instructions or warnings to users before the upgrade is done.

Brought back color-coding in logging windows.

Bug fixes

Fix issue detecting Mellanox NIC.

Misc. webGUI bug fixes

Change Log vs. Unraid OS 6.10.2

Base distro:

no changes

Linux kernel:

version 5.15.46-Unraid
CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Passthrough

Management:

startup: improve network device detection
webgui: Added color coding in log files
webgui: In case of flash corruption try the test again
webgui: Improved syslog reading
webgui: Added log size setting when viewing syslog
webgui: Plugin manager: add ALERT message function
webgui: Add INFO icon to banner
webgui: Added translations to PageMap page
webgui: Fix: non-correcting parity check actually correcting if non-English language pack installed
webgui: Updated azure/gray themes
- Better support for Firefox
- Move utilization and notification indicators to the right

June 10, 2022

On 6/9/2022 at 8:59 AM, Shomil Saini said:

Is there a 6.10.3 update expected which fixes all the issues?

I am hesitant to upgrade my server from 6.9.2 running on Dell R720xd.

Thanks in Advance.

Cheers!

See here:

June 10, 2022

The primary purpose of this release is to address the issue seen with many HP MIcroserver Gen8/9 servers where data corruption could occur if Intel VT-d is enabled.

As always, please make a flash back up before upgrading: Main/Flash/Flash Backup.

While we have not identified the exact kernel commit that introduced this issue, we believe there is a viable solution. The solution involves changing the default IOMMU operational mode in the Linux kernel from "DMA Translation" to "Pass-through" (equivalent to "intel_iommu=pt" kernel option). At first we thought the 'tg3' network driver was the culprit; however, upon thorough investigation, we think this is coincidental and we have removed code that "blacklists" the tg3 driver.

We have decided to publish this release on the Unraid OS next branch so that those users with test servers may give this release a try. To update to this release, navigate to Tools/Update OS and select 'next' under Branch. As soon as we have confirmation from more HP Microserver users that no more "DMAR ERROR" syslog messages are generated, we will publish 6.10.3 stable release. Similarly, since we have effectively changed the intel_iommu mode, we would be interested to know if any VM issues arise - in all our testing there are no issues.

More info by @JorgeB a few posts down:

6 hours ago, JorgeB said:
Many thanks to @jmztaylorand @Monteromanfor helping test this new IOMMU mode, they are using different affected servers, one Lenovo X3100 and one HP Microserver G8, with both it was very easy to trigger the DMAR errors by starting a parity check, errors would start repeating after just a few seconds, e.g:

With the Lenovo before this release:
Jun  7 10:09:41 Tower kernel: md: recovery thread: check P ...
Jun  7 10:09:44 Tower kernel: DMAR: ERROR: DMA PTE for vPFN 0xb0780 already set (to b0780003 not 17594b803)
Jun  7 10:09:44 Tower kernel: ------------[ cut here ]------------
Jun  7 10:09:44 Tower kernel: WARNING: CPU: 4 PID: 6907 at drivers/iommu/intel/iommu.c:2336 __domain_mapping+0x2e3/0x362
With the HP:
May 19 06:56:40 Tower kernel: md: recovery thread: check P ...
May 19 06:56:56 Tower kernel: DMAR: ERROR: DMA PTE for vPFN 0xb5f80 already set (to b5f80003 not 1636f4803)
May 19 06:56:56 Tower kernel: ------------[ cut here ]------------
May 19 06:56:56 Tower kernel: WARNING: CPU: 2 PID: 5826 at drivers/iommu/intel/iommu.c:2408 __domain_mapping+0x2e5/0x390
With the new release both ran a parity check for over 10 minutes with VT-d enabled and no signs of any errors, I'm confident this solves the DMAR/corruption issues for all affected platforms, as a bonus this IOMMU pass-through mode can apparently have better performance, some Linux distros have already switched to using it by default.

Main kudos go to LT's @eschultz, he's the one that came up with the solution, also found the doc below with some more info about this mode for anyone interested:

https://lenovopress.lenovo.com/lp1467.pdf

P.S. this will also fix the bzimage checksum error many Dell server users were experiencing during boot after updating to v6.10.x, the fix for that was also using iommu=pt, and probably what saved some of those servers from experiencing the DMAR/corruption problem.

Version 6.10.3-rc1 2022-06-10

Improvements

Plugin authors: A plugin file may include a tag which displays a markdown formatted message when a new version is available. Use this to give instructions or warnings to users before the upgrade is done.

Changed default kernel IOMMU operation mode from "DMA Translation" to "Pass-through". - removed 'tg3' blacklisting

Brought back color-coding in logging windows.

Bug fixes

Fix issue detecting Mellanox NIC.

Misc. webGUI bug fixes

Change Log vs. Unraid OS 6.10.2

Base distro:

no changes

Linux kernel:

version 5.15.46-Unraid
CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Passthrough

Management:

startup: improve network device detection
webgui: Added color coding in log files
webgui: In case of flash corruption try the test again
webgui: Improved syslog reading
webgui: Added log size setting when viewing syslog
webgui: Plugin manager: add ALERT message function
webgui: Add INFO icon to banner
webgui: Added translations to PageMap page
webgui: Fix: non-correcting parity check actually correcting if non-English language pack installed
webgui: Updated azure/gray themes
- Better support for Firefox
- Move utilization and notification indicators to the right

June 3, 2022

34 minutes ago, unevent said:

Just a thought, can the update plugin ( for upgrade to 6.10.x) do a check for tg3 driver and iommu enabled and if so display a message notifying the user of the potential issue and option to abort the upgrade?

As of yesterday does exactly that, except if that condition exists (tg3 installed + iommu enabled), the update exits.

May 31, 2022

3 hours ago, sarf said:

Just to confirm this worked a treat. It cost me a few hours messing around with the server though but I appreciate the decision to disable rather than corrupt! Definitely should have been made much clearer in my opinion though...

Note: to be safe you should add that to all "boot modes" indicated on Main/Flash page, in case you ever need to switch boot modes. This is an easy thing to forget.

May 30, 2022

4 hours ago, Frank1940 said:

Be sure to provide some way for those of us who are trying to provide support by changing the version number (6.10.2a or 6.10.3). There is already enough confusion over this issue.

When you click 'Check for Updates" it downloads 'unRAIDServer.plg' file from our download server. When this file is 'executed' and detects tg3 present and iommu enabled it does this:

      echo "NOTE: combination of NIC using tg3 driver and Intel VT-d enabled may cause DATA CORRUPTION on some platforms."
      echo "Please disable VT-d in BIOS or pass 'intel_iommu=off' on syslinux kernel append line."
      echo "Alternaltely create 'config/modprobe.d/tg3.conf' file:"
      echo " touch /boot/config/modprobe.d/tg3.conf # if your platform is not affected"
      echo "or"
      echo " echo 'blacklist tg3' > /boot/config/modprobe.d/tg3.conf # to blacklist the tg3 driver"
      echo
      exit 1

The script only checks for existence of modprobe.d/tg3.conf file, not it's content. Hence user can choose to blacklist or not.

May 30, 2022

49 minutes ago, John_M said:

Watching from the sideline because my Gen8 still has its original non VTd-capable Celeron processor, but wouldn't a better solution be to disable VT-d automatically via syslinux.cfg when the problematic configuration is detected instead of disabling the NIC? It would still take some users by surprise, of course, but at least they'd still be able to connect to their servers.

AFAIK it's not possible to programmatically disable VT-d. The way the kernel initializes is based on whether VT-d is enabled or not.

The current approach was taken in an abundance of caution. Going into a 3-day holiday here in the US I decided it's better for users to lose network connection (which I agree sucks) than to suffer data loss, when we know about possible data loss (that would suck even more).

I've just added some code to the downloaded 'unRAIDServer.plg' file that will detect the combination of 'tg3' module loaded and VT-d enabled, and will bail out of the upgrade unless ./config/modprobe.d/tg.conf file exists. This should greatly help those upgrading but new users on affected platform will still see no ethernet.

This is going to take us some time to get this fixed; probably will have to go purchase a known-affected platform. The issue is acknowledged here:

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04565693

Why this has suddenly happened is a mystery.

May 28, 2022

1 hour ago, hiddenpcmaster said:

Captains Log: Stardate-52822

I just Upgraded from 6.9.2 to 6.10.2

With all the activity in the forums about some issues relating to 6.10, I opted to wait until the next release.

I'm happy to report NO ISSUES. Thank you all for the hard work, everything is working!

Your Stardate seems off

https://www.stoacademy.com/tools/stardate.php

May 28, 2022

2 hours ago, Oceanic said:

Thanks JorgeB

For people who are fairly new to this (like me), here are the instructions on how to fix this on a HP MicroServer Gen 8 with a E3-1265LV2

Reboot the server

During bootup press F9 to enter the bios.

Once the bios is loaded enter the menu System Options -> Processor Options -> Intel(R) VT-d

Set it to disabled

Press Esc to get to the top menu again

Press F10 to exit the bios and save

The server should now boot again as normal

Thanks for the instructions! Added to release notes:

https://wiki.unraid.net/Unraid_OS_6.10.2#How_to_Disable_Intel_VT-d_on_HP_MicroServer_Gen_8_with_a_E3-1265LV2

May 28, 2022

5 minutes ago, Vr2Io said:

Just confirm this also affect NVMe, during change mobo to Intel B365 and add NVMe also have corrupt problem ( WD SN550 & Samsung EVO 970 same ), if use MC or CP to copy file, it may not prompt error, but rsync will easy prompt you the error during file copy.

By apply intel_iommu=off, this solve this serious problem.

PS: Confirm even enable IOMMU, if not use NVMe, system stable solid.

To confirm: which motherboard is this? Does onboard NIC use the 'tg3' driver?

May 28, 2022

8 minutes ago, blaine07 said:

“lsmod | grep tg3” says no

but having changed the IOMMU thing how do you recommend I proceed? Leave or remove that startup change? If it turns Intel IOMMU on but the changes turn it off will their be conflict?

By "change" if you mean code added in this release to blacklist 'tg3' - it does not enable/disable Intel IOMMU. It detects if Intel VT-d is enabled, and if so, auto-blacklists 'tg3' - that' s it.

I think the issue you are referring to is unrelated. Can't remember atm, but isn't this issue with older Dell's? Older platforms, such as GEN8 Microservers have buggy bios which does not reset/virtualization correctly and manufacturers have no appetite to go fix.

May 28, 2022

2 hours ago, handspiker2 said:

How long has that been insecure?

Also how was that not caught by unit tests? "Login doesn't accept trailing characters" is a pretty rudimentary test case for a security system.

Issue was introduced at the beginning of 6.10-rc series when we introduced code to require a root password and add brute-force mitigations. Does not have to do with sanitizing input from a form but rather server-side extraction of the record from /etc/shadow file. You can examine the one-line fix here.

May 28, 2022

38 minutes ago, blaine07 said:

Post says “Broadcom NetXtreme Gigabit Ethernet NIC (note: there may be others).” are affected but what about “NetXtreme II”? Would they be affected?

See attached pic.

Does it use 'tg3' driver?

May 27, 2022

reserved

May 27, 2022

This release contains Security fixes, a Data Corruption mitigation, bug fixes and other minor improvements.

To upgrade:

First create a backup of your USB flash boot device: Main/Flash/Flash Backup
If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page.
If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page.
If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install:
```
https://unraid-dl.sfo2.cdn.digitaloceanspaces.com/stable/unRAIDServer.plg
```

Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report.

Thank you to all Moderators, Community Developers and Community Members for reporting bugs, providing information and posting workarounds.

Please remember to make a flash backup!

Data Corruption possible with tg3 driver when Intel VT-d is enabled.

The combination of Linux 5.15 kernel, tg3 driver, and Intel VT-d enabled appears to be causing data corruption. This has been verified on several platforms which include a Broadcom NetXtreme Gigabit Ethernet NIC (note: there may be others). This release includes the following workaround:

Very early in server startup (rc.S) if Intel VT-d is detected enabled, then the script will unconditionally create the file:

 /etc/modprobe.d/tg3.conf

with following content:

blacklist tg3

Hence by default if VT-d is enabled, which is to say, it has not been disabled in either bios or via kernel "intel_iommu=off", then we are going to blacklist the tg3 driver on all platforms.

What if someone has a platform where tg3 does not give them any trouble with VT-d enabled? In this case they must create an empty file on their flash device:

config/modprobe.d/tg3.conf

When the startup sequence continues it will get to the point where it executes:

install -p -m 0644 /boot/config/modprobe.d/* /etc/modprobe.d

A blank tg3.conf file stored on the flash then effectively un-blacklists it.

There will be users who will lose network connectivity because their NIC is blacklisted. If you are running on a problematic platform you should go into your bios and disable VT-d. If this is a platform without issue, then you will need to create the blank tg3.conf file on your flash config/modprobe.d directory.

It may take some time to identify and integrate a proper fix for this issue, at which point we will remove the auto-blacklisting code. I want to thank @JorgeB for his incredible help in identifying and isolating this issue.

Security-related Changes

The Firefox browser and has been updated to version 100.0.2 to address a very nasty security vulnerability. If you use Firefox we also suggest upgrading on all platforms.
We fixed an issue where webGUI login could accept a password from a user other than 'root', if that username included the string 'root'.
The Linux kernel was updated to 5.15.43 to address a "security bypass" vulnerability.

Other Changes

On Management Access page, for the "Use SSL/TLS" setting we changed the word "Auto" to "Strict" in the drop-down menu. This better describes the action of this setting.
Docker manager now uses Docker label for icons as fallback.
VM manager now gives the option of using LibVirt networks in addition to bridges without having to edit the VM's XML.
Improved handling of custom SSL certificates.
[6.10.1] Fix regression: support USB flash boot from other than partition 1
other misc. bug fixes

Version 6.10.2 2022-05-27

Base distro:

firefox AppImage: version: 100.0.r20220519220738 (CVE-2022-1802 CVE-2022-1529)

Linux kernel:

version 5.15.43-Unraid (CVE-2022-21499)

Management:

nginx: avoid appending default port number to redirect URLs
nginx: self-signed cert file: accept common name and all alternate names
startup: fix multiple network interfaces being assigned the same MAC address
startup: blacklist tg3 by default if Intel VT-d is enabled
webgui: Management Access: Use SSL/TLS setting: change the word 'Auto' to 'Strict'
webgui: Fixed: smGlue not included when selecting a controller
webgui: Fixed: allow share names with embedded ampersand
webgui: add LXC terminal support (for LXC Plugin)
webgui: Docker Web UI to use Docker label for icons as fallback
webgui: VM Manager: support libvirt networks (make libvirt networks accessible via gui)
webgui: fix issue where 'root' login works with password from another username which includes string 'root'
webgui: Update OS page spelling corrction: warninging -> warning
webgui: helptext review: minor corrections

Version 6.10.1 2022-05-21

Management:

startup: fix regression: support USB flash boot from other than partition 1

Profiles

Forums

Downloads

Store

Gallery

Bug Reports

Documentation

Landing

Posts posted by limetech

Version 6.11.0 2022-09-23

Improvements

Bug fixes

Change Log vs. Unraid OS 6.10.3

Management:

Linux kernel:

Base distro:

Version 6.10.3 2022-06-14

Improvements

Bug fixes

Change Log vs. Unraid OS 6.10.2

Base distro:

Linux kernel:

Management:

Version 6.10.3-rc1 2022-06-10

Improvements

Bug fixes

Change Log vs. Unraid OS 6.10.2

Base distro:

Linux kernel:

Management:

Version 6.10.2 2022-05-27

Base distro:

Linux kernel:

Management:

Version 6.10.1 2022-05-21

Management: