The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[KVM/XEN] HW_AES Detection Issues - (yum update - Illegal instruction)

Discussion in 'Workarounds and Optimization' started by cPLevey, Jun 16, 2016.

Tags:
  1. cPLevey

    cPLevey Technical Analyst Supervisor
    Staff Member

    Joined:
    Dec 3, 2015
    Messages:
    41
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    cPanel Support has received several inquiries over the past month regarding a particular issue. This issue occurs on CentOS 6.8 XEN servers when you perform a system update via 'yum update', or when you attempt a cURL request. These commands typically result in an 'Illegal instruction (core dumped)' error.

    The issue is due to Python attempting to execute a CPU opcode that is advertised as available by the server's host node virtualization system (XEN), but is not actually supported by the host node's hardware. With this in mind, please note and understand the issue being experienced is not a cPanel related error. The core of this issue is due to the host node's virtualization system (XEN) and the Network Security Services (nss*) packages.

    A few examples of errors being reported as result of this issue:
    Code:
    root@server [/]# yum update
    Loaded plugins: fastestmirror, security
    Setting up Update Process
    Loading mirror speeds from cached hostfile
    Illegal instruction (core dumped)
    
    Code:
    Freeing read locks for locker 0x4670: 12281/139963921401600
    Freeing read locks for locker 0x4672: 12281/139963921401600
    
    Code:
    Program received signal SIGILL, Illegal instruction.
    0x00007fffed8c4d60 in ?? () from /usr/lib64/libfreeblpriv3.so
    (gdb) quit
    
    There have also been reports of Softaculous and RVSiteBuilder not functioning properly, resulting with a 500 error similar to the following:
    Code:
    No response from subprocess (php): The subprocess ended prematurely because it received the “ILL” (4) signal.
    
    Similar to cPanel's Feature Request and Bug Reporting processes, you are highly recommended to provide feedback on the official upstream bug reports regarding this issue.

    For reference, please see these available upstream bug reports regarding this issue:

    Temporary Workarounds

    [ /!\ WARNING /!\ ] - cPanel can not be held liable for the results of the temporary work around provided.

    Throughout the span of the this reported issue, cPanel Support has discovered a temporary workaround. To enable this temporary workaround, execute the following as the root user:
    Code:
    echo 'export NSS_DISABLE_HW_AES=1' > /etc/profile.d/temporary-aes-fix.sh; \
    source /etc/profile.d/temporary-aes-fix.sh
    [ (!) NOTE (!) ] - The 'NSS_DISABLE_HW_AES' environment variable, disables AES hardware support. More information on AES can be found here: Intel Data Protection (AES)

    As a temporary workaround to resolve the errors reported with Softaculous and RVSiteBuilder, the following steps have been used successfully:
    1. Copy and paste all of the following code as the root user:
      • Code:
        cat <<EOF > /usr/local/cpanel/3rdparty/etc/temporary-aes-fix.php
        <?php
        putenv("NSS_DISABLE_HW_AES=1");
        \$_ENV["NSS_DISABLE_HW_AES"]="1";
        EOF
      • NOTE: The command provided will create the file with the necessary content. The final '/usr/local/cpanel/3rdparty/etc/temporary-aes-fix.php' should only contain the following content:
      • Code:
        <?php
        putenv("NSS_DISABLE_HW_AES=1");
        $_ENV["NSS_DISABLE_HW_AES"]="1";
    2. Create a backup of your server's existing cPanel PHP configuration file (/usr/local/cpanel/3rdparty/etc/php.ini) and add the following entry:
      • Code:
        cp -av /usr/local/cpanel/3rdparty/etc/php.ini{,.before_aes_fix}; \
        echo 'auto_prepend_file = "/usr/local/cpanel/3rdparty/etc/temporary-aes-fix.php"' >> /usr/local/cpanel/3rdparty/etc/php.ini
     
    lorio, cPanelMichael and cPanelJesse like this.

Share This Page