Edition 0
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)
net.sctp.addip_enable and auth_enable variables were turned on (they are off by default). (CVE-2011-1573, Important)
AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)
agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)
napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)
next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)
inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)
ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)
sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)
W (Waiting) bit set. The remaining node had the glock in the Exclusive Mode (EX) with no holder records. The race was caused by the Pending Demote bit, which could be set and then immediately reset by another process. With this update, the Pending Demote bit is properly handled, and GFS2 nodes no longer hang.
dinode's i_nlink value to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems.
cciss or the hpsa driver. This was because the HP Smart Array controller considered all commands to be completed when, in fact, some commands were still left in the completion queue. This could cause the file system to become read-only or panic and the whole system to become unstable. With this update, an extra read operation has been added to both of the aforementioned drivers, fixing this issue.
pci_dev struct to be used by another process. With this update, when a PCIe device is removed from a system, all resources are properly released; kernel panic no longer occurs.
evdev) failed to lock data structures when adding or removing input devices. As a result, kernel panic occurred in the evdev_release function during a system restart. With this update, locking of data structures works as expected, and kernel panic no longer occurs.
iscsi_tcp module is destroying a connection it grabs the sk_callback_lock and clears the sk_user_data/conn pointer to signal that the callback functions should not execute the operation. However, some functions were not grabbing the lock, causing a NULL pointer kernel panic when iscsi_sw_tcp_conn_restore_callbacks was called and, consequently, one of the callbacks was called. With this update, the underlying source code has been modified to address this issue, and kernel panic no longer occurs.
mpt fusion driver has been upgraded to version 3.4.17, which provides a number of bug fixes and enhancements over the previous version.
dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important)
bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)
/proc/<pid>/stat were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)
sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak. (CVE-2011-1078, Low)
do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)
do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)
khubd process of the USB stack and the modprobe of the usb-storage module. This was because the khubd process, when attempting to delete a usb device, waited for the reference count of knode_bus to be of value 0. However, modprobe, when loading the usb-storage module, scans all USB devices and increments the reference count, preventing the khubd process to continue. With this update, the underlying source code has been modified to address this issue, and a deadlock no longer occurs in the aforementioned case.
ext4 file system could end up corrupted after a power failure occurred even when file system barriers and local write cache was enabled. This was due to faulty barrier flag setting in WRITE_SYNC requests. With this update, this issue has been fixed, and ext4 file system corruption no longer occurs.
glocks, a deadlock could occur in the code which reclaims unlinked inodes when multiple nodes were trying to deallocate the same unlinked inode. This update resolves the lock ordering issue, and unlinked inodes are now properly deallocated under all circumstances.
scsi_dh_rdac kernel module. This occurred because the scsi_dh_rdac device list did not contain these storage arrays. With this update, the arrays have been added to the list, and they are now detected and operate as expected.
0 to the /proc/sys/fs/leases-enable file (ideally on boot, before the NFS server is started). This change prevents NFSv4 delegations from being given out, restoring correctness at the expense of some performance.
cciss or the hpsa driver. This was because the HP Smart Array controller considered all commands to be completed when, in fact, some commands were still left in the completion queue. This could cause the file system to become read-only or panic and the whole system to become unstable. With this update, an extra read operation has been added to both of the aforementioned drivers, fixing this issue.
usbfs (USB File System) transfers, resolving various audio issues.
get_hypervisor_cycles_per_sec function. This update fixes the calculation, and timekeeping works correctly for such virtual machines
operstate state (stored in, for example, the /sys/class/net/eth0/operstate file) was showing the unknown state even though the NIC was working properly. This was due to the fact that at the end of a probe operation, the netif_carrier_off was not being called. With this update, the netif_carrier_off is properly called after a probe operation, and the operstate state now correctly displays the operational state of an NIC.
lockd_down function, which did not wait for the lockd process to come down. With this update, the lockd_down function has been fixed, and the kernel no longer crashes.
0 forwarding delay could result in the flooding of all packets on the link for 20 seconds due to various issues in the source code. With this update, the underlying source code has been modified to address this issue, and a traffic flood on the network bridge no longer occurs.
dasd_open function. The dasd_open function tried to read a pointer from the private_data field after the structure has already been freed, resulting in a dereference of an invalid pointer. With this update, the aforementioned pointer is now stored in a different structure; thus, preventing the race condition.
GFS2 (Global File System 2) keeps track of the list of resource groups to allow better performance when allocating blocks. Previously, when the user created a large file in GFS2, GFS2 could have run out of allocation space because it was confined to the recently-used resource groups. With this update, GFS2 uses the MRU (Most Recently Used) list instead of the list of the recently-used resource groups. The MRU list allows GFS2 to use all available resource groups and if a large span of blocks is in use, GFS2 uses allocation blocks of another resource group.
flush_tlb_others() function waited for the cpu mask to be cleared, however, that cpu mask could have been incorrect. As a result, the system could become unresponsive. With this update, the cpu mask being waited on is the same cpu mask used in the IPI call function, and the system no longer hangs.
/proc/net/ipt_CLUSTERIP/ directory. Note: On Red Hat Enterprise MRG, only root can write to files in the /proc/net/ipt_CLUSTERIP/ directory by default. This update corrects this issue as a preventative measure in case an administrator has changed the permissions on these files. Red Hat would like to thank Vasiliy Kulikov for reporting this issue.
kdump kernel could fail when handling an IPI (Inter-processor interrupt) that was in-flight as the initial kernel crashed. This was due to an IPI-related data structure within kdump's kernel not being properly initialized, resulting in a dereference of an invalid pointer. This update addresses this issue, and the kdump kernel no longer fails upon encountering an in-flight IPI.
sysfs and procfs files allowed an unprivileged user to change various settings, change device hardware registers, and load certain firmware. With this update, permissions for these files have been changed.
auth_domains, to identify which group of clients (for example, 192.168.0.0/24 or *.foo.edu) the client who sent an RPC request belongs to. The server NLM code incorrectly took an extra reference of the auth_domain associated with each NLM RPC request, and never dropped that reference. The reference count is an unsigned 32-bit value, so after 232 (about 4 billion) lock operations from the same client or group of clients, the reference count would overflow to 0, and the kernel would incorrectly think that the auth_domain should be freed. As a result, the kernel would panic. This update removes the extra reference-count increment from the server NLM code, and the kernel no longer panics.
dvb_ca_ioctl() function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important)
install_special_mapping() function could allow a local, unprivileged user to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)
task_show_regs() implementation. On IBM S/390 systems, a local, unprivileged user could use this flaw to read /proc/<PID>/status files, allowing them to discover the CPU register values of processes. (CVE-2011-0710, Low)
mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partitions. (CVE-2011-1010, Low)
HP_GETHOSTINFO ioctl (I/O Control) in the mptctl module could result in the MPT (Message Passing Technology) fusion driver being reset due to erroneous detection of completed ioctl commands. With this update, the message context sent to the mptctl module is stored (previously, it was zeroed). When an ioctl command completes, the saved message context is used to recognize the completion of the message, thus resolving the faulty detection.
northbridge device into the amd_fixup_dcm() function to make Red Hat Enterprise Linux 5 guests boot on a 5.4.z Xen hypervisor. However, the added check caused a kernel panic due to missing multi-node CPU topology detection on AMD CPU family 0x15 systems. To preserve backwards compatibility, the check has not been removed but is triggered only on AMD Magny-Cours systems. AMD family 0x15 systems do not require the aforementioned check because they are not supported as 5.4 Xen hypervisor hosts. For Xen hypervisor 5.5, this issue has been fixed, which makes the check obsolete.
bnx2i drive could cause a system crash on IBM POWER7 systems. The driver's page tables were not set up properly on Big Endian machines, causing extended error handling (EEH) errors on PowerPC machines. With this update, the page tables are properly set up and a system crash no longer occurs in the aforementioned case.
crashkernel=X parameter enabled for the kdump kernel does not always succeed. This is because the kernel may not be able to find a suitable memory range for the crashkernel due to the fragmentation of the physical memory. Similarly, if a user specifies the starting address of the reserved memory, the specified memory range may be occupied by other parts of the kernel (in this case, the initrd, i.e. initial ramdisk). This update adds two debugging kernel parameters (bootmem_debug and ignore_loglevel) which allow to diagnose what causes the crashkernel to not be assigned enough memory.
WARNING calibrate_APIC_clock: the APIC timer calibration may be wrong.
MAX_DIFFERENCE parameter value (in the APIC calibration loop) of 1000 cycles being too aggressive for virtual guests. APIC (Advanced Programmable Interrupt Controllers) and TSC (Time Stamp Counter) reads normally take longer than 1000 cycles when performed from inside a virtual guest, due to processors being scheduled away from and then back onto the guest. With this update, the MAX_DIFFERENCE parameter value has been increased to 10,000 for virtual guests.
group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the AAS (Asymmetric Access State) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.
usb-audio driver leaving the set capture levels unchanged.
multipath structure (pgpath) was freed before it was used to signal the path group initialization was complete (via pg_init_done). This update includes a number of fixes that address this issue. multipath is now increasingly robust when multipathd restarts are combined with I/O operations to multipath devices and storage failures.
mptctl_fasync() function to enable async notification caused the fasync_struct data structure, which was allocated, to never be freed. fasync_struct remained on the event list of the mptctl module even after a file was closed and released. After the file was closed, fasync_struct had an invalid file pointer which was dereferenced when the mptctl module called the kill_fasync() function to report any events. The use of the invalid file pointer could result in a deadlock on the system because the send_sigio() function tried to acquire the rwlock in the f_owner field of the previously closed file. With this update, a release callback function has been added for the file operations in the mptctl module. fasync_struct is now properly freed when a file is closed, no longer causing a deadlock.
O_DIRECT flag on an NFS client and performed write operations on it of size equal to wsize (size of the blocks of data passed between the client and the server), the NFS client sent two RPCs (Remote Procedure Calls) when only one RPC needed to be send. Write operations of size smaller than wsize worked as expected. With this update, write operations of size equal to wsize now work as expected and no longer cause the NFS client to send out unnecessary RPCs.
long data type has been changed to the unsigned 32-bit data type; thus, resolving the issue. The Red Hat Enterprise Linux 5.4 and later kernel now boot as expected on the machines affected by this bug.
gettimeofday function due to erroneous exporting of the wall_to_monotonic construct. With this update, the wall_to_monotonic construct is correctly exported, and a crash no longer occurs.
AF_UNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service (out-of-memory condition). (CVE-2010-4249, Moderate)
ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low)
/proc/diskstats file showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight value of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the /proc/diskstats file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected.
tcp_select_window() function tried not to shrink the offered window by using the maximum of the remaining offered window size and the newly calculated window size. The newly calculated window size was always a multiple of the window scaling factor, however, the remaining window size was not since it depended on rcv_wup/rcv_nxt. As a result, a window was shrunk when it was scaled down. With this update, aligning the remaining window to the window scaling factor assures a window is no longer shrunk.
be2net driver failed to work with bonding, causing "flapping" errors (the interface switches between states up and down) in the active interface. This was due to the fact that the netdev->trans_start pointer in the be_xmit function was not updated. With this update, the aforementioned pointer has been properly updated and "flapping" errors no longer occur.
IPSecv6 tunnel mode. This was due to the lack of IPv6 fragmentation support over an IPsec tunnel. With this update, IPv6 fragmentation is fully supported and works as expected when using the IPSecv6 tunnel mode.
cciss driver, when a TUR (Test Unit Ready) was executed, the rq->bio pointer in the blk_rq_bytes function was of value null, which resulted in a null pointer dereference, and, consequently, kernel panic occurred. With this update, the rq->bio pointer is used only when the blk_fs_request(rq) condition is true, thus, kernel panic no longer occurs.
e1000 driver failed to properly handle IRQs (Interrupt Requests), resulting in the reception of the following messages:
irq NN: nobody cared...
down flag is set later in the process of bringing down an interface, specifically, after all timers have exited, preventing the IRQ handler from being called and exiting early without handling the IRQ.
PCI config space access on AMD systems caused the lpfc driver to fail when it tried to initialize hardware. On kernel-xen, Hypervisor trapped the aforementioned accesses and truncated them, causing the lpfc driver to fail to initialize hardware. Note that this issue was only observed when using the lpfc driver with the following parameters: Vendor_ID=0x10df, Device_ID=0xf0e5. With this update, the part of the patch related to kernel-xen that was causing the failures was removed and the lpfc driver now works as expected.
kfree() due to a race condition in the acpi_bus_receive_event() function. The acpi_bus_receive_event() function left the acpi_bus_event_list list attribute unlocked between checking it whether it was empty and calling the kfree() function on it. With this update, a check was added after the lock has been lifted in order to prevent the race and the calling of the kfree() function on an empty list.
rhev-agent could not be started due to missing a /dev/virtio-ports/ directory. This was due to the fact that the udev utility does not parse the KOBJ_CHANGE event. With this update, the KOBJ_ADD event is invoked instead and so that symlinks in /dev/virtio-ports are created when a port name is obtained.
vextern.h, otherwise they end up as undefined pointers. When calling the VDSO gettimeofday() function in Red Hat Enterprise Linux 5, a missing declaration lead to a segmentation fault. With this update, the sysctl_vsyscall system call is properly exported and segmentation faults no longer occur.
write command returns -EAGAIN and then executing a select command for the write command caused the select command to not return any values, when using the virtio serial port in a non-blocking mode. When used in a blocking mode, the write command waited until the host indicated it used up the buffers. This was due to the fact that the poll operation waited for the port->waitqueue pointer, however, nothing woke the waitqueue when there was room again in the queue. With this update, the queue is woken via host notifications so that buffers consumed by the host can be reclaimed, the queue freed, and the application write operations may proceed again.
igb driver in the Linux kernel. If both the Single Root I/O Virtualization (SR-IOV) feature and promiscuous mode were enabled on an interface using igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. (CVE-2010-4263, Important)
vbd_create() in the Xen hypervisor implementation. As CD-ROM drives are not supported by the blkback back-end driver, attempting to use a virtual CD-ROM drive with blkback could trigger a denial of service (crash) on the host system running the Xen hypervisor. (CVE-2010-4238, Moderate)
execve() system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM (Out of Memory) killer, triggering a denial of service. (CVE-2010-4243, Moderate)
fixup_page_fault() in the Xen hypervisor implementation. If a 64-bit para-virtualized guest accessed a certain area of memory, it could cause a denial of service on the host system running the Xen hypervisor. (CVE-2010-4255, Moderate)
bfa driver used by Brocade Fibre Channel Host Bus Adapters. A local, unprivileged user could use this flaw to cause a denial of service by reading a file in the /sys/class/fc_host/host#/statistics/ directory. (CVE-2010-4343, Moderate)
sysctl panic_on_oops variable is turned on by default. However, as a preventive measure if the variable is turned off by an administrator, this update addresses the issue. Red Hat would like to thank Nelson Elhage for reporting this vulnerability.
log_mtts_per_seg variable was increased from five to seven, increasing the amount of memory that can be registered. Machines with larger memory are now able to register more memory.
lvextend operation during an intensive Virtual Guest power up caused this operation to fail. Since lvextend was blocked, all components became non-responsive: vgs and lvs commands froze the session, Virtual Guests became Paused or Not Responding. This was caused by a faulty use of a lock. With this update, performing an lvextend operation works as expected.
dd command on an iSCSI device with the qla3xxx driver may have caused the system to crash. This error has been fixed, and running the dd command on such device no longer crashes the system.
NFS: v4 server returned a bad sequence-id error!
ccw_device_set_options() in dasd_generic_probe() unset the CWDEV_ALLOW_FORCE flag set in dasd_eckd_probe(). As a result, the unconditional reserve was not allowed on ECKD direct access storage devices (DASDs). With this update, the flags are set only in discipline specific probe functions.
NOT_READY on standby path.
bnx2x network driver experienced a panic dump when more than one network interface was configured to start up at boot time. With this update, statistics counter initialization for function IDs greater than 1 has been disabled, with the result that bnx2x no longer panic dumps when more than one interface has the ONBOOT=yes directive set.
net/ipv4/proc.c file. With this update, kernel memory is no longer corrupted when receiving eight or more different types of ICMP packets.
readpage() function on the memory page. However, the do_generic_file_read() function did not clear PG_error, which resulted in the system being unable to use the data in the page cache page, even if subsequent readpage() calls succeeded. With this update, the do_generic_file_read() function properly clears PG_error so that the page cache can be utilized in the case of input/output errors.
e1000 and e1000e drivers for Intel PRO/1000 network devices were updated with an enhanced algorithm for adaptive interrupt modulation in the Red Hat Enterprise Linux 5.1 release. When InterruptThrottleRate was set to 1 (thus enabling the new adaptive mode), certain traffic patterns could have caused high CPU usage. This update provides a way to set InterruptThrottleRate to 4, which switches the mode back to the simpler and non-adaptive algorithm. Doing so may decrease CPU usage by the e1000 and e1000e drivers depending on traffic patterns.
InterruptThrottleRate setting using the ethtool utility by running the following command:
ethtool -C ethX rx-usecs 4fsid=[file_system_ID], an NFS client mounted that file system on one mount point and a subdirectory of that file system on a separate mount point, then if the server re-exported that file system after un-exporting and unmounting it, it was possible for the NFS client to unmount those mount points and receive the following error message:
"VFS: Busy inodes after unmount..."
timer_interrupt() routine did not scale lost real ticks to logical ticks correctly. This could have caused time drift for 64-bit Red Hat Enterprise Linux 5: KVM (Kernel-based Virtual Machine) guests that were booted with the divider=x kernel parameter set to a value greater than 1. warning: many lost ticks messages may have been logged on the affected guest systems.
bnx2 adapters in two switch configurations resulted in a soft lockup after a few seconds. This was caused by an incorrect use of a bonding pointer. With this update, soft lockups no longer occurs and creating a VLAN interface works as expected.
NULL file pointer due to the fact that in-kernel sockets created with the sock_create_kern() function may not have a file structure and descriptor allocated to them. The kernel would crash as a result of the dereference. With this update, SCTP ensures that the file is valid before attempting to set a timeout, thus preventing a possible NULL dereference and consequent kernel crash.
fnic driver. During driver initialization, an error in the fnic driver caused it to flush the wrong queue. The flush code could then incorrectly access the memory and crash the host. With this update, the error in the fnic driver has been fixed and crashed no longer occur.
power_meter module was unloaded or its initialization failed, a backtrace message was written to /var/log/dmesg that warned about a missing release() function. This error was harmless, and no longer occurs with this update.
NULL pointer dereference in a virtual address. This update fixes the aforementioned issue and kernel panic no longer occurs on AMD Magny-Cours systems.
mode=0 (round-robin balancing) with multicast, IGMP traffic was transmitted via a single interface. If that interface failed (due to a port, NIC or cable failure, for example), IGMP was not transmitted via another port in the group, thus resulting in packets for the previously-registered multicast group not being routed correctly.
mptsas driver could return the following kernel warning messages:
kernel unaligned access to 0xe0000034f327f0ff, ip=0xa0000002040c4870 kernel unaligned access to 0xe0000034f327cbff, ip=0xa0000002040c4870 kernel unaligned access to 0xe00000300c9581ff, ip=0xa0000002040c4870
megaraid_sas driver (for SAS based RAID controllers) handled physical disks and management IOCTLs (Input/Output Control). All physical disks were exported to the disk layer, allowing an oops in megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout occurred. One possible trigger for this bug was running mkfs. This update resolves this issue by updating the megaraid_sas driver to version 4.31.
(XEN) [VT-D]intremap.c:73: remap_entry_to_ioapic_rte: index (74) is larger than remap table entry size (55)!
format bit (which was causing the unexpected interrupt remapping) does not need to be checked. As a result, the system no longer hangs during boot.
cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN.
httpd service from loading the /usr/lib/libnnz11.so (or /usr/lib64/libnnz11.so on a 64-bit system) library, which requires a text relocation. With this update, the SELinux context for this particular library has been changed from the default to textrel_shlib_t, so that the library can now be loaded as expected.
smbd, attempted to access the content of the /var/lib/mysql/ directory, SELinux denied this access, and reported this event in the audit log. However, this access is not necessary for Samba to work properly. With this update, appropriate SELinux rules have been added to address this issue, and such access denial is no longer logged.
httpd_can_network_connect_db boolean did not allow the httpd service to connect to Microsoft SQL Server (MSSQL). This error has been fixed, the boolean has been modified, and the relevant policy code has been added to define mssql port.
/var/log/messages log file. This error has been fixed, and selinux-policy packages now contain updated SELinux rules, which permit appropriate operations.
ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ""ssh_keygen_t domain to search the content of the /root/.ssh/ directory, so that the key pair creation no longer fails.
/var/named/data/ and /var/named/slaves/ directories.
httpd service was configured to use the mod_auth_pam module with winbind, users were denied access, even though the allow_httpd_mod_auth_pam and httpd_can_network_connect booleans were set to on. With this update, allow_httpd_mod_auth_pam has been corrected, and users are no longer denied access with this configuration.
/etc/xen/auto/ directory. This was caused by the default Red Hat Enterprise Linux 5.5 SELinux policy preventing the xm daemon from reading symbolic links in the /etc/xen/auto/ directory, with the result that the xm daemon could not start virtual guests. These updated selinux-policy packages contain an updated SELinux policy that allows the xm daemon to correctly read the symbolic links in /etc/xen/auto/. The xm service is now able to auto-start virtual guests upon system startup.
snmpd service attempted to access removable devices, this access was denied and relevant AVC messages were written to the audit log. Since this access is not necessary for snmpd to work properly, appropriate SELinux rules have been added to prevent these denials from being logged.
vsftpd daemon may have been unable to write to a file or create a directory inside ~/public_html/, reporting the following error message:
550 Create directory operation failed.
vsftpd now works as expected.
rsyslogd service with GnuTLS modules enabled could fail with the following error message:
Starting system logger: Fatal: no entropy gathering module detected
rsyslogd no longer fails to run.
winbind refresh tickets = true configuration option, several issues may have occurred, preventing this configuration from working properly. This update fixes the SELinux rules for winbind, so that the above configuration works as expected.
snmpd daemon was incorrectly denied access to the /var/net-snmp/snmpd.conf configuration file. With this update, the SELinux context for the /var/net-snmp/ directory has been corrected.
qpidd service when the aisexec was already running failed, and the following error message was written to the qpidd.log:
Unexpected error: Timed out waiting for daemon (If store recovery is in progress, use longer wait time)
qpidd the access to OpenAIS. This update corrects the SELinux policy, resolving this issue.
/etc/oddjobd.conf configuration file for the oddjobd service was not portable between different architectures. To resolve this issue, the proper SELinux context for the oddjob libraries has been added, so that the configuration file can be ported to different architectures as expected.
xm_t domain was not allowed to search directories with the autofs_t security context. Consequent to this, virtual machines could not be stored on automatically mounted file systems. With this update, the SELinux rules have been adjusted to permit such search, so that the virtual machines can now be stored on an automatically mounted file system as expected.
rpc.quotad has been adjusted in order to make it work properly.
/usr/lib/oracle/ directory has been changed to textrel_shlib_t.
ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.
postfix set-permissions command failed with the following error message:
/etc/postfix/postfix-script: line 263: /etc/postfix/post-install: Permission denied
postfix_domtrans_master(unconfined_t) transition has been removed, and the above command no longer fails to run.
aisexec service was unable to use shared memory segments as an unprivileged user. This error has been fixed, the relevant SELinux policy has been corrected, and aisexec now works as expected.
/var/log/messages log file:
restorecon: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /etc/NetworkManager/dispatcher\.d(/.*).
virt_use_sysfs boolean has been updated to resolve this issue, and virtual machines no longer fail to start.
Internet Protocol Security (IPsec) management tools require read access to the content of a user's home directory. This error no longer occurs, and an appropriate SELinux rule has been added to resolve this issue.
system-config-printer utility could terminate unexpectedly with the following message written to the standard error:
ImportError: /usr/lib64/python2.4/site-packages/cups.so: undefined symbol: _cupsAdminGetServerSettings
system-config-printer utility no longer crashes.
fail_action option to halt, the audisp-remote plug-in can be configured to shut down the system when an error is reported. However, consequent to an error in the SELinux rules, when a network connection failed, SELinux incorrectly denied the halt action. With this update, the SELinux rules have been corrected, and audisp-remote is now allowed to shut down the system as expected.
smbcontrol utility was unable to ping Samba services such as smbd, nmbd, or winbindd. This error no longer occurs, and smbcontrol now works as expected.
iscsiadm actions could cause AVC messages to be written to the audit log. With this update, the SELinux rules have been corrected to address this issue.
winbindd service from connecting to MS-RPC. This has been fixed, appropriate SELinux rules have been added, and winbindd is now allowed to establish a connection with MS-RPC as expected.
winbindd service was unable to connect to the port 135. This error has been fixed, and relevant SELinux rules have been added to allow such connections.
qemu-kvm command from accessing HugeTLBfs devices. This update corrects the SELinux rules to allow this access.
sa1 command from the sysstat package caused various denial messages to be written in the audit log. This update addresses this issue, and the above command now works as expected.
run_init command in single user mode failed with the following error message:
sh: /usr/sbin/run_init: permission denied
run_init command no longer fails to run.
udevmonitor to create a socket. As a result, an attempt to run this command in single user mode failed with the following error message:
error getting socket: Permission denied
udevmonitor can now be run as expected.
/dev/mapper/control: open failed: Permission denied Failure to communicate with kernel device-mapper driver.
udevinfo command from producing the expected results. This update fixes the relevant policy, so that the command no longer fails.
udevcontrol command failed to run, and a denial message was written to the audit log. With this update, this issue has been resolved, and SELinux no longer prevents udevcontrol from running.
semodule command could cause various AVC messages to be written to the log. This error has been fixed, and semodule no longer causes such messages to appear.
run_init service cpuspeed start command in single user mode caused an AVC message to appear in the audit log. With this update, the SELinux MLS policy has been corrected, so that the above command works as expected.
snmpd service attempted to change the user identifier (UID) or group identifier (GID), SELinux denied this action, and an appropriate message was written to the audit log. These updated selinux-policy packages provide corrected SELinux rules that permit this operation, and SELinux no longer prevents snmpd from changing the user and group identifier.
vbetool utility could cause AVC messages to be written to the audit log. With this update, the SELinux policy has been updated to address this issue, and such messages no longer appear.
consoletype command has been backported from Red Hat Enterprise Linux 6.
modprobe from reading an SHM (shared memory) object. This update corrects the SELinux policy, and modprobe now works as expected.
httpd_setrlimit boolean has been added to allow the httpd service to change its maximum limit of the file descriptors.
stap.
--ldd, automatically adds any additional shared libraries needed by probed or "-d"-listed userspace binaries to the -d list; this enables symbolic backtracing through them. Similarly, the new --all-modules option automatically adds any currently loaded kernel modules (listed in /proc/modules) to the -d list.
systemtap-runtime RPM builds now includes a shared library: staplog.so. This library allows crash to extract systemtap data from a vmcore image.
<sys/sdt.h> user-space markers no longer default to an implicit MARKER_NAME_ENABLED() semaphore check for each marker. To check for enabled markers use a .d declaration file, then:
if (MARKER_NAME_ENABLED()) MARKER_NAME()
stap option, -G VAR=VALUE, allows users to override global variables by passing the settings to staprun as module options.
foreach can now explicitly save the value for the loop.
@entry, is available for automatically saving an expression at entry time for use in a .return probe.
stap-prep script, packaged with SystemTap, requires yumdownloader (supplied by yum-utils). However, yum-utils is not a dependency of SystemTap. With this update, yum-utils is now a dependency of SystemTap. (BZ#513672)
useradd, it did so without specifying a UID; as such, any such invocations could result in a 'BAD level' warning. With this update, stap-server checks the existence of a system UID/GID before invoking an adduser/groupadd command. A 155:155 static UID:GID pair will then be assigned to the stap-server user without UID/GID reservation. In the rare case that such a user already exists on the system, dynamic UID/GID allocation will be used. (BZ#555808)
stap executes stapio to handle interactions. A bug in runtime/staprun/mainloop.c made it possible for stapio to fail in executing a module control file even after successfully opening it. When this occurred, stapio returned an "ERROR: unexpected EOF" when loading/unloading a kernel module concurrently. This update applies an upstream patch to runtime/staprun/mainloop.c that instructs stapio to quit (instead of retrying) when a read error occurs, avoiding a loop. (BZ#557165)
rpm -V systemtap systemtap-server, TPS reported two verification failures: systemtap-server.ppc64: /var/log/stap-server.log .M...UG. [tps:B] and systemtap.ppc64: /usr/share/systemtap/runtime/uprobes .M....G. [tps:B]. This update applies an upstream patch that corrects this. (BZ#559633)
stap-prep script that is missing in 5.5. This update returns the stap-prep script. (BZ#573031)
stap engines simultaneously, it was possible for SystemTap to unload the stap module before running all utrace callback handlers. This could result in the kernel calling code in an unloaded module, which would result in a crash. To prevent this from occurring, this update patches runtime/itrace.c and runtime/task_finder.c accordingly, adding a loop that checks for running handlers. SystemTap will now only unload a module when it is safe to do so. (BZ#602706)
service systemtap restart on a previously stopped script, the script remained halted instead of restarting. This was because the SystemTap initscript incorrectly defined the SCRIPTS variable. With this update, SystemTap makes local copies of the $SCRIPTS global variable. This update also adds force-reload, reload, condrestart, and try-restart commands. (BZ#607232)
prelink utility is no longer a SystemTap dependency on Itanium. This dependency was added in previous releases for specific SystemTap test cases. (BZ#629190)
-I option when running stap terminated abnormally with a segmentation fault because of the string literal at the end of the file. This update provides a workaround by adding a semi-colin (;) after the string literal, and a fix in parse.cxx that only inspets the next token if there is one. (BZ#648420)
sys_ia64_pipe, the function was not added to the SystemTap tapset. As a result, probing the system call from the script via probe syscall.pipe did not succeed. This error has been fixed, the new function has been added to the tapset, and the pipe system call should now be probed correctly. (BZ#568032)
$return) on the Itanium architecture caused a crash due to a flaw in the way the values in the memory were set. Now, a change in register contents no longer results in a crash. (BZ#598615)
Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) mklabel msdos (parted) mkpart p ext2 2048s 514047s (parted) mkpart p ext2 514048s 1538047s (parted) p Partition Table: msdos Number Start End Size Type File system Flags 1 1049kB 263MB 262MB primary 2 263MB 787MB 524MB primary (parted) unit s p Partition Table: msdos Number Start End Size Type File system Flags 1 2048s 514047s 512000s primary 2 514048s 1538047s 1024000s primary
bfa driver for Brocade Fibre Channel Host Bus adapters is considered a Technology Preview in Red Hat Enterprise Linux 5.6 BZ#475695
tpm-tools are included in this release to enable use of Trusted Platform Module (TPM) hardware.TPM hardware features include (among others):
tpm-tools is a suite of tools used to manage and utilize TPM hardware.
ecryptfs-mount-helper-gui).
/etc/fstab entries. For information about these changes, refer to man ecryptfs.
mount -t ecryptfs /mnt/secret /mnt/secret
ecryptfs-utils-56-4.el5 or newer.
/etc/sysconfig/readonly-root for more details).
firewire-sbp2 module is still included in this update as a Technology Preview. This module enables connectivity with FireWire storage devices and scanners.
SBP2 driver may cause the machine to become unresponsive.
/sys/module/fcoe/parameters/create file, for example:
echo eth6 > /sys/module/fcoe/parameters/createTo logout, write the network interface name to the
/sys/module/fcoe/parameters/destroy file, for example:
echo eth6 > /sys/module/fcoe/parameters/destroyFor further information on software based FCoE refer to: http://www.open-fcoe.org/openfc/wiki/index.php/FCoE_Initiator_Quickstart.
fnic driver, the Emulex lpfc driver, and the Qlogic qla2xx driver.
scsi-target-utils package as a Technology Preview. In this release, single portal and multiple portals on different subnets are supported. There are known bugs when using multiple portals on the same subnet.
cxgb3 driver the libcxgb3 package is needed, and for host channel adapters using the mthca driver the libmthca package is needed.
passwd: files sss group: files sss
auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so
clearpart --initlabel [disks]BZ#530465
$TARGET_IP: IP address of the iscsi target (drive) $TARGET_IQN: name of the iscsi target as printed by the discovery command $ROOT_DEV: devicenode (/dev/.....) where your root fs lives
$ mkdir /etc/iscsi $ cat << EOF>> /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.1994-05.com.fedora:d62f2d7c09f EOF
$ iscsid
$ iscsiadm -m discovery -t st -p $TARGET_IP $ iscsiadm -m node -T $TARGET_IQN -p $TARGET_IP --login
$ lvm vgscan $ lvm vgchange -ay
$ mount /dev/path/to/root /mnt/sysimage $ mount -t bind /dev /mnt/sysimage/dev $ mount -t proc proc /mnt/sysimage/proc $ mount -t sysfs sysfs /mnt/sysimage/sys
$ chroot /mnt/sysimage /bin/su -
resolution=1024x768 or resolution=1280x1024" to the installer using the boot command line.
mount -o nolock,udp command to start the locking daemon before using nfs to mount shares. (BZ#426053)
dom0.
rhn-virtualization-common package manually before attempting to register the system to Red Hat Network. (BZ#431648)
dom0. Once installation finishes, it can then use its own bootloader. However, this can only be achieved by forcing the guest's first reboot to be a shutdown.
swap --grow parameter in a kickstart file without setting the --maxsize parameter at the same time makes anaconda impose a restriction on the maximum size of the swap partition. It does not allow it to grow to fill the device.
vfat file systems will appear as type foreign in the partitioning interface; as such, these devices will not be mounted automatically during system boot. To ensure that such devices are mounted automatically, add an appropriate entry for them to /etc/fstab. For details on how to do so, refer to man fstab. (BZ#467202)
# -R <region_size_in_MiB> lvcreate -m1 -L 2T -R 2 -n mirror vol_groupFailure to increase the region size will result in the LVM creation process hanging and may cause other LVM commands to hang. (BZ#514814)
rpmbuild on the compiz source RPM will fail if any KDE or qt development packages (for example, qt-devel) are installed. This is caused by a bug in the compiz configuration script.
qt development packages before attempting to build the compiz package from its source RPM. (BZ#444609)
# mv /etc/rc5.d/S06multipathd /etc/rc5.d/S14multipathd # mv /etc/rc3.d/S06multipathd /etc/rc3.d/S14multipathdTo restore the original start time, run the following command:
# chkconfig multipathd resetpriorities
dm-multipath, if features "1 queue_if_no_path" is specified in /etc/multipath.conf then any process that issues I/O will hang until one or more paths are restored.
no_path_retry [N] in /etc/multipath.conf (where [N]features "1 queue_if_no_path" option from /etc/multipath.conf as well.
"1 queue_if_no_path" and experience the issue noted here, use dmsetup to edit the policy at runtime for a particular LUN (i.e. for which all the paths are unavailable).
dmsetup message [device] 0 "fail_if_no_path", where [device]mpath2; do not specify the path) for which you want to change the policy from "queue_if_no_path" to "fail_if_no_path". (BZ#419581)
lvm commands will hang indefinitely when dm-multipath is used, as the LUN has now become stale.
mpath link entries in /etc/lvm/.cache specific to the stale LUN.
ls -l /dev/mpath | grep [stale LUN]
[stale LUN]lrwxrwxrwx 1 root root 7 Aug 2 10:33 /3600d0230003414f30000203a7bc41a00 -> ../dm-4 lrwxrwxrwx 1 root root 7 Aug 2 10:33 /3600d0230003414f30000203a7bc41a00p1 -> ../dm-5
mpath links: dm-4 and dm-5.
/etc/lvm/.cache:
/dev/dm-4 /dev/dm-5 /dev/mapper/3600d0230003414f30000203a7bc41a00 /dev/mapper/3600d0230003414f30000203a7bc41a00p1 /dev/mpath/3600d0230003414f30000203a7bc41a00 /dev/mpath/3600d0230003414f30000203a7bc41a00p1
multipath command with the -ll option can cause the command to hang if one of the paths is on a blocking device. Note that the driver does not fail a request after some time if the device does not respond.
multipath state without hanging the command, use multipath -l instead. (BZ#214838)
/etc/cron.d/dmeventd-logwatch crontab file does not specify the user that the logwatch process should be executed by. To work around this issue, the functional portion of this crontab must be changed to:
* * * * * root /usr/sbin/logwatch --service dmeventd --range today --detail med(BZ#516892)
dmraid -ay isw_effjffhbi_Volume0
mkdir /tmp/raid mount /dev/mapper/isw_effjffhbi_Volume0p1 /tmp/raid
mkdir /tmp/raid/tmp/image cd /tmp/raid/tmp/image gzip -cd /tmp/raid/boot/inird-2.6.18-155.el5.img | cpio -imd –quiet
dmraid –ay –I –p –rm_partition “/dev/mapper/isw_effjffhbi_Volume0” kpartx –a –p p “/dev/mapper/isw_effjffhbi_Volume0” mkrtootdev –t ext3 –o defaults,ro /dev/mapper/isw_effjffhbi_Volume0p1
cd /tmp/raid/tmp/image find . –print | cpio –c –o | gzip -9 > /tmp/raid/boot/inird-2.6.18-155.el5.img
umount /dev/mapper/isw_effjffhbi_Volume0p1 dmraid -an
sniff may result in an error. This is because some required packages are not installed with dogtail. (BZ#435702)
/usr/bin/setup — provided by the setuptool package.
/usr/bin/rhn_register — provided by the rhn-setup package.
fsck.gfs2: invalid option -- a". To work around this issue:
mount -o remount,rw /dev/VolGroup00/LogVol00 /
/dev/VolGroup00/LogVol00 / gfs2 defaults 1 1to
/dev/VolGroup00/LogVol00 / gfs2 defaults 1 0
/media:
mount /dev/[device name] /media/var/log/boot.log is not available in Red Hat Enterprise Linux 5.3. (BZ#223446, BZ#210136)
iscsiadm -m node -T target -p ip -I default -u(BZ#500273)
kernel-xen.
kernel /xen.gz edd=off(BZ#568336)
nogbpages" parameter on the guest kernel command-line. (BZ#502826)
title Red Hat Enterprise Linux Server (2.6.18-152.el5xen)
root (hd0,1)
kernel /xen.gz-2.6.18-152.el5 com1=115200,8n1 console=com1 iommu=1
module /vmlinuz-2.6.18-152.el5xen ro root=LABEL=/ console=ttyS0,115200
pci_pt_e820_access=on
This enables the MMCONF access method for the PCI configuration space, a requirement for VF device support
dom0) system to Red Hat Enterprise Linux 5.2 may render existing Red Hat Enterprise Linux 4.5 SMP paravirtualized guests unbootable. This is more likely to occur when the host system has more than 4GB of RAM.
dom0 virtualized kernel may fail to boot. This is because the virtualized kernel failed to properly detect the default console device from the Extensible Firmware Interface (EFI) settings.
console=tty to the kernel boot options in /boot/efi/elilo.conf. (BZ#249076)
dom0 when VGA is enabled by the EFI Maintenance Manager. As such, you need to supply the following serial port information to the dom0 kernel:
io_base address
append= line of the dom0 kernel in /boot/efi/elilo.conf. For example:
append="com1=19200,8n1,0x3f8 -- quiet rhgb console=tty0 console=ttyS0,19200n8"
com1 is the serial port, 19200 is the speed (in bits/second), 8n1 specifies the number of data bits/parity settings, and 0x3f8 is the io_base address. (BZ#433771)
gfs2-kmod package on later versions of Red Hat Enterprise Linux. gfs2-kmod is not required since GFS2 is built into the kernel from 5.3 onwards. The content of the gfs2-kmod package is considered a Technology Preview of GFS2, and has not received any updates since Red Hat Enterprise Linux 5.3 was released.
lpfc_enable_npiv module parameter to zero.
options lpfc_enable_npiv=0to
/etc/modprobe.conf and re-build the initrd image.
lpfc_enable_npiv=0 option in the insmod or modprobe command line.
2010.09.06 or later.
0 to /proc/sys/fs/leases-enable (ideally on boot, before the nfs server is started). This change prevents NFSv4 delegations from being given out, restore correctness at the expense of some performance.
ramdisk=/boot/initrd-2.6.18-<kernel-version-number>.el5.img
to
ramdisk=/boot/initrd-2.6.18-<kernel-version-number>.el5.img,0x02000000
The command zipl -V should now show 0x02000000 as the starting address for the inital RAM disk (initrd). Stop the logigal partiton (LPAR), and then manually increase the the storage size of the LPAR.
bnx2i.ko and cnic.ko) is loaded. To work around this do not manually load the bnx2i or cnic modules, and temporarily disable the iscsi service from starting. To disable the iscsi service, run
chkconfig --del iscsi chkconfig --del iscsidOn the first boot of your system, the
iscsi service may start automatically. To bypass this, during bootup, enter interactive start up and stop the iscsi service from starting.
# rmmod kvm_intel # echo 0 > /sys/devices/system/cpu/cpu6/online # modprobe kvm_intel
Stopping tasks: ====================================================================== stopping tasks timed out after 20 seconds (1 tasks remaining): cciss_scan00 Restarting tasks...<6> Strange, cciss_scan00 not stopped done(BZ#513472)
malloc memory approximately larger than the size of the physical memory on the node on a NUMA system may hang or appear to stall. This issue may occur on a NUMA system where the remote memory distance, as defined in SLIT, is greater than 20 and RAM based filesystem like tmpfs or ramfs is mounted.
sysctl vm.zone_reclaim_mode=0
bnx2 driver.
/etc/modprobe.d/ containing the following line:
options bnx2 disable_msi=1
pci=nomsi. (BZ#432451)
smartctl tool cannot properly read SMART parameters from SATA devices. (BZ#429606)
acpi_sleep=s3_bios. (BZ#439006)
qla3xxx and qla4xxx drivers support ethernet and iSCSI functions individually. Both drivers do not support the use of ethernet and iSCSI functions simultaneously.
ifdown/ifup commands) may hang the device. To avoid this, allow a 10-second interval after an ifup before issuing an ifdown. Also, allow the same 10-second interval after an ifdown before issuing an ifup. This interval allows ample time to stabilize and re-initialize all functions when an ifup is issued. (BZ#276891)
ib_mthca driver reports a catastrophic error on this hardware, it is usually related to an insufficient completion queue depth relative to the number of outstanding work requests generated by the user application.
opensm is running at the time the error occurs, then you need to manually restart it in order to resume proper operation. (BZ#251934)
radeonfb module.
hal-system-power-suspend to /usr/share/hal/scripts/ containing the following lines:
chvt 1 radeontool light off radeontool dac off
restore-after-standby to the same directory as well, containing the following lines:
radeontool dac on radeontool light on chvt 7
edac module is loaded, BIOS memory reporting will not work. This is because the edac module clears the register that the BIOS uses for reporting memory errors.
edac module) by default. If you wish to ensure BIOS memory reporting on your system, you need to manually blacklist the edac modules. To do so, add the following lines to /etc/modprobe.conf:
blacklist edac_mc blacklist i5000_edac blacklist i3000_edac blacklist e752x_edac
/etc/modprobe.conf:
alias wlan0 iwlagn options iwlagn swcrypto50=1 swcrypto=1(where wlan0 is the default interface name of the first Intel WiFi Link device)
Please wait, loading kernel... /pci@8000000f8000000/ide@4,1/disk@0:2,vmlinux-anaconda: No such file or directory boot:To work around this:
setenv real-base 2000000
0> dev /packages/gui obe
kdump on an IBM Bladecenter QS21 or QS22 configured with NFS root will fail. To avoid this, specify an NFS dump target in /etc/kdump.conf. (BZ#368981)
forcedeth based devices may encounter difficulty accessing memory above 4GB during operation in a kdump kernel. To work around this issue, add the following line to the /etc/sysconfig/kdump file:
KDUMP_COMMANDLINE_APPEND="dma_64bit=0"This work around prevents the forcedeth network driver from using high memory resources in the kdump kernel, allowing the network to function properly.
kexec/kdump kernel if X is running and using a driver other than vesa. This problem only exists with ATI Rage XL graphics chipsets.
kexec/kdump kernel. (BZ#221656)
makedumpfile to produce erroneous results but not have them reported. This is due to the fact that makedumpfile processes its output data through a pipeline consisting of several stages. If makedumpfile fails, the other stages will still succeed, effectively masking the failure. Should a vmcore appear corrupt, and makedumpfile is in use, it is recommended that the core be recorded without makedumpfile and a bug be reported. (BZ#475487)
kexec purgatory code. This code contains instructions for backing up the first 640k of memory after a crash.
purgatory console output can be useful in diagnosing problems, it is not needed for kdump to properly function. As such, if your Itanium system resets during a kdump operation, disable console output in purgatory by adding --noio to the KEXEC_ARGS variable in /etc/sysconfig/kdump. (BZ#436426)
virsh edit GUEST
<interface type='network'> ... <model type='e1000' /> </interface>
virsh dumpxml GUEST > /tmp/guest.xml
cp /tmp/guest.xml /tmp/new-guest.xml vi /tmp/new-guest.xml
<interface type='network'> ... <model type='e1000' /> </interface>
virsh define /tmp/new-guest.xml virsh start new-guest
kmod-kvm package do not support kernels prior to version 2.6.18-203.el5. If kmod-kvm is updated and an older kernel is kept installed, error messages similar to the following will be returned if attempting to install these modules on older kernels:
WARNING: /lib/modules/2.6.18-194.el5/weak-updates/kmod-kvm/ksm.ko needs unknown symbol kvm_ksm_spte_count(BZ#509361)
kmod-kvm package are loaded automatically at boot time if the kmod-kvm package is installed. To make these KVM modules available after installing the kmod-kvm package the system either needs to be rebooted or the modules can be loaded manually by running the /etc/sysconfig/modules/kvm.modules script. (BZ#501543)
glxgears window (when glxgears is run). Doing so can lock the system.
Device section of /etc/X11/xorg.conf:
Option "Tiling" "0"
insmod: error inserting '/lib/aes_generic.ko': -1 File existsThis message can safely be ignored. (BZ#466296)
install.log:
Installing kernel-2.6.18-158.el5.s390x cp: cannot stat `/sbin/dmraid.static': No such file or directoryThis message can be safely ignored.
perftest will fail if different CPU speeds are detected. As such, you should disable CPU speed scaling before running perftest. (BZ#433659)
mvapich and mvapich2 in Red Hat Enterprise Linux 5 are compiled to support only InfiniBand/iWARP interconnects. Consequently, they will not run over ethernet or other network interconnects. (BZ#466390)
cannot open `/tmp/openmpi-upgrade-version.*' for reading: No such file or directoryThe message is harmless and can be safely ignored. (BZ#463919)
openmpi and lam may prevent you from upgrading these packages. This bug manifests in the following error (when attempting to upgrade openmpi or lam:
error: %preun(openmpi-[version]) scriptlet failed, exit status 2openmpi and lam in order to install their latest versions. To do so, use the following rpm command:
rpm -qa | grep '^openmpi-\|^lam-' | xargs rpm -e --noscripts --allmatches (BZ#433841)
systemtap-testsuite package fail with an Unknown symbol in module error on some architectures. These test cases include (but are not limited to):
systemtap.base/uprobes.exp
systemtap.base/bz10078.exp
systemtap.base/bz6850.exp
systemtap.base/bz5274.exp
uprobes.ko module. Some updated user-space probe tests provided by the systemtap-testsuite package use symbols available only in the latest uprobes.ko module (also provided by the latest SystemTap update). As such, running these user-space probe tests result in the error mentioned earlier.
rmmod uprobes to manually remove the older uprobes.ko module before running the user-space probe test again.(BZ#499677)
i810 driver. You should use the default intel driver instead. (BZ#468218)
EDID information from the monitor. When this occurs, the graphics driver will be unable to display resolutions highers than 800x600.
ServerLayout section of /etc/X11/xorg.conf:
Option "Int10Backend" "x86emu"
FINAL File Size = 8948021 bytes. load-base=0x4000 real-base=0xc00000 DEFAULT CATCH!, exception-handler=fff00300The firmware for IBM Power6 and IBM Power7 systems contains a fix for this issue. (BZ#550086)
dom0, the default network-bridge script may cause bonded network interfaces to alternately switch between unavailable and available. This occurrence is commonly known as flapping.
network-script line in /etc/xen/xend-config.sxp with the following line:
(network-script network-bridge-bonding netdev=bond0)
Domain attempted WRMSR. These messages can be safely ignored; furthermore, they are rate limited and should pose no performance risk. (BZ#477647)
hda: lost interrupt errors.
| Revision History | |||
|---|---|---|---|
| Revision 0-0 | Tue Nov 30 2010 | ||
| |||