1.110. kernel
1.110.1. RHSA-2010:0147: Important security and bug fix update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2010:0147 .
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
- a NULL pointer dereference flaw was found in the
sctp_rcv_ootb()
function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) - a missing boundary check was found in the
do_move_pages()
function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important) - a NULL pointer dereference flaw was found in the
ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) ifdst->neighbour
is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) - a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially-crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate)
- an information leak was found in the
print_fatal_signal()
implementation in the Linux kernel. When/proc/sys/kernel/print-fatal-signals
is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) - missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low)
Bug fixes:
- a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449)
- a race issue in the Journaling Block Device. (BZ#553132)
- Prior to this update, user data corruption could occur when a 64-bit system was in the 32-bit compatibility mode. Specifically, programs compiled on an x86 system that called
sched_rr_get_interval()
were silently corrupted. This was due to the kernel filling data beyond the end of a timespec structure because the size of the structure is different between 32-bit and 64-bit systems. With this update, this issue has been fixed by callingsys32_sched_rr_get_interval()
instead ofsys_sched_rr_get_interval()
whensched_rr_get_interval()
is called, and user data corruption no longer occurs. (BZ#557684) - the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335)
- adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588)
- some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640)
- on some systems, VF cannot be enabled in
dom0
. (BZ#560665) - on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417)
- for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454)
- serious performance degradation for 32-bit applications, that map (
mmap
) thousands of small files, when run on a 64-bit system. (BZ#562746) - improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772)
dom0
was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777)- a fix for a bug that could potentially cause file system corruption. (BZ#564281)
- a bug caused infrequent cluster issues for users of GFS2. (BZ#564288)
gfs2_delete_inode
failed on read-only file systems. (BZ#564290)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
1.110.2. RHSA-2009:1193: Important security and bug fix update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1193
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
- the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important)
- a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially-crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)
- Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than could be handled, which could lead to a remote denial of service or code execution. (CVE-2009-1389, Important)
- the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2009-1895, Important)
- Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation. A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation. (CVE-2009-2406, CVE-2009-2407, Important)
- Konstantin Khlebnikov discovered a race condition in the ptrace implementation in the Linux kernel. This race condition can occur when the process tracing and the process being traced participate in a core dump. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial denial of service. (CVE-2009-1388, Moderate)
Bug fixes:
- possible host (dom0) crash when installing a Xen para-virtualized guest while another para-virtualized guest was rebooting. (BZ#497812)
- no audit record for a directory removal if the directory and its subtree were recursively watched by an audit rule. (BZ#507561)
- page caches in memory can be freed up using the Linux kernel's drop_caches feature. If
drop_pagecache_sb()
andprune_icache()
ran concurrently, however, a missing test in drop_pagecache_sb() could cause a kernel panic. For example, runningecho 1 > /proc/sys/vm/drop_caches
orsysctl -w vm.drop_caches=1
on systems under high memory load could cause a kernel panic or system hang. With this update, the missing test has been added and the drop_caches feature frees up page caches properly. Consequently these system failures no longer occur, even under high memory load. (BZ#503692) - on 32-bit systems, core dumps for some multithreaded applications did not include all thread information. (BZ#505322)
- a stack buffer used by get_event_name() was not large enough for the nul terminator sprintf() writes. This could lead to an invalid pointer or kernel panic. (BZ#506906)
- when using the aic94xx driver, a system with SATA drives may not boot due to a bug in libsas. (BZ#506029)
- incorrect stylus button handling when moving it away then returning it to the tablet for Wacom Cintiq 21UX and Intuos tablets. (BZ#508275)
- CPU "soft lockup" messages and possibly a system hang on systems with certain Broadcom network devices and running the Linux kernel from the kernel-xen package. (BZ#503689)
- on 64-bit PowerPC, getitimer() failed for programs using the ITIMER_REAL timer and that were also compiled for 64-bit systems (this caused such programs to abort). (BZ#510018)
- write operations could be blocked even when using O_NONBLOCK. (BZ#510239)
- enabling MSI on systems with VIA VT3364 chipsets caused a kernel panic or system hang during installation of Red Hat Enterprise Linux or subsequent booting of the operating system. MSI was enabled by default during boot and the "pci=nomsi" boot option to disable MSI was required on Red Hat Enterprise Linux 5.2 and later to avoid this bug. With this update, the kernel automatically disables MSI on VIA VT3364 chipsets during boot. The "pci=nomsi" boot option is no longer required to install or boot Red Hat Enterprise Linux successfully. (BZ#507529)
- shutting down, destroying, or migrating Xen guests with large amounts of memory could cause other guests to be temporarily unresponsive. (BZ#512311)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
1.110.3. RHBA-2009:1151: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata RHBA-2009:1151
The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated kernel packages fix the following bug:
- HugeTLBFS (Translation Look-Aside Buffer File System) allows much larger page sizes than standard 4-kilobyte pages. The kernel's virtual memory subsystem uses these pages to map between real and virtual memory address spaces, and HugeTLBFS allows for significant performance increases for memory-intensive applications under heavy load. When a file existing on the HugeTLB file system was accessed simultaneously by two separate processes, the system become unresponsive and eventually a soft lockup occurred. These updated packages correct this issue so that simultaneous access of a single file on a HugeTLB file system is no longer problematic. (BZ#510235)
Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which resolve these issues.
1.110.4. RHBA-2009:1133: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata RHBA-2009:1133
The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated packages addresses the following bugs:
- RHSA-2009-1106 included a fix for a rare race condition (BZ#486921). This earlier race condition occurred if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2). Unfortunately, the fix included with RHSA-2009-1106 introduced a new, very small, race condition which presented if the system was swapping heavily or heavily reproducing the conditions that were the cause of BZ#48692. With this update, the parent pte is not set to writable if the src pte is unmapped by the VM, preventing the race condition from occurring. (BZ#507297)
- the copy_hugetlb_page_range() function assumed it was safe to drop the source mm->page_table_lock before calling hugetlb_cow(). As a consequence a kernel panic occurred when a particular multi-threaded application did Direct IO on a HUGEPAGE-mapped file region and created new processes. With this update, copy_hugetlb_page_range() calls hugetlb_cow() with the locks held, ensuring the panic does not occur. (BZ#508030)
Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which resolve these issues.
1.110.5. RHSA-2009:1106: Important security and bug fix update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1106
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
- several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. (CVE-2009-1439, CVE-2009-1633, Important)
- the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users. This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)
- Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. (CVE-2009-1630, Moderate)
- a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate)
- a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak. (CVE-2009-1192, Low)
Bug fixes:
- a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash. "Busy inodes" messages may have been logged. (BZ#498653)
- nanosleep() could sleep several milliseconds less than the specified time on Intel Itanium®-based systems. (BZ#500349)
- LEDs for disk drives in AHCI mode may have displayed a fault state when there were no faults. (BZ#500120)
- ptrace_do_wait() reported tasks were stopped each time the process doing the trace called wait(), instead of reporting it once. (BZ#486945)
- epoll_wait() may have caused a system lockup and problems for applications. (BZ#497322)
- missing capabilities could possibly allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. (BZ#497271)
- on NFS mounted file systems, heavy write loads may have blocked nfs_getattr() for long periods, causing commands that use stat(2), such as ls, to hang. (BZ#486926)
- in rare circumstances, if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2), the buffer storing the result of the I/O may have ended up with invalid data. (BZ#486921)
- when using GFS2, gfs2_quotad may have entered an uninterpretable sleep state. (BZ#501742)
- with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned. (BZ#499783)
- the "-fwrapv" flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751)
- a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)
- using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance. (BZ#502837)
- "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes able to use the ptrace() call on a given process; however, certain information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used to reconstruct memory maps. (BZ#499546)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
1.110.6. RHSA-2009:0473: Important security and bug fix update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0473
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
- a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)
- a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the "syscall" number or arguments. (CVE-2009-0834, Important)
- the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)
- a flaw was found in the ecryptfs_write_metadata_to_contents() function of the Linux kernel eCryptfs implementation. On systems with a 4096 byte page-size, this flaw may have caused 4096 bytes of uninitialized kernel memory to be written into the eCryptfs file headers, leading to an information leak. Note: Encrypted files created on systems running the vulnerable version of eCryptfs may contain leaked data in the eCryptfs file headers. This update does not remove any leaked data. Refer to the Knowledgebase article in the References section for further information. (CVE-2009-0787, Moderate)
- the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate)
This update also fixes the following bugs:
- the enic driver (Cisco 10G Ethernet) did not operate under virtualization. (BZ#472474)
- network interfaces using the IBM eHEA Ethernet device driver could not be successfully configured under low-memory conditions. (BZ#487035)
- bonding with the "arp_validate=3" option may have prevented fail overs. (BZ#488064)
- when running under virtualization, the acpi-cpufreq module wrote "Domain attempted WRMSR" errors to the dmesg log. (BZ#488928)
- NFS clients may have experienced deadlocks during unmount. (BZ#488929)
- the ixgbe driver double counted the number of received bytes and packets. (BZ#489459)
- the Wacom Intuos3 Lens Cursor device did not work correctly with the Wacom Intuos3 12x12 tablet. (BZ#489460)
- on the Itanium® architecture, nanosleep() caused commands which used it, such as sleep and usleep, to sleep for one second more than expected. (BZ#490434)
- a panic and corruption of slab cache data structures occurred on 64-bit PowerPC systems when clvmd was running. (BZ#491677)
- the NONSTOP_TSC feature did not perform correctly on the Intel® microarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)
- keyboards may not have functioned on IBM eServer System p machines after a certain point during installation or afterward. (BZ#494293)
- using Device Mapper Multipathing with the qla2xxx driver resulted in frequent path failures. (BZ#495635)
- if the hypervisor was booted with the dom0_max_vcpus parameter set to less than the actual number of CPUs in the system, and the cpuspeed service was started, the hypervisor could crash. (BZ#495931)
- using Openswan to provide an IPsec virtual private network eventually resulted in a CPU soft lockup and a system crash. (BZ#496044)
- it was possible for posix_locks_deadlock() to enter an infinite loop (under the BKL), causing a system hang. (BZ#496842)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
1.110.7. RHSA-2009:0326: Important security and bug fix update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0326
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
- memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important)
- Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate)
- an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate)
- a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in "/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Moderate)
- an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN capability was absent (local, unprivileged users could reset driver statistics). (CVE-2009-0675, Moderate)
- the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure. (CVE-2009-0676, Moderate)
- the ext2 and ext3 file system code failed to properly handle corrupted data structures, leading to a possible local denial of service when read or write operations were performed on a specially-crafted file system. (CVE-2008-3528, Low)
- a deficiency was found in the libATA implementation. This could, potentially, lead to a local denial of service. Note: by default, the "/dev/sg*" devices are accessible only to the root user. (CVE-2008-5700, Low)
Bug fixes:
- a bug in aic94xx may have caused kernel panics during boot on some systems with certain SATA disks. (BZ#485909)
- a word endianness problem in the qla2xx driver on PowerPC-based machines may have corrupted flash-based devices. (BZ#485908)
- a memory leak in pipe() may have caused a system deadlock. The workaround in Section 1.5, Known Issues, of the Red Hat Enterprise Linux 5.3 Release Notes Updates, which involved manually allocating extra file descriptors to processes calling do_pipe, is no longer necessary. (BZ#481576)
- CPU soft-lockups in the network rate estimator. (BZ#481746)
- bugs in the ixgbe driver caused it to function unreliably on some systems with 16 or more CPU cores. (BZ#483210)
- the iwl4965 driver may have caused a kernel panic. (BZ#483206)
- a bug caused NFS attributes to not update for some long-lived NFS mounted file systems. (BZ#483201)
- unmounting a GFS2 file system may have caused a panic. (BZ#485910)
- a bug in ptrace() may have caused a panic when single stepping a target. (BZ#487394)
- on some 64-bit systems, notsc was incorrectly set at boot, causing slow gettimeofday() calls. (BZ#488239)
- do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#490433)
- scaling problems caused performance problems for LAPI applications. (BZ#489457)
- a panic may have occurred on systems using certain Intel WiFi Link 5000 products when booting with the RF Kill switch on. (BZ#489846)
- the TSC is invariant with C/P/T states, and always runs at constant frequency from now on. (BZ#489310)
All users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
1.110.8. RHSA-2009:0264: Important security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0264
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update addresses the following security issues:
- a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031, Important)
- a buffer overflow in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important)
- a flaw when handling heavy network traffic on an SMP system with many cores. An attacker who could send a large amount of network traffic could create a denial of service. (CVE-2008-5713, Important)
- the code for the HFS and HFS Plus (HFS+) file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)
- a flaw was found in the HFS Plus (HFS+) file system implementation. This could, potentially, lead to a local denial of service when write operations are performed. (CVE-2008-4934, Low)
In addition, these updated packages fix the following bugs:
- when using the nfsd daemon in a clustered setup, kernel panics appeared seemingly at random. These panics were caused by a race condition in the device-mapper mirror target.
- the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall returned a smaller timespec value than the result of previous clock_gettime() function execution, which resulted in a negative, and nonsensical, elapsed time value.
- nfs_create_rpc_client was called with a "flavor" parameter which was usually ignored and ended up unconditionally creating the RPC client with an AUTH_UNIX flavor. This caused problems on AUTH_GSS mounts when the credentials needed to be refreshed. The credops did not match the authorization type, which resulted in the credops dereferencing an incorrect part of the AUTH_UNIX rpc_auth struct.
- when copy_user_c terminated prematurely due to reading beyond the end of the user buffer and the kernel jumped to the exception table entry, the rsi register was not cleared. This resulted in exiting back to user code with garbage in the rsi register.
- the hexdump data in s390dbf traces was incomplete. The length of the data traced was incorrect and the SAN payload was read from a different place then it was written to.
- when using connected mode (CM) in IPoIB on ehca2 hardware, it was not possible to transmit any data.
- when an application called fork() and pthread_create() many times and, at some point, a thread forked a child and then attempted to call the setpgid() function, then this function failed and returned and ESRCH error value.
Users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: for this update to take effect, the system must be rebooted.
1.110.9. RHSA-2009:1222: Important security and bug fix update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1222
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated packages fix the following security issues:
- a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important)
- a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important)
Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws.
These updated packages also fix the following bug:
- in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running "cman_tool kill -n [nodename]". (BZ#515432)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
1.110.10. RHSA-2009:1243
Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5.
1.110.10.1. General Kernel Support
An outline of general kernel updates.
- KVM
guest-smp tlb
flushing withoutmmu-notifiers
could corrupt memory as a kernel-based virtual machine (KVM) may add pages to the kernel freelist while anothervcpu
may still be writing to them through guest mode. This update addsmmu-notifier
support to the kernel and also corrects a bug found in an earlier patch whereinmm_struct
was grown by existing drivers and caused a failed kABI check. This bug has been corrected by using an index that resides in an unused padding hole to avoid expanding the structure size.(BZ#485718) - Pointer and signed arithmetic overflow wrapping has not previously been defined in the Linux kernel. This could cause GCC (GNU C Compiler) to assume that wrapping does not occur and attempt to optimize the arithmetic that the kernel may require for overflow testing. This update adds the
-fwrapv
variable to GCCCFLAGS
in order to define wrapping behavior.(BZ#491266) - An issue of contention between processes vying for the same memory space in high end systems was recently identified by TPC-C (Transaction Processing Council) benchmarking. This update includes
fast-gup
patches which use direct IO and provide a significant (up to 9-10%) performance improvement. This update has been tested thoroughly and is used in the 5.4 kernel to improve scalability. For further information, see this article. (BZ#474913) - A new parameter has been added to this kernel, allowing system administrators to change the maximum number of modified pages
kupdate
writes to disk per iteration each time it runs./proc/sys/vm/max_writeback_pages
defaults to1024
or 4MB so that a maximum of 1024 pages get written out by each iteration ofkupdate
. (BZ#479079). - A new option (
CONFIG_TASK_IO_ACCOUNTING=y
) has been added to kernel to assist in monitoring IO statistics per process. This assists with troubleshooting in a production environment. (BZ#461636) - In previous kernels, back-up processes were deteriorating DB2 server responsiveness. This was caused by
/proc/sys/vm/dirty_ratio
preventing processes writing to pagecache memory when more than half of the unmapped pagecache memory was dirty (even ifdirty_ratio
was set to 100%). A change made in this kernel update overrides this limiting behavior. Now, when thedirty_ratio
is set to 100%, the system will no longer limit writing to pagecache memory. (BZ#295291) - The
rd_blocksize
option found in the previous kernel's ramdisk driver was causing data corruption when using large ramdisks under a reasonable system load. This update removes this unnecessary option and resolves the data corruption issues. (BZ#480663) - The function
getrusage
is used to examine the resource usage of a process. It is useful in diagnosing problems and gathering data on resource usage. However, in instances where a process was spawning child threads,getrusage
's results would be in incorrect as it would examine only the parent process and not interrogate its children. This update implementsrusadge_thread
to allow for accurate resource usage results in these instances. (BZ#451063) - The header
/usr/include/linux/futex.h
would previously interfere with compiling C source code files, resulting in an error. This update includes a patch which corrects problematic kernel only definitions and resolves the compiling error. (BZ#475790) - In previous kernels the kernel version was not identified in panic or oops output messages. This update adds the kernel version details to these outputs. (BZ#484403)
- During release 2.6.18, the kernel was configured to provide kernel-headers for the package
glibc
. That process caused various files to be improperly marked for inclusion. Theserial_reg.h
file was incorrectly marked and not included in thekernel_headers
rpm. This, in turn, caused problems with building other rpms. This update adds theserial_reg.h
file and corrects the problem. (BZ#463538) - In some circumstances
upcrund
, the process manager in HP's Unified Parallel C (UPC) product, returned an ESRCH result and failed when callingsetpgid()
for a child process forked by a sub-thread. This update includes a patch to fix for this problem. (BZ#472433) - Functionality has been added to
sysrq-t
to display backtrace information about running processes. This will assist in debugging hung systems. (BZ#456588)
1.110.10.2. Debugging
Updates specifically related to debugging tasks.
- Independent software vendors and developers often use
hugepage
to avoid unnecessary memory reclaim. The previous kernel didn't takecoredump
fromhugepage
area. This made the debugging of software difficult. This update includes a feature to assist debugging by making the kernel take ahugepage
coredump
. (BZ#470411) - This update includes a feature addition to recover kernel panic messages. The option
-M
has been added to themakedumpfile
command which allows a user to dumpdmesg
log data fromvmcore
into a user-specified log file (makedumpfile -M /proc/vmcore /path/to/log/file
). (BZ#485308) - This kernel update adds the '
success
' value tosched_wakeup
andsched_wakeup_new
tracepoints to track successful schedule wakes. (BZ#497414) - This update includes a new
dropstat
script to monitor and locate packets that are dropped within the host machine. (BZ#470539) - The new
systemtap
direct kernel tracepoint support requires access to thetrace/*.h
header files within the kernel-devel package. This update includes/trace/*.h
headers in thekernel-devel
package. (BZ#489096)
1.110.10.3. Security
Updates specifically related to security concerns.
- This update increases the maximum length of the kernel key field from the arbitrary 32 character length set in previous kernels to 255 characters. (BZ#475145)
- In keeping with Federal Information Processing Standardization 140 (FIPS140) certification requirements, this update includes:
1.110.10.4. Filesystems
Filesystem Updates.
- Support for the
FIEMAP
file extent mapping system has been included in this kernel update. (BZ#296951) - The
ext4
file system code (included in Red Hat Enterprise Linux as a Technology Preview) was rebased for this release. (BZ#485315) - This kernel update corrects performance issues with the Common Internet File System (
CIFS
) (a protocol that defines a standard for remote file access) including difficulties mounting certain Windows file systems or symlink files. (BZ#465143) - Kernel support for the
XFS
high-performance file system has been added to this Red Hat Enterprise Linux release. In this initial implementation the functionality is limited to specific customers on a use-case basis.(BZ#470845) - This release includes kernel support for the
FUSE
userspace file system. (BZ#457975) - Tunable parameters that control the number of
NFSD
socket connections have been added to this kernel release. TCP connections have previously been capped at 80, regardless of the number of NFS threads that were open. (BZ#468092) - This kernel update adds a
UUID
(Universal Unique IDentifier) field to the file system super block. (BZ#242696) - This update includes a patch to allow access to files on a
GFS2
file system from client machines running the older (and previously incompatible) NFS v2 file sharing protocol. (BZ#497954)
1.110.10.5. Networking
Kernel updates that relate to Networking issues
- A new module has been added to this kernel version to enable
DSCP
(Differentiated Services Code Point) setting in systems using IPv6 netfilter. (BZ#481652) - In order to boost virtualization performance on 10 Gigabyte Ethernet cards (and 10GbE performance in general), Generic Receive Offload (GRO) support (analogous to GSO support on egress) has been added to the IPv4 and IPv6 protocols in this kernel release. (BZ#499347)
- This kernel update includes new code to improve UDP port randomization. Previous versions of the randomization code could allow a security weakness by providing sub-optimal randomizing, as well as producing CPU drag while scanning for port numbers. This update corrects these behaviors. (BZ#480951)
- When using
setsockopt()
with optionIPV6_MULTICAST_IF
andoptval
set to0
, the previous kernel would return a result ofENODEV
. This release updatessetsockopt(IPV6_MULTICAST_IF)
to report the correct value and not the error. (BZ#484971) - This update includes numerous critical fixes for the NetXen device driver. These patches have been tested and implemented in the kernel upstream. A complete list of the changes and their effects can be found at BZ#485381.
1.110.10.6. General Platform Support
Platform support updates:
- ACPI Performance and Throttling state (P- and T-state) change notifications were not being handled correctly by the
OSPM
(Operating System-directed Power Management) driver. This affected the Intel® Node Manager's ability to monitor and manage CPU power usage. The kernel'sprocessor_core
code has been update to correct this issue. (BZ#487567) - Problems were encountered with the Lenovo X61 (and other laptops which have a docking station with a CD/DVD drive); if the machine was undocked after a CD/DVD had been mounted in the docking station optical drive it would not be present when the machine was re-docked. The docking driver has been updated in this release to correct the problem. (BZ#485181)
1.110.10.7. Architecture Specific Support
Updates specific to particular computer architectures.
1.110.10.7.1. i386
Kernel updates for i386 architectures.
- In a virtual environment, timekeeping for Red Hat Enterprise Linux 64-bit kernels can be problematic, since time is kept by counting timer interrupts. De- and re-scheduling the virtual machine can cause a delay in these interrupts, resulting in a timekeeping discrepancy. This kernel release reconfigures the timekeeping algorithm to keep time based on a time-elapsed counter. (BZ#463573)
- It was found that, if their stacks exceed the combined size of ~4GB, 64-bit threaded applications slowed down drastically in
pthread_create()
. This is becauseglibc
usesMAP_32BIT
to allocate those stacks. As the use ofMAP_32BIT
is a legacy implementation, this update adds a new flag (MAP_STACK mmap
) to the kernel to avoid constraining 64-bit applications. (BZ#459321) - The update includes a feature bit that encourages Time Stamp Clocks (TSCs) to keep running in deep-C states. This bit
NONSTOP_TSC
acts in conjunction withCONSTANT_TSC
.CONSTANT_TSC
indicates that the TSC runs at constant frequency irrespective of P/T- states, andNONSTOP_TSC
indicates that TSC does not stop in deep C-states. (BZ#474091) - This update includes a patch to include
asm-x86_64
headers inkernel-devel
packages built on or for i386, i486, i586 and i686 architectures. (BZ#491775) - This update includes a fix to ensure that specifying
memmap=X$Y
as a boot parameter on i386 architectures yields a new BIOS map. (BZ#464500) - This update adds a patch to correct a problem with the Non-Maskable Interrupt (NMI) that appeared in previous kernel releases. The problem appeared to affect various Intel® processors and caused the system to report the NMI watchdog was 'stuck'. New parameters in the NMI code correct this issue. (BZ#500892)
- Functionality has been corrected to export module
powernow-k8
parameters to/sys/modules
. This information was previously not exported.(BZ#492010)
1.110.10.7.2. x86_64
Kernel updates for x86_64 architectures.
- An optimization error was found in
linux-2.6-misc-utrace-update.patch
. When running 32-bit processes on a 64-bit machine systems didn't return ENOSYS errors on missing (out of table range) system calls. This kernel release includes a patch to correct this. (BZ#481682) - Some cluster systems where found to boot with an unstable time source. It was determined that this was a result of kernel code not checking for a free performance counter (
PERFCTR
) when calibrating the TSC (Time Stamp Clock) during the boot process. This resulted, in a small percentage of cases, in the system defaulting to a busyPERFCTR
and getting unreliable calibrations.A fix was implemented to correct this by ensuring the system checked for a freePERFCTR
before defaulting (BZ#467782). This fix, however, cannot satisfy all possible contingencies as it is possible that allPERFCTR
s will be busy when required for TSC calibration. Another patch has been included to initiate a kernel panic in the unlikely event (fewer than 1% of cases) that this scenario occurs. (BZ#472523).
1.110.10.7.3. PPC
Kernel updates for PowerPC architectures.
- This kernel release includes various patches to update the
spufs
(Synergistic Processing Units file system) for Cell processors. (BZ#475620) - An issue was identified wherein
/proc/cpuinfo
would list logical PVR Power7 processor architecture as "unknown" whenshow_cpuinfo()
was run. This update adds a patch to haveshow_cpuinfo()
identify Power7 architectures as Power6. (BZ#486649) - This update includes several patches that are required to add/improve
MSI-X
(Message Signaled Interrupts) support on machines using System P processors. (BZ#492580) - A patch has been added to this release to enable the functionality of the previously problematic power button on Cell Blades machines. (BZ#475658)
1.110.10.7.4. S390
Kernel updates for S390 architectures.
- Utilizing Named Saved Segments (NSS), the z/VM hypervisior makes operating system code in shared real memory pages available to z/VM guest virtual machines. With this update, Multiple Red Hat Enterprise Linux guest operating systems on the z/VM can boot from the NSS and be run from a single copy of the Linux kernel in memory. (BZ#474646)
- Device driver support has been added in this update for the new IBM System z PCI cryptography accelerators, utilizing the same interfaces as prior versions. (BZ#488496)
- Control Program Identification (CPI) descriptive data is used to identify individual systems on the Hardware Management Console (HMC). With this update, CPI data can now be associated with a Red Hat Enterprise Linux instance. (BZ#475820)
- Fibre Channel Protocol (FCP) performance data can now be measured on Red Hat Enterprise Linux instances on the IBM System z platform. (BZ#475334). Metrics that are collected and reported n include:
- Performance relevant data on stack components such as Linux devices, Small Computer System Interface (SCSI) Logical Unit Numbers (LUNs) and Host Bus Adapter (HBA) storage controller information.
- Per stack component: current values of relevant measurements as throughput, utilization and other applicable measurements.
- Statistical aggregations (minimum, maximum, averages and histogram) of data associated with I/O requests including size, latency per component and totals.
- Support has been added to the kernel to issue EMC Symmetrix Control I/O. This update provides the ability to manage EMC Symmetrix storage arrays with Red Hat Enterprise Linux on the IBM System z platform. (BZ#461288)
- Hardware that supports the configuration topology facility passes the system CPU topology information to the scheduler, allowing it to make load balancing decisions. On machines where I/O interrupts are unevenly distributed, CPUs that are grouped together and get more I/O interrupts than others will tend to have a higher average load, creating performance issues in some cases.Previously, CPU topology support was enabled by default. With this update, CPU topology support is disabled by default, and the kernel parameter "
topology=on
" has been added to allow this feature to be enabled.(BZ#475797) - This update provides new kernel code to implement a client and server for a
TTY
(teletype) terminal server under z/VM using IUCV (Inter-User Communications Vehicle) as communication vehicle. Also, as part of this update, thehvc_console
has been upgraded. (BZ#475551) - This update includes functionality that allows users to add new kernel options using the IPL command without modifying the content of the CMS parmfile. The entire boot command line can be replaced with the VM parameter string and new Linux Named Saved Systems (NSS) can also be created on the CP/CMS command line. (BZ#475530)
- Crypto Device Driver use of Thin Interrupts (BZ#474700)
- This update adds a patch to configure shared kernel support via the
CONFIG_SHARED_KERNEL
parameter. (BZ#506947)
1.110.10.8. Miscellaneous Driver Updates
Details about driver updates.
- This release adds the final branding strings and the latest EagleLake graphics to the graphics driver (predominantly for the G41 chipset). (BZ#474513)
- This release updates the ALSA HDA audio driver to enable or improve support for new chipsets and HDA audio codecs. (BZ#483594)
- This release includes an updated version of the
SMBUS
(System Management Bus) driver that adds support for the AMDSB800
series of products and improves handling ofSB400
,SB600
andSB700
products. (BZ#488746) - A new PCI ID has been added to this release to enable support for the Broadcom®
HT1100
chipset. (BZ#474240) - This kernel release incorporates a series of updates that add support for Chelsio® Communications' Terminator 3 Ethernet adapters. These changes include support for XRC queues and updates of the
cxgb3
,iw_nes NES iWARP
,mthca
andqlgc_vnic
drivers, therdma
headers and SDP and SRP protocols to the OpenFabrics Enterprise Distribution (OFED) 1.4.1 versions. (BZ#476301) - Problems with connectivity (using eHCA adapters) and various scripting issues have been rectified with updates to
eHCA
andIPoIB
drivers in this release. (BZ#466086) - This update includes a patch that corrects a network port ordering problem encountered on systems using HP
ProLiant
orxw460c
blade processors. (BZ#490068) - A comprehensive series of patches have been included in this update to add and/or improve virtualization features. A complete list (including explanatory notes) can be found at BZ#493152.
- Several bugfixes and updates available for HP's Integrated Lights-Out (
hpilo
) product have been ported into this kernel release. A complete list can be found here; BZ#488964. - PCI device drivers enable devices using
pci_enable()
, which enables regions probed by the device's Base Address Register (BAR). On larger servers I/O port resources may not be assigned to all the PCI devices due to coded limitations and base register fragmentation. This update adds, removes and refines multiple functions so as to improve resource allocation around free I/O ports. (BZ#442007) - Three new patches have been added to this kernel to improve the passing of PCI devices between a virtual machine and its host. These patches first bind the device in question to a dummy driver (
pcistub.ko
) to prevent the host machine using it. Then, once the guest is finished with the device,drivers_probe
prompts the kernel to re-load the true driver for that device andremove_id
removes the relevant entry from the dynamic ID list. These new features operate successfully in both KVM and Xen virtualization environments. (BZ#491842) - An updated driver for the Davicom
DM9601
Ethernet Adaptor has been included in this release. The new driver corrects previous unreliability using this device and other devices using the same chipset. (BZ#471800) - This kernel release includes a patch to improve Huawei
EC121
USB 3G modem support. (BZ#485182) - The driver for Apple Intel® hardware configurations (
efifb
) has been updated, providing various performance improvements when running this release on these machines. (BZ#488820)
1.110.10.9. Network Driver Updates
Updates to Network-related drivers:
- This update adds a feature to support bonding over
IPoIB
interfaces. A newib-bond
package has been added to the kernel to allow multiple link HA and improve load balancing and aggregation performance. (BZ#430758) - Two new drivers (
cnic
andbnx2i
) have been added to the kernel to introduce iSCSI support for Broadcom®BNX2
andBNX2x
Network Interface Cards (NICs). (BZ#441979) - A new device driver
igbvf
) forSR/IOV
enabled Intel® NICs has been added to this kernel release. This driver provides a significant performance improvement for virtualization usingSR/IOV
cards.(BZ#480524) - Generic Receive Offload (GRO) support has been implemented in this update, both. The GRO system increases the performance of inbound network connections by reducing the amount of processing done by the Central Processing Unit (CPU). GRO implements the same technique as the Large Receive Offload (LRO) system, but can be applied to a wider range of transport layer protocols. GRO support has also been added to a several network device drivers, including the
igb
driver for Intel® Gigabit Ethernet Adapters and theixgbe
driver for Intel® 10 Gigabit PCI Express network devices. (BZ#499347) - The
cxgb3
driver, which supports the Chelsio® 10Gb RNIC adapter, has been updated in order to enable iSCSI TOE support. (BZ#439518) - This kernel updates the
enic
Cisco® 10Gi Ethernet driver to version 1.0.0.933. (BZ#484824) - This kernel updates the Atheros®
ath5k
driver. This upgrade resolves a problem encountered by Atheros® users wherein the kernel reported an inability to wake up the MAC chip. Setting the call toath5k_set_pcie()
to execute earlier in the initialization process corrects this issue. (BZ#479049) - This update upgrades the
bnx2
driver for Broadcom® network devices. The update fixes multiple performance issues, including a kernel panic occurrence (when attempting to unload the driver while in use) and a non-responsiveness issue (caused by call-traces initiated by network certification processes). (BZ#475567, BZ#476897, BZ#489519) - This release updates the Broadcom®
bnx2x
driver to version 1.48.105. (BZ#475481) - In this update the bonding driver has been updated to the latest upstream version. This update, however has introduced
symbol/ipv6
module dependency capabilities. Therefore, if bonding has been previously disabled (by inserting theinstall ipv6 /bin/false
line in the/etc/modprobe.conf
file) this upgrade to the bonding driver will result in the bonding kernel module failing to load. Theinstall ipv6 /bin/false
line needs to be replaced withinstall ipv6 disable=1
for the module to load properly. (BZ#462632) - The
ixgbe
driver has been updated to version 2.0.8-k2 and support the 82599 (Niantic) device has been added. (BZ#472547) - System freezes encountered when performing multiple remote copy programs to a system using the Nvidia® nForce chipset has been corrected by updating the
forcedeth
driver to version 0.62. (BZ#479740) - The
sky2
Ethernet driver has been updated to support the Marvell® 88E8070 NIC. (BZ#484712)
1.110.10.10. Storage Driver Updates
Driver updates for Storage devices
- The SCSI tape driver (st) has been enhanced with support for the Suppress Incorrect Length Indicator (SILI) bit in variable block mode. If SILI is set, reading a block shorter than the byte count does not result in
CHECK CONDITION
. The length of the block is determined using the residual count from the HBA. Avoiding the REQUEST SENSE command for every block speeds up some applications considerably. The SILI bit is set to off by default. It must only be set this if the tape drive supports SILI and the HBA correctly returns transfer residuals.Note
The current version of the mt-st management utility does not have a keyword for the SILI bit. It must be set explicitly with:mt -f /dev/nst0 stsetoptions 0x4000
- The
bnx2
driver now supports iSCSI. Thebnx2i
driver will access thebnx2
driver through thecnic
module to provide iSCSI offload support. (BZ#441979 and BZ#441979)Note
Thebnx2i
version included in this release does not support IPv6. - The
md
driver has been updated to provide support for bitmap merging. This feature eliminates the need for full resync when performing data replication. (BZ#481226) - The
scsi
driver now includes the upstreamscsi_dh_alua
module. This adds explicit asymmetric logical unit access (ALUA) support with this release. To utilize thescsi_dh_alua
module when usingdm-multipath
, specifyalua
as thehardware_handler
type inmultipah.conf
. (BZ#482737)Note
For EMC Clariion devices, using onlyscsi_dh_alua
ordm-emc
alone is supported. Using bothscsi_dh_alua
anddm-emc
is not supported. - A bug in the retry logic of the
scsi
driver is now fixed. This bug made it possible for some failovers to execute properly in multipathed environments.(BZ#489582) - The
rdac_dev_list
structure now includesmd3000
andmd3000i
entries. This allows users to benefit from the advantages provided by theiscsi_dh_rdac
module. (BZ#487293) - This release includes the new
mpt2sas
driver. This driver supports the SAS-2 family of adapters from LSI Logic. SAS-2 increases the maximum data transfer rate from 3Gb/s to 6Gb/s.Thempt2sas
driver is located in thedrivers/scsi/mpt2sas
directory, as opposed to the oldermpt
drivers that are located indrivers/message/fusion
directory. (BZ#475665) - The
aacraid
driver has now been updated to version 1.1.5-2461. This update applies several upstream fixes for bugs affecting queued scans, controller boot problems, and other issues. (BZ#475559) - The
aic7xxx
driver now features an increased maximum I/O size. This allows supported devices (such as SCSI tape devices) to perform writes with larger buffers. (BZ#493448) - The
cciss
driver has been updated to apply upstream fixes for bugs affecting memory BAR discovery, therebuild_lun_table
and the MSA2012 scan thread. This update also applies several configuration changes tocciss
. (BZ#474392) - The
fnic
driver has been updated to version 1.0.0.1039. This applies several upstream bug fixes, updates thelibfc
andfcoe
modules, and adds a new module parameter that controls debug logging at runtime. (BZ#484438) - The
ipr
driver now supports MSI-X interrupts. (BZ#475717) - The
MPT fusion
driver is now updated to version 3.04.07rh v2. This applies several bug fixes.(BZ#475455) - The
megaraid_sas
driver is now updated to version 4.08-RH1. This update applies the following upstream enhancements and fixes (among others):(BZ#475574)- This update adds a polling mode to the driver.
- A bug affecting supported tape drives is now fixed. With this release, the
pthru
timeout value is now set to the O/S layer timeout value for commands sent to tape drives.
- The
mvsas
driver is now updated to version 0.5.4. This applies several fixes and enhancements from upstream, and adds support for Marvell RAID bus controllers MV64460, MV64461, and MV64462. (BZ#485126) - The
qla2xxx
driver has been updated to version 8.03.00.10.05.04-k, and now supports Fibre Channel over Convergence Enhanced Ethernet adapters. With this release,qla2xxx
also applies several bug fixes from upstream, including: (BZ#471900, BZ#480204, BZ#495092, BZ#495094 and BZ#496126)- Discrepancies detected during
OVERRUN
handling on 4GB and 8GB adapters are now corrected. - All
vports
are now alerted of any asynchronous events. - A bug that caused kernel panics with the QLogic 2472 card is now fixed.
- The
stop_firmware
command is no longer retried if the first attempt results in a times out. - The sector mask value is no longer based on the fixed
optrom
size. - A bug that caused frequent path failures during I/O on multipathed devices is now fixed. (BZ#244967)
- The driver source code is now kABI-compliant.
dcbx
pointers are now set toNULL
after freeing memory.
- The
qla4xxx
driver now features improved driver fault recovery. This update fixes a bug in the driver that prevented adapter recovery if there were outstanding commands detected on the host adapter. (BZ#497478)
1.110.10.11. Miscellaneous Updates
- This update removes the
kfree
function fromkret_probelock
's scope so as to avoid a deadlock that could occur ifkretprobe_flush_task()
probes thekfree
function while holdingkretprobe_lock
spinlock. In addition, thekprobe
functionality has been disallowed on theatomic_notifier_call_chain
function to avoid numerous recursive faults occurring when it is called bykprobe
after a re-entry. (BZ#210555) - PCI devices would disappear in Xen Paravirtual guest system upon reboot or reset. This was identified as a problem with information about PCI devices being removed from
xenstore
beforexend
was able to create a configuration for the rebooted domain. Code has been amended inxenbus.c
to correct this behavior. (BZ#233801) - A kernel crash occurred when a Xen user specified the
mem=
(orhighmem=
) command via the command line on either the host or guest systems. This was caused by the array allocated to thep2m
table being too small which resulted in a page fault during the subsequentmemcpy()
. This update decreases the memory reservation and only copies the appropriate number of entries into thep2m
table.(BZ#240429) - RAID 0, RAID 1, RAID 10 and RAID 5 configurations have previously set
q->merge_bvec_fn
(a function that asks a device driver if the next vector entry will fit into a bio constructed by a process) in a way that rejects bios crossing its stripe. A device mapper will accept a bio that has two or more vector entries and a size equal to or less than a page that crosses a stripe boundary, but the underlying RAID device will not.This update configures the device mapper to set a one-page maximum request size and set its ownq->merge_bvec_fn
to reject any bios with multiple vector entries that span more pages. This fix precludes the generation of bios that will be rejected by aq->merge_bvec_fn
controlled by RAID 0, 1, 10 or 5. BZ#223947) - This update includes numerous patches to enable Gigabyte pagetable support. (BZ#251982).
0002-hugetlb-multiple-hstates-for-multiple-page-sizes.patch
0003-hugetlbfs-per-mount-huge-page-sizes.patch
0004-hugetlb-new-sysfs-interface.patch
0005-hugetlb-abstract-numa-round-robin-selection.patch
0006-mm-introduce-non-panic-alloc_bootmem.patch
0007-mm-export-prep_compound_page-to-mm.patch
0008-hugetlb-support-larger-than-MAX_ORDER.patch
0009-hugetlb-support-boot-allocate-different-sizes.patch
0010-hugetlb-printk-cleanup.patch
0011-hugetlb-introduce-pud_huge.patch
0012-x86-support-GB-hugepages-on-64-bit.patch
0013-x86-add-hugepagesz-option-on-64-bit.patch
0014-hugetlb-override-default-huge-page-size.patch
- DCA (Direct Cache Access) is a method for warming the cache in the CPU. As part of Intel®'s I/OAT technology, it minimizes performance-limiting bottlenecks. This release updates the kernel I/O AT code and includes support for DCA for Intel®'s 82572 Gigabit Ethernet adapter family (BZ#252949)
- The early GFS2 (Global File System) versions contained two system processes, gfs2_glockd and gfs2_scand which were responsible for scanning the in-core glock structures and freeing them if they were unused.In this release these processes have been replaced by a shrinker which frees glocks based on cues from the VM system. This results in a better use of memory and better response to low memory conditions (reducing the likelihood of "out of memory" issues). As a side effect, this update reduces the processing load produced by GFS2 under certain workloads. (BZ#273001)
- In order to enable new features (as discussed in Bugzillas #252949 and #436048) I/O AT (Advanced Technology) code has been updated and problems with
kABI
breakages have been corrected. (BZ#273441) - This update corrects code that produced bad mpa messages on the restoration or migration of para-virtualized guest system. (BZ#288511)
- Problems caused by Message Signaled Interrupts on Hyper-Transport based machines using (some) Nvidia cards have been resolved by porting an upstream driver. (BZ#290701)
- Some versions of pSeries firmware fail to set up a
dma-window
property for PCI slots that are unoccupied. As a result, the loop searching for this propery, iniommu_dev_setup_pSeriesLP()
, can run to the end, resulting in a NULL pointer dereference later in the routine. This patch prevents the crash and prints a warning message. (BZ#393241) - The existing 10 second delay waiting for frontend devices to connect was found to be insufficient under some load conditions. This update increases timeout for device connection on boot to 30 seconds. (BZ#396621)
- In previous kernels the
tuntap
device send path did not have any packet accounting. This meant that the user-space sender could pin down arbitrary amounts of kernel memory by continuing to send data to an end-point that was congested. This update adds packet accounting to thetun
driver so thatvirtio-net
gets congestion feedback which is necessary to prevent packet loss for protocols lacking congestion control (such as UDP) when used in a guest. (BZ#495863) - This update adds the virtualization feature VT-d. This feature provides hardware support for directly assigning physical devices to Xen fully virtualized (HVM) guests or KVM guests. The principal benefit of the feature is to improve device access performance to be close to native speeds. Please refer to the Red Hat Knowledgebase before using PCI device assignment with this technology to avoid possible system instability issues. (BZ#500901)VT-d support is disabled by default. To enable VT-d one must add intel_iommu=on to the kernel commandline. Enabling VT-d is required to assign a host's PCI device to a KVM guest. (BZ#504363)Additionally, only the assignment of NIC devices from host to guest is supported. Assigning a block device (hard disk) to a guest is not supported. On hardware platforms that support IOMMU passthrough it is recommended to also use the
iommu=pt
kernel commandline option as this will improve the performance of I/O devices in the host. This parameter has no effect on performance for devices assigned to guests.When the iommu=pt mode, if a device is assigned to (and then de-assigned from) a guest, it can no longer be used in the host until the host has been rebooted. PCI hotplug devices can not be used in iommu=pt mode - This update includes a fix for kernel panic encountered when attempting to run a
kdump
process on hardware virtual machine (HVM) in an ia64 architecture environment. (BZ#418591) - This update corrects softlockup issues encountered when booting earlier kernel versions in a virtual environment and setting the clocksource to read from the system's Programmable Interval Timer (PIT). (BZ#427588)
- A problem identified with Xen kernels manifested with
meminfo
reporting an incorrectLowTotal
of 4Tb. A patch applied to the driver alters howhighmem
pages are handled and corrects the error. (BZ#428892) - When users set
LPFC HBA
storage to reset in a loop the system would attempt to rediscoverSCSI
devices and some of these processes would time-out. The issue was found to be code paths deletingSCSI
devices without setting the device state toSDEV_DEL
. A patch included in this update corrects this behavior(BZ#430170) - The Xen kernel does not currently support the suspend functionality. A fix has been applied to this release to remove the "Suspend" option from graphical user interface menus. (BZ#430928)
- This update fixes a race condition when queuing incoming
iucv
messages by spreading the message queue spinlock in themessage_pending
callback across the entire callback function.This resolves the race condition and enhances system stability. (BZ#499626) - This feature fixes
hexdump
data ins390dbf
traces, allowing Red Hat Enterprise Linux to have complete registered state change notification (RSCN) traces (up to 1024 bytes). (BZ#470618) - This update adds support for the
connlimit
module to limit to the number of TCP connections accepted by specific ports. This feature reduces the risk of incidental DoS scenarios.(BZ#483588) - This update modifies the
DASDFMT
(Direct Access Storage Device ForMaT) command to operate in the same way as similar IBM tools (such asCPFMTXA
for zLinux/VM andICKDSF
for MVS).. (BZ#484836) - This feature includes stability enhancements to the CPU hotplug kernel module. (BZ#485412)
- When using previous x86_64 Xen kernels installed on Promise internal RAID disk the SuperTrak EX (
stex
) inbox-driver would fail, causing a kernel panic and failure to load. The cause was found to be the allocation of contiguous memory space. Relevant code sections have been rewritten to lower the amount of memory demanded by the driver (Note: This reduces the RAID Migration feature set). (BZ#486466)Note
Lowering memory demands reduces the RAID Migration feature set. - Infiniband driver updates, incorporated with the OFED 1.4.1 release upgrade, have rectified poor TCP transer rate performance when running Infiniband IPoIB in heterogeneous environments (that is, between Intel 32bit to PPC64bit or similar). (BZ#434779)
- This update adds support for machines using Intel®'s Calpella chipset. (BZ#438469)
- This update includes a patch to fix an interrupt storm (several thousand interrupts) encountered after boot with CD/DVD drive connected to IDE of Enterprise South Bridge 2 (ESB2). (BZ#438979)
- Pre-release testing has assessed the
ipr
andiprutil
drivers as supporting the SAS paddle card on pBlade extensions. (BZ#439566) - An upstream change to the
e1000
andbnx2
driver removed the functionality to generate entropy, causing applications requesting random data from/dev/random
to hang or produce an error message. This update reintroduces the functionality. (BZ#439898) - Problems with
ioctl SG_IO
calls to tape devices failing have been resolved with an upstream patch that address this and numerous otheriscsi
module issues. (BZ#440411) - An update in this release changes page locking code to avoid a deadlock between
mmap/munmap
andjournaling
(ext3). (BZ#445433) - This kernel release includes a bug to correct a crash encountered when attempting to format a DVD in a system booted to run
libata
andata-piix
IDE accelerators. (BZ#446086) - This update includes a fix to prevent para-virtualized guest systems crashing when run in a host machine with 64G RAM or more. (BZ#448115)
- Patches from the upstream kernel that improve
gettimeofday
performance on hypervisors have been incorporated in this release. With these changes serialization forgettimeofday
is switched from CPUID to MFENCE/LFENCE. (BZ#448588) - A bug that initiated a system reboot after a kernel panic despite
/proc/sys/kernel/panic
being set to-1
(which should prevent a reboot) has been fixed in this update. (BZ#446120) - Previous kernels were found to contain a bug that saw the
E1000
driver enable TSOv6 functionality for hardware that doesn't support it. A patch included in this update corrects this behavior.(BZ#449175) - When booting fully virtualized guests on on earlier 32-bit kernel hosts, it was found that guest systems with more than one virtual cpu could pause or even hang at the "starting udev" portion of the boot sequence. This bug was caused by one VCPU of an HVM guest missing timer ticks and Xen not re-delivering those missed ticks. This behavior caused a clock skew between VCPUs inside an HVM guest. These issues have been resolved with the backport of the AIO disk handling code and upstream Xen 'no missed-tick accounting' timer code. (BZ#449346)
- This update changes code that allowed
scsi_add_host()
to return a success even if the relevantwork_q
was not created. (BZ#450862) - A bug in previous kernels allowed a
ptrace
process (ptrace(PTRACE_CONT, application_pid, 0, SIGUSR1
) to terminate the specified application even if theSIGUSR1
flag was blocked (which is sufficient to prevent akill
command from acting on the application).ptrace_induce_signal()
is now used to set the blocked signal to pending, to be raised and executed only when the signal mask is cleared. (Bugzilla #451849) - This update enables raw device support for IBM System z platforms. (Bugzilla #452534)
- This release updates the ext3 filesystem code to prevent kernel panic in dx_probe. (Bugzilla #454942)
- This kernel update removes the
linux-2.6-ipmi-legacy-ioport-setup-changes.patch
which was causing keyboard lockups (on IBM p-series, 7028 and 7029 models) during the installation process. (Bugzilla #455232) - Messages being reported by
zfcp
testing processes have been removed from the message log in this kernel release. The tests in question were run when the local link was removed during heavy I/O loads, promptingzfcp
to test remote ports. There is no need to include these details the message log as the tests cannot be influenced by a user and all relevant information is available usingzfcp
traces.(BZ#455260) - This update removes the inclusion of the "Breaking affinity for irq XX" message in
dmesg
output. This message, reported when anXM migrate
was performed, is not necessary and could negatively impact a user if observed indmesg
output. (BZ#456095) - A patch has been included in this release to fix ACPI error flooding encountered when waking a Lenovo Thinkpad T61 (running the x86 kernel) from a suspended state. (BZ#456302)
- This release corrects how the
powernow
driver in the xen-kernel identifies the number of processors in guest systems. The original driver counted the number of processor cores in the machine causing it to identify dual-core processors as two distinct CPUs and return an incorrect processor count. (BZ#456437)
1.110.10.12. Further Updates
- Global File System 2 feature request improves performance of
page_mkwrite()
. (BZ#315191) - A problem returning "Operation not supported" messages when setting an ACL from an NFSv4 system has been resolved. (BZ#403021)
- Fixes have been included in this release that prevent a kernel panic encountered when
kprobes
attempted boosting on exception addresses in x86_32 kernels. (BZ#493088) - Various fixes and updates have been applied to the Xen Credit Scheduler and Xen Latency processes. (BZ#432700)
- An error encountered when attempting an online resize of an
ext3
filesystem usingresize2fs
is being investigated. The error returns "Invalid argument While trying to add group #15625" and can be avoided by doing resizes offline.(BZ#443541) - This release included updated kernel code that resolves NFS connectathon test #12.1 problems. Processes are now called in a different scheduling order which avoids a race conflict. (BZ#448929)
- This release contains an update to the
copy_user
code which fixes problems encountered when runningLTP read02
tests. (BZ#456682) - Kernel code has been updated to fix an error in compiling a custom kernel that includes the
snd-sb16.ko
module. (BZ#456698) - Various patches have been implemented in this release to resolve an issue with calltrace outputs showing on-screen during the shutdown of a Para-Virtualized domain. These outputs no longer appear during shutdown.(BZ#456893)
- An update in this release resolves system stalls that occurred when attempting to execute a
kdump
using the NMI key-combination. (BZ#456934) - A patch has been applied to this kernel to prevent soft lockups occasionally encountered during boot on RX600S4 server systems. (BZ#456938)
- After booting from the HMC (load from file), it is now possible to reboot from an alternate device. (BZ#458115)