1.88. kernel


1.88.1. RHSA-2011:0004: Important: kernel security, bug fix, and enhancement update

Important

This update has already been released as the security errata RHSA-2011:0004.
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

  • A flaw was found in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-3432, Important)
  • A missing integer overflow check was found in snd_ctl_new() in the Linux kernel's sound subsystem. A local, unprivileged user on a 32-bit system could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important)
  • A heap overflow flaw in the Linux kernel's Transparent Inter-Process Communication protocol (TIPC) implementation could allow a local, unprivileged user to escalate their privileges. (CVE-2010-3859, Important)
  • An integer overflow flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-3865, Important)
  • A flaw was found in the Xenbus code for the unified block-device I/O interface back end. A privileged guest user could use this flaw to cause a denial of service on the host system running the Xen hypervisor. (CVE-2010-3699, Moderate)
  • Missing sanity checks were found in setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate)
  • A flaw was found in inet_csk_diag_dump() in the Linux kernel's module for monitoring the sockets of INET transport protocols. By sending a netlink message with certain bytecode, a local, unprivileged user could cause a denial of service. (CVE-2010-3880, Moderate)
  • Missing sanity checks were found in gdth_ioctl_alloc() in the gdth driver in the Linux kernel. A local user with access to "/dev/gdth" on a 64-bit system could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-4157, Moderate)
  • The fix for Red Hat Bugzilla bug 484590 as provided in RHSA-2009:1243 introduced a regression. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4161, Moderate)
  • A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4242, Moderate)
  • It was found that a malicious guest running on the Xen hypervisor could place invalid data in the memory that the guest shared with the blkback and blktap back-end drivers, resulting in a denial of service on the host system. (CVE-2010-4247, Moderate)
  • A flaw was found in the Linux kernel's CPU time clocks implementation for the POSIX clock interface. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4248, Moderate)
  • Missing initialization flaws in the Linux kernel could lead to information leaks. (CVE-2010-3876, CVE-2010-4083, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-3442, CVE-2010-4161, and CVE-2010-4083; Thomas Pollet for reporting CVE-2010-3865; Brad Spengler for reporting CVE-2010-3858; Nelson Elhage for reporting CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; and Vasiliy Kulikov for reporting CVE-2010-3876.
Bug Fixes:
BZ#651811
Kernel panic could occur when the gfs2_glock_hold function was called within the gfs2_process_unlinked_inode function. This was due to the fact that gfs2_glock_hold was being called without a reference already held on the inode in question. This update, resolves this problem by changing the order in which it acquires references to match that of the NFS code, thus, kernel panic no longer occurs.
BZ#651805
Running certain tests (exploiting the reclaiming of unlinked dinodes) could cause a livelock to occur which resulted in a GFS2 hang. This update fixes the problems with inodes getting stuck in certain states, thus, the hangs no longer occur.
BZ#646765
The HP ProLiant DL580 G5 Server is in the bfsort whitelist, however the HP ProLiant DL580 G7 Server was not. This caused the scripts running under HP ProLiant DL580 G7 Server to not work properly. With this update, the HP ProLiant DL580 G7 Server has been added to the bfsort whitelist.
BZ#652561
When removing a slave tg3 driver interface with vlan support from bond, a "scheduling while atomic" error (i.e. a thread has called the schedule() function during an operation which is supposed to be atomic, i.e uninterrupted) occurred and, consequently, the system encountered a deadlock. With this update, the aforementioned error no longer occurs and removing a slave tg3 driver interface works as expected.
BZ#651818
Loading a kernel module invokes various kstopmachine threads which repeat acquiring and releasing of each spinlock of their local run queue by calling the yield() function. If an interruption occurs at that time and its handler requires one of those spinlocks, the operation fails to acquire the lock and the system hangs up. With this update, run queue spinlock starvation is avoided, thus, the system no longer hangs.
BZ#643339
If an Intel 82598 10 Gigabit Ethernet Controller was configured in a way that caused peer-to-peer traffic to be sent to the Intel X58 I/O hub (IOH), a PCIe credit starvation problem occurred. As a result, the system would hang. With this update, the system continues to work and does not hang.
BZ#657028
Handling ALUA (Asymmetric Logical Unit Access) transitioning states did not work properly due to a faulty SCSI (Small Computer System Interface) ALUA handler. With this update, optimized state transitioning prevents the aforementioned behavior.
BZ#657029
Due to a null pointer dereference in the qla24xx_queuecommand function, a Red Hat Enterprise Linux 5.5.z QLogic Fibre Channel host would panic during I/O with controller faults. This update fixes the null pointer dereference, thus, the system no longer panics.
BZ#658934
Prior to this update, Red Hat Enterprise Linux 5 with the qla4xxx driver and FC (Fibre Channel) drivers using the fc class, a device might have been put in the offline state due to a transport problem. Once the transport problem was resolved, the device was not usable until a user manually corrected the state. This update enables the transition from the offline state to the running state, thus, fixing the problem.
BZ#657319
System could have crashed when the uhci_irq() function was called between the uhci_stop() and free_irq() functions. This update avoids the aforementioned crash and the system works as expected.
BZ#649255
On some bnx2-based devices, frames could drop unexpectedly. This was shown by the increasing rx_fw_discards values in the ethtool --statistics output. With this update, frames are no longer dropped and all bnx2-based devices work as expected.
BZ#647681
Prior to this update, balance-rr bonding did not work properly. This resulted in non-functioning network interfaces unless the the bond0 interface had the promiscuous mode enabled. With this update, network balance-rr bonding works as expected, thus, preventing the aforementioned issue.
BZ#658857
Prior to this update, the global dentry unused counter (nr_unused) failed to update properly. As a result, the counter would contain negative values. When trying to reference the counter, dcache would loop indefinitely. With this update, the nr_unused counter has been updated, thus, it now works properly and no longer causes indefinite loops.
BZ#653335
Previously, both GFS and GFS2 file systems performed poorly when compared to, for example, the ext3 file system. With this update, steps have been taken to ensure the best performance possible with the aforementioned file systems.
BZ#643344
Prior to this update, the execve utility exhibited the following flaw. When an argument and any environment data were copied from an old task's user stack to the user stack of a newly-execve'd task, the kernel would not allow the process to be interrupted or rescheduled. Therefore, when the argument or environment string data was (abnormally) large, there was no "interactivity" with the process while the execve() function was transferring the data. With this update, fatal signals (like CTRL-c) can now be received and handled and a process is allowed to yield to higher priority processes during the data transfer.
BZ#643347
A typographical error in the create_by_name() function tested an error pointer (ERR_PTR) against dentry instead of *dentry. If "*dentry" was an ERR_PTR, it would be dereferenced in either the mkdir() function or the create() function which could cause kernel panic. With this update, the typographical error has been fixed, thus, kernel panic no longer occurs in the aforementioned case.
BZ#658378
Updated partner qualification injecting target faults uncovered a flaw where the Emulex lpfc driver would incorrectly panic due to a null pnode dereference. This update addresses the issue and was tested successfully under the same test conditions without the panic occurring.
BZ#658864, BZ#658379
Updated partner qualification injecting controller faults uncovered a flaw where the Emulex lpfc driver panicked during error handling. With this update, kernel panic no longer occurs.
BZ#658079
Updated partner qualification injecting controller faults uncovered a flaw where Fibre Channel ports would go offline while testing with Emulex LPFC controllers due to a faulty LPFC heartbeat functionality. This update changes the default behavior of the LPFC heartbeat to off.
BZ#643345
Prior to this update, the netback driver failed to transition from the InitWait state to the Connected state after it was closed once. This was due to the fact that at the moment the netdev_state_change function was called, the interface was still down, so the NETDEV_CHANGE event was not called. This update makes sure the interface is up (via the NETDEV_UP event) and correctly changes the states.
BZ#648938
AMD64 hosts on Intel Xeon processor 7500 series machines panicked when installing a Red Hat Enterprise Linux 4.8 KVM guest. This was due to a faulty value being generated in the gso_size variable that did not conform to the specification. With this update, faulty values are no longer generated and kernel panic no longer occurs.
BZ#664416
Reading an empty file on an optional mount sync/noac of NFSv4 could cause kernel panic. This problem did not occur when an optional mount was set as a default. The kernel panic was caused by improperly setting the lock_context field in nfs_writepage_sync. With this update, the aforementioned issue has been fixed and kernel panic no longer occurs.
BZ#663353
Running certain tests, the system could crash due to an error in nfs_flush_incompatible. This was caused by problematic calls to the nfs_clear_context function. With this update, calls to the nfs_clear_context function work as expected and the system no longer crashes.
BZ#663381
Writing to a file on optional mount sync/noac of NFSv4 could cause kernel panic. This problem did not occur when an optional mount was set as a default. The kernel panic was caused by the lock_context field being added to the nfs_writedata but missing the functionality to be filled out in the nfs_writepage_sync codepath. With this update, a new function was added to properly handle the lock_context field, thus, kernel panic no longer occurs.
Enhancement:
BZ#658520
The sfc driver adds support for the Solarstorm SFC9000 family of Ethernet controllers.
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.2. RHSA-2010:0839: Moderate: kernel security and bug fix update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2010:0839
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
* a NULL pointer dereference flaw was found in the io_submit_one() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-3066, Moderate)
* a flaw was found in the xfs_ioc_fsgetxattr() function in the Linux kernel XFS file system implementation. A data structure in xfs_ioc_fsgetxattr() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3078, Moderate)
* the exception fixup code for the __futex_atomic_op1, __futex_atomic_op2, and futex_atomic_cmpxchg_inatomic() macros replaced the LOCK prefix with a NOP instruction. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-3086, Moderate)
* a flaw was found in the tcf_act_police_dump() function in the Linux kernel network traffic policing implementation. A data structure in tcf_act_police_dump() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3477, Moderate)
* a missing upper bound integer check was found in the sys_io_submit() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3067, Low)
Red Hat would like to thank Tavis Ormandy for reporting CVE-2010-3066, CVE-2010-3086, and CVE-2010-3067, and Dan Rosenberg for reporting CVE-2010-3078.
Bug fixes:
* previously, using 802.3ad link aggregation did not work properly when using the ixgbe driver. This was caused due to an inability to form 802.3ad-based bonds. With this update, the issue causing 802.3ad link aggregation to not work properly has been fixed. (BZ#644822)
* in an active/backup bonding network interface with vlans on top of it, when a link failed over, it took a minute for the multicast domain to be rejoined. This was caused by the driver not sending any IGMP join packets. With this update, the driver sends IGMP join packets and the multicast domain is rejoined immediately. (BZ#640973)
* in a two node cluster, the lock master of two folders can move 100 files from one folder to the other in less than 1 second. If a server is not the lock master for that folder, it would take that server 3-5 seconds to perform the same task on GFS1 (Global File System 1), and 30-50 seconds on GFS2 (Global File System 2). With this update, the aforementioned task takes less than 1 second on GFS1 and about 3 seconds on GFS2. (BZ#639073)
* previously, migrating a hardware virtual machine (HVM) guest with both, UP and PV drivers, may have caused the guest to stop responding. With this update, HVM guest migration works as expected. (BZ#630989)
* running the Virtual Desktop Server Manager (VDSM) and performing an lvextend during an intensive Virtual Guest power up caused this operation to fail. Since lvextend was blocked, all components became non-responsive: vgs and lvs commands froze the session, Virtual Guests became Paused or Not Responding. This was caused by a faulty use of a lock. With this update, performing an lvextend operation works as expected. (BZ#632255)
* previously, system board iomem resources, which were enumerated using the PNP Motherboard resource descriptions, were not recognized and taken into consideration when gathering resource information. This could have caused MMIO-based requests to receive allocations that were not valid. With this update, system board iomem resources are correctly recognized when gathering resource information. (BZ#629861)
* previously, disks were spinning up for devices in an Active/Passive array on standby path side. This caused long boot up times which resulted in SD devices to be all created before multipath was ready. With this update, a disk is not spun up if returning NOT_READY on standby path. (BZ#634977)
* a race in the PID generation caused PIDs to be reused immediately. This caused problems such as signaling or killing wrong processes accidentally, resulting in various application faults. With this update, the reuse of PIDs is detected and is no longer allowed. (BZ#638866)
* previously, Connectathon test cases performed on a z/OS NFSv4 server were regularly failing. While the file was being closed prior to the unlink call, the client did not wait for the close to complete before proceeding. This caused it to perform an inappropriate rename instead of unlinking the file, even though it was not required. With this update, removals on NFSv4 mounts should wait for outstanding close calls to complete before proceeding. (BZ#642628)
* previously, writing multiple files in parallel could result in uncontrollable fragmentation of the files. With this update, the methods of controlling fragmentation work as expected. (BZ#643571)
* a bug was found in the way the megaraid_sas driver (for SAS based RAID controllers) handled physical disks and management IOCTLs (Input/Output Control). All physical disks were exported to the disk layer, allowing an oops in megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout occurred. One possible trigger for this bug was running mkfs. This update resolves this issue by updating the megaraid_sas driver to version 4.31. (BZ#619365)
* the RELEASE_LOCKOWNER operation has been implemented for NFSv4 in order to avoid an exhaustion of NFS server state IDs, which could result in an NFS4ERR_RESOURCE error. Furthermore, if the NFS4ERR_RESOURCE error is returned by the NFS server, it is now handled correctly, thus preventing a possible reason for the following error:
NFS: v4 server returned a bad sequence-id error!
* kernel panic occurred on a Red Hat Enterprise Linux 5.5 FC host with a QLogic 8G FC adapter (QLE2562) while running IO with target controller faults. With this update, kernel panic no longer occurs in the aforementioned case. (BZ#643135)
* recently applied patch introduced a bug, which caused the Xen guest networking not to work properly on 64-bit Itanium processors. However, this bug also revealed an issue, which may have led to a data corruption. With this update, both errors have been fixed, and Xen virtual guest networking now works as expected. (BZ#637220)
* an attempt to create a VLAN interface on a bond of two bnx2 adapters in two switch configurations resulted in a soft lockup after a few seconds. This was caused by an incorrect use of a bonding pointer. With this update, soft lockups no longer occurs and creating a VLAN interface works as expected. (BZ#630540)
* a Red Hat Enterprise Linux 4, 5, and 6 Xen HVM guest that uses PM timer for time keeping had the time drift backwards about 5 seconds per minute. This was caused by small inaccuracies in truncating in the pmt_update_time() function. With this update, time is kept accurately and no longer drifts backwards. (BZ#641915)
* various dasd_sleep_on functions use a global wait queue when waiting for a CQR (Channel Queue Request). Previously, the wait condition checked the status and devlist fields of the CQR to determine if it is safe to continue. This evaluation may have returned true, although the tasklet did not finish processing the CQR and the callback function had not been called yet. When the callback was finally called, the data in the CQR could have already been invalid. With this update, the sleep_on wait condition has a safe way to determine if the tasklet has finished processing, thus, preventing the aforementioned behavior. (BZ#638579)
* previously, receiving 8 or more different types of ICMP packets corrupted the kernel memory. This was caused by a flaw in net/ipv4/proc.c. With this update, kernel memory is no longer corrupted when receiving 8 or more different types of ICMP packets. (BZ#634976)
* on certain ThinkPad models, reading video output controls could lead to a hard-crash of X.org. This update restricts access permissions to /proc/acpi/ibm/video in order to prevent the aforementioned crash. (BZ#629241)
* under certain circumstances, an attempt to dereference a NULL pointer in the lpfc_nlp_put() function may have caused the system to crash. With this update, several changes have been made to ensure the correct reference count, resolving this issue. (BZ#637727)
* previously, running the dd command on an iSCSI device with the qla3xxx driver may have caused the system to crash. This error has been fixed, and running the dd command on such device no longer crashes the system. (BZ#637206)
* previously, a forward time drift was observed on 64-bit Red Hat Enterprise Linux 5 virtual guests which were using a PM timer based kernel tick accounting and running on KVM or HYPER-V hypervisor. Virtual guests that were booted with the divider=x kernel parameter set to a value greater than 1 and that showed the following line of text in the kernel boot messages were the subject of the aforementioned behavior:
time.c: Using 3.579545 MHz WALL PM GTOD PM timer
With this update, the fine grained accounting for the PM timer is introduced which eliminates the time difference issues. However, this flaw also uncovered a bug in the Xen hypervisor, possibly causing backward time drift. If Xen HVM guests are using the PM timer, it is suggested that the host uses the kernel-xen-2.6.18-194.21.1.el5 package or a newer version. (BZ#637069)
* with this update, the upper limit of log_mtts_per_seg was increased from 5 to 7, increasing the amount of memory that can be registered. Machines with larger memory are now able to register more memory. (BZ#643806)
* performing a Direct IO write operation to a file on an NFS mount did not work. With this update, the minor error in the source code was fixed and the Direct IO operation works as expected. (BZ#647601)
* a vulnerability was discovered in the 32-bit compatibility code for the VIDIOCSMICROCODE IOCTL (Input/Output Control) in the Video4Linux implementation. It does not affect Red Hat Enterprise Linux 5, but as a preventive measure, this update removes the code. Red Hat would like to thank Kees Cook for reporting this vulnerability. (BZ#642465, BZ#642470)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.3. RHSA-2010:0504: Important: kernel security and bug fix update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2010:0504
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives detailed severity rating, is available from the CVE link after the description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
* a NULL pointer dereference flaw was found in the Fast Userspace Mutexes (futexes) implementation. The unlock code path did not check if the futex value associated with pi_state->owner had been modified. A local user could use this flaw to modify the futex value, possibly leading to a denial of service or privilege escalation when the pi_state->owner pointer is dereferenced. (CVE-2010-0622, Important)
* a NULL pointer dereference flaw was found in the Linux kernel Network File System (NFS) implementation. A local user on a system that has an NFS-mounted file system could use this flaw to cause a denial of service or escalate their privileges on that system. (CVE-2010-1087, Important)
* a flaw was found in the sctp_process_unk_param() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to an SCTP listening port on a target system, causing a kernel panic (denial of service). (CVE-2010-1173, Important)
* a flaw was found in the Linux kernel Transparent Inter-Process Communication protocol (TIPC) implementation. If a client application, on a local system where the tipc module is not yet in network mode, attempted to send a message to a remote TIPC node, it would dereference a NULL pointer on the local system, causing a kernel panic (denial of service). (CVE-2010-1187, Important)
* a buffer overflow flaw was found in the Linux kernel Global File System 2 (GFS2) implementation. In certain cases, a quota could be written past the end of a memory page, causing memory corruption, leaving the quota stored on disk in an invalid state. A user with write access to a GFS2 file system could trigger this flaw to cause a kernel crash (denial of service) or escalate their privileges on the GFS2 server. This issue can only be triggered if the GFS2 file system is mounted with the "quota=on" or "quota=account" mount option. (CVE-2010-1436, Important)
* a race condition between finding a keyring by name and destroying a freed keyring was found in the Linux kernel key management facility. A local user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1437, Important)
* a flaw was found in the link_path_walk() function in the Linux kernel. Using the file descriptor returned by the open() function with the O_NOFOLLOW flag on a subordinate NFS-mounted file system, could result in a NULL pointer dereference, causing a denial of service or privilege escalation. (CVE-2010-1088, Moderate)
* a missing permission check was found in the gfs2_set_flags() function in the Linux kernel GFS2 implementation. A local user could use this flaw to change certain file attributes of files, on a GFS2 file system, that they do not own. (CVE-2010-1641, Low)
Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for responsibly reporting CVE-2010-1173; Mario Mikocevic for responsibly reporting CVE-2010-1436; and Dan Rosenberg for responsibly reporting CVE-2010-1641.
Bug fixes:
* hot-adding memory to a system with 4 GB of RAM caused problems with 32-bit DMA devices, which led to the system becoming unresponsive. With this update, the user is warned that more than 4 GB of RAM is being added to the system; however, memory exceeding 4 GB is not registered by the system. (BZ#587957)
* running two or more simultaneous write operations with the O_DIRECT flag, on two separate partitions of a single disk, resulted in the performance of each write being reduced. This could have caused a write slowdown of approximately 25% when running two simultaneous dd oflag=direct commands on two different partitions. This regression has been fixed in this update so that O_DIRECT write performance does not incur a performance penalty. (BZ#588219)
* the ethtool utility is used to display or change Ethernet card settings. It was not possible to enable Wake-on-LAN for network devices using the Intel PRO/1000 Linux driver which had Wake-on-LAN disabled in their EEPROM memory. With this update, the ethtool utility is able to enable Wake-on-LAN for Intel PRO/1000 network devices. (BZ#591493)
* the virtio balloon driver was able to access the virtual guest's kernel's reservation pools in order to satisfy a balloon request, which could have caused a kernel of the virtual guest to run out of memory when attempting to satisfy the host operating system's request to donate free memory pages. This has been fixed so that virtual guests do not run out of memory when guest memory usage is high. (BZ#591611)
* on the PowerPC architecture, the tg3 driver for Broadcom Corporation NetXtreme NICs that try to enable MSI failed to fall back to INTx mode when MSI initialization failed. With this update, the tg3 driver is able to fall back to INTx mode with cards that attempt to initialize MSI. (BZ#592844)
* when the power_meter module was unloaded or its initialization failed, a backtrace message was written to /var/log/dmesg that warned about a missing release() function. This error was harmless, and no longer occurs with this update. (BZ#592846)
* when an SFQ (Stochastic Fair Queuing) qdisc that limited the queue size to two packets was added to a network interface (for example, via tc qdisc add), sending traffic through that interface resulted in a kernel crash. With this update, such a qdisc no longer results in a kernel crash when sending traffic. (BZ#594054)
* when a system was configured using channel bonding in "mode=0" (round-robin balancing) with multicast, IGMP traffic was transmitted via a single interface. If that interface failed (due to a port, NIC or cable failure, for example), IGMP was not transmitted via another port in the group, thus resulting in packets for the previously-registered multicast group not being routed correctly. (BZ#594057)
* on NFS, the read(2) system call could have returned an unexpected EIO (input/output error) value. (BZ#594061)
* when an NFS server exported a file system with an explicit fsid=file_system_ID, an NFS client mounted that file system on one mount point and a subdirectory of that file system on a separate mount point, then if the server re-exported that file system after un-exporting and unmounting it, it was possible for the NFS client to unmount those mount points and receive the following error message: VFS: Busy inodes after unmount... Additionally, it was possible to crash the NFS client's kernel in this situation. (BZ#596384)
* Large-Receive Offload (LRO) is a performance optimization that enables the kernel to fetch and process, as a unit, more than one received packet from a network device. It was previously not possible to dynamically disable LRO for devices in a forwarding mode. This has been fixed with this update so that the kernel is able to dynamically disable LRO for devices in a forwarding state, or which had LRO turned on manually. (BZ#596385)
* when the Stream Control Transmission Protocol (SCTP) kernel code attempted to check a non-blocking flag, it could have dereferenced a NULL file pointer due to the fact that in-kernel sockets created with the sock_create_kern() function may not have a file structure and descriptor allocated to them. The kernel would crash as a result of the dereference. With this update, SCTP ensures that the file is valid before attempting to set a timeout, thus preventing a possible NULL dereference and consequent kernel crash. (BZ#598355)
* the e1000 and e1000e drivers for Intel PRO/1000 network devices were updated with an enhanced algorithm for adaptive interrupt modulation in the Red Hat Enterprise Linux 5.1 release. When InterruptThrottleRate was set to 1 (thus enabling the new adaptive mode), certain traffic patterns could have caused high CPU usage. This update provides a way to set InterruptThrottleRate to 4, which switches the mode back to the simpler and non-adaptive algorithm. Doing so may decrease CPU usage by the e1000 and e1000e drivers depending on traffic patterns. Note: You can change the InterruptThrottleRate setting using the ethtool utility by running the ethtool -C ethX rx-usecs 4 command. (BZ#599332)
* the Red Hat Enterprise Linux 5.5 kernel contained a fix for Red Hat Bugzilla number 548657 which introduced a regression in file locking behavior that presented with the General Parallel File System (GPFS). This update removes the redundant locking code. (BZ#599730)
* the Microsoft Server Virtualization Validation Test contains an IsVM component, which directs that applications should be able to determine if they are running inside a virtualized environment by performing a CPUID check. With this update, applications running on a Windows operating system are able to determine whether they are running inside a virtualized environment. (BZ#599734)
* issuing the sysctl -w vm.drop_caches=1 command on a system running a database backed by HugePages caused memory corruption errors. This update fixes this issue by ensuring that the HugePages "dirty bit" is properly set, with the result that corruption no longer occurs when dropping the virtual memory caches. (BZ#599737)
* input/output errors can occur due to temporary failures, such as multipath errors or losing network contact with an iSCSI server. In these cases, virtual memory attempts to retry the readpage() function on the memory page. However, the do_generic_file_read() function did not clear PG_error, which resulted in the system being unable to use the data in the page cache page, even if subsequent readpage() calls succeeded. With this update, the do_generic_file_read() function properly clears PG_error so that the page cache can be utilized in the case of input/output errors. (BZ#599739)
* calling the service iptables stop command causes the iptables init script to unload the netfilter modules. Because a clean-up code path was not taken, an endless loop occurred, which resulted in the init script becoming unresponsive. This update ensures that the clean-up code path is correctly taken, with the result that stopping the iptables service now works as expected. (BZ#600215)
* Red Hat Enterprise Linux 5.4 SMP guests running on the Red Hat Enterprise Virtualization Hypervisor may have experienced inconsistent time, such as the clock drifting backwards. This could have caused some applications to become unresponsive. (BZ#601080)
* the timer_interrupt() routine did not scale lost real ticks to logical ticks correctly. This could have caused time drift for 64-bit Red Hat Enterprise Linux 5 KVM (Kernel-based Virtual Machine) guests that were booted with the divider=x kernel parameter set to a value greater than 1. On the affected guest systems, warning: many lost ticks messages may have been logged. (BZ#601090)
* upon startup, the bnx2x network driver experienced a panic dump when more than one network interface was configured to start up at boot time. With this update, statistics counter initialization for function IDs greater than "1" has been disabled, with the result that bnx2x no longer panic dumps when more than one interface has the ONBOOT=yes directive set. (BZ#607087)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.4. RHSA-2010:0046: Important security and bug fix update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2010:0046
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
* an array index error was found in the gdth driver. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important)
* a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important)
* Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important)
* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially-crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic. (CVE-2009-4272, Important)
* the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have "/proc/sys/fs/suid_dumpable" set to 2 (the default value is 0). (CVE-2006-6304, Moderate)
The fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable set to 2, the core file will not be recorded if the file already exists. For example, core files will not be overwritten on subsequent crashes of processes whose core files map to the same name.
* an information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)
* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) support in the qla2xxx driver, resulting in two new sysfs pseudo files, "/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete". These two files were world-writable by default, allowing a local user to change SCSI host attributes. This flaw only affects systems using the qla2xxx driver and NPIV capable hardware. (CVE-2009-3556, Moderate)
* permission issues were found in the megaraid_sas driver. The "dbg_lvl" and "poll_mode_io" files on the sysfs file system ("/sys/") had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)
* a NULL pointer dereference flaw was found in the firewire-ohci driver used for OHCI compliant IEEE 1394 controllers. A local, unprivileged user with access to /dev/fw* files could issue certain IOCTL calls, causing a denial of service or privilege escalation. The FireWire modules are blacklisted by default, and if enabled, only root has access to the files noted above by default. (CVE-2009-4138, Moderate)
* a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation. This could lead to a denial of service if a user browsed a specially-crafted HFS file system, for example, by running "ls". (CVE-2009-4020, Low)
Bug fix documentation for this update will be available shortly from www.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update/ index.html
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.5. RHSA-2010:0147: Important security and bug fix update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2010:0147
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important)
* a missing boundary check was found in the do_move_pages() function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important)
* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important)
* a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially-crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate)
* an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate)
* missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low)
Bug fixes:
* a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449)
* a race issue in the Journaling Block Device. (BZ#553132)
* programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. (BZ#557684)
* the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335)
* adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588)
* some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640)
* on some systems, VF cannot be enabled in dom0. (BZ#560665)
* on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417)
* for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454)
* serious performance degradation for 32-bit applications, that map (mmap) thousands of small files, when run on a 64-bit system. (BZ#562746)
* improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772)
* dom0 was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777)
* a fix for a bug that could potentially cause file system corruption. (BZ#564281)
* a bug caused infrequent cluster issues for users of GFS2. (BZ#564288)
* gfs2_delete_inode failed on read-only file systems. (BZ#564290)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.6. RHSA-2010:0019: Important security update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2010:0019
Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important)
* a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important)
* a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.7. RHSA-2009:1670: Important security and bug fix update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1670
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
* NULL pointer dereference flaws in the r128 driver. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2009-3620, Important)
* a NULL pointer dereference flaw in the NFSv4 implementation. Several NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local user on a system with an NFSv4 share mounted could possibly use this flaw to cause a denial of service or escalate their privileges. (CVE-2009-3726, Important)
* a flaw in tcf_fill_node(). A certain data structure in this function was not initialized properly before being copied to user-space. This could lead to an information leak. (CVE-2009-3612, Moderate)
* unix_stream_connect() did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2009-3621, Moderate)
Knowledgebase DOC-20536 has steps to mitigate NULL pointer dereference flaws.
Bug fixes:
* frequently changing a CPU between online and offline caused a kernel panic on some systems. (BZ#545583)
* for the LSI Logic LSI53C1030 Ultra320 SCSI controller, read commands sent could receive incorrect data, preventing correct data transfer. (BZ#529308)
* pciehp could not detect PCI Express hot plug slots on some systems. (BZ#530383)
* soft lockups: inotify race and contention on dcache_lock. (BZ#533822,
* priority ordered lists are now used for threads waiting for a given mutex. (BZ#533858)
* a deadlock in DLM could cause GFS2 file systems to lock up. (BZ#533859)
* use-after-free bug in the audit subsystem crashed certain systems when running usermod. (BZ#533861)
* on certain hardware configurations, a kernel panic when the Broadcom iSCSI offload driver (bnx2i.ko and cnic.ko) was loaded. (BZ#537014)
* qla2xxx: Enabled MSI-X, and correctly handle the module parameter to control it. This improves performance for certain systems. (BZ#537020)
* system crash when reading the cpuaffinity file on a system. (BZ#537346)
* suspend-resume problems on systems with lots of logical CPUs, e.g. BX-EX. (BZ#539674)
* off-by-one error in the legacy PCI bus check. (BZ#539675)
* TSC was not made available on systems with multi-clustered APICs. This could cause slow performance for time-sensitive applications. (BZ#539676)
* ACPI: ARB_DISABLE now disabled on platforms that do not need it. (BZ#539677)
* fix node to core and power-aware scheduling issues, and a kernel panic during boot on certain AMD Opteron processors. (BZ#539678, BZ#540469,
* APIC timer interrupt issues on some AMD Opteron systems prevented achieving full power savings. (BZ#539681)
* general OProfile support for some newer Intel processors. (BZ#539683)
* system crash during boot when NUMA is enabled on systems using MC and kernel-xen. (BZ#539684)
* on some larger systems, performance issues due to a spinlock. (BZ#539685)
* APIC errors when IOMMU is enabled on some AMD Opteron systems. (BZ#539687)
* on some AMD Opteron systems, repeatedly taking a CPU offline then online caused a system hang. (BZ#539688)
* I/O page fault errors on some systems. (BZ#539689)
* certain memory configurations could cause the kernel-xen kernel to fail to boot on some AMD Opteron systems. (BZ#539690)
* NMI watchdog is now disabled for offline CPUs. (BZ#539691)
* duplicate directories in /proc/acpi/processor/ on BX-EX systems. (BZ#539692)
* links did not come up when using bnx2x with certain Broadcom devices. (BZ#540381)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.8. RHSA-2009:1548: Important security and bug fix update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1548
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
* a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)
* a NULL pointer dereference flaw was found in the eCryptfs implementation in the Linux kernel. A local attacker could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2908, Important)
* a flaw was found in the NFSv4 implementation. The kernel would do an unnecessary permission check after creating a file. This check would usually fail and leave the file with the permission bits set to random values. Note: This is a server-side only issue. (CVE-2009-3286, Important)
* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)
* a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU space exhaustion and a system crash. An attacker on the local network could abuse this flaw by using jumbo frames for large amounts of network traffic. (CVE-2009-3613, Important)
* missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks. (CVE-2009-3228, Moderate)
Bug fixes:
* with network bonding in the "balance-tlb" or "balance-alb" mode, the primary setting for the primary slave device was lost when said device was brought down. Bringing the slave back up did not restore the primary setting. (BZ#517971)
* some faulty serial device hardware caused systems running the kernel-xen kernel to take a very long time to boot. (BZ#524153)
* a caching bug in nfs_readdir() may have caused NFS clients to see duplicate files or not see all files in a directory. (BZ#526960)
* the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing certain scripts from running. This update adds the option back. (BZ#526963)
* an iptables rule with the recent module and a hit count value greater than the ip_pkt_list_tot parameter (the default is 20), did not have any effect over packets, as the hit count could not be reached. (BZ#527434)
* a check has been added to the IPv4 code to make sure that rt is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#527436)
* a kernel panic occurred in certain conditions after reconfiguring a tape drive's block size. (BZ#528133)
* when using the Linux Virtual Server (LVS) in a master and backup configuration, and propagating active connections on the master to the backup, the connection timeout value on the backup was hard-coded to 180 seconds, meaning connection information on the backup was soon lost. This could prevent the successful failover of connections. The timeout value can now be set via "ipvsadm --set". (BZ#528645)
* a bug in nfs4_do_open_expired() could have caused the reclaimer thread on an NFSv4 client to enter an infinite loop. (BZ#529162)
* MSI interrupts may not have been delivered for r8169 based network cards that have MSI interrupts enabled. This bug only affected certain systems. (BZ#529366)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.9. RHSA-2009:1455: Moderate security and bug fix update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1455
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
[Updated 23rd February 2010] This update adds references to two KBase articles that includes greater detail regarding some bug fixes that could not be fully documented in the errata note properly.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fix:
* a NULL pointer dereference flaw was found in the Multiple Devices (md) driver in the Linux kernel. If the "suspend_lo" or "suspend_hi" file on the sysfs file system ("/sys/") is modified when the disk array is inactive, it could lead to a local denial of service or privilege escalation. Note: By default, only the root user can write to the files noted above. (CVE-2009-2849, Moderate)
Bug fixes:
* a bug in nlm_lookup_host() could lead to un-reclaimed file system locks, resulting in umount failing & NFS service relocation issues for clusters. (BZ#517967)
* a bug in the sky2 driver prevented the phy from being reset properly on some hardware when it hung, preventing a link from coming back up. (BZ#517976)
* disabling MSI-X for qla2xxx also disabled MSI interrupts. ( BZ#519782 )
* performance issues with reads when using the qlge driver on PowerPC systems. A system hang could also occur during reboot. (BZ#519783)
* unreliable time keeping for Red Hat Enterprise Linux virtual machines. The KVM pvclock code is now used to detect/correct lost ticks. (BZ#520685)
* /proc/cpuinfo was missing flags for new features in supported processors, possibly preventing the operating system & applications from getting the best performance. (BZ#520686)
* reading/writing with a serial loopback device on a certain IBM system did not work unless booted with "pnpacpi=off". (BZ#520905)
* mlx4_core failed to load on systems with more than 32 CPUs. ( BZ#520906 )
* on big-endian platforms, interfaces using the mlx4_en driver & Large Receive Offload (LRO) did not handle VLAN traffic properly (a segmentation fault in the VLAN stack in the kernel occurred). (BZ#520908)
* due to a lock being held for a long time, some systems may have experienced "BUG: soft lockup" messages under heavy load. (BZ#520919)
* incorrect APIC timer calibration may have caused a system hang during boot, as well as the system time becoming faster or slower. A warning is now provided. (BZ#521238)
* a Fibre Channel device re-scan via 'echo "---" > /sys/class/scsi_host/ host[x]/scan' may not complete after hot adding a drive, leading to soft lockups ("BUG: soft lockup detected"). (BZ#521239)
* the Broadcom BCM5761 network device could not to be initialized properly; therefore, the associated interface could not obtain an IP address via DHCP or be assigned one manually. (BZ#521241)
* when a process attempted to read from a page that had first been accessed by writing to part of it (via write(2)), the NFS client needed to flush the modified portion of the page out to the server, & then read the entire page back in. This flush caused performance issues. (BZ#521244)
* a kernel panic when using bnx2x devices & LRO in a bridge. A warning is now provided to disable LRO in these situations. (BZ#522636)
* the scsi_dh_rdac driver was updated to recognize the Sun StorageTek Flexline 380. (BZ#523237)
* in FIPS mode, random number generators are required to not return the first block of random data they generate, but rather save it to seed the repetition check. This update brings the random number generator into conformance. (BZ#523289)
* an option to disable/enable the use of the first random block is now provided to bring ansi_cprng into compliance with FIPS-140 continuous test requirements. (BZ#523290)
* running the SAP Linux Certification Suite in a KVM guest caused severe SAP kernel errors, causing it to exit. (BZ#524150)
* attempting to 'online' a CPU for a KVM guest via sysfs caused a system crash. (BZ#524151)
* when using KVM, pvclock returned bogus wallclock values. (BZ#524152)
* the clock could go backwards when using the vsyscall infrastructure. (BZ#524527)
See References for KBase links re BZ#519782 & BZ#520906 .
Users should upgrade to these updated packages, which contain backported patches to correct these issues. Reboot the system for this update to take effect.

1.88.10. RHSA-2010:0178: Important Red Hat Enterprise Linux 5.5 kernel security and bug fix update

Updated kernel packages that fix three security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fifth regular update.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important)
* a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate)
* a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system. (CVE-2009-4307, Low)
These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes:
All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.

1.88.10.1. Bug Fixes

The following is a list of the bugs that have been addressed in this kernel release, including causes, consequences, and fix results.
1.88.10.1.1. Generic Kernel Features
  • Add IRONLAKE support to AGP/DRM drivers. BZ#547908
  • PCI AER: HEST FIRMWARE FIRST support. BZ#547762
  • Extend tracepoint support. BZ#534178
  • Update ibmvscsi driver with upstream multipath enhancements. BZ#512203
    This update provides improved support for the ibmvscsi driver, including support for fastfail mode and improved multipathing support.
    This update is 64-bit PowerPC-specific.
  • amd64_edac: Add and detect ddr3 support. BZ#479070
  • Add scsi and libfc symbols to whitelist_file. BZ#533489
  • Extend KABI to support symbols that are not part of the current KABI. BZ#526342
  • libfc bug fixes and improvements. BZ#526259
  • Implement smp_call_function_[single|many] in x86_64 and i386. BZ#526043
    A number of updates now depend on the smp_call_function_single() and smp_call_function_many() functions. This update provides a single function that can refer to the appropriate function as required, thereby simplifying the creation of further updates.
  • Support the single-port Async device on p7 Saturn. BZ#525812
  • Backport open source driver for Creative X-Fi audio card. BZ#523786
  • [Intel 5.5 FEAT] Update PCI.IDS for B43 graphics controller. BZ#523637
  • Support physical CPU hotplug. BZ#516999
    This feature provides the functionality to add and remove CPU resources physically while the system is running.
    This feature applies to 32-bit x86, 64-bit Intel 64 and AMD64, and 64-bit Itanium2 architectures.
  • Include core WMI support and Dell-WMI driver. BZ#516623
  • [kabi] Add scsi_nl_{send_vendor_msg,{add,remove}_driver}. BZ#515812
  • Enable ACPI 4.0 power metering. BZ#514923
  • Add AER software error injection support. BZ#514442
  • Add support for Syleus chip to fschmd driver. BZ#513101
  • Implement support for DS8000 volumes. BZ#511972
  • Support Lexar ExpressCard. BZ#511374
  • Disable ARB_DISABLE on platforms where it is not needed. BZ#509422
    ARB_DISABLE is a NOP on all of the recent Intel platforms. For such platforms, this update reduces contention on the c3_lock by skipping the fake ARB_DISABLE.
    This lock is held on each deep C-state entry and exit and with 16, 32, and 64 logical CPUs in NHM EP, NHM EX platforms, this contention can become significant. Specifically on distributions that do not have tickless feature and where all CPUs may wake up around the same time.
  • Add zfcp parameter to dynamically adjust scsi_queue_depth size. BZ#508355
  • Add HP ipmi message handling to Red Hat Enterprise Linux 5. BZ#507402
  • Backport CONFIG_DETECT_HUNG_TASK to Red Hat Enterprise Linux 5. BZ#506059
    In some circumstances, tasks in the kernel may permanently enter the uninterruptible sleep state (D-State), making the system impossible to shut down. This update adds the Detect Hung Task kernel thread, providing the ability to detect tasks permanently stuck in the D-State.
    This new feature is controlled by the "CONFIG_DETECT_HUNG_TASK=" kernel flag. When set to "y", tasks stuck in the D-State are detected; when set to "n" it is off. The default value for the "CONFIG_DETECT_HUNG_TASK" flag is "y".
    Additionally, the "CONFIG_BOOTPARAM_HUNG_TASK_PANIC" flag has been added. When set to "y", a kernel panic is triggered when a task stuck in the D-State is detected. The default value for the "CONFIG_BOOTPARAM_HUNG_TASK_PANIC" flag is "n".
  • Add ability to access Nehalem uncore configuration space. BZ#504330
    Systems that don't use MMCONFIG have trouble when allocating resources by using a legacy PCI probe. As a result, the machine will hang during boot if the Disk PCI device is not properly initialized.
    This update reverts a patch that improves the PCI ID detection in order to detect the new PCI devices found on Nehalem machines. Consequently, the kernel will not hang on such machines. A different patch will be needed, however, when adding any driver that needs to see the non-core set of PCI devices on Nehalem.
  • When booted with P-state limit, limit can never be increased BZ#489566
  • Add do_settimeofday and __user_walk_fd BZ#486205
  • A bug was discovered where closing the lid on an HP6510b caused the system to crash. This was due to the system failing to run on CPU0. A patch was created to enable ACPI workqueues to run on CPU0, and this has been tested successfully. BZ#485016
  • Some applications (e.g., dump and nfsd) try to improve disk I/O performance by distributing I/O requests to multiple processes or threads by using the Completely Fair Queuing (CFQ) I/O scheduler. This application design negatively affected I/O performance, causing a large drop in performance under certain workloads on real queuing devices.
    The kernel can now detect and merge cooperating queues. Further, it can also detect if the queues stop cooperating, and split them apart again. I/O performance is no longer negatively affected by using the CFQ scheduler. BZ#427709 BZ#456181 BZ#448130
  • Enable CONFIG_DETECT_HUNG_TASK by default, but disable BOOTPARAM_xx by default
  • Only prompt for network configuration when required. BZ#506898
    Due to an unexpected side effect of a kernel change in Red Hat Enterprise Linux 5.4, the installer will prompt for the network configuration, regardless of whether these parameters appear in the PARM or CONF files.
    This flaw was addressed by removing the annotation of cmdline as __initdata. The installer no longer prompts for network configuration when not required.
1.88.10.1.2. Kernel Platform Enablement
1.88.10.1.2.1. BX-EX/MC Enablement Features
  • [Intel 5.5 FEAT] Make suspend-resume work on systems with lots of logical CPUs (Boxboro-EX). BZ#499271
  • [Intel 5.5 FEAT] Add ability to access Nehalem uncore config space 504330/539675
  • [AMD 5.5 Feat] Support Magny-cours topology 513684/539678
  • Red Hat Enterprise Linux 5.5: Power-aware Scheduler changes to support multiple node processors 513685/539680
  • Fix kernel panic while booting Red Hat Enterprise Linux 5 32-bit kernel on Magny-cours. BZ#522215
  • [Intel 5.5 FEAT] Oprofile: Add support for arch perfmon - kernel component BZ#523479
  • EXPERIMENTAL EX/MC: Xen NUMA broken on Magny-cours system Z. BZ#526051
  • [Intel 5.5 FEAT] Fix spinlock issue which causes performance impact on large systems. BZ#526078
  • EXPERIMENTAL EX/MC: Magny-cours topology fixes. BZ#526315
  • EXPERIMENTAL MC/EX: Issue when bringing CPU offline and online with 32-bit kernel. BZ#526770
  • EXPERIMENTAL MC/EX: Incorrect memory setup can cause Xen crash. BZ#526785
  • Fix AMD erratum - server C1E BZ#519422
  • EXPERIMENTAL EX/MC: AMD IOMMU Linux driver with latest BIOS has IO PAGE FAULTS 531469/539689
  • [Intel 5.5 BUG] NMI and Watchdog are not disabled on CPU when CPU is taken offline. BZ#532514
  • Boxboro-EX: multiple equal directory entries in /proc/acpi/processor BZ#537395
1.88.10.1.2.2. x86-specific Updates
  • Fix AMD Magny-Cours boot inside Xen on pre-5.5 hypervisor. BZ#560013
    A problem was found where Beta 1 of Red Hat Enterprise Linux 5.5 would fail to boot as a Xen guest on AMD Magny-Cours systems using a hypervisor other than the one included in Red Hat Enterprise Linux 5.5.
    This update provides a fix for this issue.
  • Support always running local APIC. BZ#496306
  • kvm: Mark kvmclock_init as cpuinit. BZ#523450
  • Fix stale data in shared_cpu_map cpumasks. BZ#541953
    This update was necessary to avoid possible kernel panic when performing frequent CPU online/offline operations.
1.88.10.1.2.3. x86_64-specific Updates
  • k8: Do not mark early_is_k8_nb as __init. BZ#567275
    This update addresses a problem with CPU hotplugging identified on AMD Magny-Cours machines.
  • Avoid deadlocks during MCE broadcasts. BZ#562866
  • Wire up compat sched_rr_get_interval. BZ#557092
    A problem was found where if a program that calls sched_rr_get_interval() is compiled on x86 and is executed on x86_64, it will destroy the user stack. This problem is solved by calling sys32_sched_rr_get_interval() instead of sys_sched_rr_get_interval() when sched_rr_get_interval() is called.
    This update includes a backport of an upstream patch to correct this problem.
  • Disable vsyscall in kvm guests. BZ#542612
    A problem was found on Red Hat Enterprise Linux 5.4 guests with PV clock enabled, where there is a large difference between the time returned by clock_gettime(CLOCK_REALTIME) and the time returned by gettimeofday(), even if a program executes one call right after the other.
    This update addresses the problem, which was traced to the use of vsyscall in kvm guests.
  • Resolve issue with SCTP messages arriving out of order. BZ#517504
    A problem was found where, under the right conditions, it was possible for packets to become re-ordered prior to the assignment of a Transmission Sequence Number (TSN) value. The conditions which caused this are the fact that multiple interfaces were used in transmission, where each had differing Path Maximum Transmission Unit (pmtu) values.
    This update addresses the problem with the SCTP stack that allowed this reordering to occur.
  • Cap kernel at 1024G on x86_64 systems.
  • Fix kernel crash when 1TB of memory and NUMA is used. BZ#523522
  • kvm: Allow kvmclock to be overwritten. BZ#523447
  • glibc should call pselect() and ppoll() on Itanium kernels. BZ#520867
  • Force Altix drivers to use 64-bit addressing. This update is Altix-specific. BZ#517192
    This update applies to the 64-bit Itanium2 architecture.
  • vsmp: Fix bit-wise operator and compile issue. BZ#515408
  • Fix hugepage memory tracking. BZ#518671
1.88.10.1.2.4. IBM S/390-specific Updates
  • qeth: Set default BLKT settings by OSA hw level. BZ#559621
    A problem was found where new hardware was being configured with values for old hw levels, because BLKT settings were not being set according to different hw levels.
    This update ensures that the BLKT settings are applied after the hw level has been probed.
  • Clear high-order bits after switching to 64-bit mode. BZ#546302
  • Fix single stepping on svc 0. BZ#540527
    A problem was found where if a system call number > 256 is single-stepped or svc 0 is single-stepped then the system call would not be executed. This update provides a solution to this problem.
  • DASD: Support DIAG access for read-only devices. BZ#537859
  • IUCV: Use correct output register in iucv_query_maxconn(). BZ#524251
    A problem was found where the system log contained kernel messages reporting that the IUCV "pathid" was greater than max_connections. This is because the wrong output register was used when querying the maximum number of IUCV connections.
    This update ensures that the correct output register is used, and this problem no longer occurs.
  • cio: Fix set online/offline processing failures. BZ#523323
    A problem was found where the set online or set offline routines failed for a DASD device. Afterwards this device could neither be set online nor offline.
    The set online, set offline, and related rollback and error routines are only processed if the device is in a FINAL or DISCONNECTED state.
  • DASD: Fail requests when device state is less then ready. BZ#523219
    A problem was found where in certain device mapper multipath/PPRC setups a DASD device gets quiesced and then set to the "basic" state to flush its queue and return all already queued requests back to the device mapper. It was possible that a request was queued after the device's state was set to basic, and so that request stayed queued, was not processed, and the device mapper was blocked waiting for it.
    This update ensures that all requests that arrive in such a state are returned as failed.
  • Set preferred IBM S/390 console based on conmode. BZ#520461
    A problem was found where if conmode was set to 3270 to enable the 3270 terminal device driver, kernel console messages were not displayed in the console view. This is because the default preferred console is set to "ttyS". For the 3270 terminal device driver, the preferred console must be set to "tty3270".
    This update introduces a new function to set the preferred console based on the specified conmode.
  • Optimize storage key operations for anonymous pages. BZ#519977
    A problem was found where removal of anonymous mappings resulted in poor performance. This update optimizes the instructions that are used for these operations.
  • CIO: set correct number of internal I/O retries. BZ#519814
    A problem was found where if a device has n paths and that device is not path-grouped, and an internal I/O command fails, then the control unit presents the error sense n times on each different path. Because CIO only performs five retries, devices with five or more paths run out of retries before their functional status can be correctly determined.
    This update increases the number of retries to 10 to prevent this problem from occurring.
  • Add module signing to IBM S/390 kernels. BZ#483665
  • Make CIO_* macros safe if dbfs are not available. BZ#508934
  • qeth: Improve no_checksumming handling for layer3. BZ#503238
  • qeth: Handle VSwitch Port Isolation error codes. BZ#503232
  • Implement AF_IUCV SOCK_SEQPACKET support. BZ#512006
    This update offers AF_IUCV datagram stream-oriented sockets in addition to the existing AF_IUCV byte stream-oriented sockets. SOCK_SEQPACKET provides a sequenced, reliable, two-way connection-based data transmission path for datagrams of fixed maximum length; a consumer is required to read an entire packet with each input system call.
  • Kernel parameters vmhalt, vmpanic, vmpoff and vmreboot are ignored. BZ#518229
    A problem was found where an obsolete function (__setup()) was being called twice. This update removes those function calls, and the affected kernel parameters now behave as expected.
1.88.10.1.2.5. Other Updates
  • [PowerPC] Fix "scheduling while atomic" error in alignment handler. BZ#543637
  • [powerpc] Handle SLB resize during migration. BZ#524112
  • Export additional CPU flags in /proc/cpuinfo BZ#517928
    Previously, /proc/cpuinfo only showed the original set of flags supported from the base kernel release. It did not include new features present in supported CPUs. This update addresses this problem, and applies to both x86 and x86_64 architectures.
  • This feature provides the ability for user level software monitoring the system for disabled cache indices and to explicitly disable them. BZ#517586
    This update applies to 32-bit x86 and 64-bit Intel 64 and AMD64 architectures.
  • Update ALSA HDA, snd-hda-intel driver. BZ#525390
  • Add Hudson-2 sb900 i2c driver. BZ#515125
  • Add fcocee npiv support to ibmvfc driver. BZ#512192
  • Add i3200 edac driver support. BZ#469976
1.88.10.1.3. Virtualization Updates
  • Fix module loading for virtio-balloon module. BZ#564361
  • VT-d: Ignore unknown DMAR entries. BZ#563900
  • kvm: Fix double registering of pvclock on i386. BZ#557095
  • Fix frequency scaling on Intel platforms. BZ#553324
  • Update to enable VF in Dom0. BZ#547980
  • Xen IOMMU fix for AMD M-C platforms with SATA set to IDE combined mode. BZ#544021
    AMD M-C systems, that is, Maranello platforms, have several SATA settings, for example, IDE, SATA AHCI, and SATA IDE combined mode. A problem was found with IOMMU when the SATA drive is in IDE combined mode that could prevent Red Hat Enterprise Linux 5.4 from booting properly when IOMMU is enabled. In some cases the SATA drive was not detected.
    This update implements a global interrupt remapping table, which is shared by all devices and provides better compatibility with certain old BIOSes, and prevents this problem from occurring.
  • Ensure a new xenfb thread is not created on every save/restore. BZ#541325
    A problem was found where an initial two xenfb threads were created for a save/restore operation for a live migration, followed by another two every time the guest was live migrated, or saved and restored.
    This update avoids creating further threads if one already exists.
  • PV guest crash on poweroff. BZ#540811
  • Call trace error when resuming from suspend to disk. BZ#539521
  • Add BL2xx and DL7xx to the list of ProLiant systems in xen/arch/x86/ioport_emulate.c in the Xen variants of Red Hat Enterprise Linux 5. BZ#536677
  • Mask out extended topology CPUID feature. BZ#533292
    On Intel Nehalem (55xx) dom0 hosts, booting Windows 2008 R2 64-bit domU resulted in a hang. This was caused by incomplete emulation of the CPUID instruction in hvm/xvm support.
    Because Xen guests do not need to know about extended topology, this update masks out that topology to prevent this problem from occurring.
  • Fix timedrift on VM with pv_clock enabled. BZ#531268
  • Use upstream kvm_get_tsc_khz() BZ#531025
  • Whitespace updates in Xen scheduler. BZ#529271
  • Xen panic in msi_msg_read_remap_rte with acpi=off. BZ#525467
  • Backport interrupt rate limiting. BZ#524747
  • RHEV: SAP SLCS 2.3 fails during install/import in a RHEV-H/KVM guest with PV KVM clock. BZ#524076
  • Mask out xsave and osxsave to prevent boot hang when installing HVM DomU. BZ#524052
    Attempting to boot a fully virtualized DomU with rawhide's 2.6.31-14.fc12.x86_64 for installation hangs almost immediately. A 32-bit HVM booted and installed successfully on a 32-bit host.
    This update masks out the xsave and osxsave bits to prevent this problem from occurring.
  • Enable display of the ida flag on Xen kernels. BZ#522846
    The ida flag, which indicates the presence of the Turbo Boost feature, was not seen in the cpuflags section of /proc/cpuinfo on Xen kernels. This occurred on both 32-bit and 64-bit Xen kernels.
    This update ensures that this flag is displayed when the Turbo Boost feature is present on Xen kernels.
  • Xen fails to boot on Itanium with > 128GB memory. BZ#521865
    A problem was found where attempting to boot a Xen kernel on Itanium systems with more than 128GB of RAM would result in a Xen panic. This problem was traced to a miscalculation of the Xen heap size.
    This update includes support for the xenheap_megabytes hypervisor option to address this problem. For example, if the installed memory exceeds 64GB, it is suggested to set the option to a value equal to the memory size in gigabytes. For example, on a system with 128GB of memory, the elilo.conf file should include the directive: append="xenheap_megabytes=128 --"
  • Fix SRAT check for discontiguous memory. BZ#519225
    A problem was found where Xen could ignore valid SRAT tables because it expects completely contiguous memory ranges, where the sum of the node memory is approximately equal to the address of the highest memory page. This is an incorrect assumption and prevents NUMA support from being enabled on some systems. This update addresses this assumption and prevents this problem from occurring.
  • Allow booting with broken serial hardware. BZ#518338
  • Fix for array out-of-bounds in blkfront. BZ#517238
  • Enable Xen to build on gcc 4.4. BZ#510686
  • Handle x87 opcodes in TLS segment fixup. BZ#510225
  • Implement fully preemptible page table teardown. BZ#510037
  • Fix timeout with PV guest and physical CDROM. BZ#506899
  • Fix SR-IOV function dependency link problem. BZ#503837
  • F-11 Xen 64-bit domU cannot be started with > 2047MB of memory. BZ#502826
  • x86: Make NMI detection work. BZ#494120
  • netback: call netdev_features_changed. BZ#493092
  • Invalidate dom0 pages before starting guest. BZ#466681
  • AMD IOMMU Xen pass-through support. BZ#531469
  • Add balloon driver for KVM guests. BZ#522629
  • Add AMD node ID MSR support. BZ#530181 BZ#547518
  • Provide pass-through MSI-X mask bit acceleration V3. BZ#537734
  • CD-ROM drive does not recognize new media. BZ#221676
  • kvmclock: fix incorrect wallclock value. BZ#519771
  • KMP for Xen kernel cannot be applied. BZ#521081
    A problem was found when creating KMP that includes the driver that uses the "pci_enable_msi/pci_disable_msi" function for the Xen kernel and applying it, error messages are printed out and KMP cannot be applied. This problem occurred on both i386 and x86_64 architectures.
    This update addresses this problem and these error messages no longer appear.
1.88.10.1.4. Network Device Drivers
  • mlx4: pass attributes down to vlan interfaces BZ#573098
  • r8169: fix assignments in backported net_device_ops BZ#568040
  • virtio_net: refill rx buffer on out-of-memory BZ#554078
  • be2net: critical bugfix from upstream BZ#567718
  • tg3: fix 5717 and 57765 asic revs panic under load BZ#565964
  • bnx2x: use single tx queue BZ#567979
  • igb: fix WoL initialization when disabled in eeprom BZ#564102
  • igb: fix warning in igb_ethtool.c BZ#561076
  • s2io: restore ability to tx/rx vlan traffic BZ#562732
  • ixgbe: stop unmapping DMA buffers too early BZ#568153
  • e1000e: disable NFS filtering capabilites in ICH hw BZ#558809
  • bnx2: update firmware and version to 2.0.8 BZ#561578
  • mlx4: fix broken SRIOV code BZ#567730
  • mlx4: pass eth attributes down to vlan interfaces BZ#557109
  • ixgbe: initial support of ixgbe PF and VF drivers BZ#525577
  • bnx2x: update to 1.52.1-6 firmware BZ#560556
  • ixgbe: prevent speculatively processing descriptors BZ#566309
  • tg3: fix 57765 LED BZ#566016
  • tg3: fix race condition with 57765 devices BZ#565965
  • forcedeth: fix putting system into S4 BZ#513203
  • netfilter: allow changing queue length via netlink BZ#562945
  • e1000e: fix deadlock unloading module on some ICH8 BZ#555818
  • Wireless fixes from 2.6.32.2, 2.6.32.3, 2.6.32.4, & 2.6.32.7 BZ#559711
  • be2net: latest bugfixes from upstream for Red Hat Enterprise Linux 5.5 BZ#561322
  • cxgb3: add memory barriers BZ#561957
  • igb: fix msix_other interrupt masking BZ#552348
  • niu: fix deadlock when using bondin BZ#547943
  • sky2: fix initial link state error BZ#559329
  • iptables: fix routing of REJECT target packets BZ#548079
  • niu: fix the driver to be functional with vlans BZ#538649
  • igb: update driver to support End Point DCA BZ#513712
  • tg3: update to version 3.106 for 57765 asic support BZ#545135
  • bonding: fix alb mode locking regression BZ#533496
  • e1000e: fix broken wol BZ#557974
  • fixup problems with vlans and bonding BZ#526976
  • ixgbe: upstream update to include 82599-KR support BZ#513707
  • be2net: multiple bug fixes BZ#549460
  • virtio_net: fix tx wakeup race condition BZ#524651
  • Add support for send/receive tracepoints. BZ#475457
  • wireless: fix build when using O=objdir BZ#546712
  • update tg3 driver to version 3.100 BZ#515312
  • e1000e: support for 82567V-3 and MTU fixes BZ#513706
  • bonding: add debug module option BZ#546624
  • ipv4: fix possible invalid memory access BZ#541213
  • s2io: update driver to current upstream version BZ#513942
  • wireless: report reasonable bitrate for 802.11n BZ#546281
  • mac80211: report correct signal for non-dBm values BZ#545899
  • wireless: Remove some unnecessary warning messages. mac80211: avoid uninit pointer dereference in ieee80211. BZ#545121
  • wireless: avoid deadlock when enabling rfkill BZ#542593
  • wireless: updates of mac80211 etc from 2.6.32 and wireless support updates from 2.6.32 BZ#456943, BZ#474328, BZ#514661 & BZ#516859
  • bnx2: update to version 2.0.2 BZ#517377
  • cnic: Update driver for Red Hat Enterprise Linux 5.5 BZ#517378
  • bnx2x: Update to 1.52.1-5, add support for bcm8727 phy, add support for bcm8727 phy, add mdio support, add firmware version 5.2.7.0 and update to 1.52.1. BZ#515716 & BZ#522600
  • mdio: Add mdio module from upstream and ethtool. Add more defines for mdio to use. Add the sfc (Solarflare) driver. BZ#448856
  • r8169: update to latest upstream for Red Hat Enterprise Linux 5.5 BZ#540582
  • benet: update driver to latest upstream for Red Hat Enterprise Linux 5.5 BZ#515269
  • e1000e: update and fix WOL issues BZ#513706, BZ#513930, BZ#517593 & BZ#531086
  • e1000: update to latest upstream for Red Hat Enterprise Linux 5.5 BZ#515524
  • mlx4: update to recent version with SRIOV support BZ#503113, BZ#512162, BZ#520674, BZ#527499, BZ#529396 & BZ#534158
  • ipv4: fix an unexpectedly freed skb in tcp BZ#546402
  • bnx2: fix frags index BZ#546326
  • netxen: further p3 updates for Red Hat Enterprise Linux 5.5 BZ#542746
  • netxen: driver updates from 2.6.31 and 2.6.32 BZ#516833
  • igb: update igb driver to support barton hills BZ#513710
  • enic: update to upstream version 1.1.0.100 BZ#519086
  • ipvs: synchronize closing of connections BZ#492942
  • cxgb3: fix port index issue and correct hex/decimal error BZ#516948
  • mlx4_en: add a pci id table BZ#508770
  • resolve issues with vlan creation and filtering BZ#521345
  • gro: fix illegal merging of trailer trash BZ#537876
  • ixgbe: add and enable CONFIG_IXGBE_DCA BZ#514306
  • ixgbe: update to upstream version 2.0.44-k2 BZ#513707, BZ#514306 & BZ#516699
  • call cond_resched in rt_run_flush BZ#517588
  • igb: add support for 82576ns serdes adapter BZ#517063
  • qlge: updates and fixes for Red Hat Enterprise Linux 5.5 BZ#519453
  • igb: fix kexec with igb controller BZ#527424
  • qlge: fix crash with kvm guest device passthrough BZ#507689
  • igb: set vf rlpml must take vlan tag into account BZ#515602
  • fix race in data receive/select BZ#509866
  • augment raw_send_hdrinc to validate ihl in user hdr BZ#500924
  • bonding: introduce primary_reselect option and ab_arp use std active slave select code BZ#471532
  • use netlink notifications to track neighbour states and introduce generic function __neigh_notify BZ#516589
  • sched: fix panic in bnx2_poll_work BZ#526481
  • bnx2i/cnic: update driver version for Red Hat Enterprise Linux 5.5 BZ#516233
  • cxgb3: bug fixes from latest upstream version BZ#510818
  • sunrpc: remove flush_workqueue from xs_connect BZ#495059
  • lvs: adjust sync protocol handling for ipvsadm -2 and for timeout values BZ#524129
  • igb and e100: return PCI_ERS_RESULT_DISCONNECT on failure BZ#514250
  • bnx2: apply BROKEN_STATS workaround to 5706/5708 BZ#527748
  • syncookies: support for TCP options via timestamps and tcp: add IPv6 support to TCP SYN cookies BZ#509062
  • e1000e: return PCI_ERS_RESULT_DISCONNECT on fail BZ#508387
  • e100: add support for 82552 BZ#475610
  • netfilter: honour source routing for LVS-NAT BZ#491010
  • Update r8169 driver to avoid losing MSI interrupts. BZ#514589
  • e1000 and ixgbe: return PCI_ERS_RESULT_DISCONNECT on fail BZ#508388 & BZ#508389
  • ipt_recent: sanity check hit count BZ#523982
  • ipv4: ip_append_data handle NULL routing table BZ#520297
  • fix drop monitor to not panic on null dev BZ#523279
  • ipv6: do not fwd pkts with the unspecified saddr BZ#517899
  • igbvf: recognize failure to set mac address BZ#512469
  • sunrpc client: IF for binding to a local address and set rq_daddr in svc_rqst on socket recv BZ#500653
  • tcp: do not use TSO/GSO when there is urgent data BZ#502572
  • vxge: new driver for Neterion 10Gb Ethernet and Makefile, Kconfig and config additions BZ#453683
  • 8139too: RTNL and flush_scheduled_work deadlock BZ#487346
  • icmp: fix icmp_errors_use_inbound_ifaddr sysctl BZ#502822
  • bonding: allow bond in mode balance-alb to work BZ#487763
  • rtl8139: set mac address on running device BZ#502491
  • tun: allow group ownership of TUN/TAP devices BZ#497955
  • tcp: do not use TSO/GSO when there is urgent data BZ#497032
  • A problem was found where if you set /proc/sys/net/ipv4/route/secret_interval to 0, you could not reset it to another value, and /bin/bash would hang on the echo.
    The timer reschedule path was updated to ensure that the rtnl lock is always released. The /proc/sys/net/ipv4/route/secret_interval can now be set to 0 and successfully reset to another value without causing /bin/bash to hang. BZ#510067
  • sky2: revert some phy power refactoring changes BZ#509891
  • bonding: tlb/alb: set active slave when enslaving BZ#499884
  • tg3: refrain from touching MPS BZ#516123
  • qlge: fix hangs and read performance BZ#517893
  • mlx4_en fix for vlan traffic BZ#514141
  • mlx4_en device multi-function patch BZ#500346
  • mlx4_core: fails to load on large systems BZ#514147
  • add DSCP netfilter target BZ481652#
1.88.10.1.5. Filesystem and Storage Management Updates
1.88.10.1.5.1. NFS-specific Updates
  • Fix a deadlock in the sunrpc code. BZ#548846
  • Ensure dprintk() macro works everywhere. BZ#532701
  • Fix stale nfs_fattr being passed to nfs_readdir_lookup() BZ#531016
  • Update nfs4_do_open_expired() to prevent infinite loops. BZ#526888
    A problem was found with nfs4_do_open_expired() that could lead to the reclaimer thread going into an infinite loop. This bug was triggered when the client received an NFS4ERR_DELAY from the server, and the exception.retry bit was set, enforcing a timeout. This bit was never reset to zero (0) when the server recovered, leading to an infinite loop.
    This update checks for server recovery and resets the exception.retry bit when appropriate, preventing the creation of this infinite loop.
  • nfsnobody == 4294967294 causes idmapd to stop responding BZ#519184
  • statfs on NFS partition always returns 0 BZ#519112
    A problem was found where statfs on NFS partitions always returned a zero (0) value, regardless of success or fail. On fail, statfs should return a negative number.
    This update corrects the problem so that statfs behaves as expected.
  • Read/Write NFS I/O performance was severely degraded by NFS synchronous write RPCs (FILE_SYNC) that occur when an application has a file open O_RDWR and is reading dirty pages. This read() system call triggered a flush of the dirty page to the server, using a 4096-byte synchronous write. The remote filesystem is mounted with an explicit async mount option, and the application does not open the file with O_SYNC or O_DSYNC flags.
  • Mounting with a rsize/wsize of 2048 (less than the 4096 page size) eliminates these synchronous writes, and dramatically improves I/O. BZ#498433
  • knfsd: query fs for v4 getattr of FATTR4_MAXNAME BZ#469689
  • Bring nfs4acl into line with mainline code BZ#479870
  • Add an nfsiod workqueue BZ#489931
  • nfsv4: Distinguish expired from stale stateID BZ#514654
  • Do an exact check of attribute specified BZ#512361
    In case ACLs are not supported in the underlying filesystem, this update enables the NFSv4 server to return NFS4ERR_ATTRNOTSUPP when ACL attributes are specified when creating a file.
  • Fix regression in nfs_open_revalidate BZ#511278
  • Fix cache invalidation problems in nfs_readdir BZ#511170
1.88.10.1.5.2. GFS-specific Updates
  • Fix kernel BUG when using fiemap. BZ#569610
  • Use correct GFP for allocating page on write. BZ#566221
    Allocation of memory during the write system call can trigger memory reclaim. This update ensures that the VM does not call back into the filesystem, resulting in a kernel OOPS. This problem is only seen in times of memory shortage on a node.
  • Filesystem mounted with ecryptfs_xattr option could not be written. BZ#553670
  • Filesystem consistency error in gfs2_ri_update. BZ#553447
  • Update O_APPEND to behave as expected. BZ#544342
    Previously, when using GFS2, if two nodes concurrently updated the same file, each node would overwrite the other node's data, as the file position for such a file was not being updated correctly. This issue only occurred when using open() with the O_APPEND flag, and then issuing a write() without first performing another operation on the inode, such as stat() or read().
  • Fix glock reference count issues. BZ#539240
  • Fix rename locking issue. BZ#538484
  • Enhance statfs and quota usability. BZ#529796
  • Cluster failures due to invalid metadata blocks. BZ#519049
    A problem was found with gfs2 filesystems where clusters would fail as a result of fatal filesystem withdrawal. This update provides a solution to that problem.
  • gfs2_delete_inode failing on RO filesystem. BZ#501359
  • Fix potential race in glock code. BZ#498976
  • GFS2 ">>" will not update ctime and mtime after appending to the file. BZ#496716
  • After gfs2_grow, new size is not seen immediately. BZ#482756
  • Add '-o errors=withdraw|panic' to GFS2 mount option. BZ#518106
  • mount.gfs hangs forever if concurrent umount of different gfs filesystems are performed. BZ#440273
1.88.10.1.5.3. CIFS-specific Updates
  • CIFS filesystem update, including: BZ#562947
    • Fix length calculation for converted Unicode readdir names.
    • Fix dentry hash calculation for case-insensitive mounts.
    • Do not make mountpoints shrinkable.
    • Ensure maximum username length check in session setup matches.
  • NULL out pointers when chasing DFS referrals. BZ#544417
  • Protect GlobalOplock_Q with its own spinlock to prevent crash in small_smb_init. BZ#531005
  • Add new options to disable overriding of ownership. BZ#515252
  • cifs: Enable dfs submounts to handle remote referrals. BZ#513410
  • httpd Sendfile problems reading from a CIFS share. BZ#486092
  • Don't use CIFSGetSrvInodeNumber BZ#529431
  • CIFS filesystem update, including: BZ#500838
    • Fix artificial limit on reading symlinks
    • Copy struct *after* setting port, not before
    • Add addr= mount option alias for ip=
    • Free nativeFileSystem before allocating new one
    • Fix read buffer overflow
    • Fix potential NULL deref in parse_DFS_referrals
    • Fix memory leak in ntlmv2 hash calculation
    • Fix broken mounts when an SSH tunnel is used
    • Avoid invalid kfree in cifs_get_tcp_session
1.88.10.1.5.4. Cluster-specific Updates
  • dlm: Fix connection close handling. BZ#521093
    A problem was found where a cluster would hang after a node rejoins from a simulated network outage. This update addresses the connection close handling problem that was the cause of the issue, and clusters now behave as expected in this situation.
1.88.10.1.5.5. Other Updates
  • Fix randasys crashes x86_64 systems regression. BZ#562857
  • proc: Make errno values consistent when race occurs. BZ#556545
  • Fix performance regression introduced by eventfd support. BZ#548565
    OLTP-type runs regressed by 0.5% due to the additional overhead in the aio_complete() code path.
    This update uses a bit in ki_flags to address this problem.
  • Fix possible inode corruption on unlock. BZ#545612
  • xfs: Fix fallocate error return sign. BZ#544349
    When issuing an fallocate call on xfs which results in insufficient space to complete, XFS returns "28" instead of "ENOSPC" - xfs uses positive errnos internally, and flips them before returning, but in this case it was missed.
    This update ensures the error number is inverted before being returned.
  • Skip inodes without pages to free in drop_pagecache_sb(). BZ#528070
  • Fix soft lockup problem with dcache_lock. BZ#526612
  • ext3: Replace lock_super with explicit resize lock. BZ#525100
    A problem was found where performing an online resize of an ext3 filesystem would fail. This update cross-ports a change developed for ext4 to address a similar problem.
  • Update MPT fusion 3.4.13rh BZ#516710
    The mtp base driver for devices using LSI Fusion MPT firmware has been updated to version 3.4.13rh. This update fixes many issues, most notably:
    • The serial attached SCSI (SAS) topology scan has been restructured, adding expander, link status and host bus adapter (HBA) events.
    • Intermittent issues caused by SAS cable removal and reinsertion have been fixed.
    • An issue where SATA devices received different SAS addresses has been fixed.
    • The device firmware now reports the queue full event to the driver and the driver handles the queue full event using the SCSI mid-layer.
  • Update MPT2SAS to 02.101.00.00 BZ#516702
    The mpt2sas driver that supports the SAS-2 family of adapters from LSI has been updated to version 02.101.00.00. This update fixes many issues, most notably:
    • Sanity checks have been added when volumes are added and removed, ignoring events for foreign volumes.
    • The driver is now legacy I/O port free.
    • An issue that may have resulted in a kernel OOPS at hibernation or resume has been fixed.
  • Fix online resize bug while using resize2fs BZ#515759
  • ENOSPC during fsstress leads to filesystem corruption on ext2, ext3, and ext4 BZ#515529
  • Bring putpubfh handling inline with upstream BZ#515405
  • Address file write performance degradation on ext2 file systems BZ#513136
    When file write performance is measured using the iozone benchmark test, the performance of Red Hat Enterprise Linux 5.4 GA Snapshot1 is about 40% lower than the performance of Red Hat Enterprise Linux 5.3 GA in some cases. File read performance of 5.4 GA Snapshot1 is almost the same as 5.3 GA.
    This problem occured on both i386 and x86_64, however i386 performance degradation seemed to be worse compared to x86_64.
    This update converts ext2 to the new aops.
  • getdents() reports /proc/1/task/1/ as DT_UNKNOWN BZ#509713
  • Do not return invalidated nlm_host BZ#507549
  • Make NR_OPEN tunable BZ#507159
  • Free journal buffers on ext3 and ext4 file systems after releasing private data belonging to a mounted filesystem BZ#506217
  • Prevent Genesis from getting stuck in a loop writing to an unlinked file BZ#505331
  • Fix inode_table test in ext{2,3}_check_descriptors BZ#504797
  • Support origin size < chunk size BZ#502965
  • smbd proccess hangs with flock call BZ#502531
  • inotify: fix race BZ#499019
  • Don't allow setting ctime over v4 BZ#497909
  • AVC denied 0x100000 for a directory with eCryptFS and Apache BZ#489774
  • Don't zero out pages array inside struct dio BZ#488161
  • File truncations when both suid and write permissions are set BZ#486975
  • Fix stripping SUID/SGID flags when chmod/chgrp directory BZ#485099
  • Sanitize invalid partition table entries BZ#481658
  • DIO write returns -EIO on try_to_release_page fail BZ#461100
  • Batch AIO requests BZ#532769
  • Add eventd support. BZ#493101
  • Update ext4 to latest upstream codebase BZ#528054
  • If a non-root setuid binary is run as root, its /proc/<pid>/smaps file cannot be read because the file's permissions only allow access from a task with the original root UID value.
    The /proc/<pid>/smaps file is now created with S_IRUGO permissions (-r--r--r--), which means it can be read even when running a setuid binary. BZ#322881
  • Correctly recognize the logical unit (LU) of Hitachi-made storage. BZ#430631
    The LU of Hitachi-made storage was not correctly recognized in Red Hat Enterprise Linux 5. The LU was correctly recognized using a combination of Red Hat Enterprise Linux 4, Hitachi-made storage, and the Qlogic-made HBA driver. Further, Red Hat Enterprise Linux 5 did recognize an LU that did not exist in the storage. The storage is used with SCSI-2.
    Red Hat Enterprise Linux 5 now issues a SCSI command (REPORT_LUN) when recognizing the logical unit in the SCSI layer. The LU is now correctly recognized when using a combination of Red Hat Enterprise Linux 5, Hitachi storage, and the Qlogic-made HBA driver.
1.88.10.1.6. Storage and Device Driver Updates
1.88.10.1.6.1. PCI Updates
  • AER: Disable advanced error reporting by default. BZ#559978
  • Prevent PCIe AER errors being reported multiple times. BZ#544923
    A problem was found where not all PCIe AER uncorrectable status bits were cleaned up after an uncorrectable/non-fatal or uncorrectable/fatal error was triggered. As a result, subsequent errors would sometimes display a previously reported error.
    This update ensures that errors are only reported once.
  • Add base AER driver support. BZ#517093
    This feature provides the advanced error handling (diagnosis and recovery) for PCI-Express devices by adding AER (Advanced Error Reporting) support.
    PCIe AER provides the finer resolution of error source and error severity, as well as the ability to reset the slot to re-initialize the device.
    This update applies to 32-bit x86 and 64-bit Intel 64 and AMD64 architectures.
  • Enable acs p2p upstream forwarding. BZ#518305
1.88.10.1.6.2. SCSI Updates
  • mpt2sas: Fix missing initialization. BZ#565637
  • Update fnic and libfc to address FIP crash and hang issues. BZ#565594
  • be2iscsi: Fix scsi eh callouts and add support for new chip to be2iscsi driver. BZ#564145
  • device_handler: Add netapp to ALUA device list. BZ#562080
  • qla2xxx: Return FAILED if abort command fails. BZ#559972
  • lpfc: Update driver to 8.2.0.63.3p FC/FCoE. BZ#564506
  • lpfc: Update driver to 8.2.0.63.2p FC/FCoE. BZ#557792
  • lpfc: Update driver to 8.2.0.63.1p FC/FCoE. BZ#555604
  • be2iscsi: Upstream driver refresh for Red Hat Enterprise Linux 5.5. BZ#554545
  • qla2xxx: Correct timeout value calculation for CT pass-through commands. BZ#552327
  • qla2xxx driver updates. BZ#550148
  • Update arcmsr driver to better match upstream. BZ#521203
  • Re-enable "mpt_msi_enable" option. BZ#520820
  • Kernel panics from list corruption when using a tape drive connected through cciss adapter. BZ#520192
  • lpfc: Update version from 8.2.0.52 to 8.2.0.59. BZ#516541 BZ#529244
  • megaraid: Make driver legacy I/O port free. BZ#515863
  • Update Emulex lpfc 8.2.0.x FC/FCoE driver. BZ#515272
  • scsi_transport_fc: fc_user_scan correction to prevent scsi_scan looping forever. BZ#515176
  • Update qla2xxx qla4xx driver. BZ#519447
  • Update for HighPoint RocketRAID hptiop driver. BZ#519076
  • Errata 28 fix on LSI53C1030. BZ#
  • Add kernel (scsi_dh_rdace) support for Sun 6540 storage arrays. BZ#518496
  • Disable state transition from OFFLINE to RUNNING. BZ#516934
    This feature prevents a timeout from occurring on the same device repeatedly by disabling the state transition of the SCSI device from OFFLINE to RUNNING in the unblock function of the SCSI layer.
    This update applies to 32-bit x86, 64-bit Intel 64 and AMD64, and 64-bit Itanium2 architectures.
  • Add be2iscsi driver. BZ#515284
  • Add emc clarion support to scsi_dh modules. BZ#437107
  • scsi_dh_rdac driver update. BZ#524335
  • qla2xxx: Allow use of MSI when MSI-X disabled. BZ#517922
    On Red Hat Enterprise Linux 5 the MSI-X disable option for this driver also disables MSI. This update adds another state to the variable to allow the user to specify either MSI or MSI-X.
1.88.10.1.6.3. Other Updates
1.88.10.1.7. Block Device Updates
  • cfq-iosched: Fix sequential read performance regression. BZ#571818
  • cfq: Kick busy queues without waiting for merged req. BZ#570814
  • raid45: Fix for kernel OOPS resulting from constructor error path. BZ#565494
  • Fix deadlock at suspending mirror device. BZ#555120
  • Fix I/O errors while accessing loop devices or file-based Xen images from GFS volume. BZ#549397
  • Correct issue with MD/DM mapping in blktrace. BZ#515551
  • Fix install panic with xen iSCSI boot device. BZ#512991
  • Allow more flexibility for read_ahead_kb store. BZ#510257
  • Add device ID for 82801JI sata controller. BZ#506200
  • Fix a race in dm-raid1. BZ#502927
  • raid: deal with soft lockups during resync. BZ#501075
  • blktrace stops working after a trace-file-directory replacement. BZ#498489
  • I/O scheduler setting via elevator kernel option is not picked up by Xen guest. BZ#498461
  • Fix rcu accesses in partition statistics code. BZ#493517
  • Fix iosched batching fairness and reset batch for ordered requests. BZ#462472
1.88.10.1.8. Multiple Device Updates
  • Fix kernel panic releasing bio structure after recovery failed. BZ#555171
  • Lock snapshot while reporting status. BZ#543307
    A problem was found where, in the snapshot_status() function, the counts were being read without holding the lock. This could result in invalid intermediate values being reported.
    This update is a backport of a previous patch that locks the snapshot while reporting status.
  • Fix deadlock in device mapper multipath when removing a device. BZ#543270
  • Snapshots of the same origin with differing chunk sizes causes corruption. BZ#210490
    The kernel driver dm-snapshot handles multiple snapshots with different chunk sizes incorrectly. It occasionally dispatches write requests to the origin volume prior to copying the data to all the snapshots. As a consequence, the snapshots are not static and writes to the origin are occasionally reflected to the snapshots. When there are multiple snapshots of the same origin volume with different chunk sizes, and you write to the origin volume, the data in the snapshots may be corrupted.
    This update ensures that the kernel driver always waits until all the chunks in all the snapshots are reallocated before dispatching a write request to the origin device.
  • raid5: Mark cancelled readahead BIOS with -EIO. BZ#512552
1.88.10.1.9. Wireless Infrastructure and Driver Updates
  • iwlwifi: Fix dual-band N-only use on IWL5x00. BZ#566696
  • rt2x00: Fix work cancel race conditions. BZ#562972
  • Update old static regulatory domain rules. BZ#543723
  • Puma Peak wireless support. BZ#516859
    This update contains support for the iwl6000 hardware from Intel. Devices in this hardware line support 802.11a, 802.11b, 802.11g, and 802.11n protocols. This update also includes support for the iwl1000 hardware line. Support for iwl5000, iwl4965, and iwl3945 was also updated.
    In order to support the features of these drivers, the mac80211 and cfg80211 subsystems were updated. Further, all existing mac80211-based drivers were refreshed to match the updated mac80211 subsystem.
  • Support Realtek RTL8187B wireless driver. BZ#514661
  • Update Intel wireless driver (iwlagn) for iwl4965 / iwl5000. BZ#474328
  • Add support for Atheros wireless ATH9k driver. BZ#456943
    The update of the mac80211 enabled support of the ath9k driver. This supports the full line of 802.11n wireless LAN adapters from Atheros.
  • mac80211: fix reported wireless extensions version. BZ#513430
1.88.10.1.10. Memory Management Updates
  • [Xen] mmap() with PROT_WRITE on Red Hat Enterprise Linux 5 was incompatible with Red Hat Enterprise Linux 4. BZ#562761
  • munmap() fails when mm_struct.map_count temporarily reaches max_map_count BZ#552648
    A problem was found where munmap() would fail with an ENOMEM error if:
    • the number of VMAs = VMA limit - 1, and
    • it does not unmap an entire VMA but only part of a VMA.
    This update implements further checks to handle partial unmappings to avoid this problem.
  • Update ioremap to prevent kernel hang when using recent NVIDIA display drivers. BZ#549465
    A problem was found where attempting to run a recent NVIDIA display driver on 32-bit Red Hat Enterprise Linux 5.3 or 5.4 would cause the kernel to hang. This was due to hitting a BUG() call in the __change_page_attr() routine.
    This update provides the necessary changes to address this problem.
  • Prevent hangs during memory reclaim on large systems. BZ#546428
  • Call vfs_check_frozen() after unlocking the spinlock. BZ#541956
  • Display UID as well as PID in OOM killer output. BZ#520419
  • AMD-IOMMU: Support more IOMMU parameters and rework interrupt remapping according to IOMMU spec 1.26. BZ#518474 BZ#526766
  • Add a tracepoint for kernel pagefault events. BZ#517133
    This feature provides a tracepoint to trace kernel pagefault events. The argument should include the IP (instruction pointer) and the faulted virtual address.
    This update applies to 32-bit x86 and 64-bit Intel 64 and AMD64 architectures.
  • Memory mapped files not updating timestamps. BZ#452129
  • Prevent hangs or long pauses when zone_reclaim_mode=1. BZ#507360
1.88.10.1.11. Audit and Security Updates
1.88.10.1.11.1. Audit Updates
  • Fix breakage and leaks in audit_tree.c BZ#549750
    A problem was found where if a user ran auditctl -R audit.rules which unloads and then loads rules that include (for exeample) "-F dir=/var/log/audit" or "-F dir=/lib", it would result in a kernel OOPS.
    This update provides a fix for this issue.
  • Correct the record length of execve. BZ#509134
1.88.10.1.11.2. Cryptography Updates
  • IBM S/390: Permit weak keys unless REQ_WEAK_KEY is set. BZ#504667
1.88.10.1.11.3. SELinux Updates
  • Update audit_update_watch() to prevent system crashes while running usermod. BZ#526819
  • Allow preemption between transition permission checks in order to prevent CPU soft lockup BZ#516216
    A problem was found where the kernel would sometimes go into a soft lockup for 10s at .context_struct_compute_av+0x214/0x39c. This update changes the way transition checks are performed in order to avoid this problem.
1.88.10.1.12. Miscellaneous Updates
  • power_meter: Avoid OOPS on driver load. BZ#566575
  • hvc_iucv: Allocate IUCV send/receive buffers in DMA zone. BZ#566202
  • f71805f: Fix sio_data to platform_device_add_data(). BZ#564399
  • Fix 32-bit Machine Check Exception Handler. BZ#562862
  • Fix APIC and TSC reads for guests. BZ#562006
  • zcrypt: Do not remove coprocessor in case of error 8/72. BZ#561067
  • smsc47m1: Fix data to platform_device_add_data(). BZ#560944
  • it87: Fix sio_data to platform_device_add_data(). BZ#559950
  • w83627hf: Fix data to platform_device_add_data(). BZ#557172
  • Power Now driver: fix crash on AMD family 0x11 processors. BZ#555180
  • EDAC driver fix for non-MMCONFIG systems. BZ#550123
  • khungtaskd not stopped during suspend. BZ#550014
  • Do not evaluate WARN_ON condition twice. BZ#548653
  • Fix NULL pointer panic in acpi_run_os. BZ#547733
  • Implement public pci_ioremap_bar function. BZ#546244
  • Fix PTRACE_KILL hanging in 100% CPU loop. BZ#544138
  • Fix compile warnings in eeh code. BZ#538407
    This update was necessary to address a compile problem in PowerPC introduced by a change in the PCI AER code.
  • [infiniband] Fix bitmask handling from QP control block. BZ#561953
  • [infiniband] Fix issue with sleep in interrupt ehca handler. BZ#561952
  • [infiniband] Rewrite SG handling for RDMA logic. BZ#540686
    After dma-mapping an SG list provided by the SCSI midlayer, iser must ensure the mapped SG is "aligned for RDMA", in the sense that it is possible to produce one mapping in the HCA IOMMU which represents the whole SG. Next, the mapped SG is formatted for registration with the HCA.
    This update provides the necessary rewrites to achieve the above.
  • [infiniband] init neigh->dgid.raw on bonding events. BZ#538067
    This update was necessary to address an issue found where, using IPoIB, connectivity would be lost with a single host but maintained with other hosts.
  • USB driver update. BZ#537433
    This driver update avoids USB 1.1 device failures that may occur due to requests from USB OHCI controllers being overwritten if the latency for any pending request by the USB controller is very long (in the range of milliseconds).
  • Add qcserial module to Red Hat Enterprise Linux 5 kernel. BZ#523888
    This module was added to support the Qualcomm WWAN cards used by some laptops.
  • sysctl: Require CAP_SYS_RAWIO to set mmap_min_addr. BZ#534018
  • Enable msi-x correctly on qlogic 2xxx series. BZ#531593
    This update enables the FC and FCoE drivers to use MSI-X or MSI interrupts when they are available. The ql2xenablemsix can be used to override this:
    0 = enable traditional pin-based interrupt mechanism
    1 = enable MSI-X interrupt mechanism
    2 = enable MSI interrupt mechanism
  • Implement futex priority-based wakeup. BZ#531552
    A problem was found where the threads waiting on the futex_q queue list would acquire the mutex lock in the order they were queued rather than by priority. This update addresses that problem.
  • Make scsi_dh_activate() asynchronous to address the slower LUN failovers with large numbers of LUNs. BZ#537514
  • [scsi] Fix inconsistent usage of max_lun BZ#531488
  • Fix dlm_recv deadlock under memory pressure while processing GFP_KERNEL locks. BZ#530537
  • [scsi] Panic at .ipr_sata_reset after device reset. BZ#528175
  • [scsi] Export scsilun_to_int symbol. BZ#528153
    This symbol is needed by some drivers, and without this update they each tend to use their own copy of the entire function.
  • Ensure pci_dev->is_enabled is set. BZ#527496
    Failure to set this may cause suspend/resume to fail on some devices.
  • Fix a bug in rwsem_is_locked() function. BZ#526092
  • [scsi] cciss: Ignore stale commands after reboot. BZ#525440
  • Fix a mistake in ACPI debug statement that prevents kernel compilation. BZ#524787
  • Fix panic in cpufreq_get on DL785-G6. BZ#523505
    A problem was found in cpufreq_get which sometimes causes a kernel panic on HP DL785-G6 machines running Red Hat Enterprise Linux 5.3 and 5.4.
    This update addresses the problem that was occurring and this kernel panic no longer occurs.
  • [FIPS140-2] Provide option to disable/enable use of the first random block. BZ#523259
  • [FIPS140-2] Do not use the first n-bit block generated after power-up, initialization, or reset. BZ#522860
  • thinkpad_acpi: Disable ecnvram brightness. BZ#522745
    The brightness of the screen needed to be manually set using the "Fn + Home" key combination every time you reboot an IBM T43 laptop, using the Intel Corporation Mobile 915GM/GMS/910GML Express Graphics Controller (rev 03). This problem was traced to the fact that the thinkpad_acpi CMOS NVRAM (7) and EC (5) did not agree on the display brightness level.
    This update addresses this problem and the screen now always starts at the highest brightness setting.
  • pciehp: Fix PCI-E hotplug slot detection. BZ#521731
    A problem was found where the PCI-E hotplug slot was not detected by the pciehp driver on some platforms. The cause of this problem was traced to a bug in the pciehp driver. This update addresses this bug and PCI-E hotplug slots are now detected correctly.
  • Fix NULL pointer dereference in pci_bus_show_cpuaffinity() BZ#519633
    A problem was found where reading /sys/class/pci_bus/0000:ff/cpuaffinity (using cat or a similar function) would cause the kernel to crash and the system to reboot. This update provides a solution to this problem.
  • Fix device detach and hotplug with iommu=pt BZ#516811 BZ#518103
    A problem was found with iommu=pt mode for intel_iommu where if you are using iommu=pt and you assign a device to a KVM guest and then de-assign it,the result is a device which is not usable in the host. It can be re-assigned to other guests again, but not directly used in the host.
    There is also an issue where with iommu=pt any PCI devices that are hot-plugged in the host cannot be used.
    This update provides a solution to the above problems.
  • [firewire] fw-ohci: Fix IOMMU resource exhaustion. BZ#513827
  • Support AMD Magny-Cours power-aware scheduler fix. BZ#513685
  • Fix CPU llc_shared_map information. BZ#513684
  • [cpufreq] Add option to avoid smi while calibrating. BZ#513649
    The CPU frequency (cpu_khz) was infrequently calculated as larger value than the CPU's specification in both Red Hat Enterprise Linux 5.1(x86) and 5.2(x86). This also contributed to the system time being gradually delayed. This update adds an option to avoid this problem.
  • [cpufreq] Don't set policy for offline CPUs. BZ#511211
  • Add CPU hotplug notifiers to support suspend-to-disk and suspend-to-RAM while using KVM. BZ#510814
  • Better FASYNC handling on file close. BZ#510746
  • fd leak if pipe() is called with an invalid address. BZ#509625
  • Kernel panic occurs when adding nosmp option and booting the system. BZ#509581
  • Increase hibernate timeout. BZ#507331
  • Hang on boot due to wrong APIC timer calibration. BZ#503957
  • DASD failfast flag cannot be set on. BZ#503222
  • wacom: add Intuos4 support. BZ#502708
  • st: display current settings of option bits. BZ#501030
  • psmouse: reenable mouse on shutdown. BZ#501025
  • Relocate initramfs to increase vmalloc space. BZ#499253
  • Fix undefined reference to `__udivdi3'. BZ#499063
  • Add Oprofile support for Nehalem-EP processors. BZ#498624
  • Multiple device failure renders dm-raid1 unfixable. BZ#498532
  • Don't oomkill when hugepage alloc fails on node. BZ#498510
  • Prevent tmpfs from going readonly during oom kills. BZ#497257
  • documentation: fix file-nr definition in fs.txt. BZ#497200
  • Conditional flush in flush_all_zero_pkmaps. BZ#484683
  • Fix corrupted intel_rng kernel messages. BZ#477778
  • Use KVM pvclock code to detect/correct lost ticks. BZ#476075
  • Fix mcp55 apic routing. BZ#473404
  • Fix snapshot crash on invalidation. BZ#461506
  • Add pci_domain_nr. BZ#450121
  • hwmon: Update to latest upstream for Red Hat Enterprise Linux 5.5. BZ#467994 BZ#250561 BZ#446061
  • LRO (Large Receive Offload) is a network technology that offloads some of the overhead associated with receiving high-volume traffic from a single host. Though there is a performance benefit to LRO it cannot be used in environments where the host will take the incoming traffic and forward it to another device on the system (internal or external). In such environments, the host will panic when LRO is enabled on an interface and that interface is placed into a bridge on the host.
    A check was placed in an additional portion of the bridge forwarding code and the following message (or similar) will be printed to the console or logs when a device with LRO enabled is placed into a bridge on the host or has routing enabled: "eth0: received packets cannot be forwarded while LRO is enabled". BZ#483646
  • jbd slab cache creation/deletion is racey. BZ#496847
  • In some cases, kernel panics while calling SysRQ-C. The printk warning about long delays was removed, and the kernel no longer hangs when SysRQ-C is called. BZ#497195
  • Fix serial ports on IBM Point-of-Sale hardware. BZ#506799
  • Add support for Intel multi-APIC-cluster systems. BZ#507333
  • A bug was found in ia64_mca_modify_original_stack (arch/ia64/kernel/mca.c) where if INIT was issued while the kernel was in fsys-mode, the register was not saved in the stack. Consequently, the kdump corefile could not be backtraced in IA64. Registers in the stack are now restored on init. BZ#515753
  • Add a tracepoint for the coredump event to the kernel. The new tracepoint provides tracing tools with pointers to the coredump filename string, and to the coredump_params data structure. BZ#517115
  • Add four new signal-related tracepoints to the kernel. These tracepoints provide tracing tools which can deliver significant amounts of data. Refer to the bug report for full details. BZ#517121
  • Add support for Nehalem-EX (Beckton) processors in Oprofile. BZ#521992

1.88.11. RHSA-2010:0610: Important kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each flaw description below.
This update fixes the following security issues:
* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084, Important)
* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)
* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially-crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)
* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)
* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure. (CVE-2010-2226, Moderate)
* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)
* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file. (CVE-2010-2066, Low)
Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.
This update also fixes the following bugs:
* when loading a USB mass storage driver under kernel-debug, a possible circular locking dependency detected warning was triggered. With this update, the warning is no longer displayed and the loading of a USB mass storage driver under kernel-debug works as expected. BZ#607483
* when TPA (Transparent Packet Aggregation) was used with a bnx2x network driver (10 Gb), TCP bandwidth problems occurred, causing transfer rate slowdowns (down to 400 Kb) and network delays. The network traces shown that the reason for the TCP bandwidth problems were TCP delayed ACK mechanisms. This update improves the packet-handling code so that network ACKs are not delayed when using TPA, GRO (Generic Receive Offload), or LRO (Large Receive Offload) with the bnx2x driver, thus leading to increased networking performance. BZ#613900
* a host with a QLogic 8G FC adapter (QLE2562) regularly displayed firmware dump errors in the /var/log/messages directory during IO runs. With this update, the firmware dump errors no longer appear in the /var/log/messages directory. BZ#613688
* in a CNIC driver, occasionally, data structures were freed when the device was down. If at that moment an ISCSI netlink message was received, a crash occurred. With this update, the crash no longer occurs. BZ#615260
* when a hot-swap was conducted, the addition of a Serial Attached SCSI (SAS) disk failed because of a timeout. With this update, the addition of a SAS disk completes without a timeout and no longer fails. BZ#612539
* when no hotpluggable PCIe slots were present on a machine, loading the acpiphp module (using the /sbin/modprobe command) on a Intel Xeon processor 7500 series system caused kernel panic. With these updates, an error message is produced when the aforementioned case occurs and the machine does not panic. BZ#607486
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.88.12. RHSA-2010:0723: Important kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each flaw description below.
This update fixes the following security issues:
* A buffer overflow flaw was found in the ecryptfs_uid_hash() function in the Linux kernel eCryptfs implementation. On systems that have the eCryptfs netlink transport (Red Hat Enterprise Linux 5 does) or where the /dev/ecryptfs file has world writable permissions (which it does not, by default, on Red Hat Enterprise Linux 5), a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. (CVE-2010-2492, Important)
* A miscalculation of the size of the free space of the initial directory entry in a directory leaf block was found in the Linux kernel Global File System 2 (GFS2) implementation. A local, unprivileged user with write access to a GFS2-mounted file system could perform a rename operation on that file system to trigger a NULL pointer dereference, possibly resulting in a denial of service or privilege escalation. (CVE-2010-2798, Important)
* A flaw was found in the Xen hypervisor implementation when running a system that has an Intel CPU without Extended Page Tables (EPT) support. While attempting to dump information about a crashing fully-virtualized guest, the flaw could cause the hypervisor to crash the host as well. A user with permissions to configure a fully-virtualized guest system could use this flaw to crash the host. (CVE-2010-2938, Moderate)
* Information leak flaws were found in the Linux kernel's Traffic Control Unit implementation. A local attacker could use these flaws to cause the kernel to leak kernel memory to user-space, possibly leading to the disclosure of sensitive information. (CVE-2010-2942, Moderate)
* A flaw was found in the Linux kernel's XFS file system implementation. The file handle lookup could return an invalid inode as valid. If an XFS file system was mounted via NFS (Network File System), a local attacker could access stale data or overwrite existing data that reused the inodes. (CVE-2010-2943, Moderate)
* An integer overflow flaw was found in the extent range checking code in the Linux kernel's ext4 file system implementation. A local, unprivileged user with write access to an ext4-mounted file system could trigger this flaw by writing to a file at a very large file offset, resulting in a local denial of service. (CVE-2010-3015, Moderate)
* An information leak flaw was found in the Linux kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low)
Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492; Grant Diffey of CenITex for reporting CVE-2010-2798; Toshiyuki Okajima for reporting CVE-2010-3015; and Marcus Meissner for reporting CVE-2010-1083.
This update also fixes the following bugs:
* Previously, the kernel could panic because system locks and interrupt requests (IRQ) in the ips driver were handled incorrectly. This update replaces the problematic msleep() calls with the MDELAY() macro and handles the locking properly. BZ#620661
* Previously, MSI resulted in PCI bus writes to mask and unmask the MSI IRQ. These unnecessary PCI bus writes could lead to poor performance. This update adds a new kernel boot parameter, msi_nolock, which allows for better simultaneous processing of MSIs. BZ#621940
* Previously, optimization to initialize page tables with ZERO_PAGE for the mmap() or munmap() function on /dev/zero decreased the performance on multiple threads. This update allows the user to switch off the optimization by typing echo 0 > /proc/sys/vm/vm_devzero_optimization at a shell prompt as superuser. BZ#623141
* Previously, starting communication between two systems with bonding devices and adaptive load balancing (ALB) caused endless loop of ARP replies. With this update, and the communication between such systems now works as expected. BZ#623143
* Previously, certain CPU flags were missing in /proc/cpuinfo when running a kernel-xen kernel. This has been fixed, and /proc/cpuinfo now contains all CPU flags as expected. BZ#624365
* Previously, patch for BZ#584658 introduced an issue that commit 5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809 fixed. This update backports this fix. BZ#624369
* Previously, ccw_device_set_options() in dasd_generic_probe() unset the CWDEV_ALLOW_FORCE flag set in dasd_eckd_probe() and the unconditional reserve was not allowed on ECKD dasds. This update sets flags only in discipline specific probe functions. BZ#627194
* Previously, allocating fallback cqr for DASD reserve/release ioctls failed because it used the memory pool of the respective device. This update preallocates sufficient memory for a single reserve/release request. BZ#627195
* This update adds code to detect and recover parity errors from the T3 adapter. BZ#630978
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.