1.74.4. RHSA-2011:1065: Important Red Hat Enterprise Linux 5.7 kernel security and bug fix update
Important
This update has already been released as the security errata RHSA-2011:1065.
Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)
A flaw allowed the
tc_fill_qdisc()
function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)
A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an
fallocate()
request, it could result in a denial of service. Note: Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)
Bug Fixes:
- BZ#704735
- The
be2iscsi
driver passed a local variable in therequest_irq
function which lead to corruption in/proc/interrupts
. All data in/proc/interrupts
was correct except the device names. This update fixes the incorrect devices names in/proc/interrupts
. - BZ#660871
- Calling the
mptctl_fasync()
function to enable async notification caused thefasync_struct
data structure, which was allocated, to never be freed.fasync_struct
remained on the event list of themptctl
module even after a file was closed and released. After the file was closed,fasync_struct
had an invalid file pointer which was dereferenced when themptctl
module called thekill_fasync()
function to report any events. The use of the invalid file pointer could result in a deadlock on the system because thesend_sigio()
function tried to acquire therwlock
in thef_owner
field of the previously closed file. With this update, a release callback function has been added for the file operations in themptctl
module.fasync_struct
is now properly freed when a file is closed, no longer causing a deadlock. - BZ#665427
- If an error occurred during I/O, the SCSI driver reset the
megaraid_sas
controller to restore it to normal state. However, on Red Hat Enterprise Linux 5, the waiting time to allow a full reset completion for themegaraid_sas
controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset. - BZ#695493
- On a Red Hat Enterprise Linux 5.7 system, it is advisable to update the firmware of the HP ProLiant Generation 6 (G6) controller's firmware to version 5.02 or later. Once the firmware is successfully updates, reboot the system and kdump will work as expected.HP G6 controllers include: P410i, P411, P212, P712, and P812.In addition, kdump may fail when using the HP Smart Array 5i Controller on a Red Hat Enterprise Linux 5.7 system.
- BZ#696153
- Under certain circumstances, a command could have been left unprocessed when using either the
cciss
orhpsa
driver because the HP Smart Array controller considered those commands to be completed when, in fact, they were still waiting in the completion queue. This could have caused the file system to become read-only or panic, and the whole system to become unstable. This update adds an extra read operation to both thecciss
andhpsa
drivers, with the result that commands in the completion queue are properly processed. - BZ#646513
- A call to the
HP_GETHOSTINFO
ioctl (I/O Control) in themptctl
module could result in the MPT (Message Passing Technology) fusion driver being reset due to erroneous detection of completed ioctl commands. With this update, the message context sent to themptctl
module is stored (previously, it was zeroed). When an ioctl command completes, the saved message context is used to recognize the completion of the message, thus resolving the faulty detection. - BZ#664592
- Using the
cciss
driver, when a TUR (Test Unit Ready) was executed, therq->bio
pointer in theblk_rq_bytes
function was of value null, which resulted in a null pointer dereference, and, consequently, kernel panic occurred. With this update, therq->bio
pointer is used only when theblk_fs_request(rq)
condition is true; thus, kernel panic no longer occurs. - BZ#706244
- Using the
megaraid_sas
driver, if a user configured 2 logical disks on a RAID volume whose disks are larger than 2 TB, with the start of the second logical disk after the 2 TB mark, and FastPath was enabled, FastPath read operations to the second logical disk were read from the incorrect location on disk. However, write operations were not affected and were always directed to the correct disk location. With this update, the driver detects ifLBA > 0xffffffff & cdb_len < 16
, then converts thecdb
from the OS to a 16 byte CDB, before firing it as a FastPath I/O, fixing this issue. - BZ#656032
- Due to incorrect ordering of glocks, a deadlock could occur in the code which reclaims unlinked inodes when multiple nodes were trying to deallocate the same unlinked inode. This update resolves the lock ordering issue, and unlinked inodes are now properly deallocated under all circumstances.
- BZ#669527
- The
bnx2i
driver could cause a system crash on IBM POWER7 systems. The driver's page tables were not set up properly on Big Endian machines, causing extended error handling (EEH) errors on PowerPC machines. With this update, the page tables are properly set up, and a system crash no longer occurs in the aforementioned case. - BZ#700203, BZ#673616
- VDSO (Virtual Dynamically-linked Shared Object) kernel variables must be exported in
vextern.h
, otherwise they end up as undefined pointers. When calling the VDSOgettimeofday()
function in Red Hat Enterprise Linux 5, a missing declaration lead to a segmentation fault. With this update, thesysctl_vsyscall
system call is properly exported, and segmentation faults no longer occur. - BZ#660661
- Due to an off-by-one error,
gfs2_grow
failed to take the very lastrgrp
parameter into account when adding up the new free space. With this update, the GFS2 kernel properly counts all the new resource groups and fixes thestatfs
file correctly. - BZ#683155
- GFS2 (Global File System 2) keeps track of the list of resource groups to allow better performance when allocating blocks. Previously, when the user created a large file in GFS2, GFS2 could have run out of allocation space because it was confined to the recently-used resource groups. With this update, GFS2 uses the MRU (Most Recently Used) list instead of the list of the recently-used resource groups. The MRU list allows GFS2 to use all available resource groups and if a large span of blocks is in use, GFS2 uses allocation blocks of another resource group.
- BZ#690555
- Multiple GFS2 nodes attempted to unlink, rename, or manipulate files at the same time, causing various forms of file system corruption, panics, and withdraws. This update adds multiple checks for dinode's
i_nlink
value to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems. - BZ#694669
- Prior to this update, a race in the GFS2 glock state machine could cause nodes to become unresponsive. Specifically, all nodes but one would hang, waiting for a particular glock. All the waiting nodes had the W (Waiting) bit set. The remaining node had the glock in the Exclusive Mode (EX) with no holder records. The race was caused by the Pending Demote bit, which could be set and then immediately reset by another process. With this update, the Pending Demote bit is properly handled, and GFS2 nodes no longer hang.
- BZ#691460
- Certain IBM storage arrays, such as the IBM 1745 and 1746, could have stopped responding or failed to load the device list of the
scsi_dh_rdac
kernel module. This occurred because thescsi_dh_rdac
device list did not contain these storage arrays. With this update, the arrays have been added to the list, and they are now detected and operate as expected. - BZ#665197
- Prior to this update, the following message was displayed when booting a Red Hat Enterprise Linux 5 system on a virtual guest:
WARNING calibrate_APIC_clock: the APIC timer calibration may be wrong.
This was due to theMAX_DIFFERENCE
parameter value (in the APIC calibration loop) of 1000 cycles being too aggressive for virtual guests. APIC (Advanced Programmable Interrupt Controllers) and TSC (Time Stamp Counter) reads normally take longer than 1000 cycles when performed from inside a virtual guest, due to processors being scheduled away from and then back onto the guest. With this update, theMAX_DIFFERENCE
parameter value has been increased to 10,000 for virtual guests. - BZ#675727
- Prior to this update, a segmentation fault occurred when an application called VDSO's
gettimeofday()
function due to erroneous exporting of thewall_to_monotonic
construct. With this update, thewall_to_monotonic
construct is correctly exported, and a crash no longer occurs. - BZ#675793
- A cpu mask that is being waited on after an IPI call was not the same cpu mask that was being passed into the IPI call function. This could result in not up-to-date values being stored in the cache. The loop in the
flush_tlb_others()
function waited for the cpu mask to be cleared, however, that cpu mask could have been incorrect. As a result, the system could become unresponsive. With this update, the cpu mask being waited on is the same cpu mask used in the IPI call function, and the system no longer hangs. - BZ#659594
- A bug was discovered in the bonding driver that occurred when using netpoll and changing, adding or removing slaves from a bond. The misuse of a per-cpu flag in the bonding driver during these operations at the wrong time could lead to the detection of an invalid state in the bonding driver, triggering kernel panic. With this update, the use of the aforementioned per-cpu flag has been corrected and a kernel panic no longer occurs.
- BZ#692921
- The kdump kernel could fail when handling an IPI (Inter-processor interrupt) that was in-flight as the initial kernel crashed. This was due to an IPI-related data structure within kdump's kernel not being properly initialized, resulting in a dereference of an invalid pointer. This update addresses this issue, and the kdump kernel no longer fails upon encountering an in-flight IPI.
- BZ#669961
- For a device that used a Target Portal Group (TPG) ID which occupied the full 2 bytes in the RTPG (Report Target Port Groups) response (with either byte exceeding the maximum value that may be stored in a signed char), the kernel's calculated TPG ID would never match the group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the AAS (Asymmetric Access State) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.
- BZ#673058
- A race could occur when an internal multipath structure (
pgpath
) was freed before it was used to signal the path group initialization was complete (viapg_init_done
). This update includes a number of fixes that address this issue. multipath is now increasingly robust whenmultipathd
restarts are combined with I/O operations to multipath devices and storage failures. - BZ#680561
- The event device (
evdev
) failed to lock data structures when adding or removing input devices. As a result, kernel panic occurred in theevdev_release
function during a system restart. With this update, locking of data structures works as expected, and kernel panic no longer occurs. - BZ#670373
- Prior to this update, kernel panic occurred in the
kfree()
due to a race condition in theacpi_bus_receive_event()
function. Theacpi_bus_receive_event()
function left theacpi_bus_event_list
list attribute unlocked between checking it whether it was empty and calling thekfree()
function on it. With this update, a check was added after the lock has been lifted in order to prevent the race and the calling of thekfree()
function on an empty list. - BZ#677703
- Running a reboot test on an iSCSI root host resulted in kernel panic. When the
iscsi_tcp
module is destroying a connection it grabs thesk_callback_lock
and clears thesk_user_data/conn
pointer to signal that the callback functions should not execute the operation. However, some functions were not grabbing the lock, causing a NULL pointer kernel panic wheniscsi_sw_tcp_conn_restore_callbacks
was called and, consequently, one of the callbacks was called. With this update, the underlying source code has been modified to address this issue, and kernel panic no longer occurs. - BZ#664931
- Prior to this update, a multi-threaded application, which invoked
popen(3)
internally, could cause a thread stall by FILE lock corruption. The application program waited for a FILE lock in glibc, but the lock seemed to be corrupted, which was caused by a race condition in the COW (Copy On Write) logic. With this update, the race condition was corrected and FILE lock corruption no longer occurs. - BZ#667673
- The ext4 file system could end up corrupted after a power failure occurred even when file system barriers and local write cache was enabled. This was due to faulty barrier flag setting in
WRITE_SYNC
requests. With this update, this issue has been fixed, and ext4 file system corruption no longer occurs. - BZ#627496
- When selecting a new window, the
tcp_select_window()
function tried not to shrink the offered window by using the maximum of the remaining offered window size and the newly calculated window size. The newly calculated window size was always a multiple of the window scaling factor, however, the remaining window size was not since it depended onrcv_wup
/rcv_nxt
. As a result, a window was shrunk when it was scaled down. With this update, aligning the remaining window to the window scaling factor assures a window is no longer shrunk. - BZ#695369
- Configuring a network bridge with no STP (Spanning Tree Protocol) and a 0 forwarding delay could result in the flooding of all packets on the link for 20 seconds due to various issues in the source code. With this update, the underlying source code has been modified to address this issue, and a traffic flood on the network bridge no longer occurs.
- BZ#646816
- Prior to this update, the
/proc/diskstats
file showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight value of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the/proc/diskstats
file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected. - BZ#643441
- If an application opened a file with the
O_DIRECT
flag on an NFS client and performed write operations on it of size equal towsize
(size of the blocks of data passed between the client and the server), the NFS client sent two RPCs (Remote Procedure Calls) when only one RPC needed to be send. Write operations of size smaller thanwsize
worked as expected. With this update, write operations of size equal towsize
now work as expected and no longer cause the NFS client to send out unnecessary RPCs. - BZ#653286
- Under certain circumstances, a crash in the kernel could occur due to a race condition in the
lockd_down
function, which did not wait for thelockd
process to come down. With this update, thelockd_down
function has been fixed, and the kernel no longer crashes. - BZ#671595
- Prior to this update, the
be2net
driver failed to work with bonding, causing flapping errors (the interface switches between states up and down) in the active interface. This was due to the fact that thenetdev->trans_start
pointer in thebe_xmit
function was not updated. With this update, the aforementioned pointer has been properly updated and flapping errors no longer occur. - BZ#664705, BZ#664707
- For certain NICs, the
operstate
state (stored in, for example, the/sys/class/net/eth0/operstate
file) was showing the unknown state even though the NIC was working properly. This was due to the fact that at the end of a probe operation, thenetif_carrier_off
was not being called. With this update, thenetif_carrier_off
is properly called after a probe operation, and theoperstate
state now correctly displays the operational state of an NIC. - BZ#506630
- RHEL5.7 has introduced the new multicast snooping feature for virt bridge. The feature is disabled by default in order to not break any existing configurations. To enable the feature, please set the tunnable parameter below to
1
:/sys/class/net/breth0/bridge/multicast_snooping
Please also note that with multicast snooping enabled, it may caused a regression with some switches where it causes a break in the multicast forwarding for some peers. - BZ#661110
- Outgoing packets were not fragmented after receiving the
icmpv6 pkt-too-big
message when using the IPSecv6 tunnel mode. This was due to the lack of IPv6 fragmentation support over an IPsec tunnel. With this update, IPv6 fragmentation is fully supported and works as expected when using the IPSecv6 tunnel mode. - BZ#667234
- The fix introduced with BZ#560013 added a check for detection of the
northbridge
device into theamd_fixup_dcm()
function to make Red Hat Enterprise Linux 5 guests boot on a 5.4.z Xen hypervisor. However, the added check caused a kernel panic due to missing multi-node CPU topology detection on AMD CPU family 0x15 systems. To preserve backwards compatibility, the check has not been removed but is triggered only on AMD Family 15h systems (code-named "Magny-Cours"). AMD family 0x15 systems do not require the aforementioned check because they are not supported as 5.4 Xen Hypervisor hosts. For Xen Hypervisor 5.5, this issue has been fixed, which makes the check obsolete. - BZ#675258
- Booting a Red Hat Enterprise Linux 5.4 or later kernel failed (the system became unresponsive) due to the zeroing out of extra bytes of memory of the reset vector. The reset vector is comprised of two 16-bit registers (high and low). Instead of zeroing out 32-bits, the kernel was zeroing out 64-bits. On some machines this overwritten memory was used during the boot process, resulting in a hang. With this update, the long data type has been changed to the unsigned 32-bit data type; thus, resolving the issue. The Red Hat Enterprise Linux 5.4 and later kernel now boot as expected on the machines affected by this bug.
- BZ#678074
- Setting the capture levels on the Line-In capture channel when using an ARX USB I/O sound card for recording and playback did not work properly. The set values were not persistent. With this update, the capture values are now cached in the
usb-audio
driver leaving the set capture levels unchanged. - BZ#688926
- This update fixes a bug in the way isochronous input data was returned to user space for usbfs (USB File System) transfers, resolving various audio issues.
- BZ#645431
- The Red Hat Enterprise Linux kernel can now be tainted with a tech preview status. If a kernel module causes the tainted status, then running the command
cat /proc/modules
will display a(T)
next to any module that is tainting the kernel.For more information about Technology Previews, refer to:Important: Running a kernel with the tainted flag set may limit the amount of support that Red Hat can provide for the system. - BZ#525898
- Previously, paravirtualized Xen guests allocated all low memory (all memory for 64-bit) to
ZONE_DMA
, rather than usingZONE_DMA32
andZONE_NORMAL
. The guest kernels now use all three zones the same way natively running kernels do. - BZ#651512
- While bringing down an interface, the
e1000
driver failed to properly handle IRQs (Interrupt Requests), resulting in the reception of the following messages:irq NN: nobody cared...
With this update, the driver's down flag is set later in the process of bringing down an interface, specifically, after all timers have exited, preventing the IRQ handler from being called and exiting early without handling the IRQ. - BZ#651837
- By default, libsas defines a wideport based on the attached SAS address, rather than the specification compliant “strict” definition of also considering the local SAS address. In Red Hat Enterprise Linux 5.7, only the default “loose” definition is available. The implication is that if an OEM configures an SCU controller to advertise different SAS addresses per PHY, but hooks up a wide target or an expander to those PHYs, libsas will only create one port. The expectation, in the “strict” case, is that this would result in a single controller multipath configuration.It is not possible to use a single controller multipath without the
strict_wide_port
functionality. Multi-controller multipath should behave as a expected.A x8 multipath configuration through a single expander can still be obtained under the following conditions:- Start with an SCU SKU that exposes (2) x4 controllers (total of 8 PHYs)
- Assign
sas_address1
to all the PHYs oncontroller1
- Assign
sas_address2
to all the PHYs oncontroller2
- Hook up the expander across all 8 PHYs
- Configure multipath across the two controller instances
It is critical forcontroller1
to have a distinct address fromcontroller2
, otherwise the expander will be unable to correctly route connection requests to the proper initiator. - BZ#673242
- Previously, on VMware, the time ran too fast on virtual machines with more than 4GHz TSC (Time Step Counter) processor frequency if they were using PIT/TSC based timekeeping. This was due to a calculation bug in the
get_hypervisor_cycles_per_sec
function. This update fixes the calculation, and timekeeping works correctly for such virtual machines. - BZ#661478
- A formerly introduced patch that provided extended PCI config space access on AMD systems caused the
lpfc
driver to fail when it tried to initialize hardware. On kernel-xen, Hypervisor trapped the aforementioned accesses and truncated them, causing thelpfc
driver to fail to initialize hardware. Note that this issue was only observed when using thelpfc
driver with the following parameters:Vendor_ID=0x10df
,Device_ID=0xf0e5
. With this update, the part of the patch related to kernel-xen that was causing the failures was removed and thelpfc
driver now works as expected. - BZ#698879
- Hot removing a PCIe device and, consequently, hot plugging it again caused kernel panic. This was due to a PCI resource for the SR-IOV Virtual Function (vf) not being released after the hot removing, causing the memory area in the
pci_dev
struct to be used by another process. With this update, when a PCIe device is removed from a system, all resources are properly released; kernel panic no longer occurs. - BZ#672368, BZ#695490
- In a four node cluster environment, a deadlock could occur on machines in the cluster when the nodes accessed a GFS2 file system. This resulted in memory fragmentation which caused the number of network packet fragments in requests to exceed the network hardware limit. The network hardware firmware dropped the network packets exceeding this limit. With this update, the network packet fragmentation was reduced to the limit of the network hardware, no longer causing problems during memory fragmentation.
- BZ#674298
- Prior to this update, if a CT/ELS pass-through command timed out, the QLogic 8Gb Fibre Channel adapter created a firmware dump. With this update, firmware dumps are no longer created when CT/ELS pass-through requests time out as a firmware dump is not necessary in this case.
- BZ#695357
- Setting a DASD (Direct Access Storage Device) device offline while another process is trying to open that device caused a race in the
dasd_open
function. Thedasd_open
function tried to read a pointer from the private_data field after the structure has already been freed, resulting in a dereference of an invalid pointer. With this update, the aforementioned pointer is now stored in a different structure; thus, preventing the race condition. - BZ#666080
- Deleting a file on a GFS2 file system caused the inode, which the deleted file previously occupied, to not be freed. Specifically, this only occurred when a file was deleted on a particular node while other nodes in the cluster were caching that same inode. The mechanism for ensuring that inodes are correctly deallocated when the final close occurs was dependent on a previously corrected bug (BZ#504188 ). In order to ensure that iopen glocks are not cached beyond the lifetime of the inode, and thus prevent deallocation by another inode in the cluster, this update marks the iopen glock as not to be cached during the inode disposal process.
- BZ#610093
- In some cases the NFS server fails to notify NFSv4 clients about renames and unlinks done by non-NFS users of the server. An application on a client may then be able to open the file at its old location (read old cached data from it and perform read locks on it), long after the file no longer exists at that location on the server. To work around this issue, use NFSv3 instead of NFSv4. Alternatively, turn off support for leases by writing the value
0
to the/proc/sys/fs/leases-enable
file (ideally on boot, before the NFS server is started). This change prevents NFSv4 delegations from being given out, restoring correctness at the expense of some performance. - BZ#662102
- Booting Red Hat Enterprise Linux 5 with the
crashkernel=X
parameter enabled for the kdump kernel does not always succeed. This is because the kernel may not be able to find a suitable memory range for thecrashkernel
due to the fragmentation of the physical memory. Similarly, if a user specifies the starting address of the reserved memory, the specified memory range may be occupied by other parts of the kernel (in this case, theinitrd
, i.e. initial ramdisk). This update adds two debugging kernel parameters (bootmem_debug
andignore_loglevel
) which allow to diagnose what causes thecrashkernel
to not be assigned enough memory. - BZ#698873
- In Red Hat Enterprise Linux 5.7 netconsole was enabled to work with software network bridges. This disables previous workaround used by RHEV Manager Agent (VDSM) to use ethernet network interface directly.Customers wishing to continue using netconsole logging on the RHEL 5.7 nodes registered with RHEV Manager, should modify the
/etc/sysconfig/netconsole
file and change the line where theDEV
variable is set to:DEV=rhevm
and restart thenetconsole
service with:# service netconsole restart
- BZ#669909
- Prior to this update, a rhev-agent could not be started due to missing a
/dev/virtio-ports/
directory. This was due to the fact that theudev
utility does not parse theKOBJ_CHANGE
event. With this update, theKOBJ_ADD
event is invoked instead so that symlinks in/dev/virtio-ports
are created when a port name is obtained. - BZ#673459
- Using a virtio serial port from an application, filling it until the write command returns
-EAGAIN
and then executing a select command for the write command caused the select command to not return any values, when using the virtio serial port in a non-blocking mode. When used in a blocking mode, the write command waited until the host indicated it used up the buffers. This was due to the fact that the poll operation waited for theport->waitqueue
pointer, however, nothing woke thewaitqueue
when there was room again in the queue. With this update, the queue is woken via host notifications so that buffers consumed by the host can be reclaimed, the queue freed, and the application write operations may proceed again. - BZ#653236
- Prior to this update, a FW/SW semaphore collision could lead to an link establishment failure on an SFP+ (Small Form-factor Pluggable) transceiver module. With this update, the underlying source code has been modified to address this issue, and SFP+ modules work as expected.
- BZ#680531
- Enabling the Header Splitting mode on all Intel 82599 10 Gigabit Ethernet hardware could lead to unpredictable behavior. With this update, the Header Splitting mode is never enabled on the aforementioned hardware. Additionally, this update fixes VM pool allocation issues based on MAC address filtering, and limits the scope of VF access to promiscuous mode.
- BZ#657166
- Using an XFS file system, when an I/O error occurred during an intermediate commit on a rolling translation, the
xfs_trans_commit()
function freed the structure of the transaction and the related ticket. However, the duplicate transaction, which is used when the transaction continues, still contained a pointer to the freed ticket. Therefore, when the second transaction was canceled, the ticked was freed for the second time, causing kernel panic. This update adds reference counting to the ticket to avoid multiple freeing of a ticket when a commit error occurs. - BZ#616125
- A spurious
BUG_ON()
call caused themodule_refcount
variable to not be always accurate outside of the atomic state within thestop_machine
function, observed mainly under heavy network load. This update removed theBUG_ON()
call, fixing this issue. - BZ#695197
- A previously introduced patch added support for displaying the temperature of application-specific integrated circuits (ASIC). However, a missing increment of the
work_counter
variable in thebe_worker
function caused thebe_cmd_get_die_temperature
function to be called every 1 second (instead of the 32 seconds it should be), and thebe_cmd_get_die_temperature
function to be called even when it was not supported. This update fixes this issue. - BZ#695168
- Prior to this update, the
stat.st_blksize
parameter was always set toPAGE_CACHE_SIZE
, causing performance issues. With this update, the underlying source code has been modified to address this issue, and Red Hat Enterprise Linux 5 systems no longer suffer from performance issues caused by the aforementioned parameter. - BZ#710584
- Broken scatterlist handling during command construction caused SMP commands to fail, resulting in the SCU driver not detecting drives behind expanders. This update fixes the SCU driver to detect drives placed behind expanders.
- BZ#658012
- Kernel panic occurred when a non-maskable interrupt was issued during a forced shutdown of the XFS file system. This was due to a spinlock occurring in various functions. With this update, the spinlocks have been removed, and kernel panic no longer occurs. Additionally, the
CONFIG_XFS_DEBUG
option is disabled by default on kernel-debug. - BZ#663123
- Prior to this update, the
/proc/partitions
file was not being updated after LUNs were created using the hpacucli utility (which adds, deletes, identifies, and repairs logical and physical disks). This issue has been fixed via the update of the CCISS driver to version 3.6.26-5, as noted in BZ#635143. - BZ#704963
- When the
ibmvscsi
driver reset its CRQ and attempted to re-register the CRQ, it received an H_CLOSED response, indicating that the Virtual I/O Server is not yet ready to receive commands. As a result, theibmvscsi
driver caused the VSCSI adapter to go offline and fail to recover. This update re-enables interrupts so that when the Virtual I/O Server is ready and sends the CRQ initialization request, it is properly received and processed. - BZ#710477
- This update ensures that all remote ports are deleted when a Virtual I/O Server fails in a dual Virtual I/O Server multipath configuration, so that a path failover works as expected and the
ibmvfc
driver no longer becomes unresponsive. For a single path configuration, the remote ports go into a devloss state. - BZ#717742
- Installation of HVM guests failed on AMD hosts. This update provides a number of patches which resolve this issue, and HVM guests can be installed on AMD hosts as expected.
- BZ#710498
- Using iSCSI offload resulted in EEH (Enhanced Error Handling) errors caused by missing programming of the page sizes on systems which do not use the 4K PAGE_SIZE. With this update, the underlying source code has been modified to address this issue, and EEH errors no longer occur when using iSCSI offload.
- BZ#700546
- File system corruption could occur on a file system with the qla2xxx driver due to missing block I/O back/front segment size setting. This update adds the block I/O back/front segment size setting, resolving this issue.
Enhancements:
- BZ#696182, BZ#696182, BZ#707299
- The
tg3
network driver has been updated to support the Broadcom 5720 Network Interface Controller. Additionally, thetg3
network driver includes a number of fixes to support the Broadcom 5719 Network Interface Controller. - BZ#684842
- The
mpt2sas
driver now allows customer specific display support. - BZ#689047
- Support for DMI OEM flags to set
pci=bfsort
has been added. - BZ#651429
- The
ipr
driver now supports the SAS VRAID capability on the new CRoC-based SAS adapters on IBM POWER7 systems. - BZ#684361
- The AHCI driver has been updated to support for SATA RAID on future Intel chipsets.
- BZ#570366
- The
ixgbe
driver now provides support for PCIe AER (Advanced Error Reporting).
These updated kernel packages also upgrade a number of kernel device drivers. A list of these updated drivers can be found in the Red Hat Enterprise Linux 5.7 Release Notes.
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.