5. Kernel-Related Updates

This change fixes forward time drift which has been observed with 64-bit Red Hat Enterprise Linux 4 virtual machines using PM timer based kernel tick accounting while running on KVM or HYPER-V hypervisor.

Virtual machines that are booted with the "divider=x" kernel parameter set to a value greater than 1 and that show the following line of text in the kernel boot messages are prone to the problem:

time.c: Using PM based timekeeping

However, this change also uncovered a bug in the Xen hypervisor, possibly causing backward time drift when this change is applied. If such time drift is observed with fully-virtualized Xen guests satisfying the aforementioned conditions, the kernel parameter pmtimer_fine_grained=0 can be used as a temporary workaround until the hypervisor is updated.

Red Hat Enterprise Linux 4 kernel 2.6.9-67 does not enable barriers if it detects WCE (Write Cache Enabled) as being disabled. However, the PERC 6/i controller on Dell 2950 hardware improperly reports WCE as being disabled while still maintaining a write cache. This could have caused file system corruption in the event of a power outage due to data being maintained in the controller cache even though the kernel was told that data was being written through to disk.

The solution to this issue provides proper software ordering, with the result that proper data integrity is achieved with devices that have no write caching (or for which write caching is disabled), and no command queuing. If command queuing or write caching is enabled, there is no guarantee of data integrity following a crash.

Input entered on a PS/2 keyboard connected to certain Primergy servers, such as the Primergy TX120S1, was not registered. With this update, the PS/2 port is reset after loading PS/2 AUX, with the result that PS/2 keyboards work as expected.

The Red Hat Enterprise Linux 4.8 kernel update contained a fix that had the side effect of causing the igb (Intel Gigabit Ethernet) driver to truncate some received packets when the Maximum Transmission Unit (MTU) was set to 2100 bytes or higher. The workaround for the issue was to set the network device's MTU to less than 2100. This update fixes this flaw in the igb driver so that frames 2100 bytes or larger can once again be used.

In some circumstances, write operations to a particular TTY device opened by more than one user (eg, one opened it as /dev/console and the other opened it as /dev/ttyS0) were blocked. If one user opened the TTY terminal without setting the O_NONBLOCK flag, this user's write operations were suspended if the output buffer was full or if a STOP (Ctrl-S) signal was sent. As well, because the O_NONBLOCK flag was not respected, write operations for user terminals opened with the O_NONBLOCK flag set were also blocked. This update re-implements TTY locks, ensuring O_NONBLOCK works as expected, even if a STOP signal is sent from another terminal.

A regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems.

Note: The card worked in the 2nd or 3rd PCI-E slot.

A race condition caused TX to stop in a guest using the virtio_net driver.

A bug could have prevented NFSv3 clients from having the most up-to-date file attributes for files on a given NFSv3 file system. In cases where a file type changed, such as if a file was removed and replaced with a directory of the same name, the NFSv3 client may not have noticed this change until stat(2) was called (for example, by running ls -l:).

With multipath enabled, systems would occasionally halt when the do_cciss_request function was used. This was caused by wrongly-generated requests. Additional checks have been added to avoid the aforementioned issue.

Erroneous pointer checks could have caused a kernel panic. This was due to a critical value not being copied when a network buffer was duplicated and consumed by multiple portions of the kernel's network stack. Fixing the copy operation resolved this bug.

In some situations a bug prevented "force online" succeeding for a DASD device.

Previously, allocating fallback cqr for DASD reserve/release IOCTLs failed because it used the memory pool of the respective device. This update preallocates sufficient memory for a single reserve/release request.

A bug in the mptctl_do_mpt_command() function in the mpt driver may have resulted in crashes during boot on i386 systems with certain adapters using the mpt driver, and also running the hugemem kernel.

On certain hardware, the igb driver was unable to detect link statuses correctly. This may have caused problems for network bonding, such as failover not occurring.

A fix in the Red Hat Security Advisory RHSA-2009:1024 introduced a regression which caused the diskdump command to fail on systems with certain adapters using the qla2xxx driver. With this update, diskdump now works as expected.

A fix in the Red Hat Security Advisory RHSA-2009:1024 introduced a regression. After updating to Red Hat Enterprise Linux 4.8 and rebooting, network links often failed to be brought up for interfaces using the forcedeth driver. Additionally, no link during initialization messages may have been logged.

If a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running strace -f on a multi-threaded process that was dumping its core, resulting in the strace command hanging.

Using the bnx2 driver under heavy NFS usage could have caused the kernel to panic; this was traced back to the poll_freewait() function. The following message was received prior to the kernel panic:

RPC: Invalid TCP record fragment length

This update resolves this issue by updating the 5706/5708 firmware, eliminating TSO header modifications, and fixing jumbo frame error handling, with the result that the bnx2 driver no longer has to modify TCP/IP header fields when transmitting TCP Segmentation Offload (TSO) packets.

In some circumstances, when a Red Hat Enterprise Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic. bad_inode_ops handling was changed to prevent this.

Note: filehandle-to-inode mapping changes may still cause errors, but not panics.

Under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected.

On 32-bit architectures, if a file was held open and frequently written for more than 25 days, it was possible that the kernel would stop flushing those writes to storage.

Attaching a certain USB device could have caused a kernel crash due to a divide-by-zero error.

A bug in the timer_interrupt() function may have caused the system time to move up to two days or more into the future, or to be delayed for several minutes. This bug only affected Intel 64 and AMD64 systems that have the High Precision Event Timer (HPET) enabled in the BIOS, and could have caused problems for applications that require timing to be accurate.

Due to insufficient memory barriers in the network code, a process sleeping in the select() function may have missed notifications about new data. In rare cases, this bug may have caused a process to sleep forever.

The tcp_ack() function cleared the probes_out variable even if there were outstanding packets. When low TCP keepalive intervals were used, this bug may have caused problems, such as connections terminating, when using remote tools such as rsh and rlogin.

Using netdump may have caused a kernel deadlock on some systems.

The driver version number in the ata_piix driver was not changed between Red Hat Enterprise Linux 4.7 and Red Hat Enterprise Linux 4.8, even though changes had been made between these releases. This could have prevented the driver from loading on systems that check driver versions, as this driver appeared older than it was. This update increases the driver version number.

An error in the MPT Fusion driver makefile caused CSMI ioctls to not work with Serial Attached SCSI devices.

Off-by-one errors in the time normalization code could have caused the clock_gettime() function to return one billion nanoseconds, rather than adding an extra second. This bug could have caused the name service cache daemon (nscd) to consume excessive CPU resources.

Time-outs resulted in I/O errors being logged to /var/log/messages when running mt erase on tape drives using certain LSI MegaRAID SAS adapters, preventing the command from completing. The megaraid_sas driver's timeout value is now set to the OS layer value.

A bug in the SCSI implementation caused Aborted Command - internal target failure errors to be sent to Device-Mapper Multipath, without retries, resulting in Device-Mapper Multipath marking the path as failed and making a path group switch. With this update, all errors that return a sense key in the SCSI mid layer (including Aborted Command - internal target failure) are retried.

The Emulex LPFC driver has been updated to version 8.0.16.47, which fixes a memory leak that caused memory allocation failures and system hangs.

On 64-bit PowerPC systems, a rollover bug in the ibmveth driver could have caused a kernel panic. In a reported case, this panic occurred on a system with a large uptime and under heavy network load.

The data buffer that the ethtool_get_strings() function allocated, for the igb driver, was smaller than the amount of data that was copied in igb_get_strings(), because of a miscalculation in IGB_QUEUE_STATS_LEN, resulting in memory corruption. This bug could have led to a kernel panic.

The Emulex LPFC driver has been upgraded to an updated upstream version, which fixes a memory leak that caused memory allocation failures and system hangs.

A locking issue caused the qla2xxx ioctl module to hang after encountering errors. This locking issue has been corrected. This ioctl module is used by the QLogic SAN management tools, such as SANsurfer and scli.

It was found that the lpfc_find_target() function could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue.

A bug was found in the way the megaraid_sas driver handled physical disks and management IOCTLs. All physical disks were exported to the disk layer, allowing an oops in the megasas_complete_cmd_dpc() function when completing the IOCTL command if a timeout occurred.