此内容没有您所选择的语言版本。

Chapter 59. Kernel


Security patches addressing Spectre and Meltdown issues can cause performance loss

Security patches to address issues reported in CVE-2017-5754, CVE-2017-5715, and CVE-2017-5753 have been implemented. For more information on the issues, including their impact, detection and resolution, see the Red Hat Knowledgebase article at https://access.redhat.com/security/vulnerabilities/speculativeexecution. The patches are enabled by default but they can cause a performance degradation.
Users can control the impact by using Red Hat Enterprise Linux Tunables. The debugfs tunables can be enabled or disabled on the kernel command line at boot, or at runtime using debugfs controls. The tunables control Page Table Isolation (PTI), Indirect Branch Restricted Speculation (IBRS), and Indirect Branch Prediction Barriers (IBPB). Red Hat enables each of the features by default as needed to protect the architecture detected at boot. However, the IBPB support cannot be directly disabled. You need to disable both IBRS and retpolines to indirectly disable IBPB.
Customers who feel confident that their systems are well protected by other means and wish to disable the CVE mitigations to avoid such a performance loss, should use one of the following options:
1. Add the following flags to the kernel command line, and then reboot the kernel for the changes to take effect:
spectre_v2=off nopti
2. Run the following commands to disable the patches at runtime. The change is immediately active and does not require a reboot.
# echo 0 > /sys/kernel/debug/x86/pti_enabled
# echo 0 > /sys/kernel/debug/x86/retp_enabled
# echo 0 > /sys/kernel/debug/x86/ibrs_enabled
For more information on controlling the performance impact of the CVE mitigations, refer to the Red Hat Knowledgebase article available at https://access.redhat.com/articles/3311301.

The KSC does not support the xz compression

The Kernel module Source Checker (the ksc tool) is unable to process the xz compression method, reporting the error:
File format not recognized (Only kernel object files are supported)
To work around the problem, manually uncompress any third party modules using the xz compression before running the ksc tool. (BZ#1441455)

The update of megaraid_sas can lead to a performance decrease

The megaraid_sas driver has been updated to version 06.811.02.00-rh1, which brings a number of performance improvements over the previous version. However, in some cases, with configurations based on Solid-state Drives (SSD) a performance decrease has been observed. To work around this problem, set the corresponding queue_depth parameter in the /sys/ directory to a higher value up to 256, which brings the performance back to its original level. (BZ#1367444)

qedi fails to bind to the iSCSI PCIe function if qede is loaded

The qede driver, which is the ethernet driver for the QL41xxx network adapters, allocates more MSI-X vectors than needed. Consequently, the qedi driver fails to bind to the iSCSI PCIe function exposed by the hardware. To work around this problem, unload both the qede and qedi drivers, and then load only qedi. As a result, qedi is able to probe the iSCSI function exposed through the hardware and find any attached iSCSI targets. (BZ#1484047)

radeon causes a kernel panic

On some systems equipped with the radeon kernel driver as the secondary or primary GPU, the system occasionally fails to start due to a bug in the amdgpu graphics driver.
As a workaround, blacklist the radeon kernel driver. (BZ#1486100)

Kdump kernel fails to boot after a CPU hot add or hot remove operation

When running Red Hat Enterprise Linux 7 on the little-endian variant of IBM Power Systems with Kdump enabled, the Kdump crashkernel will fail to boot if triggered by kexec after a CPU hot add or hot remove operation. To work around this problem, restart the kdump service after hot adding or hot removing a CPU:
# systemctl restart kdump.service
(BZ#1549355)
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.