RHSA-2015:1534 Moderate: kernel security and bug fix update

Updated -

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

This update fixes the following bugs:

  • The module notifier chain was moved into complete_formation() function which is called before the module parameters are parsed. If argument parsing failed and complete_formation() called the cleanup path, complete_formation() previously failed to call the MODULE_STATE_GOING notifier call chain thereby not freeing allocated resources. As a consequence, attempting to call the modprobe utility again resulted in load_module() trying to dereference stale memory leading to a kernel panic with the following error message returned:

    ERROR: could not insert 'kvm': Unknown symbol in module, or unknown parameter (see dmesg)

    With this update, the module is deallocated after the memory protection is cleared, and the kernel no longer panics in this situation. (BZ#1238937)

  • Previously, the kernel only supported ip_local_port_range parameters globally, and thus containers could not have their own configuration set. As a consequence, the ip_local_port_range file was not available for use inside a container. This update adds support to configure ip_local_port_range in each network namespace, which grants containers access to the file but also allows to manipulate with it without interfering with the rest of the system. (BZ#1238208)

  • When hot-removing a USB host controller, there was a potential to reference memory after it had been freed, which could lead to a kernel panic. This bug has been fixed by using local variables as temporary storage after the memory is freed, and the panic no longer occurs in the aforementioned situation. (BZ#1223239)

  • Previously on IBM System z, multiple packets belonging to the same Internet Protocol security (IPsec) used the same buffer to generate their Integrity Check Values (ICVs). Consequently, a generated ICV could be overwritten by others, resulting in a corrupt ICV. This update ensures that all packets use their own ICVs, thus fixing this bug. (BZ#1238211)

  • The IPsec IV generator was previously trying to access Deterministic RNG (DRBG) during packet processing, which was not allowed as DRBG could be in sleep mode. As a consequence, a kernel panic occurred. To fix this bug, the IPsec IV generator accesses DRBG during the initialisation of the IV generator, where sleeping is allowed, and the kernel no longer crashes in this situation. (BZ#1238210)

  • Prior to this update, some initiator GTO adapters were taking longer than expected to manage adapter initialization. Consequently, the adapter was reset and a retry initialized. However, if the retry did not work, the adapter initialization failed to proceed. This update increases the default adapter init stage change timeout, and the adapter initialization now proceeds successfully. (BZ#1236139)

  • The TCP_NODELAY socket option was previously not being set on libceph kernel sockets, which led to large I/O latency on the system, especially with SSD based storage. With this update, this option is set by default to match the behavior of userspace Ceph components, reducing I/O latency significantly. (BZ#1231803)

  • Prior to this update it was possible to call the __remove_osd() function twice on the same on-screen display (OSD), which was not compatible with the behavior of the rb_erase() function. As a consequence, depending on the shape of the tree, a NULL dereference, a soft lockup or a random crash could occur as freed memory was touched. This update adds a safe guard around __remove_osd(), and the aforementioned failures no longer occur. (BZ#1236462)

  • On the little-endian variant of IBM Power Systems, the kernel's detection of the device tree was not re-synched with that of the hypervisor after a migration or resume from suspend operation as certain nodes and properties could change due to relocation of Logical Partitioning (LPAR). An upstream patch has been backported to fix this bug, and the kernel's detection of the device tree is now re-synched in the aforementioned scenario. (BZ#1231638)

  • Due to corruption in the of_allnodes list when manipulating the device tree dynamically, when attempting to resume the LPAR from suspended state, LPAR was sometimes resumed successfully and sometimes reset. This update removes the dependency on of_allnodes in the device tree update code by iterating over the child->parent node structure, which fixes this bug. (BZ#1236983)

  • With this update, the little-endian variant of IBM Power Systems fully supports Dynamic DMA Windows (DDW) by providing precise definitions and use of the ddw_query_response() and ddw_create_response() functions. (BZ#1224406)

  • Due to an assertion failure, the kernel previously panicked when mounting an NFSv4 file system using the "-o fsc" mount option under heavy NFS load. The underlying source code has been fixed and the kernel no longer crashes when "-o fsc" is used. (BZ#1231809)

  • An NFS client could previously have more than a single open file lease expired while an NFS server was down, but only one of those leases could be marked properly for recovery. When the NFS server became available again, only one of the open file leases attempted recovery. A branch in the client's state management code has been replaced to fix this bug, and previously skipped file leases are now properly marked for recovery. (BZ#1226328)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.