RHSA-2015:2411 Important: kernel-rt bug security, bug fix and enhancement update

Updated -

Red Hat Product Security has rated this update as having Important security impact. For information on the security issues included in this erratum, see RHSA-2015-2411.

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The Real-Time (RT) kernel is the Red Hat Enterprise Linux kernel with the PREEMPT_RT changes applied, which makes the kernel into a platform for running real-time applications. These applications have critical timing constraints that are either periodic or deadline-oriented.

The kernel-rt packages have been upgraded to version 3.10.0-326.rt56.204 for Red Hat Enterprise Linux Realtime (v. 7), which provides a number of bug fixes and enhancements. (BZ#1201915, BZ#1211724)

This update fixes the following bugs:

  • An optimization on the XFS file system code led to a system lockup on the Realtime (RT) kernel when a task locked all the counters and was then preempted by a Realtime task, causing all callers of that lock to block indefinitely. This update disables the XFS optimization on the RT kernel and removes it from the XFS file system code, and lockups no longer occur. (BZ#1223089)

  • Due to non-standard usage of write_seqcount_{begin,end}() functions in the NFSv4 file system, the Realtime code tried to sleep while locks were held. The source code has been modified to use versions of "write_seqcount_" functions that do not hold any locks, which allows correct execution. (BZ#1230365)

  • The __netdev_alloc_frag() function uses the local_irq_save() call to disable interrupts while executing memory allocation. However, the RT kernel replaces spin_locks by rt_mutexes, which triggers a BUG: warning while running __netdev_alloc_frag(). This update replaces local_irq_save() by local_lock_irqsave(), which does not disable interrupts on the real time path. (BZ#1245026)

  • With the nohz boot option (NO_HZ) enabled, Realtime applications could observe an increase in their observed latencies. This update makes sure NO_HZ is disabled by default, which eliminates the aforementioned negative impact on system latency. In addition, the system administrator is allowed to enable NO_HZ if the benefits overweigh the latency impact. If the nohz_full option is added
    to the boot command line, NO_HZ will be enabled allowing this option to function as expected. (BZ#1206356, BZ#1276071)

  • Previously, the ixgbe driver executed polling in NAPI mode, using a locking mechanism similar to a "trylock". Consequently, when running on a RT kernel, a livelock could occur. This update modifies the locking mechanism so that once the lock is taken it is not released until the operation is complete. (BZ#1209610)

  • Previously, the perf hrtimer handler was not set as irq-safe. Consequently, the perf tool was run from the softirq thread with interrupts enabled, which caused backtraces. With this update, the hrtimer code runs the handler from IRQ context, which is what perf expects. (BZ#1196232)

  • Previously, the megasas driver used the smp_processor_id() function in preemptible context, which caused warning messages to be printed. The function has been changed to raw_smp_processor_id() so that a lock is held while getting the processor id, allowing correct execution. (BZ#xxx) (BZ#1227571)

  • Due to a rearrangement in the sched_can_stop_tick() code, sched_can_stop_tick() performed a few operations before verifying whether the task was of SCHED_FIFO policy. With this update, the function first verifies whether the task runs with the policy and only then performs the operation. (BZ#1209991)

  • Due to the way RPM creates hash information for the debuginfo files, a collision could occur, such as a collision between a set of debuginfo files from different versions of kernel and kernel-rt packages or when trying to install two different versions of kernel-rt debuginfo files. This update makes sure the debuginfo file hashes are unique by introducing versioned identifiers. Now, multiple kernel-rt debuginfo packages can be installed at once. (BZ#1209952)

Users of kernel-rt are advised to upgrade to these updated packages. The system must be rebooted for this update to take effect.