1.74.4. RHSA-2011:1065: Important Red Hat Enterprise Linux 5.7 kernel security and bug fix update


This update has already been released as the security errata RHSA-2011:1065.
Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links after each description below.
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)
A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)
A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note: Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)

Bug Fixes:

The be2iscsi driver passed a local variable in the request_irq function which lead to corruption in /proc/interrupts. All data in /proc/interrupts was correct except the device names. This update fixes the incorrect devices names in /proc/interrupts.
Calling the mptctl_fasync() function to enable async notification caused the fasync_struct data structure, which was allocated, to never be freed. fasync_struct remained on the event list of the mptctl module even after a file was closed and released. After the file was closed, fasync_struct had an invalid file pointer which was dereferenced when the mptctl module called the kill_fasync() function to report any events. The use of the invalid file pointer could result in a deadlock on the system because the send_sigio() function tried to acquire the rwlock in the f_owner field of the previously closed file. With this update, a release callback function has been added for the file operations in the mptctl module. fasync_struct is now properly freed when a file is closed, no longer causing a deadlock.
If an error occurred during I/O, the SCSI driver reset the megaraid_sas controller to restore it to normal state. However, on Red Hat Enterprise Linux 5, the waiting time to allow a full reset completion for the megaraid_sas controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset.
On a Red Hat Enterprise Linux 5.7 system, it is advisable to update the firmware of the HP ProLiant Generation 6 (G6) controller's firmware to version 5.02 or later. Once the firmware is successfully updates, reboot the system and kdump will work as expected.
HP G6 controllers include: P410i, P411, P212, P712, and P812.
In addition, kdump may fail when using the HP Smart Array 5i Controller on a Red Hat Enterprise Linux 5.7 system.
Under certain circumstances, a command could have been left unprocessed when using either the cciss or hpsa driver because the HP Smart Array controller considered those commands to be completed when, in fact, they were still waiting in the completion queue. This could have caused the file system to become read-only or panic, and the whole system to become unstable. This update adds an extra read operation to both the cciss and hpsa drivers, with the result that commands in the completion queue are properly processed.
A call to the HP_GETHOSTINFO ioctl (I/O Control) in the mptctl module could result in the MPT (Message Passing Technology) fusion driver being reset due to erroneous detection of completed ioctl commands. With this update, the message context sent to the mptctl module is stored (previously, it was zeroed). When an ioctl command completes, the saved message context is used to recognize the completion of the message, thus resolving the faulty detection.
Using the cciss driver, when a TUR (Test Unit Ready) was executed, the rq->bio pointer in the blk_rq_bytes function was of value null, which resulted in a null pointer dereference, and, consequently, kernel panic occurred. With this update, the rq->bio pointer is used only when the blk_fs_request(rq) condition is true; thus, kernel panic no longer occurs.
Using the megaraid_sas driver, if a user configured 2 logical disks on a RAID volume whose disks are larger than 2 TB, with the start of the second logical disk after the 2 TB mark, and FastPath was enabled, FastPath read operations to the second logical disk were read from the incorrect location on disk. However, write operations were not affected and were always directed to the correct disk location. With this update, the driver detects if LBA > 0xffffffff & cdb_len < 16, then converts the cdb from the OS to a 16 byte CDB, before firing it as a FastPath I/O, fixing this issue.
Due to incorrect ordering of glocks, a deadlock could occur in the code which reclaims unlinked inodes when multiple nodes were trying to deallocate the same unlinked inode. This update resolves the lock ordering issue, and unlinked inodes are now properly deallocated under all circumstances.
The bnx2i driver could cause a system crash on IBM POWER7 systems. The driver's page tables were not set up properly on Big Endian machines, causing extended error handling (EEH) errors on PowerPC machines. With this update, the page tables are properly set up, and a system crash no longer occurs in the aforementioned case.
BZ#700203, BZ#673616
VDSO (Virtual Dynamically-linked Shared Object) kernel variables must be exported in vextern.h, otherwise they end up as undefined pointers. When calling the VDSO gettimeofday() function in Red Hat Enterprise Linux 5, a missing declaration lead to a segmentation fault. With this update, the sysctl_vsyscall system call is properly exported, and segmentation faults no longer occur.
Due to an off-by-one error, gfs2_grow failed to take the very last rgrp parameter into account when adding up the new free space. With this update, the GFS2 kernel properly counts all the new resource groups and fixes the statfs file correctly.
GFS2 (Global File System 2) keeps track of the list of resource groups to allow better performance when allocating blocks. Previously, when the user created a large file in GFS2, GFS2 could have run out of allocation space because it was confined to the recently-used resource groups. With this update, GFS2 uses the MRU (Most Recently Used) list instead of the list of the recently-used resource groups. The MRU list allows GFS2 to use all available resource groups and if a large span of blocks is in use, GFS2 uses allocation blocks of another resource group.
Multiple GFS2 nodes attempted to unlink, rename, or manipulate files at the same time, causing various forms of file system corruption, panics, and withdraws. This update adds multiple checks for dinode's i_nlink value to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems.
Prior to this update, a race in the GFS2 glock state machine could cause nodes to become unresponsive. Specifically, all nodes but one would hang, waiting for a particular glock. All the waiting nodes had the W (Waiting) bit set. The remaining node had the glock in the Exclusive Mode (EX) with no holder records. The race was caused by the Pending Demote bit, which could be set and then immediately reset by another process. With this update, the Pending Demote bit is properly handled, and GFS2 nodes no longer hang.
Certain IBM storage arrays, such as the IBM 1745 and 1746, could have stopped responding or failed to load the device list of the scsi_dh_rdac kernel module. This occurred because the scsi_dh_rdac device list did not contain these storage arrays. With this update, the arrays have been added to the list, and they are now detected and operate as expected.
Prior to this update, the following message was displayed when booting a Red Hat Enterprise Linux 5 system on a virtual guest:
WARNING calibrate_APIC_clock: the APIC timer calibration may be wrong.
This was due to the MAX_DIFFERENCE parameter value (in the APIC calibration loop) of 1000 cycles being too aggressive for virtual guests. APIC (Advanced Programmable Interrupt Controllers) and TSC (Time Stamp Counter) reads normally take longer than 1000 cycles when performed from inside a virtual guest, due to processors being scheduled away from and then back onto the guest. With this update, the MAX_DIFFERENCE parameter value has been increased to 10,000 for virtual guests.
Prior to this update, a segmentation fault occurred when an application called VDSO's gettimeofday() function due to erroneous exporting of the wall_to_monotonic construct. With this update, the wall_to_monotonic construct is correctly exported, and a crash no longer occurs.
A cpu mask that is being waited on after an IPI call was not the same cpu mask that was being passed into the IPI call function. This could result in not up-to-date values being stored in the cache. The loop in the flush_tlb_others() function waited for the cpu mask to be cleared, however, that cpu mask could have been incorrect. As a result, the system could become unresponsive. With this update, the cpu mask being waited on is the same cpu mask used in the IPI call function, and the system no longer hangs.
A bug was discovered in the bonding driver that occurred when using netpoll and changing, adding or removing slaves from a bond. The misuse of a per-cpu flag in the bonding driver during these operations at the wrong time could lead to the detection of an invalid state in the bonding driver, triggering kernel panic. With this update, the use of the aforementioned per-cpu flag has been corrected and a kernel panic no longer occurs.
The kdump kernel could fail when handling an IPI (Inter-processor interrupt) that was in-flight as the initial kernel crashed. This was due to an IPI-related data structure within kdump's kernel not being properly initialized, resulting in a dereference of an invalid pointer. This update addresses this issue, and the kdump kernel no longer fails upon encountering an in-flight IPI.
For a device that used a Target Portal Group (TPG) ID which occupied the full 2 bytes in the RTPG (Report Target Port Groups) response (with either byte exceeding the maximum value that may be stored in a signed char), the kernel's calculated TPG ID would never match the group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the AAS (Asymmetric Access State) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.
A race could occur when an internal multipath structure (pgpath) was freed before it was used to signal the path group initialization was complete (via pg_init_done). This update includes a number of fixes that address this issue. multipath is now increasingly robust when multipathd restarts are combined with I/O operations to multipath devices and storage failures.
The event device (evdev) failed to lock data structures when adding or removing input devices. As a result, kernel panic occurred in the evdev_release function during a system restart. With this update, locking of data structures works as expected, and kernel panic no longer occurs.
Prior to this update, kernel panic occurred in the kfree() due to a race condition in the acpi_bus_receive_event() function. The acpi_bus_receive_event() function left the acpi_bus_event_list list attribute unlocked between checking it whether it was empty and calling the kfree() function on it. With this update, a check was added after the lock has been lifted in order to prevent the race and the calling of the kfree() function on an empty list.
Running a reboot test on an iSCSI root host resulted in kernel panic. When the iscsi_tcp module is destroying a connection it grabs the sk_callback_lock and clears the sk_user_data/conn pointer to signal that the callback functions should not execute the operation. However, some functions were not grabbing the lock, causing a NULL pointer kernel panic when iscsi_sw_tcp_conn_restore_callbacks was called and, consequently, one of the callbacks was called. With this update, the underlying source code has been modified to address this issue, and kernel panic no longer occurs.
Prior to this update, a multi-threaded application, which invoked popen(3) internally, could cause a thread stall by FILE lock corruption. The application program waited for a FILE lock in glibc, but the lock seemed to be corrupted, which was caused by a race condition in the COW (Copy On Write) logic. With this update, the race condition was corrected and FILE lock corruption no longer occurs.
The ext4 file system could end up corrupted after a power failure occurred even when file system barriers and local write cache was enabled. This was due to faulty barrier flag setting in WRITE_SYNC requests. With this update, this issue has been fixed, and ext4 file system corruption no longer occurs.
When selecting a new window, the tcp_select_window() function tried not to shrink the offered window by using the maximum of the remaining offered window size and the newly calculated window size. The newly calculated window size was always a multiple of the window scaling factor, however, the remaining window size was not since it depended on rcv_wup/rcv_nxt. As a result, a window was shrunk when it was scaled down. With this update, aligning the remaining window to the window scaling factor assures a window is no longer shrunk.
Configuring a network bridge with no STP (Spanning Tree Protocol) and a 0 forwarding delay could result in the flooding of all packets on the link for 20 seconds due to various issues in the source code. With this update, the underlying source code has been modified to address this issue, and a traffic flood on the network bridge no longer occurs.
Prior to this update, the /proc/diskstats file showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight value of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the /proc/diskstats file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected.
If an application opened a file with the O_DIRECT flag on an NFS client and performed write operations on it of size equal to wsize (size of the blocks of data passed between the client and the server), the NFS client sent two RPCs (Remote Procedure Calls) when only one RPC needed to be send. Write operations of size smaller than wsize worked as expected. With this update, write operations of size equal to wsize now work as expected and no longer cause the NFS client to send out unnecessary RPCs.
Under certain circumstances, a crash in the kernel could occur due to a race condition in the lockd_down function, which did not wait for the lockd process to come down. With this update, the lockd_down function has been fixed, and the kernel no longer crashes.
Prior to this update, the be2net driver failed to work with bonding, causing flapping errors (the interface switches between states up and down) in the active interface. This was due to the fact that the netdev->trans_start pointer in the be_xmit function was not updated. With this update, the aforementioned pointer has been properly updated and flapping errors no longer occur.
BZ#664705, BZ#664707
For certain NICs, the operstate state (stored in, for example, the /sys/class/net/eth0/operstate file) was showing the unknown state even though the NIC was working properly. This was due to the fact that at the end of a probe operation, the netif_carrier_off was not being called. With this update, the netif_carrier_off is properly called after a probe operation, and the operstate state now correctly displays the operational state of an NIC.
RHEL5.7 has introduced the new multicast snooping feature for virt bridge. The feature is disabled by default in order to not break any existing configurations. To enable the feature, please set the tunnable parameter below to 1:
Please also note that with multicast snooping enabled, it may caused a regression with some switches where it causes a break in the multicast forwarding for some peers.
Outgoing packets were not fragmented after receiving the icmpv6 pkt-too-big message when using the IPSecv6 tunnel mode. This was due to the lack of IPv6 fragmentation support over an IPsec tunnel. With this update, IPv6 fragmentation is fully supported and works as expected when using the IPSecv6 tunnel mode.
The fix introduced with BZ#560013 added a check for detection of the northbridge device into the amd_fixup_dcm() function to make Red Hat Enterprise Linux 5 guests boot on a 5.4.z Xen hypervisor. However, the added check caused a kernel panic due to missing multi-node CPU topology detection on AMD CPU family 0x15 systems. To preserve backwards compatibility, the check has not been removed but is triggered only on AMD Family 15h systems (code-named "Magny-Cours"). AMD family 0x15 systems do not require the aforementioned check because they are not supported as 5.4 Xen Hypervisor hosts. For Xen Hypervisor 5.5, this issue has been fixed, which makes the check obsolete.
Booting a Red Hat Enterprise Linux 5.4 or later kernel failed (the system became unresponsive) due to the zeroing out of extra bytes of memory of the reset vector. The reset vector is comprised of two 16-bit registers (high and low). Instead of zeroing out 32-bits, the kernel was zeroing out 64-bits. On some machines this overwritten memory was used during the boot process, resulting in a hang. With this update, the long data type has been changed to the unsigned 32-bit data type; thus, resolving the issue. The Red Hat Enterprise Linux 5.4 and later kernel now boot as expected on the machines affected by this bug.
Setting the capture levels on the Line-In capture channel when using an ARX USB I/O sound card for recording and playback did not work properly. The set values were not persistent. With this update, the capture values are now cached in the usb-audio driver leaving the set capture levels unchanged.
This update fixes a bug in the way isochronous input data was returned to user space for usbfs (USB File System) transfers, resolving various audio issues.
The Red Hat Enterprise Linux kernel can now be tainted with a tech preview status. If a kernel module causes the tainted status, then running the command cat /proc/modules will display a (T) next to any module that is tainting the kernel.
For more information about Technology Previews, refer to:
Important: Running a kernel with the tainted flag set may limit the amount of support that Red Hat can provide for the system.
Previously, paravirtualized Xen guests allocated all low memory (all memory for 64-bit) to ZONE_DMA, rather than using ZONE_DMA32 and ZONE_NORMAL. The guest kernels now use all three zones the same way natively running kernels do.
While bringing down an interface, the e1000 driver failed to properly handle IRQs (Interrupt Requests), resulting in the reception of the following messages:
irq NN: nobody cared...
With this update, the driver's down flag is set later in the process of bringing down an interface, specifically, after all timers have exited, preventing the IRQ handler from being called and exiting early without handling the IRQ.
By default, libsas defines a wideport based on the attached SAS address, rather than the specification compliant strict definition of also considering the local SAS address. In Red Hat Enterprise Linux 5.7, only the default loose definition is available. The implication is that if an OEM configures an SCU controller to advertise different SAS addresses per PHY, but hooks up a wide target or an expander to those PHYs, libsas will only create one port. The expectation, in the strict case, is that this would result in a single controller multipath configuration.
It is not possible to use a single controller multipath without the strict_wide_port functionality. Multi-controller multipath should behave as a expected.
A x8 multipath configuration through a single expander can still be obtained under the following conditions:
  1. Start with an SCU SKU that exposes (2) x4 controllers (total of 8 PHYs)
  2. Assign sas_address1 to all the PHYs on controller1
  3. Assign sas_address2 to all the PHYs on controller2
  4. Hook up the expander across all 8 PHYs
  5. Configure multipath across the two controller instances
It is critical for controller1 to have a distinct address from controller2, otherwise the expander will be unable to correctly route connection requests to the proper initiator.
Previously, on VMware, the time ran too fast on virtual machines with more than 4GHz TSC (Time Step Counter) processor frequency if they were using PIT/TSC based timekeeping. This was due to a calculation bug in the get_hypervisor_cycles_per_sec function. This update fixes the calculation, and timekeeping works correctly for such virtual machines.
A formerly introduced patch that provided extended PCI config space access on AMD systems caused the lpfc driver to fail when it tried to initialize hardware. On kernel-xen, Hypervisor trapped the aforementioned accesses and truncated them, causing the lpfc driver to fail to initialize hardware. Note that this issue was only observed when using the lpfc driver with the following parameters: Vendor_ID=0x10df, Device_ID=0xf0e5. With this update, the part of the patch related to kernel-xen that was causing the failures was removed and the lpfc driver now works as expected.
Hot removing a PCIe device and, consequently, hot plugging it again caused kernel panic. This was due to a PCI resource for the SR-IOV Virtual Function (vf) not being released after the hot removing, causing the memory area in the pci_dev struct to be used by another process. With this update, when a PCIe device is removed from a system, all resources are properly released; kernel panic no longer occurs.
BZ#672368, BZ#695490
In a four node cluster environment, a deadlock could occur on machines in the cluster when the nodes accessed a GFS2 file system. This resulted in memory fragmentation which caused the number of network packet fragments in requests to exceed the network hardware limit. The network hardware firmware dropped the network packets exceeding this limit. With this update, the network packet fragmentation was reduced to the limit of the network hardware, no longer causing problems during memory fragmentation.
Prior to this update, if a CT/ELS pass-through command timed out, the QLogic 8Gb Fibre Channel adapter created a firmware dump. With this update, firmware dumps are no longer created when CT/ELS pass-through requests time out as a firmware dump is not necessary in this case.
Setting a DASD (Direct Access Storage Device) device offline while another process is trying to open that device caused a race in the dasd_open function. The dasd_open function tried to read a pointer from the private_data field after the structure has already been freed, resulting in a dereference of an invalid pointer. With this update, the aforementioned pointer is now stored in a different structure; thus, preventing the race condition.
Deleting a file on a GFS2 file system caused the inode, which the deleted file previously occupied, to not be freed. Specifically, this only occurred when a file was deleted on a particular node while other nodes in the cluster were caching that same inode. The mechanism for ensuring that inodes are correctly deallocated when the final close occurs was dependent on a previously corrected bug (BZ#504188 ). In order to ensure that iopen glocks are not cached beyond the lifetime of the inode, and thus prevent deallocation by another inode in the cluster, this update marks the iopen glock as not to be cached during the inode disposal process.
In some cases the NFS server fails to notify NFSv4 clients about renames and unlinks done by non-NFS users of the server. An application on a client may then be able to open the file at its old location (read old cached data from it and perform read locks on it), long after the file no longer exists at that location on the server. To work around this issue, use NFSv3 instead of NFSv4. Alternatively, turn off support for leases by writing the value 0 to the /proc/sys/fs/leases-enable file (ideally on boot, before the NFS server is started). This change prevents NFSv4 delegations from being given out, restoring correctness at the expense of some performance.
Booting Red Hat Enterprise Linux 5 with the crashkernel=X parameter enabled for the kdump kernel does not always succeed. This is because the kernel may not be able to find a suitable memory range for the crashkernel due to the fragmentation of the physical memory. Similarly, if a user specifies the starting address of the reserved memory, the specified memory range may be occupied by other parts of the kernel (in this case, the initrd, i.e. initial ramdisk). This update adds two debugging kernel parameters (bootmem_debug and ignore_loglevel) which allow to diagnose what causes the crashkernel to not be assigned enough memory.
In Red Hat Enterprise Linux 5.7 netconsole was enabled to work with software network bridges. This disables previous workaround used by RHEV Manager Agent (VDSM) to use ethernet network interface directly.
Customers wishing to continue using netconsole logging on the RHEL 5.7 nodes registered with RHEV Manager, should modify the /etc/sysconfig/netconsole file and change the line where the DEV variable is set to:
and restart the netconsole service with:
# service netconsole restart
Prior to this update, a rhev-agent could not be started due to missing a /dev/virtio-ports/ directory. This was due to the fact that the udev utility does not parse the KOBJ_CHANGE event. With this update, the KOBJ_ADD event is invoked instead so that symlinks in /dev/virtio-ports are created when a port name is obtained.
Using a virtio serial port from an application, filling it until the write command returns -EAGAIN and then executing a select command for the write command caused the select command to not return any values, when using the virtio serial port in a non-blocking mode. When used in a blocking mode, the write command waited until the host indicated it used up the buffers. This was due to the fact that the poll operation waited for the port->waitqueue pointer, however, nothing woke the waitqueue when there was room again in the queue. With this update, the queue is woken via host notifications so that buffers consumed by the host can be reclaimed, the queue freed, and the application write operations may proceed again.
Prior to this update, a FW/SW semaphore collision could lead to an link establishment failure on an SFP+ (Small Form-factor Pluggable) transceiver module. With this update, the underlying source code has been modified to address this issue, and SFP+ modules work as expected.
Enabling the Header Splitting mode on all Intel 82599 10 Gigabit Ethernet hardware could lead to unpredictable behavior. With this update, the Header Splitting mode is never enabled on the aforementioned hardware. Additionally, this update fixes VM pool allocation issues based on MAC address filtering, and limits the scope of VF access to promiscuous mode.
Using an XFS file system, when an I/O error occurred during an intermediate commit on a rolling translation, the xfs_trans_commit() function freed the structure of the transaction and the related ticket. However, the duplicate transaction, which is used when the transaction continues, still contained a pointer to the freed ticket. Therefore, when the second transaction was canceled, the ticked was freed for the second time, causing kernel panic. This update adds reference counting to the ticket to avoid multiple freeing of a ticket when a commit error occurs.
A spurious BUG_ON() call caused the module_refcount variable to not be always accurate outside of the atomic state within the stop_machine function, observed mainly under heavy network load. This update removed the BUG_ON() call, fixing this issue.
A previously introduced patch added support for displaying the temperature of application-specific integrated circuits (ASIC). However, a missing increment of the work_counter variable in the be_worker function caused the be_cmd_get_die_temperature function to be called every 1 second (instead of the 32 seconds it should be), and the be_cmd_get_die_temperature function to be called even when it was not supported. This update fixes this issue.
Prior to this update, the stat.st_blksize parameter was always set to PAGE_CACHE_SIZE, causing performance issues. With this update, the underlying source code has been modified to address this issue, and Red Hat Enterprise Linux 5 systems no longer suffer from performance issues caused by the aforementioned parameter.
Broken scatterlist handling during command construction caused SMP commands to fail, resulting in the SCU driver not detecting drives behind expanders. This update fixes the SCU driver to detect drives placed behind expanders.
Kernel panic occurred when a non-maskable interrupt was issued during a forced shutdown of the XFS file system. This was due to a spinlock occurring in various functions. With this update, the spinlocks have been removed, and kernel panic no longer occurs. Additionally, the CONFIG_XFS_DEBUG option is disabled by default on kernel-debug.
Prior to this update, the /proc/partitions file was not being updated after LUNs were created using the hpacucli utility (which adds, deletes, identifies, and repairs logical and physical disks). This issue has been fixed via the update of the CCISS driver to version 3.6.26-5, as noted in BZ#635143.
When the ibmvscsi driver reset its CRQ and attempted to re-register the CRQ, it received an H_CLOSED response, indicating that the Virtual I/O Server is not yet ready to receive commands. As a result, the ibmvscsi driver caused the VSCSI adapter to go offline and fail to recover. This update re-enables interrupts so that when the Virtual I/O Server is ready and sends the CRQ initialization request, it is properly received and processed.
This update ensures that all remote ports are deleted when a Virtual I/O Server fails in a dual Virtual I/O Server multipath configuration, so that a path failover works as expected and the ibmvfc driver no longer becomes unresponsive. For a single path configuration, the remote ports go into a devloss state.
Installation of HVM guests failed on AMD hosts. This update provides a number of patches which resolve this issue, and HVM guests can be installed on AMD hosts as expected.
Using iSCSI offload resulted in EEH (Enhanced Error Handling) errors caused by missing programming of the page sizes on systems which do not use the 4K PAGE_SIZE. With this update, the underlying source code has been modified to address this issue, and EEH errors no longer occur when using iSCSI offload.
File system corruption could occur on a file system with the qla2xxx driver due to missing block I/O back/front segment size setting. This update adds the block I/O back/front segment size setting, resolving this issue.


BZ#696182, BZ#696182, BZ#707299
The tg3 network driver has been updated to support the Broadcom 5720 Network Interface Controller. Additionally, the tg3 network driver includes a number of fixes to support the Broadcom 5719 Network Interface Controller.
The mpt2sas driver now allows customer specific display support.
Support for DMI OEM flags to set pci=bfsort has been added.
The ipr driver now supports the SAS VRAID capability on the new CRoC-based SAS adapters on IBM POWER7 systems.
The AHCI driver has been updated to support for SATA RAID on future Intel chipsets.
The ixgbe driver now provides support for PCIe AER (Advanced Error Reporting).
These updated kernel packages also upgrade a number of kernel device drivers. A list of these updated drivers can be found in the Red Hat Enterprise Linux 5.7 Release Notes.
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.