1.74.10. RHSA-2011:1386: Important: kernel security, bug fix, and enhancement update
- A previously applied patch to help clean-up a failed
nmi_watchdogcheck by disabling various registers caused single-vcpu Xen HVM guests to become unresponsive during boot when the host CPU was an Intel Xeon Processor E5405 or an Intel Xeon Processor E5420, and the VM configuration did not have the
apic = 1parameter set. With this update,
NMI_NONEis the default watchdog on AMD64 HVM guests, thus, fixing this issue.
- A previously introduced patch forced the
->fsyncoperations to wait on all WRITE and COMMIT remote procedure calls (RPC) to complete to ensure that those RPCs were completed before returning from
close(). As a consequence, all WRITEs issued by
nfs_flush_listwere serialized and caused a performance regression on NFS clients. This update changes
nfs_flush_multito not wait for WRITEs issued when the
FLUSH_SYNCparameter is set, resolving performance issues on NFS clients.
- When setting the value in the
echo, the actual saved value was always one less than the given value (for example, setting 500 resulted in 499 being set). This update fixes this off-by-one error, and values in
/proc/sys/vm/dirty_writeback_centisecsare now correctly set.
- When reading a file from a subdirectory in
/proc/bus/pci/while hot-unplugging the device related to that file, the system would crash. With this update, the kernel correctly handles the simultaneous removal of a device, and access to the representation of that device in the
- Prior to this update, MTU was constrained to 1500 unless Scatter/Gather I/O (SG) was supported by the NIC; in the case of netback, this would mean unless SG was supported by the front-end. Because the hotplugging scripts ran before features have been negotiated with the front-end, at that point SG would still be disabled, breaking anything using larger MTUs, (for example, cluster communication using that NIC). This update inverts the behavior and assumes SG to be present until negotiations prove otherwise (in such a case, MTU is automatically reduced).
- A previously applied patch introduced a regression for 3rd party file systems that do not set the
FS_HAS_IODONE2flag, specifically, the Oracle Cluster File System 2 (OCFS2). The patch removed a call to the
aio_completefunction, resulting in no completion events being processed, causing userspace applications to become unresponsive. This update reintroduces the
aio_completefunction call, fixing this issue.
- This update fixes a race between TX and MCC events where an MCC event could kill a NAPI schedule by a succeeding TX event, which resulted in network transfer pauses.
- Previously, when the Xen Hypervisor split a 2 MB page into 4 KB pages, it linked the new page from the PDE (Page Directory Entry) before it filled entries of the page with appropriate data. Consequently, when doing a live migration with EPT (Extended Page Tables) enabled on a non-idle guest running with more than two virtual CPUs, the guest often terminated unexpectedly. With this update, the Xen Hypervisor prepares the page table entry first, and then links it in, fixing this bug.
- This update adds a missing patch that enables WOL (Wake-on-LAN) on the second port of a Intel Ethernet Server Adapter I350.
- Kernel panic occurred on a Red Hat Enterprise Linux 5.7 QLogic FCoE host during I/O operations with fabric faults due to a NULL
fcportobject dereference in the
qla24xx_queuecommandfunction. This update adds a check that returns
fcportobject is NULL.
- Packet statistics in
/proc/net/devoccasionally jumped backwards. This was because the
cat /proc/net/devcommand was processed while the loop updating the counter was running, sometimes resulting in partially updated counter (causing the statistics to be incorrect). This update fixes this bug by using a temporary variable while summing up all the RX queues, and only then updating the
/proc/net/devstatistics, making the whole operation atomic. Additionally, this update provides a patch that fixes a problem with the 16-bit RX dropped packets HW counter by maintaining a 32-bit accumulator in the driver to prevent frequent wraparound.
- Prior to this update, the
nosharecacheNFS mount option was not always honored. If two mount locations specified this option, the behavior would be the same as if the option was not specified. This was because of missing checks that enforced this option. This update adds the missing checks, resolving this issue.
- When kdump was triggered under a heavy load, the system became unresponsive and failed to capture a crash dump. This update fixes interrupt handling for kdump so that kdump successfully captures a crash dump while under a heavy load.
- Previously, configurations where Max BW was set to 0 produced the following message:
Illegal configuration detected for Max BW - using 100 instead.With this update, such message is produced only when debugging is enabled, and such configuration is no longer called Illegal.
- If the
be2netdriver could not allocate new SKBs in the RX completion handler, it returned messages to the console and dropped packets. With this update, the driver increases the
rx_droppedcounter instead, and no longer produces messages in the console.
- If iSCSI was not supported on a
bnx2_cnic_probe()function returned NULL and the
cnicdevice was not be visible to
bnx2i. This prevented
bnx2ifrom registering and then unregistering during
cnic_start()and caused the following warning message to appear:
bnx2 0003:01:00.1: eth1: Failed waiting for ULP up call to complete
- Prior to this update, failures to bring up the Broadcom BCM57710 Ethernet Controller occurred and the following error messages:
eth0: Something bad had happen! Aii! [bnx2x_release_hw_lock:1536(eth0)]Releasing a lock on resource 8 eth0: Recovery flow hasn't been properly completed yet. Try again later. If u still see this message after a few retries then power cycle is required.With this update, the underlying source code has been modified to address this issue, and the Broadcom BCM57710 Ethernet Controller no longer fails to start.
- This update introduces support for jumbo frames in the Xen networking backend. However, old guests will still revert to a 1500-byte MTU after migration. This update also changes how the guest will probe the backend's Scatter/Gather I/O functionality. As long as a recent enough kernel is installed in the destination host, this will ensure that the guest will keep a large MTU even after migration.
- Previously, the
inet6_sk_generic()function was using the
obj_sizevariable to compute the address of its inner structure, causing memory corruption. With this update, the
sk_alloc_size()is called every time there is a request for allocation, and memory corruption no longer occurs.
- Prior to this update, Xen did not implement certain ALU opcodes. As a result, when a driver used the missing opcodes on memory-mapped I/O areas, it caused the guest to crash. This update adds all the missing opcodes. In particular, this fixes a BSOD crash from the Windows
- With this update, the JSM driver has been updated to support the Bell2 (with PLX chip) 2-port adapter on IBM POWER7 systems. Additionally, EEH support has been added to JSM driver.