SELinux MLS policy is not supported with kernel version 4.14
SELinux Multi-Level Security (MLS) Policy denies unknown classes and permissions, and kernel version 4.14 in the kernel-alt packages recognizes the map permission, which is not defined in any policy. Consequently, every command on a system with active MLS policy and
SELinux in enforcing mode terminates with the
Segmentation fault error. A lot of
SELinux denial warnings occurs on systems with active MLS policy and
SELinux in permissive mode. The combination of
SELinux MLS policy with kernel version 4.14 is not supported.
kdump saves the
vmcore only if
mpt3sas is blacklisted
kdump kernel loads the
mpt3sas driver, the
kdump kernel crashes and fails to save the
vmcore on certain POWER9 systems. To work around this problem, blacklist
mpt3sas from the
kdump kernel environment by appending the
module_blacklist=mpt3sas string to the
KDUMP_COMMANDLINE_APPEND variable in the
KDUMP_COMMANDLINE_APPEND="irqpoll maxcpus=1 ... module_blacklist=mpt3sas"
Then restart the
kdump service to pick up the changes to the configuration file by running the
systemctl restart command as the
~]# systemctl restart kdump.service
As a result,
kdump is now able to save the
vmcore on the POWER9 systems. (BZ#1496273)
Recovering from OOM situation fails due to incorrect function of OOM-killer
Recovering from an out-of-memory (OOM) situation does not work correctly on systems with large amounts of memory. Kernel's OOM-killer kills the process using the most memory and frees the memory to be used again. However, sometimes the OOM-killer does not wait long enough before killing a second process. Eventually, the OOM-killer kills all the processes on the system and logs this error:
Kernel panic - not syncing: Out of memory and no killable processes...
If this happens, the operating system must be rebooted. There is no available workaround. (BZ#1405748)
HTM is disabled for guests running on IBM POWER systems
The Hardware Transactional Memory (HTM) feature currently prevents migrating guest virtual machines from IBM POWER8 to IBM POWER9 hosts, and has therefore been disabled by default. As a consequence, guest virtual machines running on IBM POWER8 and IBM POWER9 hosts cannot use HTM, unless the feature is manually enabled.
To do so, change the default
pseries-rhel7.5 machine type of these guests to
pseries-rhel7.4. Note that guests configured this way cannot be migrated from an IBM POWER8 host to an IBM POWER9 host. (BZ#1525599)
Migrating guests with huge pages from IBM POWER8 to IBM POWER9 fails
IBM POWER8 hosts can only use 16MB and 16GB huge pages, but these huge-page sizes are not supported on IBM POWER9. As a consequence, migrating a guest from an IBM POWER8 host to an IBM POWER9 host fails if the guest is configured with static huge pages.
To work around this problem, disable huge pages on the guest and reboot it prior to migration. (BZ#1538959)
modprobe succeeds to load kernel modules with incorrect parameters
When attempting to load a kernel module with an incorrect parameter using the
modprobe command, the incorrect parameter is ignored, and the module loads as expected on Red Hat Enterprise Linux 7 for ARM and for IBM Power LE (POWER9).
Note that this is a different behavior compared to Red Hat Enterprise Linux for traditional architectures, such as AMD64 and Intel 64, IBM z Systems and IBM Power Systems. On these systems,
modprobe exits with an error, and the module with an incorrect parameter does not load in the described situation.
On all architectures, an error message is recorded in the
dmesg output. (BZ#1449439)