RHBA-2009:1366 - Bug Fix Advisory

Topic

Updated openais packages that fix various bugs and add enhancements are now
available.

Description

The openais packages provide the core infrastructure used by Red Hat
Cluster Suite and GFS.

This update fixes the following bugs:

• The CPG service, which is used throughout the cluster software, sometimes

segfaulted under certain loads. (BZ#261381)

• On PowerPC architectures, the IPC system could segfault because of how

va_args and unions operate on these platforms. (BZ#499767)

• The totempg subsystem in openais could sometimes throw away a message,

which could result in cluster failure. (BZ#497419)

• The IPC system contained a regression with the CPG service, which caused

the wrong error code to be returned when the library user has insufficient
permissions. (BZ#494347)

• The redundant ring feature cannot be re-enabled after a failure, because

of defects in libcfg. (BZ#494035)

• The CPG service failed to synchronize properly with nodeids greater then

0xffffff. This resulted in CPG not working when automatic node id
generation was used. (BZ#489451)

• Certain message types were ignored, resulting in improper

synchronization. (BZ#480684)

• The checkpoint service incorrectly calculated reference counts on

checkpoints opened by an exiting node, resulting in checkpoint leak.
(BZ#490099)

• Under heavy ipc connection/disconnection in the cpg service, the cpg

service would segfault. (BZ#497420).

• The cpg service would segfault when cpg_join and cpg_leave were issued by

multiple nodes on the same cpg group name as a result of race condition.
(BZ#501561)

• The totem free queue was calculated improperly resulting in aborts under

heavy cpg load. (BZ#488095)

• Under certain conditions, a race condition resulted in a double list

delete in the cpg service causing segfault. (BZ#491459)

• A regression in the openais build process resulted in cmirror

regressions. (BZ#496985)

• A regression in the CPG service where a race condition would occur in the

delivery of configuration changes with 3+ nodes. (BZ#490098)

• A regression in the CPG service where nodes would see out-of-order

configuration changes after a node was started with existing CPG groups.
(BZ#504195)

• A regression in the confdb service where the shared object elf header was

not properly set. (BZ#504832)

• A regression where semaphores and shared memory was leaked if service

cman stop was executed. (BZ#506778)

• A regression, if aisexec was killed while transmitting, and later

restarted, the cluster returned ERR_TRY_AGAIN on all API calls. (BZ#506119)

This update adds the following enhancements:

• Feature to allow rolling upgrades of the crypto stack. (BZ#497480)
• Feature to set broadcast mode instead of using multicast. (BZ#492808)
• Feature to allow uidgid files to be placed on the system to allow

configurable ipc security of third party applications. (BZ#501337)

Users should upgrade to these updated packages, which resolve these issues
and add these enhancements.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 261381 - openais segfault while attempting to start cman during revolver testing
• BZ - 474277 - aisexec core dumps under load
• BZ - 477243 - cpg flow control not working, causes aisexec hang.
• BZ - 480684 - certain types of messages can be ignored
• BZ - 487214 - upgrade node to 5.3, openais dies after trying to join 5.2 cluster
• BZ - 488095 - aisexec assertion in message_handler_req_lib_cpg_mcast
• BZ - 489451 - cpg fails to sync properly if nodeid > 0xffffff
• BZ - 490098 - IPC race condition allows multiple ipc threads within service engine at same time
• BZ - 490099 - Checkpoint service incorrectly calculates reference counts on checkpoints from leaving node
• BZ - 491459 - cpg segfaults under certain test cases
• BZ - 492808 - RFE: Request alternate cman network communication option (broadcast instead of multicast)
• BZ - 494347 - cpg_init return wrong error code for bad group ID
• BZ - 496985 - OpenAIS is the likely candidate for cluster mirror regression
• BZ - 497419 - first message of totem stream thrown away - 5.3z stream regression
• BZ - 497420 - ipc connect/disconnect in cpg service causes cpg to segfault
• BZ - 497480 - [RFE] Need patch merged to support rolling crytpo upgrades to RHEL6
• BZ - 499767 - groupd segfaults on start
• BZ - 501337 - RFE: Provide configurable uid based aisexec access
• BZ - 501561 - gfs_controld segfault during simultaneous gfs mounts
• BZ - 504195 - cpg confchg's delivered in different order
• BZ - 504832 - libcfg is linked improperly to libconfdb
• BZ - 506119 - [EVT ] Evt config msg from nodeid r(0) ip(10.15.89.14) , but not in membership change
• BZ - 506778 - semaphore leak during cluster startup/shutdown cycle

CVEs

(none)

References

(none)