Red Hat Product Errata RHBA-2012:1507 - Bug Fix Advisory

Issued:: 2012-12-04
Updated:: 2012-12-04

RHBA-2012:1507 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

sanlock bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated sanlock packages that fix various bugs and add various enhancements are
now available for Red Hat Enterprise Virtualization.

Description

The sanlock package provides a shared storage lock manager. Hosts with shared
access to a block device or file can use sanlock to synchronize their
activities. VDSM and libvirt use sanlock to synchronize access to virtual
machine images.

This updated package fixes the following bugs:

The init script was not creating a /var/lock/subsys file, which caused the
killall init script to not shut down the daemon. (BZ#841991)
The wdmd init script was not loading the softdog module when no other watchdog
module was loaded, causing the wdmd and sanlock daemons to fail startup.
(BZ#840955)
The sanlock daemon was assuming that the uid and gid options were defined,
which caused it to segfault during startup if the daemon was started without the
uid/gid options. (BZ#841992)
The add_lockspace api was difficult to use from an application where multiple
threads could be adding the same lockspace. These changes make it possible for
the threads to coordinate the lockspace operations. (BZ#841994)
The sanlock inquire api was always returning an lver of 0 in the state string,
rather than the real lver. This would cause anything to fail that
tried to acquire a lease with an inquired version, like suspend/resume or
migrate. (BZ#841995)
This enhancement allows a program to be run against registered processes to
suspend them and release their leases as an alternative to sanlock killing them
directly. (BZ#840953)
The sanlock daemon was running as the root uid, and depending on supplementary
groups to allow file access on nfs. Some nfs servers do not recognize the groups
and refuse access, so the sanlock daemon is changed to run as the sanlock uid,
and use the root helper process to kill registered processes. (BZ#842764)
The sanlock log file and daemon pid files did not have the correct
permissions. (BZ#849181)
The watchdog would not fire at the correct time if the wdmd process was
killed near the firing time, or killed and restarted near the firing time.
The time until the watchdog fired was also not being correctly calculated
by sanlock. (BZ#849183)
The sanlock and wdmd daemons maintained a constant connection even when it was
not needed. This prevented them from each being restarted independently for
upgrade. (BZ#849184)
The paxos code was doing some unnecessary host_id checks when the same host
re-acquired a lease after it was uncleanly shut down previously. (BZ#849186)

All users of sanlock are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.

For users of Red Hat Enterprise Virtualization Hypervisor these bug fixes and
enhancements are included in advisory RHSA-2012:1505:

https://rhn.redhat.com/errata/RHBA-2012-1505.html

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

Red Hat Virtualization 3 for RHEL 6 x86_64

Fixes

BZ - 840953 - sanlock: should support graceful release of resources
BZ - 840955 - sanlock: softdog module should be loaded in case no watchdog driver was loaded
BZ - 841991 - sanlock: initscript should create /var/lock/subsys/sanlock
BZ - 841992 - sanlock: segfault with SANLOCKOPTS="-w 0" configuration
BZ - 841994 - sanlock: race beween add_lockspace and rem_lockspace
BZ - 841995 - sanlock: fix inquire lver
BZ - 849181 - fix file permissions
BZ - 849183 - fix watchdog timeouts
BZ - 849184 - fix service restarts
BZ - 849186 - fix lease reacquire after failure

CVEs

CVE-2012-5638

References

https://rhn.redhat.com/errata/RHBA-2012-1505.html

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Virtualization 3 for RHEL 6

SRPM
sanlock-2.3-4.el6_3.src.rpm	SHA-256: 21d05318a5531648d4e0d1d915078a1bb999be805f741f70701dd3f64c4808bd
x86_64
sanlock-2.3-4.el6_3.x86_64.rpm	SHA-256: 6e6c091d0e4788ad0e8c1b25e1bb0adadaf35ba4889f7dbc0e28b63cab961803
sanlock-debuginfo-2.3-4.el6_3.x86_64.rpm	SHA-256: 45e4bd05ef80cf750ea3204624e3816f52caa34dbcbc6060a3a6543475d2e278
sanlock-devel-2.3-4.el6_3.x86_64.rpm	SHA-256: 34b86c118bd39181580dd56b46a60bd42422020b0774e2cdd6611ff5a086130c
sanlock-lib-2.3-4.el6_3.x86_64.rpm	SHA-256: 167b50c19fc35bd2b77a40ffafb51870060526d13559100a6e83488e04194488
sanlock-python-2.3-4.el6_3.x86_64.rpm	SHA-256: d5dd10cfcc042bd63aeddb0058d501f5d75ad00e2d7a7801026f0df668b64254

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories