RHBA-2012:1507 - Bug Fix Advisory

Topic

Updated sanlock packages that fix various bugs and add various enhancements are
now available for Red Hat Enterprise Virtualization.

Description

The sanlock package provides a shared storage lock manager. Hosts with shared
access to a block device or file can use sanlock to synchronize their
activities. VDSM and libvirt use sanlock to synchronize access to virtual
machine images.

This updated package fixes the following bugs:

• The init script was not creating a /var/lock/subsys file, which caused the

killall init script to not shut down the daemon. (BZ#841991)

• The wdmd init script was not loading the softdog module when no other watchdog

module was loaded, causing the wdmd and sanlock daemons to fail startup.
(BZ#840955)

• The sanlock daemon was assuming that the uid and gid options were defined,

which caused it to segfault during startup if the daemon was started without the
uid/gid options. (BZ#841992)

• The add_lockspace api was difficult to use from an application where multiple

threads could be adding the same lockspace. These changes make it possible for
the threads to coordinate the lockspace operations. (BZ#841994)

• The sanlock inquire api was always returning an lver of 0 in the state string,

rather than the real lver. This would cause anything to fail that
tried to acquire a lease with an inquired version, like suspend/resume or
migrate. (BZ#841995)

• This enhancement allows a program to be run against registered processes to

suspend them and release their leases as an alternative to sanlock killing them
directly. (BZ#840953)

• The sanlock daemon was running as the root uid, and depending on supplementary

groups to allow file access on nfs. Some nfs servers do not recognize the groups
and refuse access, so the sanlock daemon is changed to run as the sanlock uid,
and use the root helper process to kill registered processes. (BZ#842764)

• The sanlock log file and daemon pid files did not have the correct

permissions. (BZ#849181)

• The watchdog would not fire at the correct time if the wdmd process was

killed near the firing time, or killed and restarted near the firing time.
The time until the watchdog fired was also not being correctly calculated
by sanlock. (BZ#849183)

• The sanlock and wdmd daemons maintained a constant connection even when it was

not needed. This prevented them from each being restarted independently for
upgrade. (BZ#849184)

• The paxos code was doing some unnecessary host_id checks when the same host

re-acquired a lease after it was uncleanly shut down previously. (BZ#849186)

All users of sanlock are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.

For users of Red Hat Enterprise Virtualization Hypervisor these bug fixes and
enhancements are included in advisory RHSA-2012:1505:

https://rhn.redhat.com/errata/RHBA-2012-1505.html

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Virtualization 3 for RHEL 6 x86_64

Fixes

• BZ - 840953 - sanlock: should support graceful release of resources
• BZ - 840955 - sanlock: softdog module should be loaded in case no watchdog driver was loaded
• BZ - 841991 - sanlock: initscript should create /var/lock/subsys/sanlock
• BZ - 841992 - sanlock: segfault with SANLOCKOPTS="-w 0" configuration
• BZ - 841994 - sanlock: race beween add_lockspace and rem_lockspace
• BZ - 841995 - sanlock: fix inquire lver
• BZ - 849181 - fix file permissions
• BZ - 849183 - fix watchdog timeouts
• BZ - 849184 - fix service restarts
• BZ - 849186 - fix lease reacquire after failure

CVEs

• CVE-2012-5638

References

• https://rhn.redhat.com/errata/RHBA-2012-1505.html