RHSA-2014:0290 - Moderate: kernel bug fix and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

The qla2xxx driver has been upgraded to version 8.06.00.08.07.0-k3, which provides a number of bug fixes over the previous version in order to correct various timeout problems with the mailbox commands. In addition, the NFS subsystem has been upgraded to upstream version 3.15 and the hpsa driver has been upgraded to the latest upstream version (BZ#1090378, BZ#1111170, BZ#1069185).

This update also fixes the following bugs:

• Previously, the kernel did not handle exceptions caused by an invalid floating point control (FPC) register, leading to a kernel oops. This bug has been fixed by placing the label to handle these exceptions to the correct place in the code, and kernel oopses no longer occur in the aforementioned situation. (BZ#1121965)

• Prior to this update, when bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly. As a consequence, a kernel panic could occur. This update ensures that the CPU mask is properly initialized and the correct NUMA node selected, thus fixing the bug. (BZ#1117184)

• Due to a NULL pointer dereference bug in the IPIP (IPv4 in IPv4) and SIT (IPv6 over IPv4) tunneling code, a kernel panic could be triggered when using IPIP or SIT tunnels with IPsec. This update restructures the underlying source code to avoid a NULL pointer dereference, and the kernel thus no longer panics when using IPIP or SIT tunnels with IPsec. (BZ#1108857)

• A previous change to the kernel for the PowerPC platform changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on this platform. This update restores previous behavior of sendfile() on the Red Hat Enterprise Linux for POWER architecture, which again processes files bigger than 2 GB as expected. (BZ#1107774)

• A bug in the mtip32xx driver could prevent some devices with unaligned I/O access from completing the submitted I/O requests. This situation could lead to a livelock and such devices could be rendered unusable. With this update, mtip32xx checks whether I/O access is unaligned and if so, it uses the correct semaphore. (BZ#1102281)

• A missing read memory barrier, the rmb() function, in the bnx2x driver caused the kernel to crash under various circumstances. This bug has been fixed by adding the rmb() call to the relevant place in the bnx2x code. (BZ#1101808)

• Due to incorrect calculation of the Tx statistics in the qlcninc driver, running the "ethtool -S ethX" command could trigger memory corruption. As a consequence, running the sosreport tool, which uses this command, led to a kernel panic. With this update, the Tx statistics calculation has been fixed, and the kernel panic no longer occurs in this scenario. (BZ#1099634)

• The Red Hat Enterprise Linux 7.1 Beta kernel is signed with the beta key. However, the GRUB bootloader prevented the kernel from booting if the Secure Boot validation process was enabled. The Red Hat Enterprise Linux 7.1 kernel is now signed by a GA release key, and thus systems with Secure Boot enabled now automatically work when Red Hat Enterprise Linux 7.1 GA is installed on them. (BZ#1170551)

• A previous change to the nouveau driver introduced a bit shift error, which resulted in the incorrect display resolution being set with some models of NVIDIA controllers. With this update, the incorrect code has been fixed, and the affected NVIDIA controllers can now set the correct display resolution. (BZ#1089936)

• Due to a NULL pointer dereference bug in the be2net driver, the system could experience a kernel oops and reboot when disabling a network adapter after a permanent failure. To fix this bug, a flag to keep track of the setup state has been introduced, and the failing adapter can now be disabled successfully without a kernel crash. (BZ#1066644)

• Due to a bug in the bnx2x driver, a network adapter could be unable to recover from EEH error injection. The network adapter had to be taken offline and the operating system rebooted in order to function properly again. With this update, the bnx2x driver has been fixed and network adapters now fully recover from EEH errors as intended. (BZ#1067154)

• Previously, an IBM POWER8 system could terminate unexpectedly when the kernel received an Interrupt ReQuest (IRQ) while handling a transactional memory re-checkpoint critical section. This update ensures that IRQs are disabled in this scenario, and IBM POWER8 system no longer crashes. (BZ#1088224)

• When an attempt to create a file on the GFS2 file system failed due to a file system quota violation, the relevant virtual file system (VFS) inode was not completely uninitialized. This could cause a list corruption error. This update makes sure the VFS inode is correctly uninitialized in this situation, and list corruption errors no longer occur in the described situation. (BZ#1087995)

• Previously, a race condition in the "abort" command handling logic of the ipr device driver could cause the kernel to panic when the driver received a response to the "abort" command itself prior to receiving other responses for an aborted command. With this update, the abort handler waits for the aborted command response before completing the "abort" command operation. As a result, the kernel panic no longer occurs in aforementioned situation. (BZ#1156530)

• The hpwdt driver previously emitted a misleading panic message on certain HP systems. This update ensures that upon a kernel panic, hpwdt displays information valid on all HP systems. (BZ#1074038)

• The cxgb4 adapters could fail to initialize on the POWER8 platform with Red Hat Enterprise Linux 7, preventing customers from being able to use the adapter. As a workaround, the driver should be loaded with the "force_old_init=1" parameter. This can be done during boot by adding "cxgb4.force_old_init=1" to the kernel command line, or by adding the following line to the /etc/modprobe.d/cxgb4.conf file:

  options cxgb4 force_old_init=1
  

  If the libcxgb4 package is installed, edit the /etc/modprobe.d/libcxgb4.conf file to read:

  install cxgb4 /sbin/modprobe --ignore-install cxgb4 force_old_init=1 && /sbin/modprobe iw_cxgb4
  

  With these configuration changes, the cxgb4 adapters initialize on the POWER8 platform successfully. (BZ#1078977)

• On some firmware versions of the BladeEngine 3 (BE3) controller, interrupts remained disabled after a hardware reset. This caused a problem for all Emulex-based network adapters using such a BE3 controller because these adapters could fail to recover from an EEH error if it occurred. To resolve this problem, the be2net driver has been modified to enable the interrupts in the eeh_resume handler explicitly, thus fixing the bug. (BZ#1076682)

• When using a Peripheral Component Interconnect (PCI) device, the device can show errors during the kdump service process, as the functions of certain versions are no longer supported. A warning message is printed to the user informing them about the unsupported PCI device. (BZ#1080712)

• Previously, the Small Computer Systems Interface (SCSI) mid-layer could retry an I/O operation indefinitely if a storage array repeatedly returned a CHECK CONDITION status to that I/O operation but the sense data was invalid. This update fixes the problem by limiting the time for which such an I/O operation is retried. (BZ#1061871)

• Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this bug, the kernel scheduler time accounting has been reworked, and hot adding a CPU now proceeds without errors. (BZ#1123731)

• The kernel could fail to bring a CPU online if the hardware supported both the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded if the intel_pstate module is loaded, thus fixing the bug. (BZ#1123250)

• The "md" driver uses an optimization that is safe to use only for single-degraded arrays. Previously, when "md" was used for a recovery of a double-degraded RAID6 array, data corruption could occur. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays, thus fixing this bug. (BZ#1130905)

• Due to Cross-Domain Request (XDR) encoding problems in the fs_location attribute for referals, the NFS referral mount failed with the following error message:

  mount(2): Input/output error 
  

  The encoding problems have been fixed, and the NFS mounts no longer fail in the described situation. (BZ#1164055)

• Changes to resolve a memory allocation failure, due to fragmentation for BZ#1095623, introduced the inclusion of the mm.h file in the fs/seq_file.c() function. This caused the checksum for several seq_* functions to change as some referenced structures where no longer opaque to the genksyms utility. As a consequence, unnecessary incompatibility was introduced for customer external modules that used these symbols even though the seq_*() signatures and their semantics did not change. To fix this bug, mm.h has been excluded from the genksyms calculation, and incompatibility problems thus no longer occur. (BZ#1183280)

• The platform vendor has the ability to request that the VT-d IOMMU subsystem within the kernel retain specific mappings for devices using entries in the Advanced Configuration and Power Interface Direct Memory Access Remapping (ACPI DMAR) table known as Reserved Memory Region Reporting (RMRR) structures. However, QEMU-KVM and VFIO have no visibility to these mapping requirements and no API exists to disable any potential ongoing communication that may occur through these regions. Therefore, a device associated with an RMRR could continue to use DMA through this address space even after the device was assigned to a guest VM. This could cause a device to overwrite VM memory with DMA data intended for the memory described by the RMRR. To fix this bug, devices with associated RMRRs are excluded from participating in the kernel internal IOMMU API. Users can now identify such devices using dmesg logs and are also protected from assignment of devices making use of mappings which have the ability to cause instability within guest VMs. Users prevented from making use of PCI device assignment as a result of this change should contact their platform vendor for a BIOS update to release the I/O device from the imposed RMRR requirement. (BZ#1097907)

• Due to upstream kernel configuration changes leading to memory fragmentation, some types of memory allocation requests previously failed. Consequently, listing CPU configuration from the proc file system could use such a memory allocation and thus could fail as well. This update alters the code used by the proc file system to not request such large chunks of memory and also fall back to a different memory allocation call if the allocation fails. As a result, memory allocation failures listing CPU configuration are now avoided. (BZ#1095623)

• For multiple mlx4 cards on a single system, mlx4 port setting in Red Hat Enterprise Linux 7 led to a race condition. To fix this bug, mutex has been introduced to protect the set_port_type() function for concurrency. This also allows the port_type_array module option to mlx4_core by modifying the /etc/modprobe.d/mlx4.conf file working properly. (BZ#1095345)

• Previously, the Huge Translation Lookaside Buffer (HugeTLB) unconditionally allowed access to huge pages. However, huge pages could be unsupported in some environments, such as a KVM guest on the Red Hat Enterprise Linux for POWER architecture when not backed by huge pages. Consequently, an attempt to use a base page as a huge page in memory could result in a kernel oops. This update ensures that HugeTLB denies access to huge pages if the huge pages are not supported on the system. (BZ#1081671)

• Due to a bug in the hv_storvsc driver, Virtual Fibre channel devices of Red Hat Enterprise Linux as a Guest on a Hyper-V host could not be seen. This bug has been fixed, and Virtual Fibre channel devices are now seen as expected. (BZ#1122317)

• Previously, in Red Hat Enterprise Linux 7, nfs3 server ignored the "freeze" status of the setattr request. With this update for Red Hat Enterprise Linux 7.1, the bug has been fixed and the following commands now work properly:

  mount -t nfs -o vers=3,rw localhost:/mnt/test /mnt/tmp
  
  touch /mnt/tmp/foo
  
  fsfreeze -f /mnt/test
  
  chmod 644 /mnt/tmp/foo
  

  As a result, nfs3 server no longer ignores the "freeze" status of the setattr request. (BZ#1115034)

• Prior to this update, the "umount" command occasionally became unresponsive due to inode list referencing. This bug has been fixed, and "umount" no longer hangs. (BZ#1124997)

• When the locks_remove_flock() function was trying to close an NFS file, the kernel panicked. An upstream patch has been applied to fix this bug, which eliminates the unnecessary panic when a leftover lock appears on the file list, given the file is about to close. The lock is now deleted as part of the file closing activities. (BZ#1148130)

• In Red Hat Enterprise Linux 7, the "ip tunnel" command does not work and the workaround is to use the "ip link" command. With this update to Red Hat Enterprise Linux 7.1, the "ip tunnel add" behavior has been restored to provide consistent behavior between Red Hat Enterprise Linux versions 6 and 7. (BZ#1086498)

• Previously, an attempt to load any unsigned kernel module in FIPS mode caused the kernel to panic. This bug has been fixed, and the kernel no longer panics in the aforementioned situation. (BZ#903562)

• Prior to this update, when running the "echo m > /proc/sysrq-trigger" command on a large memory system, such as >1TB systems, the system could take a long time to process the request. This bug has been fixed, and the request is now processed in reasonable amount of time. (BZ#1125433)

• Previously, when upgrading on Red Hat Enterprise Linux for POWER architecture systems from one CPU to two, the kernel panicked on boot. The underlying source code has been fixed, and the kernel no longer panics in the aforementioned situation. (BZ#1133107)

• Running a memory-intensive application that loaded the system with lots of busy processes that were consuming nearly 100% of CPU on the Red Hat Enterprise Linux 7 GA kernel could easily trigger the BUG_ON() function to cause a kernel panic. To fix this bug, BUG_ON() has been deleted from the handle_mm_fault() function, which is invoked to allocate a new page frame for processes, and the kernel no longer panics in the described situation. (BZ#1119439)

• Previously, the permissions for the sctp_rto_alpha and sctp_rto_beta parameters prevented their values from being adjusted. As a consequence, problems occurred on systems that relied on being able to adjust retransmission timeouts. With this update, the permissions have been corrected, so that sctp_rto_alpha and sctp_rto_beta are adjustable. Also, the range limit from 0 to 1000 has been added to reduce the potential negative effects of these parameters. However, note that altering these parameters is not recommended. (BZ#1110290)

• When using the VMware Paravirtual SCSI driver (vmw_pvscsi), the kernel could panic due to a race condition in the Small Computer System Interface (SCSI) code. A patch has been provided to fix this bug, and the kernel no longer panics in the aforementioned scenario. (BZ#1075090)

• Previously, the kernel crypto API socket was not properly labeled with SELinux type to be accessible for subjects accessing it in enforcing mode. This caused cryptsetup and other software using the kernel crypto API to fail when accessing the socket. The fix involves proper labeling of the socket during system start up, and cryptsetup and other software using the kernel crypto API no longer fail in the described situation. (BZ#1161148)

In addition, this update adds the following enhancements:

• With this update, SELinux has increased the ebitmap_node size for 64-bit configuration to improve SELinux performance to equal Red Hat Enterprise Linux 6 performance. (BZ#922752)

• This enhancement update backports a series of patches to improve the functionality of a touchpad on the latest Lenovo laptops in Red Hat Enterprise Linux 7. (BZ#1093449)

• This enhancement update adds the kmod-lpfc packages to Red Hat Enterprise Linux 7, which ensure greater stability when using the lpfc driver with Fibre Channel (FC) and Fibre Channel over Ethernet (FCoE) adapters. (BZ#1088574)

• With this update, the kernel mutex code has been improved. The changes include improved queuing of the Multi-Category Security (MCS) spin locks, the MCS code optimization, introduction of the cancelable MCS spin locks, and, finally, improved handling of mutexes without wait locks. (BZ#1087655)

• This enhancement update improves the handling of the Virtual Memory Area (VMA) cache and huge page faults. (BZ#1087919)

• With this update, the kdump crash dumping mechanism on systems with more than 4TB of memory is now fully supported in Red Hat Enterprise Linux 7.1. (BZ#1088479)

• The maximum number of supported virtual CPUs (vCPUs) in a KVM guest has been increased to 240. This increases the amount of physical processing units that a user can assign to the guest, and therefore improves its performance potential. (BZ#1061403)

• Several new features of the Hyper-V network driver are now supported to improve network performance. For example, Receive-Side Scaling, Large Send Offload, Scatter/Gather I/O are now supported, and network throughput is increased. (BZ#1146357)

• The libceph.ko and rbd.ko modules have been added to the Red Hat Enterprise Linux 7.1 kernel. These RBD kernel modules allow a Linux host to perceive a Ceph block device as a regular disk device entry which can be mounted to a directory and formatted with a standard file system, such as XFS or ext4.
  Note that the CephFS module, ceph.ko, is currently not supported in Red Hat Enterprise Linux 7.1. (BZ#1122174)

• With this update, the kdump crash dumping mechanism is supported on machines with Secure Boot validation process enabled. (BZ#852066)

• Previously, the rngd daemon needed to be started inside the guest and directed to the guest kernel's entropy pool. Starting with the Red Hat Enterprise Linux 7.1, the manual step has been removed. A new khwrngd thread fetches entropy from the virtio-rng device if the guest entropy falls below a specific watermark. Making this process transparent helps all Red Hat Enterprise Linux guests in utilizing the improved security benefits of having the paravirtualized hardware RNG provided by KVM hosts. (BZ#1129195)

• With this update, the per-thread kernel stack size on AMD64 and Intel 64 systems has been increased from 8k to 16k to prevent overruns in common configurations. (BZ#1108378)

• This update reworks the sched_fair time accounting and provides a better time accounting when the time delta is short. (BZ#1113932)

• On IBM System z, new cryptographic cards are accepted in "toleration" mode. This enhancement update also allows AES, DES, and CTR modes to be concurrently used. (BZ#1136494, BZ#109768)

• Various operations used by LVM2 thin-provisioning has been improved to be more efficient and correct. This includes the use of more efficient data structures, throttling worker threads to prevent an application from sending more I/O than can be handled, and pre-fetching metadata. This update also fixes the eviction logic used by the metadata I/O buffering layer whereby ensuring metadata blocks are not evicted prematurely. (BZ#1156161)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. The system must be rebooted for this update to take effect.

[Updated 12 March 2015]
When a storage array returns a CHECK CONDITION status but the sense data is invalid, the Small Computer Systems Interface (SCSI) mid-layer code retries the I/O operation. If subsequent I/O operations receive the same result, I/O operations are retried indefinitely. For this bug, no workaround is currently available. (BZ#1061871)