Difference between revisions of "Download/kernel/rhel4/023stab046.2/changes"

Changes

• Rebase to RHEL4u6 kernel (2.6.9-67.EL4).
• Security updates, driver updates, other fixes.

Config changes

Same as 023stab044.11 plus:

• Added:
  • +CONFIG_QLA_IOCTLMOD=m
  • +CONFIG_SCSI_QLA6312=m
  • +CONFIG_SCSI_QLA24XX=m
  • +CONFIG_PATA_PDC2027X=m
  • +CONFIG_PATA_JMICRON=m
  • +CONFIG_E1000E=m
  • +CONFIG_IGB=m
  • +CONFIG_CHELSIO_T3=m
  • +CONFIG_NETXEN_NIC=m
• Removed:
  • -CONFIG_SCSI_QLA2XXX_FAILOVER=y

Update description

The updated kernel includes fixes for the following security vulnerabilities:

• A memory leak in the Red Hat Content Accelerator kernel patch in both the Linux Red Hat and OpenVZ kernels allows local users to cause a denial of service (memory exhaustion) via a large number of open requests involving O_ATOMICLOOKUP (CVE-2007-5494).
• The wait_task_stopped() function both in the Linux and OpenVZ kernels checks the TASK_TRACED bit instead of the exit_state value, which allows local users to cause a denial of service (server crash) via unspecified vectors (CVE-2007-5500).

The updated kernel includes fixes for the following issues:

• ext3 may become corrupted due to the presence of bad inodes in the orphan list. The following message may accompany the corruption:

EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file (37901290), 0. Inode 00000101a15b7840: orphan list check failed!

• [CIFS]: A memory corruption due to bad error handling in the cifs code may cause an unexpected system behavior. The following message may accompany the memory corruption:

CIFS VFS: Invalid size SMB length 4 pdu_length 4

• Reducing the number of CPUs to be available to a VE using the "--cpus" option of the "vzctl set" command may cause a system crash.
• [CPT]: In kernels with the 4GB split technology enabled (x86 architecture, enterprise kernel), online migration may fail due to a bug in the kernel/userspace segmentation handling in the CPT restoration code.
• [CPT]: Under certain circumstances, /proc is considered as an external mount point, which causes online migration to fail.
• [CPT]: Migrating a VE with the Oracle application installed may fail due to a bug in the process start time restoration.
• The network does not operate if network interfaces are configured in the 802.3ad bonding mode.
• [ext3]: A non-destructive assertion accomplishes with the following message:

Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363: "drop_count != 0 || cleanup_ret != 0"

• A kernel memory leak in the IPC code may occur due to a mistake in managing already locked segments in both the Linux Red Hat and OpenVZ kernels.
• A user beancounter (UB) reference leak may occur causing the UB information to remain in /proc/user_beancounters after a VE is stopped.
• A missed process wake-up may stall data transfer if the value of the TCPSNDBUF parameter has been exceeded.
• A leak in PRIVVMPAGES may occur on mapping zero pages (for example, when copying from /dev/zero).
• Unmounting an NFS partition having the simfs filesystem mounted over it and vzquota enabled may cause a system crash.

The updated kernel includes a number of updated drivers:

• HP Controller SA5xxx SA6xxx driver (cciss driver 2.6.16.RH1 version)
• Universal TUN/TAP device driver (tun driver 1.6 version)

Besides, the new kernel includes the following improvements:

• The kernel has been re-based on the 2.6.9-67.EL4 Red Hat kernel.
• The support for the tun/tap devices online migration has been added.
• [CPT]: vzmigrate error messages have been made more verbose.

Bugs fixed

The following bugs from the previous release have been fixed in the new kernel:

• #92189: A memory leak caused by an application which uses O_ATOMICLOOKUP flag for open() call (CVE-2007-5494).
• #96307: wait_task_stopped() incorrectly checks the process state (CVE-2007-5500).
• #83419: ext3 orphan list corruption due to bad inodes in the list.
• #93807: [CIFS]: incorrect kernel_recvmsg() error handling in cifs code.
• #93979: [CPT]: A forked process should re-copy vcpu from current process because the old one could become invalid.
• #85041: [CPT] [4GB split]: Missed KERNEL_DS handling in CPT restoration code.
• #87718: [CPT]: Incorrect mount type determination (internal/external).
• #96300: [CPT]: A process start time was restored incorrectly during the online migration.
• #79891: [ext3]: JBD cleanup code could skip the last buffer in the list to be deleted.
• #78998: A possible kernel memory leak in IPC code.
• #77231: A potential beancounter refcount leak.
• #89127: A missed wakeup on exceeding TCPSNDBUF.
• #80246: A leak in PRIVVMPAGES on mapping zero pages.
• #91898: The HP CISS driver should be updated.
• #83180: [CPT]: vzmigrate does not print the name of the file that it fails to open.

The following OpenVZ bugs have been fixed:

• OpenVZ Bug #666: Incorrect carrier state determination for 802.3ad bonding mode.
• OpenVZ Bug #541: vzquota should handle correctly NULL sb->put_super, in particular on NFS.
• OpenVZ Bug #642: The support for tun/tap devices online migration is required.