Difference between revisions of "Download/kernel/rhel4/023stab046.2/changes"
< Download | kernel | rhel4 | 023stab046.2
(→Update description: formatting fixes) |
(created) |
||
Line 19: | Line 19: | ||
=== Update description === | === Update description === | ||
− | <includeonly>[[{{PAGENAME}}/changes|Read more...]]</includeonly><noinclude> | + | <includeonly>[[{{PAGENAME}}/changes#Update description|Read more...]]</includeonly><noinclude> |
'''The updated kernel includes fixes for the following security vulnerabilities:''' | '''The updated kernel includes fixes for the following security vulnerabilities:''' | ||
Line 28: | Line 28: | ||
* ext3 may become corrupted due to the presence of bad inodes in the orphan list. The following message may accompany the corruption: | * ext3 may become corrupted due to the presence of bad inodes in the orphan list. The following message may accompany the corruption: | ||
− | < | + | :<code>EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file (37901290), 0. Inode 00000101a15b7840: orphan list check failed!</code> |
− | EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file (37901290), 0. | ||
− | Inode 00000101a15b7840: orphan list check failed! | ||
− | </ | ||
* [CIFS]: A memory corruption due to bad error handling in the cifs code may cause an unexpected system behavior. The following message may accompany the memory corruption: | * [CIFS]: A memory corruption due to bad error handling in the cifs code may cause an unexpected system behavior. The following message may accompany the memory corruption: | ||
− | < | + | :<code>CIFS VFS: Invalid size SMB length 4 pdu_length 4</code> |
− | CIFS VFS: Invalid size SMB length 4 pdu_length 4 | + | * Reducing the number of CPUs to be available to a VE using the "--cpus" option of the "vzctl set" command may cause a system crash. |
− | </ | ||
− | * Reducing the number of CPUs to be available to a VE using the "-- cpus" option of the "vzctl set" command may cause a system crash. | ||
* [CPT]: In kernels with the 4GB split technology enabled (x86 architecture, enterprise kernel), online migration may fail due to a bug in the kernel/userspace segmentation handling in the CPT restoration code. | * [CPT]: In kernels with the 4GB split technology enabled (x86 architecture, enterprise kernel), online migration may fail due to a bug in the kernel/userspace segmentation handling in the CPT restoration code. | ||
* [CPT]: Under certain circumstances, /proc is considered as an external mount point, which causes online migration to fail. | * [CPT]: Under certain circumstances, /proc is considered as an external mount point, which causes online migration to fail. | ||
Line 42: | Line 37: | ||
* The network does not operate if network interfaces are configured in the 802.3ad bonding mode. | * The network does not operate if network interfaces are configured in the 802.3ad bonding mode. | ||
* [ext3]: A non-destructive assertion accomplishes with the following message: | * [ext3]: A non-destructive assertion accomplishes with the following message: | ||
− | < | + | :<code>Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363: "drop_count != 0 || cleanup_ret != 0"</code> |
− | Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363: | ||
− | "drop_count != 0 || cleanup_ret != 0" | ||
− | </ | ||
* A kernel memory leak in the IPC code may occur due to a mistake in managing already locked segments in both the Linux Red Hat and OpenVZ kernels. | * A kernel memory leak in the IPC code may occur due to a mistake in managing already locked segments in both the Linux Red Hat and OpenVZ kernels. | ||
* A user beancounter (UB) reference leak may occur causing the UB information to remain in /proc/user_beancounters after a VE is stopped. | * A user beancounter (UB) reference leak may occur causing the UB information to remain in /proc/user_beancounters after a VE is stopped. | ||
Line 54: | Line 46: | ||
'''The updated kernel includes a number of updated drivers:''' | '''The updated kernel includes a number of updated drivers:''' | ||
− | * HP Controller SA5xxx SA6xxx driver | + | * HP Controller SA5xxx SA6xxx driver (cciss driver 2.6.16.RH1 version) |
− | (cciss driver 2.6.16.RH1 version) | + | * Universal TUN/TAP device driver (tun driver 1.6 version) |
− | * Universal TUN/TAP device driver | ||
− | (tun driver 1.6 version) | ||
'''Besides, the new kernel includes the following improvements:''' | '''Besides, the new kernel includes the following improvements:''' |
Revision as of 12:12, 19 March 2008
Changes
- Rebase to RHEL4u6 kernel (2.6.9-67.EL4).
- Security updates, driver updates, other fixes.
Config changes
Same as 023stab044.11 plus:
- Added:
- +CONFIG_QLA_IOCTLMOD=m
- +CONFIG_SCSI_QLA6312=m
- +CONFIG_SCSI_QLA24XX=m
- +CONFIG_PATA_PDC2027X=m
- +CONFIG_PATA_JMICRON=m
- +CONFIG_E1000E=m
- +CONFIG_IGB=m
- +CONFIG_CHELSIO_T3=m
- +CONFIG_NETXEN_NIC=m
- Removed:
- -CONFIG_SCSI_QLA2XXX_FAILOVER=y
Update description
The updated kernel includes fixes for the following security vulnerabilities:
- A memory leak in the Red Hat Content Accelerator kernel patch in both the Linux Red Hat and OpenVZ kernels allows local users to cause a denial of service (memory exhaustion) via a large number of open requests involving O_ATOMICLOOKUP (CVE-2007-5494).
- The wait_task_stopped() function both in the Linux and OpenVZ kernels checks the TASK_TRACED bit instead of the exit_state value, which allows local users to cause a denial of service (server crash) via unspecified vectors (CVE-2007-5500).
The updated kernel includes fixes for the following issues:
- ext3 may become corrupted due to the presence of bad inodes in the orphan list. The following message may accompany the corruption:
EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file (37901290), 0. Inode 00000101a15b7840: orphan list check failed!
- [CIFS]: A memory corruption due to bad error handling in the cifs code may cause an unexpected system behavior. The following message may accompany the memory corruption:
CIFS VFS: Invalid size SMB length 4 pdu_length 4
- Reducing the number of CPUs to be available to a VE using the "--cpus" option of the "vzctl set" command may cause a system crash.
- [CPT]: In kernels with the 4GB split technology enabled (x86 architecture, enterprise kernel), online migration may fail due to a bug in the kernel/userspace segmentation handling in the CPT restoration code.
- [CPT]: Under certain circumstances, /proc is considered as an external mount point, which causes online migration to fail.
- [CPT]: Migrating a VE with the Oracle application installed may fail due to a bug in the process start time restoration.
- The network does not operate if network interfaces are configured in the 802.3ad bonding mode.
- [ext3]: A non-destructive assertion accomplishes with the following message:
Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363: "drop_count != 0 || cleanup_ret != 0"
- A kernel memory leak in the IPC code may occur due to a mistake in managing already locked segments in both the Linux Red Hat and OpenVZ kernels.
- A user beancounter (UB) reference leak may occur causing the UB information to remain in /proc/user_beancounters after a VE is stopped.
- A missed process wake-up may stall data transfer if the value of the TCPSNDBUF parameter has been exceeded.
- A leak in PRIVVMPAGES may occur on mapping zero pages (for example, when copying from /dev/zero).
- Unmounting an NFS partition having the simfs filesystem mounted over it and vzquota enabled may cause a system crash.
The updated kernel includes a number of updated drivers:
- HP Controller SA5xxx SA6xxx driver (cciss driver 2.6.16.RH1 version)
- Universal TUN/TAP device driver (tun driver 1.6 version)
Besides, the new kernel includes the following improvements:
- The kernel has been re-based on the 2.6.9-67.EL4 Red Hat kernel.
- The support for the tun/tap devices online migration has been added.
- [CPT]: vzmigrate error messages have been made more verbose.
Bugs fixed
The following bugs from the previous release have been fixed in the new kernel:
- #92189: A memory leak caused by an application which uses O_ATOMICLOOKUP flag for open() call (CVE-2007-5494).
- #96307: wait_task_stopped() incorrectly checks the process state (CVE-2007-5500).
- #83419: ext3 orphan list corruption due to bad inodes in the list.
- #93807: [CIFS]: incorrect kernel_recvmsg() error handling in cifs code.
- #93979: [CPT]: A forked process should re-copy vcpu from current process because the old one could become invalid.
- #85041: [CPT] [4GB split]: Missed KERNEL_DS handling in CPT restoration code.
- #87718: [CPT]: Incorrect mount type determination (internal/external).
- #96300: [CPT]: A process start time was restored incorrectly during the online migration.
- #79891: [ext3]: JBD cleanup code could skip the last buffer in the list to be deleted.
- #78998: A possible kernel memory leak in IPC code.
- #77231: A potential beancounter refcount leak.
- #89127: A missed wakeup on exceeding TCPSNDBUF.
- #80246: A leak in PRIVVMPAGES on mapping zero pages.
- #91898: The HP CISS driver should be updated.
- #83180: [CPT]: vzmigrate does not print the name of the file that it fails to open.
The following OpenVZ bugs have been fixed:
- OpenVZ Bug #666: Incorrect carrier state determination for 802.3ad bonding mode.
- OpenVZ Bug #541: vzquota should handle correctly NULL sb->put_super, in particular on NFS.
- OpenVZ Bug #642: The support for tun/tap devices online migration is required.