Download/kernel/rhel4/023stab046.2/changes

From OpenVZ Virtuozzo Containers Wiki
< Download‎ | kernel‎ | rhel4‎ | 023stab046.2
Revision as of 12:04, 19 March 2008 by Kir (talk | contribs) (created)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Changes

  • Rebase to RHEL4u6 kernel (2.6.9-67.EL4).
  • Security updates, driver updates, other fixes.

Config changes

Same as 023stab044.11 plus:

  • Added:
    • +CONFIG_QLA_IOCTLMOD=m
    • +CONFIG_SCSI_QLA6312=m
    • +CONFIG_SCSI_QLA24XX=m
    • +CONFIG_PATA_PDC2027X=m
    • +CONFIG_PATA_JMICRON=m
    • +CONFIG_E1000E=m
    • +CONFIG_IGB=m
    • +CONFIG_CHELSIO_T3=m
    • +CONFIG_NETXEN_NIC=m
  • Removed:
    • -CONFIG_SCSI_QLA2XXX_FAILOVER=y

Update description

The updated kernel includes fixes for the following security vulnerabilities:

  • A memory leak in the Red Hat Content Accelerator kernel patch in both the Linux Red Hat and OpenVZ kernels allows local users to cause a denial of service (memory exhaustion) via a large number of open requests involving O_ATOMICLOOKUP (CVE-2007-5494).
  • The wait_task_stopped() function both in the Linux and OpenVZ kernels checks the TASK_TRACED bit instead of the exit_state value, which allows local users to cause a denial of service (server crash) via unspecified vectors (CVE-2007-5500).

The updated kernel includes fixes for the following issues:


  • ext3 may become corrupted due to the presence of bad inodes in the orphan list. The following message may accompany the corruption:
EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file (37901290), 0.
Inode 00000101a15b7840: orphan list check failed!
  • [CIFS]: A memory corruption due to bad error handling in the cifs code may cause an unexpected system behavior. The following message may accompany the memory corruption:
CIFS VFS: Invalid size SMB length 4 pdu_length 4
  • Reducing the number of CPUs to be available to a VE using the "-- cpus" option of the "vzctl set" command may cause a system crash.
  • [CPT]: In kernels with the 4GB split technology enabled (x86 architecture, enterprise kernel), online migration may fail due to a bug in the kernel/userspace segmentation handling in the CPT restoration code.
  • [CPT]: Under certain circumstances, /proc is considered as an external mount point, which causes online migration to fail.
  • [CPT]: Migrating a VE with the Oracle application installed may fail due to a bug in the process start time restoration.
  • The network does not operate if network interfaces are configured in the 802.3ad bonding mode.
  • [ext3]: A non-destructive assertion accomplishes with the following message:
Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363:
"drop_count != 0 || cleanup_ret != 0"
  • A kernel memory leak in the IPC code may occur due to a mistake in managing already locked segments in both the Linux Red Hat and OpenVZ kernels.
  • A user beancounter (UB) reference leak may occur causing the UB information to remain in /proc/user_beancounters after a VE is stopped.
  • A missed process wake-up may stall data transfer if the value of the TCPSNDBUF parameter has been exceeded.
  • A leak in PRIVVMPAGES may occur on mapping zero pages (for example, when copying from /dev/zero).
  • Unmounting an NFS partition having the simfs filesystem mounted over it and vzquota enabled may cause a system crash.

The updated kernel includes a number of updated drivers:

  • HP Controller SA5xxx SA6xxx driver

(cciss driver 2.6.16.RH1 version)

  • Universal TUN/TAP device driver

(tun driver 1.6 version)

Besides, the new kernel includes the following improvements:

  • The kernel has been re-based on the 2.6.9-67.EL4 Red Hat kernel.
  • The support for the tun/tap devices online migration has been added.
  • [CPT]: vzmigrate error messages have been made more verbose.

Bugs fixed

The following bugs from the previous release have been fixed in the new kernel:

  • #92189: A memory leak caused by an application which uses O_ATOMICLOOKUP flag for open() call (CVE-2007-5494).
  • #96307: wait_task_stopped() incorrectly checks the process state (CVE-2007-5500).
  • #83419: ext3 orphan list corruption due to bad inodes in the list.
  • #93807: [CIFS]: incorrect kernel_recvmsg() error handling in cifs code.
  • #93979: [CPT]: A forked process should re-copy vcpu from current process because the old one could become invalid.
  • #85041: [CPT] [4GB split]: Missed KERNEL_DS handling in CPT restoration code.
  • #87718: [CPT]: Incorrect mount type determination (internal/external).
  • #96300: [CPT]: A process start time was restored incorrectly during the online migration.
  • #79891: [ext3]: JBD cleanup code could skip the last buffer in the list to be deleted.
  • #78998: A possible kernel memory leak in IPC code.
  • #77231: A potential beancounter refcount leak.
  • #89127: A missed wakeup on exceeding TCPSNDBUF.
  • #80246: A leak in PRIVVMPAGES on mapping zero pages.
  • #91898: The HP CISS driver should be updated.
  • #83180: [CPT]: vzmigrate does not print the name of the file that it fails to open.

The following OpenVZ bugs have been fixed:

  • OpenVZ Bug #666: Incorrect carrier state determination for 802.3ad bonding mode.
  • OpenVZ Bug #541: vzquota should handle correctly NULL sb->put_super, in particular on NFS.
  • OpenVZ Bug #642: The support for tun/tap devices online migration is required.