6,534
edits
Changes
created
== Changes ==
* Rebase to RHEL4u6 kernel (2.6.9-67.EL4).
* Security updates, driver updates, other fixes.
=== Config changes ===
Same as [[Download/kernel/rhel4/023stab044.11|023stab044.11]] plus:
* Added:
** +CONFIG_QLA_IOCTLMOD=m
** +CONFIG_SCSI_QLA6312=m
** +CONFIG_SCSI_QLA24XX=m
** +CONFIG_PATA_PDC2027X=m
** +CONFIG_PATA_JMICRON=m
** +CONFIG_E1000E=m
** +CONFIG_IGB=m
** +CONFIG_CHELSIO_T3=m
** +CONFIG_NETXEN_NIC=m
* Removed:
** -CONFIG_SCSI_QLA2XXX_FAILOVER=y
=== Update description ===
<includeonly>[[{{PAGENAME}}/changes|Read more...]]</includeonly><noinclude>
'''The updated kernel includes fixes for the following security
vulnerabilities:'''
* A memory leak in the Red Hat Content Accelerator kernel patch in both the Linux Red Hat and OpenVZ kernels allows local users to cause a denial of service (memory exhaustion) via a large number of open requests involving O_ATOMICLOOKUP (CVE-2007-5494).
* The wait_task_stopped() function both in the Linux and OpenVZ kernels checks the TASK_TRACED bit instead of the exit_state value, which allows local users to cause a denial of service (server crash) via unspecified vectors (CVE-2007-5500).
'''The updated kernel includes fixes for the following issues:'''
* ext3 may become corrupted due to the presence of bad inodes in the orphan list. The following message may accompany the corruption:
<pre class="simple">
EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file (37901290), 0.
Inode 00000101a15b7840: orphan list check failed!
</pre>
* [CIFS]: A memory corruption due to bad error handling in the cifs code may cause an unexpected system behavior. The following message may accompany the memory corruption:
<pre class="simple">
CIFS VFS: Invalid size SMB length 4 pdu_length 4
</pre>
* Reducing the number of CPUs to be available to a VE using the "-- cpus" option of the "vzctl set" command may cause a system crash.
* [CPT]: In kernels with the 4GB split technology enabled (x86 architecture, enterprise kernel), online migration may fail due to a bug in the kernel/userspace segmentation handling in the CPT restoration code.
* [CPT]: Under certain circumstances, /proc is considered as an external mount point, which causes online migration to fail.
* [CPT]: Migrating a VE with the Oracle application installed may fail due to a bug in the process start time restoration.
* The network does not operate if network interfaces are configured in the 802.3ad bonding mode.
* [ext3]: A non-destructive assertion accomplishes with the following message:
<pre class="simple">
Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363:
"drop_count != 0 || cleanup_ret != 0"
</pre>
* A kernel memory leak in the IPC code may occur due to a mistake in managing already locked segments in both the Linux Red Hat and OpenVZ kernels.
* A user beancounter (UB) reference leak may occur causing the UB information to remain in /proc/user_beancounters after a VE is stopped.
* A missed process wake-up may stall data transfer if the value of the TCPSNDBUF parameter has been exceeded.
* A leak in PRIVVMPAGES may occur on mapping zero pages (for example, when copying from /dev/zero).
* Unmounting an NFS partition having the simfs filesystem mounted over it and vzquota enabled may cause a system crash.
'''The updated kernel includes a number of updated drivers:'''
* HP Controller SA5xxx SA6xxx driver
(cciss driver 2.6.16.RH1 version)
* Universal TUN/TAP device driver
(tun driver 1.6 version)
'''Besides, the new kernel includes the following improvements:'''
* The kernel has been re-based on the 2.6.9-67.EL4 Red Hat kernel.
* The support for the tun/tap devices online migration has been added.
* [CPT]: vzmigrate error messages have been made more verbose.
==== Bugs fixed ====
'''The following bugs from the previous release have been fixed in the new
kernel:'''
* #92189: A memory leak caused by an application which uses O_ATOMICLOOKUP flag for open() call (CVE-2007-5494).
* #96307: wait_task_stopped() incorrectly checks the process state (CVE-2007-5500).
* #83419: ext3 orphan list corruption due to bad inodes in the list.
* #93807: [CIFS]: incorrect kernel_recvmsg() error handling in cifs code.
* #93979: [CPT]: A forked process should re-copy vcpu from current process because the old one could become invalid.
* #85041: [CPT] [4GB split]: Missed KERNEL_DS handling in CPT restoration code.
* #87718: [CPT]: Incorrect mount type determination (internal/external).
* #96300: [CPT]: A process start time was restored incorrectly during the online migration.
* #79891: [ext3]: JBD cleanup code could skip the last buffer in the list to be deleted.
* #78998: A possible kernel memory leak in IPC code.
* #77231: A potential beancounter refcount leak.
* #89127: A missed wakeup on exceeding TCPSNDBUF.
* #80246: A leak in PRIVVMPAGES on mapping zero pages.
* #91898: The HP CISS driver should be updated.
* #83180: [CPT]: vzmigrate does not print the name of the file that it fails to open.
'''The following OpenVZ bugs have been fixed:'''
* {{bug|666}}: Incorrect carrier state determination for 802.3ad bonding mode.
* {{bug|541}}: vzquota should handle correctly NULL sb->put_super, in particular on NFS.
* {{bug|642}}: The support for tun/tap devices online migration is required.
</noinclude>
* Rebase to RHEL4u6 kernel (2.6.9-67.EL4).
* Security updates, driver updates, other fixes.
=== Config changes ===
Same as [[Download/kernel/rhel4/023stab044.11|023stab044.11]] plus:
* Added:
** +CONFIG_QLA_IOCTLMOD=m
** +CONFIG_SCSI_QLA6312=m
** +CONFIG_SCSI_QLA24XX=m
** +CONFIG_PATA_PDC2027X=m
** +CONFIG_PATA_JMICRON=m
** +CONFIG_E1000E=m
** +CONFIG_IGB=m
** +CONFIG_CHELSIO_T3=m
** +CONFIG_NETXEN_NIC=m
* Removed:
** -CONFIG_SCSI_QLA2XXX_FAILOVER=y
=== Update description ===
<includeonly>[[{{PAGENAME}}/changes|Read more...]]</includeonly><noinclude>
'''The updated kernel includes fixes for the following security
vulnerabilities:'''
* A memory leak in the Red Hat Content Accelerator kernel patch in both the Linux Red Hat and OpenVZ kernels allows local users to cause a denial of service (memory exhaustion) via a large number of open requests involving O_ATOMICLOOKUP (CVE-2007-5494).
* The wait_task_stopped() function both in the Linux and OpenVZ kernels checks the TASK_TRACED bit instead of the exit_state value, which allows local users to cause a denial of service (server crash) via unspecified vectors (CVE-2007-5500).
'''The updated kernel includes fixes for the following issues:'''
* ext3 may become corrupted due to the presence of bad inodes in the orphan list. The following message may accompany the corruption:
<pre class="simple">
EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file (37901290), 0.
Inode 00000101a15b7840: orphan list check failed!
</pre>
* [CIFS]: A memory corruption due to bad error handling in the cifs code may cause an unexpected system behavior. The following message may accompany the memory corruption:
<pre class="simple">
CIFS VFS: Invalid size SMB length 4 pdu_length 4
</pre>
* Reducing the number of CPUs to be available to a VE using the "-- cpus" option of the "vzctl set" command may cause a system crash.
* [CPT]: In kernels with the 4GB split technology enabled (x86 architecture, enterprise kernel), online migration may fail due to a bug in the kernel/userspace segmentation handling in the CPT restoration code.
* [CPT]: Under certain circumstances, /proc is considered as an external mount point, which causes online migration to fail.
* [CPT]: Migrating a VE with the Oracle application installed may fail due to a bug in the process start time restoration.
* The network does not operate if network interfaces are configured in the 802.3ad bonding mode.
* [ext3]: A non-destructive assertion accomplishes with the following message:
<pre class="simple">
Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363:
"drop_count != 0 || cleanup_ret != 0"
</pre>
* A kernel memory leak in the IPC code may occur due to a mistake in managing already locked segments in both the Linux Red Hat and OpenVZ kernels.
* A user beancounter (UB) reference leak may occur causing the UB information to remain in /proc/user_beancounters after a VE is stopped.
* A missed process wake-up may stall data transfer if the value of the TCPSNDBUF parameter has been exceeded.
* A leak in PRIVVMPAGES may occur on mapping zero pages (for example, when copying from /dev/zero).
* Unmounting an NFS partition having the simfs filesystem mounted over it and vzquota enabled may cause a system crash.
'''The updated kernel includes a number of updated drivers:'''
* HP Controller SA5xxx SA6xxx driver
(cciss driver 2.6.16.RH1 version)
* Universal TUN/TAP device driver
(tun driver 1.6 version)
'''Besides, the new kernel includes the following improvements:'''
* The kernel has been re-based on the 2.6.9-67.EL4 Red Hat kernel.
* The support for the tun/tap devices online migration has been added.
* [CPT]: vzmigrate error messages have been made more verbose.
==== Bugs fixed ====
'''The following bugs from the previous release have been fixed in the new
kernel:'''
* #92189: A memory leak caused by an application which uses O_ATOMICLOOKUP flag for open() call (CVE-2007-5494).
* #96307: wait_task_stopped() incorrectly checks the process state (CVE-2007-5500).
* #83419: ext3 orphan list corruption due to bad inodes in the list.
* #93807: [CIFS]: incorrect kernel_recvmsg() error handling in cifs code.
* #93979: [CPT]: A forked process should re-copy vcpu from current process because the old one could become invalid.
* #85041: [CPT] [4GB split]: Missed KERNEL_DS handling in CPT restoration code.
* #87718: [CPT]: Incorrect mount type determination (internal/external).
* #96300: [CPT]: A process start time was restored incorrectly during the online migration.
* #79891: [ext3]: JBD cleanup code could skip the last buffer in the list to be deleted.
* #78998: A possible kernel memory leak in IPC code.
* #77231: A potential beancounter refcount leak.
* #89127: A missed wakeup on exceeding TCPSNDBUF.
* #80246: A leak in PRIVVMPAGES on mapping zero pages.
* #91898: The HP CISS driver should be updated.
* #83180: [CPT]: vzmigrate does not print the name of the file that it fails to open.
'''The following OpenVZ bugs have been fixed:'''
* {{bug|666}}: Incorrect carrier state determination for 802.3ad bonding mode.
* {{bug|541}}: vzquota should handle correctly NULL sb->put_super, in particular on NFS.
* {{bug|642}}: The support for tun/tap devices online migration is required.
</noinclude>