RHSA-2015:1137 Important: kernel security and bug fix update

Updated

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

This update fixes the following bugs:

  • Previously, in the kernel transparent hugepage code, memory reads and writes were not appropriately synchronized, which led to transparent huge pages (THP) causing memory corruption. Memory barriers in specific points of the transparent hugepage code have been added, and using THP no longer results in memory corruptions. (This content is not included.BZ#1212977)

  • The handling of access flags for memory pages could trigger a race condition while the page tables were being modified. The race condition could occur at Initial Program Load (IPL), re-IPL, or module load on running Linux instances, and could lead to the system unexpected termination. The bug has been fixed, and the system no longer ends in the aforementioned condition. (This content is not included.BZ#1214788)

  • If a module failed to parse its arguments or if the mod_sysfs_setup() function failed, the module memory was previously freed while being read-only. As a consequence, any program re-useing that memory terminated unexpectedly as soon as it attempted to write to it. This update cleans the RO/NX module after early load failures and clears memory protection, thus preventing crashes from occurring in the described scenario. (This content is not included.BZ#1214403)

  • Previously, NULL pointer dereference leading to kernel panic could occur in case of storvsc driver initialization failure. An upstream patch has been applied to fix this bug, and the kernel panic no longer occurs in the described situation. (This content is not included.BZ#1215770)

  • Setting the TCP_USER_TIMEOUT option using the setsockopt() function previously did not work properly if the connection was stalled on zero-window probes. This behavior also exhibited if the source address was removed from the host and then the packet became unroutable. Both of these cases triggered the TCP persist timer, the value of TCP_USER_TIMEOUT did not take effect, and the persist timer could retry indefinitely before aborting, causing connection to hang forever. With this update, if a TCP connection is in zero-window-probing, the connection is given up if the user supplied a time-out and that user-supplied time-out has been reached. On the other hand, if the application has closed a TCP socket and that TCP connection was stalled on zero-window probes it is now always aborted after both maximum backoff and retransmit timeout have been reached. (This content is not included.BZ#1215924)

  • As the release_date field had been removed from the sysfs() function, some utilities were not able to work correctly and failed to detect controllers. To fix this bug, release_date has been returned, and utilities and controllers now work as expected. (This content is not included.BZ#1216213)

  • For private futexes (fast userspace mutexes), the get_futex_key_refs() function previously completed without a memory barrier. Consequently, a race condition with a thread waiting on a futex on another CPU occurred. An upstream patch set has been backported, which resolves the bug by explicitly adding a memory barrier. (This content is not included.BZ#1219169)

  • On a guest with multiple CPUs, a stale state latched in the interrupt controller could result in a spurious "config changed" interrupt during the boot of a kexec kernel. The spurious interrupt occurred before the second kernel was ready to deal with it, leading to a kernel panic. The code has been changed to correctly detect and ignore such spurious interrupts. (This content is not included.BZ#1220278)

  • Due to a regression, the thymelp2 system terminated unexpectedly when running the set-up general script. As a consequence, the kernel crashed with a segmentation fault. The underlying source code has been fixed, and the kernel no longer crashes in this scenario. (This content is not included.BZ#1213467)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.

Product(s)
Components
Article Type