RHSA-2015:1221 Moderate: kernel security, bug fix, and enhancement update

Updated

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

This update fixes the following bugs:

  • Previously, when the sb_edac driver was loaded on an Intel Xeon v3 server with imbalanced Dual In-line Memory Module (DIMM) configuration between two Home Agents, either a kernel panic occurred or sb_edac did not work at all. The underlying source code has been fixed, and sb_edac is now loaded successfully, without causing a kernel panic. (This content is not included.BZ#1213468)

  • Red Hat Enterprise Linux 6.6 incorporated a patch to fix a readahead() failure condition where the max_sane_readahead() function returned zero (0) on a CPU whose NUMA node had no local memory (Content from https is not included.BZ#862177). The patch forced a hard upper limit of 2 MB for readahead(), as it changed max_sane_readahead(). The aforementioned change, despite fixing the corner case, caused problems to other ordinary workloads that rely on readahead() or posix_fadvise(WILLNEED) syscalls to get most of the file populating system cache. To fix this bug, NR_INACTIVE_FILE and NR_FREE_PAGES of max_sane_readahead() are considered to derive a sensible and adjustable readahead() upper limit, while keeping the 2 MB ceiling scheme introduced as a fix for This content is not included.BZ#862177. (This content is not included.BZ#1215755)

  • The tun utility previously did not support hardware VLAN tx tagging, which caused kernel to spend extra cycles to insert the VLAN TCI field into the packet during transmission. Consequently, VLAN tx performance for tun was limited since the extra cycles spent on TCI insertion. To fix this bug, the hardware VLAN tx feature has been implemented through coping the VLAN TCI into user space buffers directly, and performance has thus improved for tun VLAN transmission. (This content is not included.BZ#1217189)

  • Previously, direct I/O writes extending a parallel file could race to update the size of the file. If they executed in the out-of-order manner, the file size could move backwards and push a previously completed write beyond EOF, causing it to be lost. With this update, file size updates always execute in appropriate order, thus fixing this bug. (This content is not included.BZ#1218499)

  • When the load rose and run queues were busy due to the effects of the enqueue_entity() function, tasks with large sched_entity.vruntime values could previously be prevented from using the CPU time. A patch eliminating the entity_key() function in the sched_fair.c latency value has been backported from upstream, and all tasks are now provided with fair CPU runtime. (This content is not included.BZ#1219123)

  • Previously, running the clock_gettime() function quickly in a loop could result in a jump back in time. As a consequence, programs could behave unexpectedly when they assumed that clock_gettime() returned equal or increasing times in subsequent calls. With this update, if the time delta between calls is negative, the clock is not updated, and subsequent calls to clock_gettime() is guaranteed to return a time greater than or equal to a previous call. (This content is not included.BZ#1219501)

  • Prior to this update, GFS2 was susceptible to a race condition which could cause journal recovery (following a withdrawal) to fail to acquire journal lock. As a consequence, all nodes could become blocked waiting for the journal recovery to complete. This patch allows the recovering node to retry acquiring the journal lock a few times before withdrawing in order to allow an imminent lock release from the withdrawing node, and thus complete before the last retry. As a result, all nodes are mounted successfully. (This content is not included.BZ#1222588)

  • Due to a regression, a client connected via TCP to the server sent SYN packets to connect but these were dropped by the kernel. Consequently, the client timed out and CLOSE_WAIT sockets were never cleaned up. With this update, the client sends SYN packets to connect, the kernel sends challenge ACK packets in response, and the client sends RST packets in turn. As a result, the CLOSE_WAIT sockets are cleaned up, and the client can successfully connect on its next attempt. (This content is not included.BZ#1227468)

  • The changes in VLAN driver code (This content is not included.BZ#1221844) caused a kernel warning to be printed when checking packets for TCP Segmentation Offload (TSO). To resolve this bug, a more careful check has been added to the network core to make sure features are not dropped unnecessarily. (This content is not included.BZ#1231690)

  • Due to a different value of the checksum offload setting for the bridge device when configuring a VLAN interface on top of the bridge, the VLAN device could lose all checksum settings and the TCP Segmentation Offload (TSO) feature. As a consequence, performance of the VLAN device became very poor. With this update, checksum and the TSO feature of the VLAN device now match that of the bridge device, which restores the VLAN device performance. (This content is not included.BZ#1221844)

In addition, this update adds the following enhancements:

  • The perf package has been rebased to align with upstream version 3.16. This update also includes all fixes and enhancements from version 3.13, 3.14, and 3.15. There are a number of modified and added parameters for various perf subcommands, as well as a large number of background enhancements. For details about changed behavior, refer to the Performance Tuning Guide. (This content is not included.BZ#1219149)

  • Functions that acquire locks should not be called in critical tracepoint hooks. For this reason, the provided patch exports the tracing clock functions so that they may be used in tracepoint hooks. (This content is not included.BZ#1217986)

  • The kernel could previously handle only a single hugetlb page fault at a time because it used a single mutex that serializes the entire path. With this update, a table of mutexes is used, allowing a better chance of parallelization, where each hugepage is individually serialized. The size of the table is selected based on a compromise of collisions and memory footprint of a series of database workloads. (This content is not included.BZ#1212300)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. The system must be rebooted for this update to take effect.

Product(s)
Category
Components
Tags
Article Type