RHSA-2017:0933 Important: kernel security, bug fix, and enhancement update

Updated

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links.

This update also fixes the following bugs:

  • When resizing the Transmit (TX) and Receive (RX) rings in the sfc driver with the "ethtool -G" command, a kernel protection fault in the napi_hash_add() function occurred on systems with a large number of queues. With this update, the efx_copy_channel()function in the sfc driver has been fixed to correctly clear the napi_hash state. As a result, the sfc kernel module now unloads successfully without the mentioned kernel protection fault. This content is not included.BZ#1401461

  • If some of the seq_file-based files was empty on a first read, successive read operations using the same file descriptor did not return any data, even when the data were available. With this update, the seq_file interface has been fixed, and the data are now read correctly, even in the situation when a seq_file-based file is empty on a first read. This content is not included.BZ#1413681

  • Previously, the PTP (Precision Time Protocol) Hardware Clock (PHC) was not read correctly in the bnx2x driver. Consequently, the user application failed to synchronize the device clock with the PTP master clock and hardware timestamping did not work. This update fixes bnx2x to use the correct divisor value, which is used for converting the clock ticks to nanoseconds, for the PHC readings. As a result, the hardware timestamping now works correctly, and the device clock synchronizes with the master device clock as expected. This content is not included.BZ#1413996

  • Previously, running the "perf probe" command on any function that is called through Local Entry Point (LEP) failed on the little-endian variant of IBM Power Systems. This update fixes the perf utility, and "perf probe" now runs as expected even on functions called through LEP. This content is not included.BZ#1414710

  • With this update, the ibmvnic driver has been updated with a set of patches that fix several problems.

The most notable bux fixes are:

  • Return error code from the dma_map_single error handling case has been fixed
  • GFP_KERNEL allocation in the interrupt context has been fixed
  • The net device has been updated to reflect new Maximum Transmission Unit (MTU)
  • Releasing of sub-CRQ Interrupt Requests in the interrupt context has been fixed
  • The init_sub_crq_irq() functions have been fixed
  • Completion queue negotiation has been fixed to start at server-provided optimum values

This content is not included.BZ#1415144

  • When a cgroup was low on memory and this cgroup was trying to reclaim the memory, Btrfs sometimes ended in a recursive loop, which cause stack overflow. With this update, the memcontrol subsystem has been fixed to not recurse in direct reclaim. As a result, Btrfs no longer ends in a recursive loop and stack overflow no longer occurs under the described circumstances. This content is not included.BZ#1417192

  • The ibmvnic driver has been updated to support Single Root I/O Virtualization (SR-IOV) Virtual Network Interface Card (VNIC) Server/Backing Device Failover. As a result, IBM VNIC protocol can now configure additional backing devices for a VNIC client. In case of a failure on the current backing device, the driver receives a signal from the hypervisor indicating an upcoming failover. The driver then waits for a message from the backing device and establishes a new connection. This content is not included.BZ#1418309

  • Previously, memory allocation in the libceph kernel module did not work correctly. Consequently, the file system on a RADOS Block Device (RBD) could become unresponsive in the situations under high memory pressure. With this update, the underlying source code has been fixed, and the file system no longer hangs in the described scenario. This content is not included.BZ#1418316

  • Using the systool command sometimes caused the operating system to terminate unexpectedly due to a race condition in the qla2xxx optrom functions. This update fixes the qla2xxx driver to get the mutex lock before checking the optrom_state parameter, and thus prevents the race condition. As a result, the operating system no longer crashes and systool now returns correct data in the described scenario. This content is not included.BZ#1418317

  • When running Red Hat Enterprise Linux on IBM mainframes, a timing problem in some cases occurred during a system call. This update uses the timekeeping_update() function instead of the memcpy() function, and this update also ensures incrementing of the clock_was_set_seq counter in the timekeeping_init() function. As a result, timing problems no longer occur under the described circumstances. This content is not included.BZ#1418947

  • Triggering an Enhanced Error Handling (EEH) mechanism with Memory-mapped I/O (MMIO) operations on the AOC-SG-i2 (igb) adapter led to a NULL pointer dereference in both igb_configure_tx_ring() and igb_configure_rx_ring() functions. Consequently, a kernel crash sometimes occurred. This update fixes the igb driver to reassign the value of the hw_addr pointer in the slot_reset handler after a PCI error. As a result, the kernel crash no longer occurs under the described circumstances. This content is not included.BZ#1419459

  • When using the socket option, Stream Control Transmission Protocol (SCTP) did not process the IPv6-mapped IPv4 addresses from user space correctly. Consequently, SCTP association was not possible to find. This update fixes the sctp_addr_id2transport() function, and it also adds a check and conversion of the af variable before looking up SCTP association in sctp_addr_id2transport(). As a result, SCTP can now handle IPv6-mapped IPv4 addresses correctly, and SCTP association for such IPv4 addresses is now available as expected. This content is not included.BZ#1419837

  • Previously, the FS-Cache did not handle the transition of a cache object to the dead state correctly. The cache object was in some cases requeued for further processing, which led to a race condition in the fscache_object_sm_dispatcher() function. As a consequence, a kernel panic occurred. This update fixes the fscache_object_dead() function to allow the dead state to be processed only once for each cache object, which prevents a kernel panic from occurring. This content is not included.BZ#1420737

  • When the Resource Group (Cluster Service) Manager Daemon (rgmanager) was closing the Distributed Lock Manager (DLM) connections, the operating system occasionally terminated unexpectedly. With this update, DLM has been fixed to free workqueues after the connections are finished. As a result, the operating system no longer crashes in the described scenario. This content is not included.BZ#1421197

  • When a kworker process was trying to write back pages, a series of race conditions between page writeback and page reclaim occurred. This left the page in an invalid state, which sometimes caused a kernel crash to occur. This update fixes these race conditions in the xfs_vm_writepage() function, and the kernel no longer crashes under the described circumstances. This content is not included.BZ#1421203

  • When multiple processes wrote metadata at the same time, Global File System 2 (GFS2) was spending a lot of time needlessly, because every process was waiting for each other process to check if metadata was queued to be written to the journal. Consequently, every process writing to GFS2 was causing an excessive load, and GFS2 performance was suboptimal. With this update, multiple GFS2 writers have been fixed to only check the journal queue when necessary, thus improving GFS2 performance. This content is not included.BZ#1422380

  • The qat driver has been updated for the current Quick Assist Technology (QAT) hardware on Intel Xeon v5 systems.
    This update includes notably:

  • Hardware support for new devices on Intel Xeon v5 systems
  • Support for Diffie-Heilman key exchange
  • Support for Key-agreement Protocol Primitives (KPP) Cipher API for user or kernel key agreement
  • Support for Rivest-Shamir-Adleman (RSA) encryption
    This content is not included.BZ#1422575

  • Previously, the up_pte_range() function did not work on the compound head page of huge pages. Consequently, applications that trigger the __get_user_pages_fast() function on huge-page memory stalled under certain circumstances. This update fixes gup_pte_range(), and the applications no longer stall in the described scenario. This content is not included.BZ#1423438

  • Previously, the Non-volatile Memory Express (NVMe) devices were occasionally not available after reboot. With this update, the ctrl->tagset verification has been removed from the nvme driver. As a result, the NVMe devices are now available after reboot as expected. This content is not included.BZ#1423439

  • When the operating system failed to reset a fenced PCI Host Bridge (PHB) during an Enhanced Error Handling (EEH) event, the EEH event called back into the device driver attempting to reinitialise the device. Consequently, the Open Power Abstraction Layer (OPAL) returned an error and the kernel printed a warning message. This update fixes the checking of post-request state in the eeh_pci_enable() function. As a result, the EEH recovery now correctly aborts under the described circumstances. This content is not included.BZ#1425538

  • This update fixes the Nonmaskable Interrupt (NMI) measurements in the kernel and adds a warning when NMI handlers take large amounts of time. This content is not included.BZ#1425804

  • Enabling Internet Protocol Flow Information Export (IPFIX) on an openvswitch bridge containing a vxlan port previously led to a kernel crash. With this update, the underlying source code has been fixed to properly provide a valid dst_cache to the vxlan_fill_metadata_dst() function. As a result, the kernel no longer crashes under the described circumstances. This content is not included.BZ#1427847

  • When performing CPU hotplug during I/O operations, the operating system sometimes became unresponsive due to a reference leak during the percpu-atomic transition. With this update, the percpu tryget functions have been fixed to use an actual boolean value instead of the atomic long result truncated to an integer value. As a result, the operating system no longer hangs in the described situation. This content is not included.BZ#1429507

  • When a symlink was removed and then recreated on the NFS server or on another NFS client, the NFS client improperly identified the new symlink as being the same inode as the old symlink. Consequently, the readlink on the NFS client received an NFSERR_STALE/NFS4ERR_STALE response and then returned Enhanced Input/Output (EIO) operations to userspace until the minimum lifetime for file attributes had passed. This update fixes the nfs_prime_dcache() function to properly discard the old directory entry when the symlink inode is replaced. As a result, the new symlink is now read correctly. This content is not included.BZ#1429514

  • When removing a non-blk-mq Device Mapper multipath device, a kernel crash in some cases occurred due to a race condition in the dm_table_find_target() function. With this update, the race condition has been fixed, and the kernel no longer crashes in the described situation. This content is not included.BZ#1430334

  • With this update, the lpfc driver for certain models of Emulex Fibre Channel Host Bus Adapters (HBA) has been modified by adding the lpfc_no_hba_reset module parameter. This parameter accepts a list of one or more hexadecimal world-wide port numbers (WWPNs) of HBAs that are not reset during SCSI error handling. As a result, lpfc now allows to control which ports on the HBA are reset during SCSI error handling time, and lpfc also allows to set the eh_deadline parameter, which represents an upper limit of the SCSI error handling time. This content is not included.BZ#1430687

Article Type