RHSA-2017:1308 Important: kernel security, bug fix, and enhancement update

Updated

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from CVE links.

This update also fixes the following bugs:

  • When running the kdump mechanism on Haswell-EP servers, a kernel panic in the kdump kernel as follows in some cases occurred. Consequently, the vmcore was not collected. This update fixes the hswep_uncore_cpu_init() function. As a result, the kernel no longer panics and the vmcore is now collected successfully under the described circumstances. This content is not included.BZ#1426633

  • When using the mpt3sas controller under heavy I/O load, non-aligned read and write operations in some cases could not be performed, and various error messages were displayed. This update fixes the mpt3sas driver to align unaligned completions of the file system requests. As a result, read and write operations are now aligned correctly and without error messages under the described circumstances. This content is not included.BZ#1430809

  • Previously, the KVM module exported all XSAVE features of a KVM host, which included even features that were not used by a guest running on the host. Consequently, the KVM guest became unresponsive during the live migration to a host that did not support all XSAVE features of the original host. With this update, the underlying source code has been fixed to export only the XSAVE features used by the guest. As a result, live migration no longer fails due to unused host features. This content is not included.BZ#1431150

  • When a VXLAN or Geneve tunnel between two Red Hat Enterprise Linux 7.3 hosts was used and Generic Receive Offload (GRO) was enabled with Receive Side Scaling (RSS) configured to include UDP ports (ethtool -U eth0 rx-flow-hash udp4sdfn), traffic flowing through the tunnel exhibited substantial packet loss. This update fixes the underlying source code of the IP tunnel. As a result, the system performance has been improved and the packet loss no longer occurs under the described circumstances. This content is not included.BZ#1431197

  • When running the xfs_fsr utility on files that contain speculative preallocation extents, a kernel panic occurred. The panic was caused by a miscalculation in situations with a NULL pointer dereference in the xfs_trans_log_inode() function. This update fixes the internal extent accounting, and the kernel no longer panics under the described circumstances. This content is not included.BZ#1432154

  • When using the Global File System 2 (GFS2), improper rcu locking or data structure alignment when looking up GFS2 locks (glocks) previously sometimes led to the "fatal: invalid metadata block" error and withdrawing from GFS2. Consequently, GFS2 became inaccessible until the files were unmounted and mounted again. In certain cases, the operating system had to be rebooted before using GFS2 again. This update fixes GFS2 rcu locking and alignment of glock lookups. As a result, glocks are now found as expected, and the described problem no longer occurs. This content is not included.BZ#1432554

  • Previously, failing to check if a socket was locked by user space led to a race condition between user space and processing of Internet Control Message Protocol (ICMP) redirects. Consequently, a kernel panic occurred. With this update, the underlying source code has been fixed to skip processing of ICMP redirect if the socket is locked by user space, thus avoiding the race condition. As a result, the kernel no longer panics under the described circumstances. This content is not included.BZ#1433265

  • When the "watchdog_thresh" parameter was changed on an overloaded system, a false hard lockup occurred under certain circumstances. With this update, the underlying source code has been fixed, and the described problem no longer occurs. This content is not included.BZ#1433267

  • Previously, the GETNEXTQUOTA and XGETNEXTQUOTA quotactl subcommands wrapped to ID zero if a quota ID near the maximum ID was requested. Consequently, applications that attempted to iterate over all possible quota IDs, in some cases looped and became unresponsive. With this update, XFS has been fixed to not wrap the quota ID in the xfs_dq_get_next_id() function. As a result, applications no longer become unresponsive in the described situation. This content is not included.BZ#1433415

  • Previously, a kernel crash occurred in some cases due to an unlock problem in the jbd2 driver. With this update, the incorrect unlock in jbd2 has been fixed, and the kernel no longer crashes in the described scenario. This content is not included.BZ#1433881

  • Previously, the check of size of reassembled packets during refragmentation on a Linux bridge with netfilter loaded and with the "net.bridge.bridge-nf-call-ip6tables" sysctl enabled was insufficient. Consequently, the packets were not refragmented to the correct maximum lengths, and they could not reach their destination. This update fixes the check of size of the reassembled packets. As a result, such packets are now refragmented to the correct maximum lengths and reach their destination as expected. This content is not included.BZ#1434589

  • In case of a duplicate IPv6 address or an issue with setting an address, a race condition occurred. This race condition sometimes caused address reference counting leak. Consequently, attempts to unregister a network device failed with the following error message: "unregister_netdevice: waiting for to become free. Usage count = 1". With this update, the underlying source code has been fixed, and network devices now unregister as expected in the described situation. This content is not included.BZ#1436588

  • Previously, attempts to unregister the Macvlan driver failed with broken sysfs links from or to devices in another namespace. With this update, Macvlan has been fixed thus fixing this bug. This content is not included.BZ#1436646

  • When attempting to delete or truncate a big file, the Global File System 2 (GFS2) in some cases requested more blocks than the entire journal contained. Consequently, the request could not be fulfilled, GFS2 became unresponsive and GFS2 files had to be unmounted and remounted again. In some cases, the operating system had to be rebooted. With this update, GFS2 has been fixed to check for the maximum number of journal blocks, and never requests more than this maximum. If necessary, the delete or truncate is split into multiple transactions. As a result, GFS2 can now delete and truncate big files without problems. This content is not included.BZ#1437126

  • When opening and creating a file using O_EXCL on an NFS v4.0 mount, the client sometimes failed to send the mode of a file in a SETATTR after the file has been opened. Consequently, the file had an incorrect file mode. With this update, the underlying code has been fixed, and the client properly sends the file mode in a SETATTR request after the OPEN. This content is not included.BZ#1437967

  • Previously, the VLAN promiscuous mode with Single Root I/O Virtualization (SR-IOV) enabled did not function properly. If one Virtual Function (VF) was put into promiscuous mode, then all VFs on the same Network Interface Controller (NIC) were put into promiscuous mode as well. This update fixes the ixgbe driver, and VLAN promiscuous mode with SR-IOV now works as expected. This content is not included.BZ#1438421

  • Previously, it was possible that multiple CPUs called the crash_fadump() function simultaneously during the kdump capture. Consequently, the kdump mechanism failed to create the dump file. This update fixes the race condition in the crash_fadump() function, and kdump now creates the dump file as expected under the described circumstances. This content is not included.BZ#1439810

  • With this update, hcall has been added to the Linux kernel on IBM Power systems. This hcall cleans the entire memory management unit (MMU) hash table, ignoring any Virtualized Real Mode Area (VRMA) mappings. As a result, the time that is needed by the kexec mechanism to boot the new kernel has been reduced to 1 minute instead of previous 4 minutes. This content is not included.BZ#1439812

  • When running Red Hat Enterprise Linux on an NFSv4 client connected to an NFSv4 server, the "id" command showed incorrect UIDs and GIDs after the key expired out of the NFS idmapper keyring. The problem persisted for 5 minutes, until the expired keys were garbage collected, after which the new key was created in the keyring and the "id" command provided the correct output. With this update, the keyring facility has been fixed, and the "id" command no longer shows incorrect output under the described circumstances. This content is not included.BZ#1441287

  • Previously, the attempts to remove the ses module from the Linux kernel with the "rmmod ses" command caused memory corruption. Consequently, a kernel panic occurred. This update fixes the device_del() function in the ses driver, and the kernel no longer panics under the described circumstances. This content is not included.BZ#1441544

  • Previously, a race condition in the Symmetric Multi Processing (SMP) mechanism occasionally caused corruption of the kernel scheduler data structures on the little-endian variant of IBM Power Systems. This update fixes the ordering race in SMP, and the kernel scheduler data structures are no longer corrupted under the described circumstances. This content is not included.BZ#1441547

  • Previously, the physical package ID retrieved from the Advanced Programmable Interrupt Controller (APIC) differed from the CPUID. Consequently, the physical package ID did not match the firmware ID, and a kernel panic occurred. This update fixes the identify_cpu() function, and the kernel no longer panics due to mismatch between physical package ID and firmware ID. This content is not included.BZ#1441643

  • Previously, significant performance regression occurred after disabling and re-enabling a core. This update fixes the kernel scheduler, and the system performance is no longer reduced under the described circumstances. This content is not included.BZ#1441645

  • When the operating system was booted with the kernel parameter maxcpus set to 2 (maxcpus=2), a kernel panic occurred due to a crash in the Intel RAPL driver. This update enhances the package handling by the perf utility to be more robust, and the kernel no longer panics under the described circumstances. This content is not included.BZ#1443902

  • Previously, incorrect setup of Page Modification Logging (PML), a virtualization feature introduced by Intel Xeon v4 processors, caused memory corruptions and possible crashes during the execution of virtual machines. With this update, the PML setup has been fixed, and the kernel no longer causes memory corruption when running on these processors. This content is not included.BZ#1431666

  • This update enhances the i40e driver to be more specific about what can and cannot be offloaded and therefore prevents possible transmission issues. This content is not included.BZ#1433273

  • When a large number of concurrent connections was open on the same tcp socket, the soft lockup for tcp and dccp sockets occasionally occurred. This update fixes the kernel lookup code to explicitly check for pending tasks and eventually reschedule the tasks after processing every list chunk. As a result, the soft lockup no longer occurs under the described circumstances. This content is not included.BZ#1433320

  • When the GFS2 file system encounters an internal consistency error, such as values that do no match, GFS2 is withdrawn from to maintain its metadata integrity. This forces users to unmount and remount the file system before using it again. In some cases, the situation leading to the GFS2 withdrawal caused a kernel panic, which is an incorrect behavior unless the file system is mounted with the "errors=panic" option. With this update, GFS2 has been fixed to avoid the incorrect references to internal data structures after the withdrawal. As a result, GFS2 file system withdrawal causes fewer kernel panics, and the file system is safely unmounted under the described circumstances. This content is not included.BZ#1433882

  • Previously, the vmw_pvscsi driver reported most successful aborts as FAILED due to a bug in vmw_pvscsi abort handler. This update fixes the handler, and successful aborts are no longer reported as FAILED. This content is not included.BZ#1435764

  • Previously, when a virtio RNG device was enabled, hwrng kernel thread got blocked due to a race condition in the virtio_read() function. Consequently, high load average in Red Hat Enterprise Linux guest occurred. With this update, the virtio-rng driver has been fixed, and high load average no longer occurs under the described circumstances. This content is not included.BZ#1443503

Article Type