RHSA-2018:1967 Important: kernel-alt security and bug fix update

Updated

The kernel-alt packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Security Fixes are described in RHSA-2018:1967.

This update fixes the following bugs :

  • Using a Mellanox CX5 adapter card caused a race condition in the clxlib memory management. As a consequence, the mlx5 driver became unresponsive. This update fixes clxlib, and mlx5 no longer hangs in the described scenario. (This content is not included.BZ#1564420)

  • Previously, the kernel did not correctly handle the exceptions generated while the CPU was executing the system firmware code. As a consequence, the kernel did not recover properly after such an exception. This update improves the kernel's handling of exceptions caused by the firmware. As a result, the kernel recovers properly in the described scenario. (This content is not included.BZ#1566995)

  • Previously, on systems using the IBM POWER CPU architectures, the generic kernel functions were used to report Spectre mitigations through files stored in the /sys/devices/system/cpu/vulnerabilities folder. As a consequence, the Spectre mitigations were in some cases reported incorrectly. This update introduces the new 'security flags' approach, and adds and improves the files in the /sys/devices/system/cpu/vulnerabilities folder. As a result, the mitigations are reported correctly. (This content is not included.BZ#1566998)

  • Previously, the Meltdown mitigation on systems using the IBM POWER CPU architectures was not updated after migrating logical partitions (LPAR). As a consequence, the proper type of Meltdown mitigation was not used in some cases because the available mitigation instructions differed between the source and destination systems. With this update, the return from interrupt (RFI) flush setup is called after LPAR migration. As a result, the best available Meltdown mitigation is selected after LPAR migration. (This content is not included.BZ#1567002)

  • On systems with high input/output (I/O) activity, the megaraid and mpt3sas storage drivers used 32-bit atomic descriptors to send I/O to Ventura series controllers. As a consequence, the I/O communication timed out. With this update, megaraid and mpt3sas use 64-bit atomic descriptors instead. As a result, under high I/O conditions, the timeout no longer occurs. (This content is not included.BZ#1569396)

  • In the kernel version 4.14, certain operations failed if a file system was mounted with the OverlayFS mounting mechanism. As a consequence, a guest program trying to access the file system became unresponsive. This update fixes the bug, and OverlayFS no longer hangs. (This content is not included.BZ#1570546)

  • Previously, dirty cache lines occasionally caused a hypervisor maintenance interrupt (HMI) when memory was plugged back after the GPU reset operation. As a consequence, the system terminated unexpectedly. With this update, a cache flush is triggered on memory hot unplug. As a result, the system no longer crashes due to HMIs. (This content is not included.BZ#1575528)

  • Previously, a limited number of address translation shootdown (ATSD) registers of the Network Processing Unit (NPU) and a limited bandwidth of GPU to process ATSDs led to contention of ATSD registers. As a consequence, soft lockups appeared on certain threads. This update ensures that when an address invalidation range exceeds 2 MB threshold, the entire Translation Lookaside Buffer (TLB) on the GPU for the given PID is invalidated rather than each specific address in the range. As a result, soft lockups no longer occur in the specified scenario. (This content is not included.BZ#1576515)

  • Previously, the init and destroy operations of NVLink Processing Unit (NPU) context were not sychronized properly. As a consequence, it was possible to free the NPU context while still in use, which could cause invalid memory access. This update synchronizes the init and destroy operations. Subsequently, the update prevents overwriting the NPU context pointers to release the callback function and argument. As a result, the init and destroy operations are properly synchronized and do not allow to use the already freed NPU context. (This content is not included.BZ#1577757)

  • The previous patch increased memory block size to 1 GB on Radix style Memory Management Units (MMU) as a temporary solution to hot unplug crashes. As a consequence, performance was impacted for any application or benchmark, which was demanding for GPU memory. Subsequently, the total GPU memory was no longer available. This update fixes the issue by changing the memory block size from 1 GB back to 256 MB. As a result, the performance and total GPU memory issues no longer appear in the described scenario. (This content is not included.BZ#1577766)

  • When two or more tasks attempted to shrink the dentry cache at the same time, severe system slowdown occurred. This update enables a shrink task to progress by suspending the other shrink tasks. As a result, shrinking the dentry cache no longer causes significant slowdown of the system. (This content is not included.BZ#1577768)

Article Type