RHSA-2018:2846 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Security Fixes are described in RHSA-2018:2846.

This update also fixes the following bugs:

• Previously, the gfs2_grow utility did not expand the resource group index (rindex) system file properly. As a consequence, it was not possible to add new space to a gfs2 filesystem with gfs2_grow. This update adds an exception for the rindex space estimate calculations. As a result, gfs2_grow is able to expand rindex properly and add new space to a gfs2 file system. (This content is not included.BZ#1384184)

• Previously, the system may have used outdated volume information when defining a new CKD storage volume at the storage server. As a consequence, setting the Direct Access Storage Device (DASD) storage device online led to one of the following errors:

  1. Command reject errors for a minidisk on the z/VM virtual machine operating system.

  2. Equipment check errors on Logical Partitioning (LPAR) or for dedicated devices on the z/VM virtual machine operating system.

This patch checks whether the volume information data is out-of-date by comparing it against the up-to-date information provided during online processing via the device-specific SNEQ. If there is a difference, the data is re-read. As a result, neither of the errors above appear in the described scenario. (This content is not included.BZ#1574448)

• Previously, the kernel source code lacked support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected". This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)", where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". (This content is not included.BZ#1585299)

• After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. As a result, both threads are now detected correctly in the described situation. (This content is not included.BZ#1623255)

• When the Interrupt Request (IRQ) handler discovered that one of the I/O channel commands failed and scheduled a recovery, IRQ blocked further command requests from being submitted. As a consequence, the command request prevented the recovery from making progress until the request timed out. This update resolves the issue, and as a result, the command request no longer prevents the recovery in the described scenario. (This content is not included.BZ#1562009)

• Previously, a path verification of Direct Access Storage Devices (DASD) sometimes failed and reported that the path was online and not used by the DASD device driver. As a consequence, two concurrent path verification workers for the same device might kill each other's requests due to the immediate sleep_on function for recovery. This update implements a device flag which signals a running path verification worker. As a result, two parallel path verification workers no longer conflict with each other and DASD is able to use a path verification in the described scenario. (This content is not included.BZ#1581684)

• Since the Completion Queue (CQ) / Queue Asynchronous Operation Block (QAOB) support was added, calling the qdio_free() function immediately after the qdio_alloc() function, caused the qdio_release_memory() function to access uninitialized memory including calling kmem_cache_free() on an uninitialized array of pointers (Array of Bytes (AOB) addresses). As a consequence, it was not possible to handle the kernel pointer dereference in qdio_release_memory(). With this update, the structure is now zero-allocated, and the bug does not appear in the described scenario anymore. (This content is not included.BZ#1581685)