Issued:

2012-03-07

Updated:

2012-03-07

RHBA-2012:0361 - kernel bug fix

Synopsis

kernel bug fix

Type/Severity

Bug Fix Advisory

Topic

Updated kernel packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Bug fixes:

• The root user without the CAP_SYS_ADMIN capability was able to reset the contents of the "/proc/sys/kernel/dmesg_restrict" configuration file to 0. Consequently, the unprivileged root user could bypass the protection of the "dmesg_restrict" file and read the kernel ring buffer. This update ensures that only the root user with the CAP_SYS_ADMIN capability is allowed to write to the dmesg_restrict file. Any unauthorized attempt on writing to this file now fails with an EPERM error. (BZ#749246)

• An Ethernet physical transceiver (a PHY chip) was always powered up when a network interface card (NIC) using the igb driver was brought down. Recent changes had modified the kernel so that the PHY chip was powered down in such a scenario. With this PHY power saving feature, the PHY chip could unexpectedly lose its settings on rare occasions. Consequently, the PHY chip did not recover after the NIC had been re-attached and the NIC could not be brought up. The igb driver has been modified so that the PHY chip is now reset when the NIC is re-attached to the network. NICs using the igb driver are brought up as expected. (BZ#786168)

• The way how the kernel processes dentries in the dcache when unmounting file systems allowed the concurrent activity on the list of dentries. If the list was large enough, the kernel could, under certain circumstances, panic due to NMI watchdog timeout triggered by the waiting concurrent process. This update modifies underlying functions to use a private dcache list for certain operations on the dcache so that concurrent activities are no longer affected in this scenario. (BZ#789369)

• The Abstract Control Model (ACM) driver uses spinlocks to protect the lists of USB Request Blocks (URBs) and read buffers maintained by the driver. Previously, when a USB device used the ACM interface, a race condition between scheduled ACM tasklets could occur. Consequently, the system could enter a deadlock situation because tasklets could take spinlocks without disabling interrupt requests (IRQs). This situation resulted in various types of soft lockups ending up with a kernel panic. This update fixes the problem so that IRQs are disabled when a spinlock is taken. Deadlocks no longer occur and the kernel no longer crashes in this scenario. (BZ#790778)

• A recent change in the QLogic qla2xxx driver introduced a bug which could, under rare circumstances, cause the system to become unresponsive. This problem occurred during I/O error recovery on systems using SAN configurations with QLogic Fibre Channel Hot Bus Adapters (HBAs). This update corrects the qla2xxx driver so the system no longer hangs in this scenario. (BZ#790907)

• Due to recent changes in the tg3 driver, the driver attempted to use an already freed pointer to a socket buffer (SKB) when the NIC was recovering from unsuccessful memory mapping. Consequently, the NIC went offline and the kernel panicked. With this update, the SKB pointer is newly allocated in this scenario. The NIC recovers as expected and a kernel panic does not occur. Also, the tg3 driver could, under certain circumstances, attempt to unmap a memory fragment that had not been mapped. Consequently, the kernel panicked. This update fixes the bug by correcting the "last" parameter supplied. (BZ#790910)

• When a network interface card (NIC) with a fan experiences a fan failure, the PHY chip is usually powered down by its firmware. Previously, the bnx2x driver did not handle fan failures correctly, which could trigger a non-maskable interrupt (NMI). Consequently, the kernel could crash or panic. This update modifies the bnx2x driver to handle fan failures properly, the NIC is now shut down as expected and the kernel does not crash in this scenario. (BZ#790912)

All users are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

Affected Products

Updated Packages

• kernel-debug-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-debug-devel-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-headers-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-debug-debuginfo-2.6.18-308.1.1.el5.s390x.rpm
• kernel-headers-2.6.18-308.1.1.el5.s390x.rpm
• kernel-debug-debuginfo-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-kdump-debuginfo-2.6.18-308.1.1.el5.s390x.rpm
• kernel-kdump-devel-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-xen-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-2.6.18-308.1.1.el5.ia64.rpm
• kernel-debug-2.6.18-308.1.1.el5.ia64.rpm
• kernel-debug-2.6.18-308.1.1.el5.s390x.rpm
• kernel-debuginfo-common-2.6.18-308.1.1.el5.s390x.rpm
• kernel-debug-debuginfo-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-xen-2.6.18-308.1.1.el5.i686.rpm
• kernel-debug-debuginfo-2.6.18-308.1.1.el5.i686.rpm
• kernel-kdump-devel-2.6.18-308.1.1.el5.s390x.rpm
• kernel-debug-devel-2.6.18-308.1.1.el5.s390x.rpm
• kernel-devel-2.6.18-308.1.1.el5.ia64.rpm
• kernel-doc-2.6.18-308.1.1.el5.noarch.rpm
• kernel-PAE-devel-2.6.18-308.1.1.el5.i686.rpm
• kernel-2.6.18-308.1.1.el5.src.rpm
• kernel-headers-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-xen-debuginfo-2.6.18-308.1.1.el5.ia64.rpm
• kernel-headers-2.6.18-308.1.1.el5.ia64.rpm
• kernel-debuginfo-2.6.18-308.1.1.el5.ia64.rpm
• kernel-debuginfo-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-debug-devel-2.6.18-308.1.1.el5.i686.rpm
• kernel-PAE-2.6.18-308.1.1.el5.i686.rpm
• kernel-xen-devel-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-2.6.18-308.1.1.el5.s390x.rpm
• kernel-debuginfo-common-2.6.18-308.1.1.el5.i686.rpm
• kernel-2.6.18-308.1.1.el5.i686.rpm
• kernel-devel-2.6.18-308.1.1.el5.i686.rpm
• kernel-devel-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-headers-2.6.18-308.1.1.el5.ppc.rpm
• kernel-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-kdump-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-debug-debuginfo-2.6.18-308.1.1.el5.ia64.rpm
• kernel-xen-2.6.18-308.1.1.el5.ia64.rpm
• kernel-debuginfo-common-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-debuginfo-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-debuginfo-common-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-headers-2.6.18-308.1.1.el5.i386.rpm
• kernel-debug-devel-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-kdump-debuginfo-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-devel-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-xen-devel-2.6.18-308.1.1.el5.ia64.rpm
• kernel-xen-devel-2.6.18-308.1.1.el5.i686.rpm
• kernel-debug-2.6.18-308.1.1.el5.i686.rpm
• kernel-debuginfo-2.6.18-308.1.1.el5.s390x.rpm
• kernel-debuginfo-common-2.6.18-308.1.1.el5.ia64.rpm
• kernel-PAE-debuginfo-2.6.18-308.1.1.el5.i686.rpm
• kernel-debug-devel-2.6.18-308.1.1.el5.ia64.rpm
• kernel-xen-debuginfo-2.6.18-308.1.1.el5.x86_64.rpm
• kernel-debug-2.6.18-308.1.1.el5.ppc64.rpm
• kernel-kdump-2.6.18-308.1.1.el5.s390x.rpm
• kernel-debuginfo-2.6.18-308.1.1.el5.i686.rpm
• kernel-xen-debuginfo-2.6.18-308.1.1.el5.i686.rpm
• kernel-devel-2.6.18-308.1.1.el5.s390x.rpm

Fixes

(none)

CVEs

• CVE-2011-4080

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.