Product SiteDocumentation Site

1.110.  kernel

1.110.1.  RHSA-2009:1193: Important security and bug fix update


This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1193
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
  • the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important)
  • a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially-crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)
  • Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than could be handled, which could lead to a remote denial of service or code execution. (CVE-2009-1389, Important)
  • the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2009-1895, Important)
  • Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation. A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation. (CVE-2009-2406, CVE-2009-2407, Important)
  • Konstantin Khlebnikov discovered a race condition in the ptrace implementation in the Linux kernel. This race condition can occur when the process tracing and the process being traced participate in a core dump. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial denial of service. (CVE-2009-1388, Moderate)
Bug fixes:
  • possible host (dom0) crash when installing a Xen para-virtualized guest while another para-virtualized guest was rebooting. (BZ#497812)
  • no audit record for a directory removal if the directory and its subtree were recursively watched by an audit rule. (BZ#507561)
  • page caches in memory can be freed up using the Linux kernel's drop_caches feature. If drop_pagecache_sb() and prune_icache() ran concurrently, however, a missing test in drop-pagecache_sb() could cause a kernel panic. For example, running echo 1 > /proc/sys/vm/drop_caches or sysctl .w vm.drop_caches=1 on systems under high memory load could cause a kernel panic or system hang. With this update, the missing test has been added and the drop_cache feature frees up page caches properly. Consequently these system failures no longer occur, even under high memory load. (BZ#503692)
  • on 32-bit systems, core dumps for some multithreaded applications did not include all thread information. (BZ#505322)
  • a stack buffer used by get_event_name() was not large enough for the nul terminator sprintf() writes. This could lead to an invalid pointer or kernel panic. (BZ#506906)
  • when using the aic94xx driver, a system with SATA drives may not boot due to a bug in libsas. (BZ#506029)
  • incorrect stylus button handling when moving it away then returning it to the tablet for Wacom Cintiq 21UX and Intuos tablets. (BZ#508275)
  • CPU "soft lockup" messages and possibly a system hang on systems with certain Broadcom network devices and running the Linux kernel from the kernel-xen package. (BZ#503689)
  • on 64-bit PowerPC, getitimer() failed for programs using the ITIMER_REAL timer and that were also compiled for 64-bit systems (this caused such programs to abort). (BZ#510018)
  • write operations could be blocked even when using O_NONBLOCK. (BZ#510239)
  • enabling MSI on systems with VIA VT3364 chipsets caused a kernel panic or system hang during installation of Red Hat Enterprise Linux or subsequent booting of the operating system. MSI was enabled by default during boot and the "pci=nomsi" boot option to disable MSI was required on Red Hat Enterprise Linux 5.2 and later to avoid this bug. With this update, the kernel automatically disables MSI on VIA VT3364 chipsets during boot. The "pci=nomsi" boot option is no longer required to install or boot Red Hat Enterprise Linux successfully. (BZ#507529)
  • shutting down, destroying, or migrating Xen guests with large amounts of memory could cause other guests to be temporarily unresponsive. (BZ#512311)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.110.2.  RHBA-2009:1151: bug fix update


This update has already been released (prior to the GA of this release) as errata RHBA-2009:1151
Updated kernel packages that fix an issue with HugeTLBfs are now available for Red Hat Enterprise Linux 5.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated kernel packages fix the following bug:
  • HugeTLBFS (Translation Look-Aside Buffer File System) allows much larger page sizes than standard 4-kilobyte pages. The kernel's virtual memory subsystem uses these pages to map between real and virtual memory address spaces, and HugeTLBFS allows for significant performance increases for memory-intensive applications under heavy load. When a file existing on the HugeTLB file system was accessed simultaneously by two separate processes, the system become unresponsive and eventually a soft lockup occurred. These updated packages correct this issue so that simultaneous access of a single file on a HugeTLB file system is no longer problematic. (BZ#510235)
Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which resolve these issues.

1.110.3.  RHBA-2009:1133: bug fix update


This update has already been released (prior to the GA of this release) as errata RHBA-2009:1133
Updated kernel packages that fix several bugs are now available for Red Hat Enterprise Linux 5.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated packages addresses the following bugs:
  • RHSA-2009-1106 included a fix for a rare race condition (BZ#486921). This earlier race condition occurred if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2). Unfortunately, the fix included with RHSA-2009-1106 introduced a new, very small, race condition which presented if the system was swapping heavily or heavily reproducing the conditions that were the cause of BZ#48692. With this update, the parent pte is not set to writable if the src pte is unmapped by the VM, preventing the race condition from occurring. (BZ#507297)
  • the copy_hugetlb_page_range() function assumed it was safe to drop the source mm->page_table_lock before calling hugetlb_cow(). As a consequence a kernel panic occurred when a particular multi-threaded application did Direct IO on a HUGEPAGE-mapped file region and created new processes. With this update, copy_hugetlb_page_range() calls hugetlb_cow() with the locks held, ensuring the panic does not occur. (BZ#508030)
Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which resolve these issues.

1.110.4.  RHSA-2009:1106: Important security and bug fix update


This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1106
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
  • several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. (CVE-2009-1439, CVE-2009-1633, Important)
  • the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users. This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)
  • Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. (CVE-2009-1630, Moderate)
  • a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate)
  • a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak. (CVE-2009-1192, Low)
Bug fixes:
  • a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash. "Busy inodes" messages may have been logged. (BZ#498653)
  • nanosleep() could sleep several milliseconds less than the specified time on Intel Itanium®-based systems. (BZ#500349)
  • LEDs for disk drives in AHCI mode may have displayed a fault state when there were no faults. (BZ#500120)
  • ptrace_do_wait() reported tasks were stopped each time the process doing the trace called wait(), instead of reporting it once. (BZ#486945)
  • epoll_wait() may have caused a system lockup and problems for applications. (BZ#497322)
  • missing capabilities could possibly allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. (BZ#497271)
  • on NFS mounted file systems, heavy write loads may have blocked nfs_getattr() for long periods, causing commands that use stat(2), such as ls, to hang. (BZ#486926)
  • in rare circumstances, if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2), the buffer storing the result of the I/O may have ended up with invalid data. (BZ#486921)
  • when using GFS2, gfs2_quotad may have entered an uninterpretable sleep state. (BZ#501742)
  • with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned. (BZ#499783)
  • the "-fwrapv" flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751)
  • a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)
  • using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance. (BZ#502837)
  • "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes able to use the ptrace() call on a given process; however, certain information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used to reconstruct memory maps. (BZ#499546)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.110.5.  RHSA-2009:0473: Important security and bug fix update


This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0473
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
  • a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)
  • a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the "syscall" number or arguments. (CVE-2009-0834, Important)
  • the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)
  • a flaw was found in the ecryptfs_write_metadata_to_contents() function of the Linux kernel eCryptfs implementation. On systems with a 4096 byte page-size, this flaw may have caused 4096 bytes of uninitialized kernel memory to be written into the eCryptfs file headers, leading to an information leak. Note: Encrypted files created on systems running the vulnerable version of eCryptfs may contain leaked data in the eCryptfs file headers. This update does not remove any leaked data. Refer to the Knowledgebase article in the References section for further information. (CVE-2009-0787, Moderate)
  • the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate)
This update also fixes the following bugs:
  • the enic driver (Cisco 10G Ethernet) did not operate under virtualization. (BZ#472474)
  • network interfaces using the IBM eHEA Ethernet device driver could not be successfully configured under low-memory conditions. (BZ#487035)
  • bonding with the "arp_validate=3" option may have prevented fail overs. (BZ#488064)
  • when running under virtualization, the acpi-cpufreq module wrote "Domain attempted WRMSR" errors to the dmesg log. (BZ#488928)
  • NFS clients may have experienced deadlocks during unmount. (BZ#488929)
  • the ixgbe driver double counted the number of received bytes and packets. (BZ#489459)
  • the Wacom Intuos3 Lens Cursor device did not work correctly with the Wacom Intuos3 12x12 tablet. (BZ#489460)
  • on the Itanium® architecture, nanosleep() caused commands which used it, such as sleep and usleep, to sleep for one second more than expected. (BZ#490434)
  • a panic and corruption of slab cache data structures occurred on 64-bit PowerPC systems when clvmd was running. (BZ#491677)
  • the NONSTOP_TSC feature did not perform correctly on the Intel® microarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)
  • keyboards may not have functioned on IBM eServer System p machines after a certain point during installation or afterward. (BZ#494293)
  • using Device Mapper Multipathing with the qla2xxx driver resulted in frequent path failures. (BZ#495635)
  • if the hypervisor was booted with the dom0_max_vcpus parameter set to less than the actual number of CPUs in the system, and the cpuspeed service was started, the hypervisor could crash. (BZ#495931)
  • using Openswan to provide an IPsec virtual private network eventually resulted in a CPU soft lockup and a system crash. (BZ#496044)
  • it was possible for posix_locks_deadlock() to enter an infinite loop (under the BKL), causing a system hang. (BZ#496842)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.110.6.  RHSA-2009:0326: Important security and bug fix update


This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0326
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security fixes:
  • memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important)
  • Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate)
  • an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate)
  • a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in "/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Moderate)
  • an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN capability was absent (local, unprivileged users could reset driver statistics). (CVE-2009-0675, Moderate)
  • the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure. (CVE-2009-0676, Moderate)
  • the ext2 and ext3 file system code failed to properly handle corrupted data structures, leading to a possible local denial of service when read or write operations were performed on a specially-crafted file system. (CVE-2008-3528, Low)
  • a deficiency was found in the libATA implementation. This could, potentially, lead to a local denial of service. Note: by default, the "/dev/sg*" devices are accessible only to the root user. (CVE-2008-5700, Low)
Bug fixes:
  • a bug in aic94xx may have caused kernel panics during boot on some systems with certain SATA disks. (BZ#485909)
  • a word endianness problem in the qla2xx driver on PowerPC-based machines may have corrupted flash-based devices. (BZ#485908)
  • a memory leak in pipe() may have caused a system deadlock. The workaround in Section 1.5, Known Issues, of the Red Hat Enterprise Linux 5.3 Release Notes Updates, which involved manually allocating extra file descriptors to processes calling do_pipe, is no longer necessary. (BZ#481576)
  • CPU soft-lockups in the network rate estimator. (BZ#481746)
  • bugs in the ixgbe driver caused it to function unreliably on some systems with 16 or more CPU cores. (BZ#483210)
  • the iwl4965 driver may have caused a kernel panic. (BZ#483206)
  • a bug caused NFS attributes to not update for some long-lived NFS mounted file systems. (BZ#483201)
  • unmounting a GFS2 file system may have caused a panic. (BZ#485910)
  • a bug in ptrace() may have caused a panic when single stepping a target. (BZ#487394)
  • on some 64-bit systems, notsc was incorrectly set at boot, causing slow gettimeofday() calls. (BZ#488239)
  • do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#490433)
  • scaling problems caused performance problems for LAPI applications. (BZ#489457)
  • a panic may have occurred on systems using certain Intel WiFi Link 5000 products when booting with the RF Kill switch on. (BZ#489846)
  • the TSC is invariant with C/P/T states, and always runs at constant frequency from now on. (BZ#489310)
All users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.110.7.  RHSA-2009:0264: Important security update


This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0264
Updated kernel packages that resolve several security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update addresses the following security issues:
  • a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031, Important)
  • a buffer overflow in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important)
  • a flaw when handling heavy network traffic on an SMP system with many cores. An attacker who could send a large amount of network traffic could create a denial of service. (CVE-2008-5713, Important)
  • the code for the HFS and HFS Plus (HFS+) file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)
  • a flaw was found in the HFS Plus (HFS+) file system implementation. This could, potentially, lead to a local denial of service when write operations are performed. (CVE-2008-4934, Low)
In addition, these updated packages fix the following bugs:
  • when using the nfsd daemon in a clustered setup, kernel panics appeared seemingly at random. These panics were caused by a race condition in the device-mapper mirror target.
  • the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall returned a smaller timespec value than the result of previous clock_gettime() function execution, which resulted in a negative, and nonsensical, elapsed time value.
  • nfs_create_rpc_client was called with a "flavor" parameter which was usually ignored and ended up unconditionally creating the RPC client with an AUTH_UNIX flavor. This caused problems on AUTH_GSS mounts when the credentials needed to be refreshed. The credops did not match the authorization type, which resulted in the credops dereferencing an incorrect part of the AUTH_UNIX rpc_auth struct.
  • when copy_user_c terminated prematurely due to reading beyond the end of the user buffer and the kernel jumped to the exception table entry, the rsi register was not cleared. This resulted in exiting back to user code with garbage in the rsi register.
  • the hexdump data in s390dbf traces was incomplete. The length of the data traced was incorrect and the SAN payload was read from a different place then it was written to.
  • when using connected mode (CM) in IPoIB on ehca2 hardware, it was not possible to transmit any data.
  • when an application called fork() and pthread_create() many times and, at some point, a thread forked a child and then attempted to call the setpgid() function, then this function failed and returned and ESRCH error value.
Users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: for this update to take effect, the system must be rebooted.

1.110.8.  RHSA-2009:1222: Important security and bug fix update


This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1222
Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated packages fix the following security issues:
  • a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important)
  • a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important)
Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws.
These updated packages also fix the following bug:
  • in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running "cman_tool kill -n [nodename]". (BZ#515432)
Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

1.110.9. RHSA-2009:1243

Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. General Kernel Support

An outline of general kernel updates.
  • KVM guest-smp tlb flushing without mmu-notifiers could corrupt memory as a kernel-based virtual machine (KVM) may add pages to the kernel freelist while another vcpu may still be writing to them through guest mode. This update adds mmu-notifier support to the kernel and also corrects a bug found in an earlier patch wherein mm_struct was grown by existing drivers and caused a failed kABI check. This bug has been corrected by using an index that resides in an unused padding hole to avoid expanding the structure size.(BZ#485718)
  • Pointer and signed arithmetic overflow wrapping has not previously been defined in the Linux kernel. This could cause GCC (GNU C Compiler) to assume that wrapping does not occur and attempt to optimize the arithmetic that the kernel may require for overflow testing. This update adds the -fwrapv variable to GCC CFLAGS in order to define wrapping behavior.(BZ#491266)
  • An issue of contention between processes vying for the same memory space in high end systems was recently identified by TPC-C (Transaction Processing Council) benchmarking. This update includes fast-gup patches which use direct IO and provide a significant (up to 9-10%) performance improvement. This update has been tested thoroughly and is used in the 5.4 kernel to improve scalability. For further information, see this article. (BZ#474913)
  • A new parameter has been added to this kernel, allowing system administrators to change the maximum number of modified pages kupdate writes to disk per iteration each time it runs. /proc/sys/vm/max_writeback_pages defaults to 1024 or 4MB so that a maximum of 1024 pages get written out by each iteration of kupdate. (BZ#479079).
  • A new option (CONFIG_TASK_IO_ACCOUNTING=y) has been added to kernel to assist in monitoring IO statistics per process. This assists with troubleshooting in a production environment. (BZ#461636)
  • In previous kernels, back-up processes were deteriorating DB2 server responsiveness. This was caused by /proc/sys/vm/dirty_ratio preventing processes writing to pagecache memory when more than half of the unmapped pagecache memory was dirty (even if dirty_ratio was set to 100%). A change made in this kernel update overrides this limiting behavior. Now, when the dirty_ratio is set to 100%, the system will no longer limit writing to pagecache memory. (BZ#295291)
  • The rd_blocksize option found in the previous kernel's ramdisk driver was causing data corruption when using large ramdisks under a reasonable system load. This update removes this unnecessary option and resolves the data corruption issues. (BZ#480663)
  • The function getrusage is used to examine the resource usage of a process. It is useful in diagnosing problems and gathering data on resource usage. However, in instances where a process was spawning child threads, getrusage's results would be in incorrect as it would examine only the parent process and not interrogate its children. This update implements rusadge_thread to allow for accurate resource usage results in these instances. (BZ#451063)
  • The header /usr/include/linux/futex.h would previously interfere with compiling C source code files, resulting in an error. This update includes a patch which corrects problematic kernel only definitions and resolves the compiling error. (BZ#475790)
  • In previous kernels the kernel version was not identified in panic or oops output messages. This update adds the kernel version details to these outputs. (BZ#484403)
  • During release 2.6.18, the kernel was configured to provide kernel-headers for the package glibc. That process caused various files to be improperly marked for inclusion. The serial_reg.h file was incorrectly marked and not included in the kernel_headers rpm. This, in turn, caused problems with building other rpms. This update adds the serial_reg.h file and corrects the problem. (BZ#463538)
  • In some circumstances upcrund, the process manager in HP's Unified Parallel C (UPC) product, returned an ESRCH result and failed when calling setpgid() for a child process forked by a sub-thread. This update includes a patch to fix for this problem. (BZ#472433)
  • Functionality has been added to sysrq-t to display backtrace information about running processes. This will assist in debugging hung systems. (BZ#456588) Debugging

Updates specifically related to debugging tasks.
  • Independent software vendors and developers often use hugepage to avoid unnecessary memory reclaim. The previous kernel didn't take coredump from hugepage area. This made the debugging of software difficult. This update includes a feature to assist debugging by making the kernel take a hugepage coredump. (BZ#470411)
  • This update includes a feature addition to recover kernel panic messages. The option -M has been added to the makedumpfile command which allows a user to dump dmesg log data from vmcore into a user-specified log file (makedumpfile -M /proc/vmcore /path/to/log/file). (BZ#485308)
  • In this update various tracepoints have been implemented as a "Technology Preview". These interfaces add static probe points into the kernel subsystem such as 'Page Cache', 'NFS' and 'Networking' stack, for use with tools such as SystemTap. (Bugzilla #493444, #499008, #493454, #475719)
  • This kernel update adds the 'success' value to sched_wakeup and sched_wakeup_new tracepoints to track successful schedule wakes. (BZ#497414)
  • This update includes a new dropstat script to monitor and locate packets that are dropped within the host machine. (BZ#470539)
  • The new systemtap direct kernel tracepoint support requires access to the trace/*.h header files within the kernel-devel package. This update includes /trace/*.h headers in the kernel-devel package. (BZ#489096) Security

Updates specifically related to security concerns.
  • This update increases the maximum length of the kernel key field from the arbitrary 32 character length set in previous kernels to 255 characters. (BZ#475145)
  • In keeping with Federal Information Processing Standardization 140 (FIPS140) certification requirements, this update includes:
    • Self-testing for; ansi_cprng (BZ#497891), ctr(aes) mode (BZ#497888), Hmac-sha512 (BZ#499463) and rfc4309(ccm(aes)) (BZ#472386).
    • Code to produce a signature file that GRUB performs a checksum against during the boot process. (BZ#444632)
    • Code to change the DSA key from 512 bit to 1024 bit for module signing. (BZ#413241) Filesystems

Filesystem Updates.
  • Support for the FIEMAP file extent mapping system has been included in this kernel update. (BZ#296951)
  • The ext4 file system code (included in Red Hat Enterprise Linux as a Technology Preview) was rebased for this release. (BZ#485315)
  • This kernel update corrects performance issues with the Common Internet File System (CIFS) (a protocol that defines a standard for remote file access) including difficulties mounting certain Windows file systems or symlink files. (BZ#465143)
  • Kernel support for the XFS high-performance file system has been added to this Red Hat Enterprise Linux release. In this initial implementation the functionality is limited to specific customers on a use-case basis.(BZ#470845)
  • This release includes kernel support for the FUSE userspace file system. (BZ#457975)
  • Tunable parameters that control the number of NFSD socket connections have been added to this kernel release. TCP connections have previously been capped at 80, regardless of the number of NFS threads that were open. (BZ#468092)
  • This kernel update includes FIEMAP support for ]GFS2 (Global FIle System). (BZ#476626)
  • This kernel update adds a UUID (Universal Unique IDentifier) field to the file system super block. (BZ#242696)
  • This update includes a patch to allow access to files on a GFS2 file system from client machines running the older (and previously incompatible) NFS v2 file sharing protocol. (BZ#497954) Networking

Kernel updates that relate to Networking issues
  • A new module has been added to this kernel version to enable DSCP (Differentiated Services Code Point) setting in systems using IPv6 netfilter. (BZ#481652)
  • In order to boost virtualization performance on 10 Gigabyte Ethernet cards (and 10GbE performance in general), Generic Receive Offload (GRO) support (analogous to GSO support on egress) has been added to the IPv4 and IPv6 protocols in this kernel release. (BZ#499347)
  • This kernel update includes new code to improve UDP port randomization. Previous versions of the randomization code could allow a security weakness by providing sub-optimal randomizing, as well as producing CPU drag while scanning for port numbers. This update corrects these behaviors. (BZ#480951)
  • When using setsockopt() with option IPV6_MULTICAST_IF and optval set to 0, the previous kernel would return a result of ENODEV. This release updates setsockopt(IPV6_MULTICAST_IF) to report the correct value and not the error. (BZ#484971)
  • This update includes numerous critical fixes for the NetXen device driver. These patches have been tested and implemented in the kernel upstream. A complete list of the changes and their effects can be found at BZ#485381. General Platform Support

Platform support updates:
  • ACPI Performance and Throttling state (P- and T-state) change notifications were not being handled correctly by the OSPM (Operating System-directed Power Management) driver. This affected the Intel® Node Manager's ability to monitor and manage CPU power usage. The kernel's processor_core code has been update to correct this issue. (BZ#487567)
  • Problems were encountered with the Lenovo X61 (and other laptops which have a docking station with a CD/DVD drive); if the machine was undocked after a CD/DVD had been mounted in the docking station optical drive it would not be present when the machine was re-docked. The docking driver has been updated in this release to correct the problem. (BZ#485181) Architecture Specific Support

Updates specific to particular computer architectures. i386
Kernel updates for i386 architectures.
  • In a virtual environment, timekeeping for Red Hat Enterprise Linux 64-bit kernels can be problematic, since time is kept by counting timer interrupts. De- and re-scheduling the virtual machine can cause a delay in these interrupts, resulting in a timekeeping discrepancy. This kernel release reconfigures the timekeeping algorithm to keep time based on a time-elapsed counter. (BZ#463573)
  • It was found that, if their stacks exceed the combined size of ~4GB, 64-bit threaded applications slowed down drastically in pthread_create(). This is because glibc uses MAP_32BIT to allocate those stacks. As the use of MAP_32BIT is a legacy implementation, this update adds a new flag (MAP_STACK mmap) to the kernel to avoid constraining 64-bit applications. (BZ#459321)
  • The update includes a feature bit that encourages Time Stamp Clocks (TSCs) to keep running in deep-C states. This bit NONSTOP_TSC acts in conjunction with CONSTANT_TSC. CONSTANT_TSC indicates that the TSC runs at constant frequency irrespective of P/T- states, and NONSTOP_TSC indicates that TSC does not stop in deep C-states. (BZ#474091)
  • This update includes a patch to include asm-x86_64 headers in kernel-devel packages built on or for i386, i486, i586 and i686 architectures. (BZ#491775)
  • This update includes a fix to ensure that specifying memmap=X$Y as a boot parameter on i386 architectures yields a new BIOS map. (BZ#464500)
  • This update adds a patch to correct a problem with the Non-Maskable Interrupt (NMI) that appeared in previous kernel releases. The problem appeared to affect various Intel® processors and caused the system to report the NMI watchdog was 'stuck'. New parameters in the NMI code correct this issue. (BZ#500892)
  • This release re-introduces PCI Domain support for HP xw9400 and xw9300 systems. (BZ#474891)
  • Functionality has been corrected to export module powernow-k8 parameters to /sys/modules. This information was previously not exported.(BZ#492010) x86_64
Kernel updates for x86_64 architectures.
  • An optimization error was found in linux-2.6-misc-utrace-update.patch. When running 32-bit processes on a 64-bit machine systems didn't return ENOSYS errors on missing (out of table range) system calls. This kernel release includes a patch to correct this. (BZ#481682)
  • Some cluster systems where found to boot with an unstable time source. It was determined that this was a result of kernel code not checking for a free performance counter (PERFCTR) when calibrating the TSC (Time Stamp Clock) during the boot process. This resulted, in a small percentage of cases, in the system defaulting to a busy PERFCTR and getting unreliable calibrations.
    A fix was implemented to correct this by ensuring the system checked for a free PERFCTR before defaulting (BZ#467782). This fix, however, cannot satisfy all possible contingencies as it is possible that all PERFCTRs will be busy when required for TSC calibration. Another patch has been included to initiate a kernel panic in the unlikely event (fewer than 1% of cases) that this scenario occurs. (BZ#472523). PPC
Kernel updates for PowerPC architectures.
  • This kernel release includes various patches to update the spufs (Synergistic Processing Units file system) for Cell processors. (BZ#475620)
  • An issue was identified wherein /proc/cpuinfo would list logical PVR Power7 processor architecture as "unknown" when show_cpuinfo() was run. This update adds a patch to have show_cpuinfo() identify Power7 architectures as Power6. (BZ#486649)
  • This update includes several patches that are required to add/improve MSI-X (Message Signaled Interrupts) support on machines using System P processors. (BZ#492580)
  • A patch has been added to this release to enable the functionality of the previously problematic power button on Cell Blades machines. (BZ#475658) S390
Kernel updates for S390 architectures.
  • Utilizing Named Saved Segments (NSS), the z/VM hypervisior makes operating system code in shared real memory pages available to z/VM guest virtual machines. With this update, Multiple Red Hat Enterprise Linux guest operating systems on the z/VM can boot from the NSS and be run from a single copy of the Linux kernel in memory. (BZ#474646)
  • Device driver support has been added in this update for the new IBM System z PCI cryptography accelerators, utilizing the same interfaces as prior versions. (BZ#488496)
  • Control Program Identification (CPI) descriptive data is used to identify individual systems on the Hardware Management Console (HMC). With this update, CPI data can now be associated with a Red Hat Enterprise Linux instance. (BZ#475820)
  • Fibre Channel Protocol (FCP) performance data can now be measured on Red Hat Enterprise Linux instances on the IBM System z platform. (BZ#475334). Metrics that are collected and reported n include:
    • Performance relevant data on stack components such as Linux devices, Small Computer System Interface (SCSI) Logical Unit Numbers (LUNs) and Host Bus Adapter (HBA) storage controller information.
    • Per stack component: current values of relevant measurements as throughput, utilization and other applicable measurements.
    • Statistical aggregations (minimum, maximum, averages and histogram) of data associated with I/O requests including size, latency per component and totals.
  • Support has been added to the kernel to issue EMC Symmetrix Control I/O. This update provides the ability to manage EMC Symmetrix storage arrays with Red Hat Enterprise Linux on the IBM System z platform. (BZ#461288)
  • Hardware that supports the configuration topology facility passes the system CPU topology information to the scheduler, allowing it to make load balancing decisions. On machines where I/O interrupts are unevenly distributed, CPUs that are grouped together and get more I/O interrupts than others will tend to have a higher average load, creating performance issues in some cases.
    Previously, CPU topology support was enabled by default. With this update, CPU topology support is disabled by default, and the kernel parameter "topology=on" has been added to allow this feature to be enabled.(BZ#475797)
  • This update provides new kernel code to implement a client and server for a TTY (teletype) terminal server under z/VM using IUCV (Inter-User Communications Vehicle) as communication vehicle. Also, as part of this update, the hvc_console has been upgraded. (BZ#475551)
  • This update includes functionality that allows users to add new kernel options using the IPL command without modifying the content of the CMS parmfile. The entire boot command line can be replaced with the VM parameter string and new Linux Named Saved Systems (NSS) can also be created on the CP/CMS command line. (BZ#475530)
  • Crypto Device Driver use of Thin Interrupts (BZ#474700)
  • This update adds a patch to configure shared kernel support via the CONFIG_SHARED_KERNEL parameter. (BZ#506947) Miscellaneous Driver Updates

Details about driver updates.
  • This release adds the final branding strings and the latest EagleLake graphics to the graphics driver (predominantly for the G41 chipset). (BZ#474513)
  • This release updates the ALSA HDA audio driver to enable or improve support for new chipsets and HDA audio codecs. (BZ#483594)
  • This update adds a new EDAC driver for Intel® 5000x and 5400 MCH processors. (BZ#462895)
  • This release includes an updated version of the SMBUS (System Management Bus) driver that adds support for the AMD SB800 series of products and improves handling of SB400, SB600 and SB700 products. (BZ#488746)
  • A new PCI ID has been added to this release to enable support for the Broadcom® HT1100 chipset. (BZ#474240)
  • This kernel release incorporates a series of updates that add support for Chelsio® Communications' Terminator 3 Ethernet adapters. These changes include support for XRC queues and updates of the cxgb3, iw_nes NES iWARP, mthca and qlgc_vnic drivers, the rdma headers and SDP and SRP protocols to the OpenFabrics Enterprise Distribution (OFED) 1.4.1 versions. (BZ#476301)
  • Support has been added for Mellanox ConnectX based 10GigE Ethernet cards. This support required updates of the mlx4, mlx4_ib and mlx4_core drivers as well as the inclusion of the hybrid mlx4_en driver. (BZ#477065 and BZ#456525)
  • Problems with connectivity (using eHCA adapters) and various scripting issues have been rectified with updates to eHCA and IPoIB drivers in this release. (BZ#466086)
  • Infiniband driver updates, incorporated with the OFED 1.4.1 release upgrade, have rectified kernel panic issues encountered when removing ib_ipath module while running HXT HCAs (BZ#230035). This upgrade also resolved failed RDMA latencytest and perftest processes run with QLogic IB. (BZ#480696)
  • This update includes a patch that corrects a network port ordering problem encountered on systems using HP ProLiant or xw460c blade processors. (BZ#490068)
  • A comprehensive series of patches have been included in this update to add and/or improve virtualization features. A complete list (including explanatory notes) can be found at BZ#493152.
  • Several bugfixes and updates available for HP's Integrated Lights-Out (hpilo) product have been ported into this kernel release. A complete list can be found here; BZ#488964.
  • PCI device drivers enable devices using pci_enable(), which enables regions probed by the device's Base Address Register (BAR). On larger servers I/O port resources may not be assigned to all the PCI devices due to coded limitations and base register fragmentation. This update adds, removes and refines multiple functions so as to improve resource allocation around free I/O ports. (BZ#442007)
  • Three new patches have been added to this kernel to improve the passing of PCI devices between a virtual machine and its host. These patches first bind the device in question to a dummy driver (pcistub.ko) to prevent the host machine using it. Then, once the guest is finished with the device, drivers_probe prompts the kernel to re-load the true driver for that device and remove_id removes the relevant entry from the dynamic ID list. These new features operate successfully in both KVM and Xen virtualization environments. (BZ#491842)
  • An updated driver for the Davicom DM9601 Ethernet Adaptor has been included in this release. The new driver corrects previous unreliability using this device and other devices using the same chipset. (BZ#471800)
  • This kernel release includes a patch to improve Huawei EC121 USB 3G modem support. (BZ#485182)
  • The driver for Apple Intel® hardware configurations (efifb) has been updated, providing various performance improvements when running this release on these machines. (BZ#488820) Network Driver Updates

Updates to Network-related drivers:
  • This update adds a feature to support bonding over IPoIB interfaces. A new ib-bond package has been added to the kernel to allow multiple link HA and improve load balancing and aggregation performance. (BZ#430758)
  • Two new drivers (cnic and bnx2i) have been added to the kernel to introduce iSCSI support for Broadcom® BNX2 and BNX2x Network Interface Cards (NICs). (BZ#441979)
  • A new device driver igbvf) for SR/IOV enabled Intel® NICs has been added to this kernel release. This driver provides a significant performance improvement for virtualization using SR/IOV cards.(BZ#480524)
  • Generic Receive Offload (GRO) support has been implemented in this update, both. The GRO system increases the performance of inbound network connections by reducing the amount of processing done by the Central Processing Unit (CPU). GRO implements the same technique as the Large Receive Offload (LRO) system, but can be applied to a wider range of transport layer protocols. GRO support has also been added to a several network device drivers, including the igb driver for Intel® Gigabit Ethernet Adapters and the ixgbe driver for Intel® 10 Gigabit PCI Express network devices. (BZ#499347)
  • The cxgb3 driver, which supports the Chelsio® 10Gb RNIC adapter, has been updated in order to enable iSCSI TOE support. (BZ#439518)
  • This kernel updates the enic Cisco® 10Gi Ethernet driver to version (BZ#484824)
  • This kernel updates the Atheros® ath5k driver. This upgrade resolves a problem encountered by Atheros® users wherein the kernel reported an inability to wake up the MAC chip. Setting the call to ath5k_set_pcie() to execute earlier in the initialization process corrects this issue. (BZ#479049)
  • Support for the Crystal Beach 3 I/O AT (Acceleration Technology) device has been included in this kernel update. (BZ#436039, BZ#436048)
  • This update upgrades the bnx2 driver for Broadcom® network devices. The update fixes multiple performance issues, including a kernel panic occurrence (when attempting to unload the driver while in use) and a non-responsiveness issue (caused by call-traces initiated by network certification processes). (BZ#475567, BZ#476897, BZ#489519)
  • This release updates the Broadcom® bnx2x driver to version 1.48.105. (BZ#475481)
  • The igb driver has been updated to correct a stability issue (when encountered when setting the mtu parameter to less than 1K) and improve support for Intel® 82576 based devices. (BZ#484102, BZ#474881)
  • In this update the bonding driver has been updated to the latest upstream version. This update, however has introduced symbol/ipv6 module dependency capabilities. Therefore, if bonding has been previously disabled (by inserting the install ipv6 /bin/false line in the /etc/modprobe.conf file) this upgrade to the bonding driver will result in the bonding kernel module failing to load. The install ipv6 /bin/false line needs to be replaced with install ipv6 disable=1 for the module to load properly. (BZ#462632)
  • The ixgbe driver has been updated to version 2.0.8-k2 and support the 82599 (Niantic) device has been added. (BZ#472547)
  • System freezes encountered when performing multiple remote copy programs to a system using the Nvidia® nForce chipset has been corrected by updating the forcedeth driver to version 0.62. (BZ#479740)
  • The sky2 Ethernet driver has been updated to support the Marvell® 88E8070 NIC. (BZ#484712)
  • The tg3 driver has been updated to version 3.96. This update corrects problems with sluggish performance (on systems with BCM5704 NICs) and adds full support for Broadcom® 5785 NICs. (BZ#481715 BZ#469772) Storage Driver Updates

Driver updates for Storage devices
  • The SCSI tape driver (st) has been enhanced with support for the Suppress Incorrect Length Indicator (SILI) bit in variable block mode. If SILI is set, reading a block shorter than the byte count does not result in CHECK CONDITION. The length of the block is determined using the residual count from the HBA. Avoiding the REQUEST SENSE command for every block speeds up some applications considerably. The SILI bit is set to off by default. It must only be set this if the tape drive supports SILI and the HBA correctly returns transfer residuals.


    The current version of the mt-st management utility does not have a keyword for the SILI bit. It must be set explicitly with:
    	mt -f /dev/nst0 stsetoptions 0x4000
  • The bnx2 driver now supports iSCSI. The bnx2i driver will access the bnx2 driver through the cnic module to provide iSCSI offload support. (BZ#441979 and BZ#441979)


    The bnx2i version included in this release does not support IPv6.
  • The md driver has been updated to provide support for bitmap merging. This feature eliminates the need for full resync when performing data replication. (BZ#481226)
  • The scsi driver now includes the upstream scsi_dh_alua module. This adds explicit asymmetric logical unit access (ALUA) support with this release. To utilize the scsi_dh_alua module when using dm-multipath, specify alua as the hardware_handler type in multipah.conf. (BZ#482737)


    For EMC Clariion devices, using only scsi_dh_alua or dm-emc alone is supported. Using both scsi_dh_alua and dm-emc is not supported.
  • A bug in the retry logic of the scsi driver is now fixed. This bug made it possible for some failovers to execute properly in multipathed environments.(BZ#489582)
  • The rdac_dev_list structure now includes md3000 and md3000i entries. This allows users to benefit from the advantages provided by the iscsi_dh_rdac module. (BZ#487293)
  • This release includes the new mpt2sas driver. This driver supports the SAS-2 family of adapters from LSI Logic. SAS-2 increases the maximum data transfer rate from 3Gb/s to 6Gb/s.
    The mpt2sas driver is located in the drivers/scsi/mpt2sas directory, as opposed to the older mpt drivers that are located in drivers/message/fusion directory. (BZ#475665)
  • The aacraid driver has now been updated to version 1.1.5-2461. This update applies several upstream fixes for bugs affecting queued scans, controller boot problems, and other issues. (BZ#475559)
  • The aic7xxx driver now features an increased maximum I/O size. This allows supported devices (such as SCSI tape devices) to perform writes with larger buffers. (BZ#493448)
  • The cciss driver has been updated to apply upstream fixes for bugs affecting memory BAR discovery, the rebuild_lun_table and the MSA2012 scan thread. This update also applies several configuration changes to cciss. (BZ#474392)
  • The fnic driver has been updated to version This applies several upstream bug fixes, updates the libfc and fcoe modules, and adds a new module parameter that controls debug logging at runtime. (BZ#484438)
  • The ipr driver now supports MSI-X interrupts. (BZ#475717)
  • A bug that caused iSCSI iBFT installations to panic during disk formatting is now fixed. (BZ#436791). Also, a bug in the iscsi_r2t_rsp struct that caused kernel panics during iSCSI failovers in some multipathed environments is now fixed. (BZ#484455)
  • The lpfc driver has been updated to version This enables hardware support for upcoming OEM programs. (BZ#476738 and BZ#509010)
  • The MPT fusion driver is now updated to version 3.04.07rh v2. This applies several bug fixes.(BZ#475455)
  • The megaraid_sas driver is now updated to version 4.08-RH1. This update applies the following upstream enhancements and fixes (among others):(BZ#475574)
    • This update adds a polling mode to the driver.
    • A bug affecting supported tape drives is now fixed. With this release, the pthru timeout value is now set to the O/S layer timeout value for commands sent to tape drives.
  • The mvsas driver is now updated to version 0.5.4. This applies several fixes and enhancements from upstream, and adds support for Marvell RAID bus controllers MV64460, MV64461, and MV64462. (BZ#485126)
  • The qla2xxx driver has been updated to version, and now supports Fibre Channel over Convergence Enhanced Ethernet adapters. With this release, qla2xxx also applies several bug fixes from upstream, including: (BZ#471900, BZ#480204, BZ#495092, BZ#495094 and BZ#496126)
    • Discrepancies detected during OVERRUN handling on 4GB and 8GB adapters are now corrected.
    • All vports are now alerted of any asynchronous events.
    • A bug that caused kernel panics with the QLogic 2472 card is now fixed.
    • The stop_firmware command is no longer retried if the first attempt results in a times out.
    • The sector mask value is no longer based on the fixed optrom size.
    • A bug that caused frequent path failures during I/O on multipathed devices is now fixed. (BZ#244967)
    • The driver source code is now kABI-compliant.
    • dcbx pointers are now set to NULL after freeing memory.
  • The qla4xxx driver now features improved driver fault recovery. This update fixes a bug in the driver that prevented adapter recovery if there were outstanding commands detected on the host adapter. (BZ#497478) Miscellaneous Updates

  • This update removes the kfree function from kret_probelock's scope so as to avoid a deadlock that could occur if kretprobe_flush_task() probes the kfree function while holding kretprobe_lock spinlock. In addition, the kprobe functionality has been disallowed on the atomic_notifier_call_chain function to avoid numerous recursive faults occurring when it is called by kprobe after a re-entry. (BZ#210555)
  • PCI devices would disappear in Xen Paravirtual guest system upon reboot or reset. This was identified as a problem with information about PCI devices being removed from xenstore before xend was able to create a configuration for the rebooted domain. Code has been amended in xenbus.c to correct this behavior. (BZ#233801)
  • A kernel crash occurred when a Xen user specified the mem= (or highmem=) command via the command line on either the host or guest systems. This was caused by the array allocated to the p2m table being too small which resulted in a page fault during the subsequent memcpy(). This update decreases the memory reservation and only copies the appropriate number of entries into the p2m table.(BZ#240429)
  • RAID 0, RAID 1, RAID 10 and RAID 5 configurations have previously set q->merge_bvec_fn (a function that asks a device driver if the next vector entry will fit into a bio constructed by a process) in a way that rejects bios crossing its stripe. A device mapper will accept a bio that has two or more vector entries and a size equal to or less than a page that crosses a stripe boundary, but the underlying RAID device will not.
    This update configures the device mapper to set a one-page maximum request size and set its own q->merge_bvec_fn to reject any bios with multiple vector entries that span more pages. This fix precludes the generation of bios that will be rejected by a q->merge_bvec_fn controlled by RAID 0, 1, 10 or 5. BZ#223947)
  • This update includes numerous patches to enable Gigabyte pagetable support. (BZ#251982).
    • 0002-hugetlb-multiple-hstates-for-multiple-page-sizes.patch
    • 0003-hugetlbfs-per-mount-huge-page-sizes.patch
    • 0004-hugetlb-new-sysfs-interface.patch
    • 0005-hugetlb-abstract-numa-round-robin-selection.patch
    • 0006-mm-introduce-non-panic-alloc_bootmem.patch
    • 0007-mm-export-prep_compound_page-to-mm.patch
    • 0008-hugetlb-support-larger-than-MAX_ORDER.patch
    • 0009-hugetlb-support-boot-allocate-different-sizes.patch
    • 0010-hugetlb-printk-cleanup.patch
    • 0011-hugetlb-introduce-pud_huge.patch
    • 0012-x86-support-GB-hugepages-on-64-bit.patch
    • 0013-x86-add-hugepagesz-option-on-64-bit.patch
    • 0014-hugetlb-override-default-huge-page-size.patch
  • DCA (Direct Cache Access) is a method for warming the cache in the CPU. As part of Intel®'s I/OAT technology, it minimizes performance-limiting bottlenecks. This release updates the kernel I/O AT code and includes support for DCA for Intel®'s 82572 Gigabit Ethernet adapter family (BZ#252949)
  • The early GFS2 (Global File System) versions contained two system processes, gfs2_glockd and gfs2_scand which were responsible for scanning the in-core glock structures and freeing them if they were unused.
    In this release these processes have been replaced by a shrinker which frees glocks based on cues from the VM system. This results in a better use of memory and better response to low memory conditions (reducing the likelihood of "out of memory" issues). As a side effect, this update reduces the processing load produced by GFS2 under certain workloads. (BZ#273001)
  • In order to enable new features (as discussed in Bugzillas #252949 and #436048) I/O AT (Advanced Technology) code has been updated and problems with kABI breakages have been corrected. (BZ#273441)
  • This update corrects code that produced bad mpa messages on the restoration or migration of para-virtualized guest system. (BZ#288511)
  • Problems caused by Message Signaled Interrupts on Hyper-Transport based machines using (some) Nvidia cards have been resolved by porting an upstream driver. (BZ#290701)
  • Some versions of pSeries firmware fail to set up a dma-window property for PCI slots that are unoccupied. As a result, the loop searching for this propery, in iommu_dev_setup_pSeriesLP(), can run to the end, resulting in a NULL pointer dereference later in the routine. This patch prevents the crash and prints a warning message. (BZ#393241)
  • The existing 10 second delay waiting for frontend devices to connect was found to be insufficient under some load conditions. This update increases timeout for device connection on boot to 30 seconds. (BZ#396621)
  • In previous kernels the tuntap device send path did not have any packet accounting. This meant that the user-space sender could pin down arbitrary amounts of kernel memory by continuing to send data to an end-point that was congested. This update adds packet accounting to the tun driver so that virtio-net gets congestion feedback which is necessary to prevent packet loss for protocols lacking congestion control (such as UDP) when used in a guest. (BZ#495863)
  • This update adds the virtualization feature VT-d. This feature provides hardware support for directly assigning physical devices to Xen fully virtualized (HVM) guests or KVM guests. The principal benefit of the feature is to improve device access performance to be close to native speeds. Please refer to the Red Hat Knowledgebase before using PCI device assignment with this technology to avoid possible system instability issues. (BZ#500901)
    VT-d support is disabled by default. To enable VT-d one must add intel_iommu=on to the kernel commandline. Enabling VT-d is required to assign a host's PCI device to a KVM guest. (BZ#504363)
    Additionally, only the assignment of NIC devices from host to guest is supported. Assigning a block device (hard disk) to a guest is not supported. On hardware platforms that support IOMMU passthrough it is recommended to also use the iommu=pt kernel commandline option as this will improve the performance of I/O devices in the host. This parameter has no effect on performance for devices assigned to guests.
    When the iommu=pt mode, if a device is assigned to (and then de-assigned from) a guest, it can no longer be used in the host until the host has been rebooted. PCI hotplug devices can not be used in iommu=pt mode
  • This update includes a fix for kernel panic encountered when attempting to run a kdump process on hardware virtual machine (HVM) in an ia64 architecture environment. (BZ#418591)
  • This update corrects softlockup issues encountered when booting earlier kernel versions in a virtual environment and setting the clocksource to read from the system's Programmable Interval Timer (PIT). (BZ#427588)
  • A problem identified with Xen kernels manifested with meminfo reporting an incorrect LowTotal of 4Tb. A patch applied to the driver alters how highmem pages are handled and corrects the error. (BZ#428892)
  • When users set LPFC HBA storage to reset in a loop the system would attempt to rediscover SCSI devices and some of these processes would time-out. The issue was found to be code paths deleting SCSI devices without setting the device state to SDEV_DEL. A patch included in this update corrects this behavior(BZ#430170)
  • The Xen kernel does not currently support the suspend functionality. A fix has been applied to this release to remove the "Suspend" option from graphical user interface menus. (BZ#430928)
  • This update fixes a race condition when queuing incoming iucv messages by spreading the message queue spinlock in the message_pending callback across the entire callback function.This resolves the race condition and enhances system stability. (BZ#499626)
  • This feature fixes hexdump data in s390dbf traces, allowing Red Hat Enterprise Linux to have complete registered state change notification (RSCN) traces (up to 1024 bytes). (BZ#470618)
  • This update adds support for the connlimit module to limit to the number of TCP connections accepted by specific ports. This feature reduces the risk of incidental DoS scenarios.(BZ#483588)
  • This update modifies the DASDFMT (Direct Access Storage Device ForMaT) command to operate in the same way as similar IBM tools (such as CPFMTXA for zLinux/VM and ICKDSF for MVS).. (BZ#484836)
  • This feature includes stability enhancements to the CPU hotplug kernel module. (BZ#485412)
  • When using previous x86_64 Xen kernels installed on Promise internal RAID disk the SuperTrak EX (stex) inbox-driver would fail, causing a kernel panic and failure to load. The cause was found to be the allocation of contiguous memory space. Relevant code sections have been rewritten to lower the amount of memory demanded by the driver (Note: This reduces the RAID Migration feature set). (BZ#486466)


    Lowering memory demands reduces the RAID Migration feature set.
  • Infiniband driver updates, incorporated with the OFED 1.4.1 release upgrade, have rectified poor TCP transer rate performance when running Infiniband IPoIB in heterogeneous environments (that is, between Intel 32bit to PPC64bit or similar). (BZ#434779)
  • This update adds support for machines using Intel®'s Calpella chipset. (BZ#438469)
  • This update includes a patch to fix an interrupt storm (several thousand interrupts) encountered after boot with CD/DVD drive connected to IDE of Enterprise South Bridge 2 (ESB2). (BZ#438979)
  • Pre-release testing has assessed the ipr and iprutil drivers as supporting the SAS paddle card on pBlade extensions. (BZ#439566)
  • An upstream change to the e1000 and bnx2 driver removed the functionality to generate entropy, causing applications requesting random data from /dev/random to hang or produce an error message. This update reintroduces the functionality. (BZ#439898)
  • Problems with ioctl SG_IO calls to tape devices failing have been resolved with an upstream patch that address this and numerous other iscsi module issues. (BZ#440411)
  • An update in this release changes page locking code to avoid a deadlock between mmap/munmap and journaling (ext3). (BZ#445433)
  • This kernel release includes a bug to correct a crash encountered when attempting to format a DVD in a system booted to run libata and ata-piix IDE accelerators. (BZ#446086)
  • This update includes a fix to prevent para-virtualized guest systems crashing when run in a host machine with 64G RAM or more. (BZ#448115)
  • Patches from the upstream kernel that improve gettimeofday performance on hypervisors have been incorporated in this release. With these changes serialization for gettimeofday is switched from CPUID to MFENCE/LFENCE. (BZ#448588)
  • A bug that initiated a system reboot after a kernel panic despite /proc/sys/kernel/panic being set to -1 (which should prevent a reboot) has been fixed in this update. (BZ#446120)
  • Previous kernels were found to contain a bug that saw the E1000 driver enable TSOv6 functionality for hardware that doesn't support it. A patch included in this update corrects this behavior.(BZ#449175)
  • When booting fully virtualized guests on on earlier 32-bit kernel hosts, it was found that guest systems with more than one virtual cpu could pause or even hang at the "starting udev" portion of the boot sequence. This bug was caused by one VCPU of an HVM guest missing timer ticks and Xen not re-delivering those missed ticks. This behavior caused a clock skew between VCPUs inside an HVM guest. These issues have been resolved with the backport of the AIO disk handling code and upstream Xen 'no missed-tick accounting' timer code. (BZ#449346)
  • This update changes code that allowed scsi_add_host() to return a success even if the relevant work_q was not created. (BZ#450862)
  • A bug in previous kernels allowed a ptrace process (ptrace(PTRACE_CONT, application_pid, 0, SIGUSR1) to terminate the specified application even if the SIGUSR1 flag was blocked (which is sufficient to prevent a kill command from acting on the application). ptrace_induce_signal() is now used to set the blocked signal to pending, to be raised and executed only when the signal mask is cleared. (Bugzilla #451849)
  • This update enables raw device support for IBM System z platforms. (Bugzilla #452534)
  • This release updates the ext3 filesystem code to prevent kernel panic in dx_probe. (Bugzilla #454942)
  • This kernel update removes the linux-2.6-ipmi-legacy-ioport-setup-changes.patch which was causing keyboard lockups (on IBM p-series, 7028 and 7029 models) during the installation process. (Bugzilla #455232)
  • Messages being reported by zfcp testing processes have been removed from the message log in this kernel release. The tests in question were run when the local link was removed during heavy I/O loads, prompting zfcp to test remote ports. There is no need to include these details the message log as the tests cannot be influenced by a user and all relevant information is available using zfcp traces.(BZ#455260)
  • This update removes the inclusion of the "Breaking affinity for irq XX" message in dmesg output. This message, reported when an XM migrate was performed, is not necessary and could negatively impact a user if observed in dmesg output. (BZ#456095)
  • A patch has been included in this release to fix ACPI error flooding encountered when waking a Lenovo Thinkpad T61 (running the x86 kernel) from a suspended state. (BZ#456302)
  • This release corrects how the powernow driver in the xen-kernel identifies the number of processors in guest systems. The original driver counted the number of processor cores in the machine causing it to identify dual-core processors as two distinct CPUs and return an incorrect processor count. (BZ#456437) Further Updates

  • Global File System 2 feature request improves performance of page_mkwrite(). (BZ#315191)
  • A problem returning "Operation not supported" messages when setting an ACL from an NFSv4 system has been resolved. (BZ#403021)
  • Fixes have been included in this release that prevent a kernel panic encountered when kprobes attempted boosting on exception addresses in x86_32 kernels. (BZ#493088)
  • Various fixes and updates have been applied to the Xen Credit Scheduler and Xen Latency processes. (BZ#432700)
  • An error encountered when attempting an online resize of an ext3 filesystem using resize2fs is being investigated. The error returns "Invalid argument While trying to add group #15625" and can be avoided by doing resizes offline.(BZ#443541)
  • This release included updated kernel code that resolves NFS connectathon test #12.1 problems. Processes are now called in a different scheduling order which avoids a race conflict. (BZ#448929)
  • The CPUID driver has been updated to support cpuid.4 and cpuid.0xb instruments. (Bugzilla #454981)
  • This release contains an update to the copy_user code which fixes problems encountered when running LTP read02 tests. (BZ#456682)
  • Kernel code has been updated to fix an error in compiling a custom kernel that includes the snd-sb16.ko module. (BZ#456698)
  • Various patches have been implemented in this release to resolve an issue with calltrace outputs showing on-screen during the shutdown of a Para-Virtualized domain. These outputs no longer appear during shutdown.(BZ#456893)
  • An update in this release resolves system stalls that occurred when attempting to execute a kdump using the NMI key-combination. (BZ#456934)
  • A patch has been applied to this kernel to prevent soft lockups occasionally encountered during boot on RX600S4 server systems. (BZ#456938)
  • After booting from the HMC (load from file), it is now possible to reboot from an alternate device. (BZ#458115)

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.