1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
NetworkManager for network interface configuration. Consequently, kickstart users that referenced the network settings located in /tmp/netinfo must now source the ifcfg files found in /etc/sysconfig/network-scripts
clearpart --initlabel kickstart command. Adding the --all switch — as in clearpart --initlabel --all — ensures disks are cleared correctly.
nodmraid boot parameter currently cannot be used to force installation on disks containing spurious BIOS RAID metadata. To work around this issue, boot into rescue mode and run the command dmraid -rE /dev/sdX on the disks in question. Alternatively, run dd if=/dev/zero of=/dev/sdX and let it process up until the end of the disk. Note, however that this alternate procedure may take longer to complete and will erase all data on the disk.
attempt to access beyond end of device loop0: rw=0, want=248626, limit=248624may be returned to
sys.log. The errors do not prevent installation and only occur during initial setup. The filesystem created by the installer will function correctly.
network --device eth0 --onboot yes --bootproto dhcp services --enabled=networkRefer to the network device configuration documentation for more details on what the ifcfg-ethX files may contain.
fdisk -l command, and delete the partitions, then exit the SSH session. Finally, continue the installation from the installer.
init(8) man page.
/etc/init directory. Upstart is very well documented via man pages. Command overview is in init(8) and job syntax is described in init(5).
/etc/inittab file is deprecated, and is now used only for setting up the default runlevel via the initdefault line. Other configuration is done via upstart jobs in the /etc/init directory.
/etc/sysconfig/init, which is read by the /etc/init/start-ttys.conf job. The default value is ACTIVE_CONSOLES=/dev/tty[1-6], which starts a getty on tty1 through tty6.
kudzu, which would edit /etc/inittab. In Red Hat Enterprise Linux 6, configuration of the primary serial console is handled by /etc/init/serial.conf.
/etc/inittab. For example, if a getty on ttyS1 is desired, the following job file (/etc/init/serial-ttyS1.conf) would work:
# This service maintains a getty on /dev/ttyS1. start on stopped rc RUNLEVEL=[2345] stop on starting runlevel [016] respawn exec /sbin/agetty /dev/ttyS1 115200 vt100-nav
/etc/securetty if you wish to allow root logins on this getty.
/etc/shutdown.allow for defining who can shut the machine down.
vm.dirty_ratio = 40
kernel.sched_min_granularity_ns = 10000000 kernel.sched_wakeup_granularity_ns = 15000000 kernel.sched_tunable_scaling = 0 kernel.sched_latency_ns = 80000000Additionally, deactivating the Fair-Sleepers feature improves performance on a System z machine. To achieve this, set the following value in /etc/sysctl.conf
kernel.sched_features = 15834234
kernel.hung_task_timeout_secs = 0
service irqbalance statusIf the service is running, command will return a message similar to:
irqbalance (pid 1234) is running...However, if the message lists the service as
stopped, execute the following commands as root to start the irqbalance service:
service irqbalance start chkconfig --level 345 irqbalance onIf the output of the
service irqbalance status command lists irqbalance as an unrecognized service, use yum to install the irqbalance package, and then start the service.
yum install irqbalance service irqbalance start
LOGLEVEL parameter in /etc/sysconfig/init to set the console loglevel is no longer supported. To set the console loglevel in Red Hat Enterprise Linux 6, pass loglevel=<number>' as a boot time parameter.
ERROR: pam_pkcs11.c:334: no suitable token available'This message can be safely ignored.
/etc/dovecot.conf has been split into /etc/dovecot/dovecot.conf and /etc/dovecot/conf.d/*.conf
/etc/sysconfig/readahead configuration file:
READAHEAD_COLLECT="no" READAHEAD_COLLECT_ON_RPM="no"Alternatively, the readahead package can be removed entirely.
lpstat -E -s
rhn_register command to register a system with the Red Hat Network (RHN) might fail. When this issue is encountered, the rhn_register command will return an error similar to:
# rhn_register Segmentation fault (core dumped) or # rhn_register ***MEMORY-ERROR***: rhn_register[11525]: GSlice: assertion failed: sinfo->n_allocated > 0 Aborted (core dumped)To work around this issue, set the following environment variable, then run the rhn_register command again:
G_SLICE=always-malloc
DEFAULT CATCH!, exception-handler=fff00300If the path that locates the kernel and ramdisk is greater than 63 characters long, it will overflow a firmware buffer and the firmware will drop into the debugger.
Cannot load ramdisk.image.gz: Claim failed for initrd memory at 02000000 rc=ffffffffTo work around this issue, change real-base from to
c00000. Real-base can be obtained from OpenFirmware prompt with the printenv command and set with setenv command.
No video available. Your server may be in an unsupported resolution/refresh rate.
video=SVIDEO-1:d radeon.svideo=0
# filecap /path/to/empty_file Segmentation fault (core dumped)To work around this, run filecap on the directory that contains the empty file, and search the results for the required information. For example:
filecap /path/to/ | grep empty_file
xen_pv_hvm=enableNote, however, that due to conflicts with network configuration scripts, it is recommended that the xen guest vif specification set 'type=netfront' if the emulated rtl8139 device is not desired as the primary network interconnect.
$ cat > /usr/libexec/qemu-kvm.txtimer << EOF #!/bin/sh exec /usr/libexec/qemu-kvm \`echo "\$@" | sed 's|virtio-net-pci|virtio-net-pci,tx=timer|g'\` EOF
$ chmod 755 /usr/libexec/qemu-kvm.txtimer
$ restorecon /usr/libexec/qemu-kvm.txtimer
$ cat > qemutxtimer.te << EOF policy_module(qemutxtimer, 1.0) gen_require(\` attribute virt_domain; type qemu_exec_t; ') can_exec(virt_domain, qemu_exec_t) EOF
$ make -f /usr/share/selinux/devel/Makefile
$ semodule -i qemutxtimer.pp # May later be uninstalled with -r
$ virsh edit $GUESTReplace:
<emulator>/usr/libexec/qemu-kvm</emulator>
With:
<emulator>/usr/libexec/qemu-kvm.txtimer</emulator>
./qemu-img create -opreallocation=metadata -ocluster_size=2M -f qcow2 $DISK $SIZE
virt-v2v versions less than virt-v2v-0.6.2-2.el6) may be required to update the default virt-v2v configuration file. Specifically, the 'viostor' app for Windows guests is replaced by the 'virtio' app, which now points to the directory containing the complete driver. Refer to the updated default configuration file for further details.
nmi_watchdog=1, the guest kernel will panic on boot.
mdadm --stop operation. Consequently, during installation on a system with pre-existing mdraid volumes the following error can appear while anaconda is looking for storage devices:
MDRaidError: mddeactivate failed for /dev/md1: 08:26:59,485 ERROR : Perhaps a running process, mounted filesystem or active volume group?To work around this issue, erase all data on the volume before installation by clearing the first several sectors of the volume with zeros.
max_vfs=8 parameter and an uncorrectable PCIe AER error is seen on its port, the operation will hang or crash the host system. This error has been encountered with two 82576 devices connected via an IDT PES12N3A PCI Express Switch (rev 0c) plugged into a Westmere-EP's 5520/5500/X58 I/O Hub PCI Express Root Port 3. Note that other 82576 devices and IDT switches have worked in other Westmere-based systems
rmmod igb modprobe igb max_vfs=1 rmmmod igbvf rmmod igb modprobe igb max_vfs=8
pci=noaer
echo 0x37 > /proc/fs/cifs/SecurityFlags
environment-modules is now used to select which Message Passing Interface (MPI) implementation is to be used.
module command contains detailed documentation for the environment-modules package.
module availTo load or unload a module use the following commands:
module load <module-name> module unload <module-name>To emulate the behavior of mpi-selector, the module load commands must be place in the shell init script (e.g.
/.bashrc) to load the modules every login.
fsfreeze(8) man page.
-o nobarrier option.
openib start script and the openib.conf file) were supplied by the openib package. In Red Hat Enterprise Linux 6, the openib package is renamed to rdma. Additionally, the service has been renamed to rdma and the configuration file is now located in /etc/rdma/rdma.conf.
multipath -ll output command:
mpatha (3600a59a0000c2fd0003079284c122fec) dm-0, size=2.0G hwhandler='0' |-+- policy='round-robin 0' prio=0 status=enabled | `- #:#:#:# - #:# failed faulty running `-+- policy='round-robin 0' prio=0 status=enabled |- #:#:#:# - #:# failed faulty running `- #:#:#:# - #:# failed faulty runningOutput of this type indicates that there are no paths to the device. The erroneous lines in the output preceded by the string
#:#:#:# will be removed in a future release.
ext2 and ext3 filesystems do not use a page_mkwrite mechanism to intercept page faults. The quota subsystem can not account for this additional usage when writing to disk. Consequently, a user may exceed their disk block quota by issuing memory-mapped writes into a sparse region of a file. Note, also, that this is a longstanding behavior in the ext2 and ext3 filesystems.
Parted in Red Hat Enterprise Linux 6 cannot handle Extended Address Volumes (EAV) Direct Access Storage Devices (DASD) that have greater than 65535 cylinders. Consequently, EAV DASD drives cannot be partitioned using parted and installation on EAV DASD drives will fail. To work around this issue, complete the installation on a non EAV DASD drive, then add the EAV device after installation using the tools provided in s390-utils.
cat /sys/class/scsi_host/host{n}/fwrev
<alias><space><wwid>for example:
mpatha 3600d0230000000000e13955cc3757801
discoveryd mode and the normal discovery mode is not supported. When using discoveryd mode, iscsid will attempt to login from all iSCSI ifaces found in /var/lib/iscsi/ifaces. If the iface cannot log into the target this will fill the log with failure messages every discoveryd_poll_inval seconds. To prevent this, the iface can be deleted by running "iscsiadm -m iface -o delete -I ifacename".
net.ipv4.conf.default.rp_filter = 1 more strict in the I/O that is accepted. Consequently, in Red Hat Enterprise Linux 6, if there are multiple interfaces on the same subnet and I/O is sent to the one that is not the default route, the I/O will be dropped. Note that this applies to iSCSI iface binding when multiple interfaces are on the same subnet. To work around this, set the net.ipv4.conf.default.rp_filter parameter in /etc/sysctl.conf to 0 or 2, and reboot the machine.
SUBSYSTEM!="block", GOTO="lvm_end"
ACTION!="add|change", GOTO="lvm_end"
KERNEL=="dm-[0-9]*", ACTION=="add", GOTO="lvm_end"
ENV{ID_FS_TYPE}!="LVM*_member", GOTO="lvm_end"
PROGRAM=="/bin/sh -c 'for i in $sys/$devpath/holders/dm-[0-9]*; do [ -e $$i ] && exit 0; done; exit 1;' ", \
GOTO="lvm_end"
RUN+="/bin/sh -c '/sbin/lvm vgscan; /sbin/lvm vgchange -a y'"
LABEL="lvm_end"
Note, however that this work around may impact system performance.
mount: /dev/shm not mounted already, or bad option
qeth interface was previously configured using system-config-network 1.6.0.el6.2, the "OPTIONS=" line needs to be manually added to /etc/sysconfig/network-scripts/ifcfg-<interface>.
# /sbin/znet_cio_free # SUBSYSTEM="ccw" DEVPATH="bus/ccw/devices/<SUBCHANNEL 0>" /lib/udev/ccw_init # ifup <interface>
intel_iommu=off option.
rds-ping command may fail, returning the error:
bind() failed, errno: 99 (Cannot assign requested address).Note, also that this error may occur even with
LOAD_RDS=yes set in /etc/rdma/rdma.conf. To work around this issue, load the rds-tcp module.
rds-stress on a client may result in the following error attempting to connect to the server:
connecting to <server IP address>:4000: No route to host connect(<server IP address>) failed#
search entry will not be propagated to /etc/resolv.conf. Consequently, short host names that do not include the domain name will fail to resolve. To workaround this issue, add a search entry manually to /etc/resolv.conf.
touch /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
nmcli nm wifi onor disabled using the command:
nmcli nm wifi off
netcf command crashes, returning the error message:
Failed to initialize netcf error: unspecified errorTo work around this issue, set the following value in /etc/sysctl.conf:
net.bridge.bridge-nf-call-iptables = 0This issue presents when the
augeas library (used by netcf) has trouble parsing one of the system config files that netcf needs to read or modify.
lvchange --refresh <VG>/<LV>
/sys/class/fc_remote_ports/rport-xxx/dev_loss_tmo) is changed, that the timeout value will revert to the default value after a path fails, and later restored. Note that this issue will present the lpfc, qla2xxx, ibmfc or fnic Fibre Channel drivers. To work around this issue the dev_loss_tmo value must be adjusted after each path fail/restore event.
lvcreate --alloc anywhere does not guarantee placement of data on different physical devices. Consequently, the use of this option is not recommended. If this option is used, the location of the data placement must be manually verified.
authconfig --enableldapauth does not correctly set up the /etc/nslcd.conf configuration file. Consequently, LDAP users will be denied access to the system. To work around this issue, remove the line containing pam_password md5 from the /etc/nslcd.conf file.
subjectAltName extension. Consequently, the client attempts to perform pre-authentication using a different (usually password-based) mechanism.
OpenSCAP is a set of open source libraries that support the Security Content Automation Protocol (SCAP) standards from the National Institute of Standards and Technology (NIST). OpenSCAP supports the SCAP components:
udev daemon in Red Hat Enterprise 6 watches all devices for changes. If a change occurs, the device is rescanned for device information to be stored in the udev database.
<myname>.rules in /etc/udev/rules.d containing the following line:
ACTION=="add|change", SYMLINK=="disk/by-id/scsi-SATA_SAMSUNG_HD400LDS0AXJ1LL903246", OPTIONS+="nowatch"
lsusb -v -d 147e:2016 | grep bcdDevicewill return the version of the device being used in an individual machine.
lpfc) does support DH-CHAP authentication on Red Hat Enterprise Linux 5, from version 5.4. Future Red Hat Enterprise Linux 6 releases may include DH-CHAP authentication.
hpsa_allow_any kernel option allows the hpsa driver to be used with older hardware that typically uses the cciss module by default. To use the hpsa driver with older hardware, set hpsa_allow_any=1 and blacklist the cciss module. Note, however that this is an unsupported, non-default configuration.
05.xx.xx.xx.) Note that following this recommendation is especially important on complex SAS configurations involving multiple SAS expanders.
bnx2, bnx2x, and cnic drivers
ifdown and ifup commands) the driver will need to be unloaded and reloaded to function correctly.
/usr/share/doc/kexec-tools-2.0.0/kexec-kdump-howto.txt for instructions on enabling kdump on these systems.
crashkernel parameter syntaxauto value setting of the crashkernel= parameter (i.e. crashkernel=auto) will be deprecated.
crashkernel=auto enabled, returning the error message kdump: kexec: failed to load kdump kernel in /var/log/messages.
crashkernel parameter to 128M (on x86_64 and x86 architectures) or 256M (on the ppc64 architecture).
KBUILD_CFLAGS += $(shell if [ $(CPP_VERS) -ge 4004004 ]; then \
echo "-Wno-array-bounds -Werror"; else echo ""; fi)
Note, however, that Red Hat does not support custom built kernels or custom built modules.
uprobes.ko at run time. This additional module is usually built automatically when the script is compiled. However, in the client-server case, the uprobes.ko module is not returned by the server to the client. Consequently, missing symbols are reported when the module representing the script is loaded. To work around this issue, use the following command to manually build the uprobes.ko module on the client host.
make -C <prefix>/share/systemtap/runtime/uprobesNote that "<prefix>" is the install prefix for systemtap, and that this manual build of uprobes.ko will only need to be done once.
nmi_watchdog=0
returning from prom_init Kernel panic - not syncing: ERROR: Failed to allocate 0x4000 bytes below 0x10000000. Rebooting in 180 seconds..
Welcome to Red Hat Enterprise Linux! Hit <TAB> for boot options Welcome to yaboot version 1.3.14 (Red Hat 1.3.14-34.el6) Enter "help" to get some basic usage information boot:
linux crashkernel=512M-2G:256M
# yaboot.conf generated by anaconda
boot=/dev/sda1
init-message="Welcome to Red Hat Enterprise Linux!\nHit <TAB> for boot options"
partition=2
timeout=5
install=/usr/lib/yaboot/yaboot
delay=30
enablecdboot
enableofboot
enablenetboot
nonvram
fstype=raw
image=/vmlinuz-2.6.32-59.el6.ppc64
label=linux
read-only
initrd=/initramfs-2.6.32-59.el6.ppc64.img
append="rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=us console=hvc0 crashkernel=auto rhgb quiet root=UUID=63f94acf-6241-4a66-a861-9de912602287"
Remove the string crashkernel=auto from the append= line. Save the file, and exit the editor. Subsequent reboots of the system will boot to the system prompt.
nmi_watchdog=2 or nmi_watchdog=lapic parameters. The parameter nmi_watchdog=1 is not supported.
eclipse-callgraph C/C++ Call Graph Visualization plugin
eclipse-pydev plugin to aid python development
Pycurl Error 6 - ""instead of more useful messages such as:
Pycurl Error 6 - "Could not resolve hostname: blah.example.com"cURL error codes can be manually interpreted by reading the
/usr/include/curl/curl.h file.
/usr/lib/jvm/jre-1.6.0-ibm.x86_64/bin/javaws file.jnplNote that 32-bit packages are not affected by this issue.
nautilus-open-terminal package provides a right-click "Open Terminal" option to open a new terminal window in the current directory. Previously, when this option was chosen from the Desktop, the new terminal window location defaulted to the user's home directory. However, in Red Hat Enterprise Linux 6, the default behavior opens the Desktop directory (i.e. ~/Desktop/). To enable the previous behavior, use the following command to set the desktop_opens_home_dir GConf boolean to true:
gconftool-2 -s /apps/nautilus-open-terminal/desktop_opens_home_dir --type=bool true
nspluginwrapper.i686 and alsa-plugins-pulseaudio.i686 packages must be installed prior to the installation of the plugins.
Error while burning: You do not have the required permissions to use this driveIn most cases, the data is still written to the disc.
system-config-users tool cannot always detect if a home directory can be created correctly. Consequently, system-config-users might fail silently when attempting to create a home directory on some file systems (e.g. home directories located beneath an autofs mount-point). Typically, when this issue is encountered, the user account itself is created, but the creation of the home directory fails. To create a user with an auto-mounted home directory, create the home directory manually before creating the user in system-config-users.
Folder > Refresh). Consequently, when replying to a message in the Sent folder, the new message does not immediately appear in the Sent folder. To see the message, force a refresh using one of the methods describe above.
System > Preferences > Input Method
/etc/grub.conf
. /etc/sysconfig/keyboard; echo $LAYOUT | grep -q ",us" && gconftool-2
--direct --config-source xml:readwrite:/var/lib/gdm/.gconf --set
/apps/gdm/simple-greeter/recent-layouts --type list --list-type string $(echo
$LAYOUT | awk -F, '{ print "[" $2 "," $1 "]"; }') && echo "DONE"
video=[connector:]mode"connector", which is optional maps to the name of the connector as listed in /sys/class/drm/card0. For example:
~% ls /sys/class/drm/card0 card0-LVDS-1 card0-VGA-1 dev device power subsystem ueventThis device has connectors named LVDS-1 and VGA-1. If no connector is specified the requested mode will apply to all connectors.
<xres>x<yres>[R][-<bpp>][@<refresh>][i][eDd]Parts inside <> are mandatory, parts inside [] are optional. R requests the use of the CVT reduced-blanking formula, applicable for some digital displays; otherwise GTF is used. i requests an interlaced mode. e forces the output to be enabled even if it appears to be disconnected; d forces the output to be disabled. For DVI connections, D forces the use of the digital signal path instead of analog; on other connectors it has no effect. Only one of e, d, or D may be given.
/dev/kvm could use this flaw to leak kernel stack memory to user-space. (CVE-2010-3881, Low)
mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partitions. (CVE-2011-1010, Low)
do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)
sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)
inet_csk_bind_conflict() function until the entire system became unreachable when all the CPUs were unresponsive due to a hash locking issue when using port redirection in the __inet_inherit_port() function. With this update, the underlying source code of the __inet_inherit_port() function has been modified to address this issue, and CPUs no longer lock up.
prot->obj_size pointer had to be adjusted in the proto_register function. Prior to this update, the adjustment was done only if the alloc_slab parameter of the proto_register function was not 0. When the alloc_slab parameter was 0, drivers performed allocations themselves using sk_alloc and as the allocated memory was lower than needed, a memory corruption could occur. With this update, the underlying source code has been modified to address this issue, and a memory corruption no longer occurs.
IDX ACTIVATE timeout occurred during an online setting of an OSN device. This was because an incorrect function was provided on the IDX ACTIVATE. Because OSN devices use the same function level as OSD devices, this update adds OSN devices to the initialization function for the func_level; thus, resolving this issue.
ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)
drm_modeset_ctl() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1013, Important)
dccp_rcv_state_process() could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important)
net.sctp.addip_enable and auth_enable variables were turned on (they are off by default). (CVE-2011-1573, Important)
inotify_init() system call. In some cases, it could leak a group, which could allow a local, unprivileged user to eventually cause a denial of service. (CVE-2010-4250, Moderate)
bnep_sock_ioctl() could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)
bcm_connect() in the Controller Area Network (CAN) Broadcast Manager implementation could allow a local, unprivileged user to leak kernel mode addresses in /proc/net/can-bcm. (CVE-2010-4565, Low)
ima_match_rules() to always succeed, ignoring any remaining rules. (CVE-2011-0006, Low)
snd_usb_caiaq_audio_init() and snd_usb_caiaq_midi_init() could allow a local, unprivileged user with access to a Native Instruments USB audio device to cause a denial of service or escalate their privileges. (CVE-2011-0712, Low)
/proc/<PID>/stat were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)
dev_load() could allow a local user who has the CAP_NET_ADMIN capability to load arbitrary modules from /lib/modules/, instead of only netdev modules. (CVE-2011-1019, Low)
ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)
do_replace() could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)
sysctl panic_on_oops variable is turned on by default. However, as a preventive measure if the variable is turned off by an administrator, this update addresses the issue. Red Hat would like to thank Nelson Elhage for reporting this vulnerability.
vlan_list of a bond is empty. Previously, the system panicked and crashed when vlan_list was not empty, but the vlgrp pointer was still NULL.
SCSI (Small Computer System Interface) device attached to a device handler caused applications running in user space, which were performing I/O operations on that device, to become unresponsive. This was due to the fact that the SCSI device handler's activation did not propagate the SCSI device deletion via an error code and a callback to the Device-Mapper Multipath. With this update, deletion of an SCSI device attached to a device handler is properly handled and no longer causes certain applications to become unresponsive.
dcdbas driver can perform an I/O write operation which causes an SMI (System Management Interrupt) to occur. However, the SMI handler processed the SMI well after the outb function was processed, which caused random failures resulting in the aforementioned hang. With this update, the underlying source code has been modified to address this issue, and systems management applications using the libsmbios package no longer become unresponsive.
PAGE_OFFSET + 512GB could not be accessed. With this update, EFI page tables map the whole kernel space.
ixgbe driver has been upgraded to upstream version 3.0.12, which provides a number of bug fixes and enhancements over the previous version.
/proc/net/ipt_CLUSTERIP/ directory. Note: On Red Hat Enterprise 6, only root can write to files in the /proc/net/ipt_CLUSTERIP/ directory by default. This update corrects this issue as a preventative measure in case an administrator has changed the permissions on these files. Red Hat would like to thank Vasiliy Kulikov for reporting this issue.
pam_tty_audit.so module (which enables or disables TTY auditing for specified users) in the /etc/pam.d/sudo file and in the /etc/pam.d/system-auth file when the audit package is not installed resulted in soft lock-ups on CPUs. As a result, the kernel became unresponsive. This was due to the kernel exiting immediately after TTY auditing was disabled, without emptying the buffer, which caused the kernel to spin in a loop, copying 0 bytes at each iteration and attempting to push each time without any effect. With this update, a locking mechanism is introduced to prevent the aforementioned behavior.
sysfs and procfs files allowed an unprivileged user to change various settings, change device hardware registers, and load certain firmware. With this update, permissions for these files have been changed.
kswapd (the kernel's memory reclaim daemon) to enter an infinite loop, consuming 100% of the CPU it is running on. This happened because kswapd incorrectly stayed awake for an unreclaimable zone. This update addresses this issue, and kswapd no longer consumes 100% of the CPU it is running on.
SCSI driver reset the megaraid_sas controller to restore it to normal state. However, on Red Hat Enterprise Linux 6, the waiting time to allow a full reset completion for the megaraid_sas controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset.
VLAN ID 0 can be used in tags).
sctp_icmp_proto_unreachable() function in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-4526, Important)
dvb_ca_ioctl() function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important)
iowarrior_write() function could allow a user with access to an IO-Warrior USB device, that supports more than 8 bytes per report, to cause a denial of service or escalate their privileges. (CVE-2010-4656, Moderate)
mmap_min_addr protection mechanism. (CVE-2010-4346, Low)
orinoco_ioctl_set_auth() function in the Linux kernel's ORiNOCO wireless extensions support implementation could render TKIP countermeasures ineffective when it is enabled, as it enabled the card instead of shutting it down. (CVE-2010-4648, Low)
ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low)
task_show_regs() implementation. On IBM S/390 systems, a local, unprivileged user could use this flaw to read /proc/<PID>/status files, allowing them to discover the CPU register values of processes. (CVE-2011-0710, Low)
bnx2i driver could cause a system crash on IBM POWER7 systems. The driver's page tables were not set up properly on Big Endian machines, causing extended error handling (EEH) errors on PowerPC machines. With this update, the page tables are properly set up and a system crash no longer occurs in the aforementioned case.
write command returns -EAGAIN and then executing a select command for the write command, caused the select command to not return any values when using the virtio serial port in a non-blocking mode. When used in blocking mode, the write command waited until the host indicated it had used up the buffers. This was due to the fact that the poll operation waited for the port->waitqueue pointer; however, nothing woke the waitqueue when there was room again in the queue. With this update, the queue is woken via host notifications so that buffers consumed by the host can be reclaimed, the queue freed, and the application write operations may proceed again.
write() operation) a buffer with zero length to be written to the host, causing the qemu hypervisor instance running on that host to crash. This was caused by the write() operation triggering a virtqueue event on the host, causing a NULL buffer to be accessed. With this update, user space is no longer allowed to submit zero-sized buffers and the aforementioned crash no longer occur.
virtqueue. This was due to virtio_console's poll function checking whether a port was NULL to determine if a read operation would result in a block of the port. However, in some cases, a port can be NULL even though there are buffers left in the virtqueue to be read. This update introduces a more sophisticated method of checking whether a port contains any data; thus, preventing queued up messages from being incorrectly blocked.
write() calls not only blocked the program that called the write() call but also the entire guest. This was caused by the write() calls waiting until an acknowledgment that the data consumed was received from the host. With this update, write() calls no longer wait for such acknowledgment: control is immediately returned to the user space application. This ensures that even if the host is busy processing other data or is not consuming data at all, the guest is not blocked.
rtl8169_interrupt hang due to a RxFIFO overflow. With this update, infinite loops in the IRQ (Interrupt Request) handler caused by RxFIFO overflows are prevented and the aforementioned hang no longer occurs.
/proc/vmcore file was previously significantly slower on a Red Hat Enterprise Linux 6 system when compared to a Red Hat Enterprise Linux 5 system. This update enables caching of memory accesses; reading of the /proc/vmcore file is now noticeably faster.
/proc/vmcore file on a Red Hat Enterprise Linux 6 system was not optimal because it did not always take advantage of reading through the cached memory. With this update, access to the /dev/oldmem device in the /proc/vmcore file is cached, resulting in faster copying to user space.
nmi_watchdog kernel parameter enabled). With this update, an NMI is disallowed when interrupts are blocked by an STI. This is done by checking for the condition and requesting an interrupt window exit if it occurs. As a result, kernel panic no longer occurs.
fcoe.ko and fnic.ko modules to not be able to re-login when a port was brought back up. This was due to a bug in the FCoE (Fiber Channel over Ethernet) layer causing improper handling of FCoE LOGO frames while in the FIP mode. With this update, FCoE LOGO frames are properly handled when in the FIP mode and the fcoe.ko and fnic.ko modules no longer fail to re-login.
nohz_load_balancer CPU is updated. However, under certain circumstances, the nohz_load_balancer CPU would not be updated, causing the offlined CPU to be enqueued with various timers which never expired. As a result, the system could become unresponsive. With this update, the nohz_load_balancer CPU is always updated; systems no longer become unresponsive.
CONFIG_SECURITY_DMESG_RESTRICT option has been added to config-generic-rhel which prevents unprivileged users from reading the kernel syslog. This option is by default turned off (0), which means no restrictions.
/dev/mem file (which contains an image of main memory), where an accidental memory (write) access could potentially be harmful. To restrict access to memory from user space through the /dev/mem file, the CONFIG_STRICT_DEVMEM configuration option has been enabled for the default kernel. The kdump and debug kernels have this option switched off by default.
napi_enable operation; thus, networking no longer fails under the aforementioned circumstances.
tcp_select_initial_window() function in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to trigger a denial of service by calling setsockopt() with certain options. (CVE-2010-4165, Moderate)
mprotect() system call in the Linux kernel could allow a local, unprivileged user to cause a local denial of service. (CVE-2010-4169, Moderate)
execve() system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM (Out of Memory) killer, triggering a denial of service. (CVE-2010-4243, Moderate)
poll() function to find out whether the host-side connection was open or closed. However, with a SIGIO signal, this can be done asynchronously, without having to explicitly poll each port. With this update, a SIGIO signal is sent for any host connect/disconnect events. Once the SIGIO signal is received, the open/close status of virtio-serial ports can be obtained using the poll() system call.
dm-multipath configured on multiple LUNs (Logical Unit Number) hit kernel panic (at scsi_error_handler) with target controller faults during an I/O operation on the dm-multipath devices. This was caused by multipath using the blk_abort_queue() function to allow lower latency path deactivation. The call to blk_abort_queue proved to be unsafe due to a race (between blk_abort_queue and scsi_request_fn). With this update, the race has been resolved and kernel panic no longer occurs on Red Hat Enterprise Linux 6.0 hosts.
kvm_exit) due to control register (CR) accesses by the guest, thus, resulting in poor performance. This update includes a number of optimizations which allow the guest not to exit to the hypervisor in the aforementioned case and improve the overall performance.
SCSI (Small Computer System Interface) ALUA handler. With this update, optimized state transitioning prevents the aforementioned behavior.
qla4xxx driver and FC (Fibre Channel) drivers using the fc class, a device might have been put in the offline state due to a transport problem. Once the transport problem was resolved, the device was not usable until a user manually corrected the state. This update enables the transition from the offline state to the running state, thus, fixing the problem.
ext4 file systems. Because ext4 is the default file system on Red Hat Enterprise Linux 6, with this update, ext4 file system support was added for the zfcpdump tool.
ext2 file systems. With this update, ext2 file system support was added for the zfcpdump tool.
NFSv4 client did not work properly when, after a server reboot, an I/O operation which resulted in a STALE_STATEID response was performed before the RENEW call was sent to the server. This behavior was caused due to the improper use of the state flags. While investigating this bug, a different bug was discovered in the state recovery operation which resulted in a reclaim thread looping in the nfs4_reclaim_open_state() function. With this update, both operations have been fixed and work as expected.
execve() function was transferring the data. With this update, fatal signals (like CTRL+c) can now be received and handled and a process is allowed to yield to higher priority processes during the data transfer.
pagefault_out_of_memory function to be called after the memory cgroup's OOM. This invoked the generic OOM killer and a panic_on_oom could occur. With this update, only the memory cgroup's OOM killer is invoked and used to kill a process should an OOM occur.
D state (that is, became unresponsive). The system load could in some cases climb steadily. This was due to the way the event channel IRQ (Interrupt Request) was set up. Xen events behave like edge-triggered IRQs, however, the kernel was setting them up as level-triggered IRQs. As a result, any action using Xen event channels could lock up a process in the D state. With this update, the handling has been changed from edge-triggered IRQs to level-triggered IRQs and process no longer lock up in the D state.
scsi command timed out and the fcoe/libfc driver aborted the command, a race could occur during the clean-up of the command which could result in kernel panic. With this update, the locking mechanism in the clean-up and abort paths was modified, thus, fixing the aforementioned issue.
QUEUE_FLAG_CLUSTER flag and the setting of the no_cluster flag in the queue_limits variable caused corruption of data. Note that this issue only occurred on hardware that did not support segment merging (that is, clustering). With this update, the synchronization between the aforementioned flags works as expected, thus, corruption of data no longer occurs.
virtio-console device did not handle the hot-unplug operation properly. As a result, virtio-console could access the memory outside the driver's memory area and cause kernel panic on the guest. With this update, multiple fixes to the virtio-console device resolved this issue and the hot-unplug operation works as expected.
hwclock --systohc command could halt a running system. This was due to the interrupt transactions being looped back from a local IOH (Input/Output Hub), through the IOH to a local CPU (erroneously), which caused a conflict with I/O port operations and other transactions. With this update, the conflicts are avoided and the system continues to run after executing the hwclock --systohc command.
dm-multipath) if the I/O operation could be retried by the scsi layer. This prevented the multipath layer from starting its error recovery procedure and resulted in unnecessary log messages in the appropriate log files. This update includes a number of optimizations that resolve the aforementioned issue.
IPSecv6 tunnel mode. This was due to the lack of IPv6 fragmentation support over an IPsec tunnel. With this update, IPv6 fragmentation is fully supported and works as expected when using the IPSecv6 tunnel mode.
ARP monitoring mode, made erroneous assumptions regarding the ownership of ARP frames when it received them for processing. Specifically, it was assumed that the bonding driver code was the only execution context which had access to the ARP frames network buffer data. As a result, an operation was attempted on the said buffer (specifically, to modify the size of the data buffer) which was forbidden by the kernel when a buffer was shared among several execution contexts. The result of such an operation on a shared buffer could lead to data corruption. Consequently, trying to prevent the corruption, the kernel panicked. This shared state in the network buffer could be forced to occur, for example, when running the tcpdump utility to monitor traffic on the bonding interface. Every buffer the bond interface received would be shared between the driver and the tcpdump process, thus, resulting in the aforementioned kernel panic. With this update, for the particular affected path in the bonding driver, each inbound frame is checked whether it is in the shared state. In case a buffer is shared, a private copy is made for exclusive use by the bonding driver, thus, preventing the kernel panic.
group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the Asymmetric Access State (AAS) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.
ixgbe driver has been updated to address various FCoE (Fibre Channel over Ethernet) issues related to Direct Data Placement (FCoE DDP).
qla2xxx driver for QLogic Fibre Channel Host Bus Adapters (HBAs) has been updated to upstream version 8.03.05.01.06.1-k0, which provides a number of bug fixes and enhancements over the previous version.
eCryptfs. When /dev/ecryptfs has world writable permissions (which it does not, by default, on Red Hat Enterprise Linux 6), a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. (CVE-2010-2492, Important)
RDS protocol implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-3865, Important)
PPP over L2TP sockets implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4160, Important)
igb driver. If both Single Root I/O Virtualization (SR-IOV) and promiscuous mode were enabled on an interface using igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. (CVE-2010-4263, Important)
XFS file system implementation, and in the network traffic policing implementation, could allow a local, unprivileged user to cause an information leak. (CVE-2010-3078, CVE-2010-3477, Moderate)
/dev/sequencer to cause a denial of service. /dev/sequencer is only accessible to root and users in the audio group by default. (CVE-2010-3080, Moderate)
bcm_connect() in the Controller Area Network (CAN) Broadcast Manager. On 64-bit systems, writing the socket address may overflow the procname character array. (CVE-2010-3874, Moderate)
INET transport protocols could allow a local, unprivileged user to cause a denial of service. (CVE-2010-3880, Moderate)
HCI UART driver could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4242, Moderate)
AF_UNIX sockets could allow a local, unprivileged user to trigger a denial of service. (CVE-2010-4249, Moderate)
/dev/kvm to cause an information leak. (CVE-2010-4525, Low)
log_mtts_per_seg variable was increased from five to seven, increasing the amount of memory that can be registered. As a result, the Mellanox driver (mlx4) can now use up to 64 GB of physical memory for RDMA (remote direct memory access). This provides better scalability for example when using the Mellanox adapter in NFS/RDMA, or on machines with a lot of physical memory.
FMODE_ and O_ flags, an NFSv4 client could get a WRITE lock on a file that another NFSv4 client already had a READ lock on. As a result, data could be corrupted. With this update, FMODE_ and O_ flags are properly handled and getting a WRITE lock fails in the aforementioned case.
megaraid_sas driver to reset the controller multiple times leading to a faulty controller state. On rebooting the system, the faulty controller state could cause the firmware to detect an incorrect memory condition. This could be especially confusing since the message could be a faulty DIMM (Dual In-line Memory Module) condition prompting the administrator to replace the DIMMs. This occurred due to a leak in the mfi_sgl dma'ed frame when the firmware supported IEEE frames. The mfi_sgl would draw memory from the slab cache and any use of freed memory would result in incorrect pages being read in the ISR (Interrupt Service Routine). This caused the controller resets and the ensuing DIMM error condition. This update fixes the leak in mfi_sgl when the firmware supports IEEE frames. Faulty controller states and faulty DIMM conditions no longer occur.
lvextend operation during an intensive Virtual Guest power up caused this operation to fail. Since lvextend was blocked, all components became non-responsive: vgs and lvs commands froze the session, Virtual Guests became Paused or Not Responding. This was caused due to a faulty use of a lock. With this update, performing an lvextend operation works as expected.
/etc/dev/mems file (list of memory nodes in that cpuset) even though the specified node had enough free memory. With this update, the memory allocator no longer causes an OOM condition when a node has enough free memory.
mm/migrate.c:113. This was due to a false positive BUG_ON. With this update, the false positive BUG_ON has been removed.
lpfc driver would incorrectly panic due to a null pnode dereference. This update addresses the issue and was tested successfully under the same test conditions without the panic occurring.
lpfc driver panicked during error handling. With this update, kernel panic no longer occurs.
off.
NULL header_ops pointer in the neigh_update_hhs() function. With this update, a check is introduced that makes sure the header_ops pointer is not of the value NULL, thus, kernel panic no longer occurs.
i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. (CVE-2010-2962, Important)
compat_alloc_user_space() in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important)
niu_get_ethtool_tcam_all() in the niu Ethernet driver in the Linux kernel, could allow a local user to cause a denial of service or escalate their privileges. (CVE-2010-3084, Important)
sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important)
snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important)
sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP implementation. When iterating through the hmac_ids array, it did not reset the last id element if it was out of range. This could allow a remote attacker to cause a denial of service. (CVE-2010-3705, Important)
drm_ioctl() in the Linux kernel's Direct Rendering Manager (DRM) implementation could allow a local, unprivileged user to cause an information leak. (CVE-2010-2803, Moderate)
ftrace_regex_lseek() in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2010-3079, Moderate)
PKT_CTRL_CMD_STATUS IOCTL request, possibly allowing a local, unprivileged user with access to /dev/pktcdvd/control to cause an information leak. Note: By default, only users in the cdrom group have access to /dev/pktcdvd/control. (CVE-2010-3437, Moderate)
fs and gs segment registers when they had invalid selectors. A privileged host user with access to /dev/kvm could use this flaw to crash the host. (CVE-2010-3698, Moderate)
s390 tape block driver crashed whenever it tried to switch the I/O scheduler. With this update, an official in-kernel API (elevator_change()) is used to switch the I/O scheduler safely, thus, the crashes no longer occurs.
FIPS boot option was enabled. With this update, kernel self-integrity is improved by rejecting to load kernel modules which are not shipped by Red Hat when the FIPS boot option is enabled.
virtefi command line option was passed to the kernel by GRUB. With this update, the need for the virtefi command line option is removed and the kernel will boots as expected without it.
vmlinux file in the kernel-kdump-debuginfo RPM did not contain DWARF debug information. With this update, the CONFIG_DEBUG_KERNEL parameter is set to yes and the needed debug information is provided.
include/asm-generic/mman-common.h file which caused madvise to fail to utilize TPH. With this update, the madvise option was removed from /sys/kernel/mm/redhat_transparent_hugepage/enabled since MADV_HUGEPAGE was removed from the madvise system call.
s390 system with an initramfs that contained an odd number of bytes. With this update, an initramfs with sufficient padding such that it contains an even number of bytes is generated, thus, the kernel no longer panics.
nomodeset xforcevesa had to be added to the kernel command line, otherwise, the screen turned black and prevented the installation. With this update, the aforementioned boot parameter no longer has to be specified and the installation works as expected.
fork() system call led to an rmap walk finding the parent huge-pmd twice instead of once, thus causing a discrepancy between the mapcount and page_mapcount check, which could have led to erratic page counts for subpages. This fix ensures that the rmap walk is accurate when a process is forked, thus resolving the issue.
usrquota is enabled, the following JBD (Journaling Block Device) error was output in /var/log/messages:
JBD: Spotted dirty metadata buffer (dev = sda10, blocknr = 17635). There's a risk of filesystem corruption in case of system crash.
N_port IDs can be multiplexed on a single physical N_port.
TRANSPARENT_HUGEPAGE configuration option in the kernel. With this update, the vmstat tool no longer reports incorrect statistics and works as expected.
anon_vma variable could contain the value null in the page_address_in_vma function and cause kernel panic. With this update, kernel panic no longer occurs.
/proc/maps file which is read by LVM2 (Logical Volume Manager 2) contained inconsistencies caused by LVM2 incorrectly deciding which memory to mlock and munlock. With this update, LVM2 correctly decides between the mlock and munlock operations and no longer causes inconsistencies.
madvise(MADV_MERGEABLE) may have split VMAs (Virtual Memory Area) without checking if any huge page had to be split into regular pages, leading to huge pages to be still mapped in VMA ranges that would not be large enough to fit huge pages. With this update, huge pages are checked whether they have been split when any VMA is being truncated.
CONFIG_IMA option in the kernel. This caused the kernel to track all inodes in the system in a radix tree, leading to a huge waste of memory. With this update, an optimized version of a tree (rbtree) is used and memory is no longer wasted.
elevator_change function immediately after the blk_init_queue function resulted in a null pointer dereference. With this update, the null pointer dereference no longer occurs.
| Revision History | |||
|---|---|---|---|
| Revision 1-5 | Thu May 19 2011 | ||
| |||
| Revision 1-5 | Tue Nov 16 2010 | ||
| |||
| Revision 1-0 | Wed Nov 10 2010 | ||
| |||