Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-7200

kernel update [SLES11 SP3 3.0.101-0.47.67]

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.8.0
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes.

      Following security bugs were fixed:

      • CVE-2015-5707: An integer overflow in the SCSI generic driver could
        be potentially used by local attackers to crash the kernel or execute
        code (bsc#940338).
      • CVE-2015-5364: A remote denial of service (hang) via UDP flood with
        incorrect package checksums was fixed. (bsc#936831).
      • CVE-2015-5366: A remote denial of service (unexpected error returns)
        via UDP flood with incorrect package checksums was fixed. (bsc#936831).
      • CVE-2015-1420: A race condition in the handle_to_path function in
        fs/fhandle.c in the Linux kernel allowed local users to bypass intended
        size restrictions and trigger read operations on additional memory
        locations by changing the handle_bytes value of a file handle during
        the execution of this function (bnc#915517).
      • CVE-2015-4700: A local user could have created a bad instruction in
        the JIT processed BPF code, leading to a kernel crash (bnc#935705).
      • CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable
        to a crash which could occur while fetching inode information from a
        corrupted/malicious udf file system image. (bsc#933907).
      • CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various
        issues in handling UDF filesystems in the Linux kernel allowed the
        corruption of kernel memory and other issues. An attacker able to mount
        a corrupted/malicious UDF file system image could cause the kernel to
        crash. (bsc#933904 bsc#933896)
      • CVE-2015-2150: The Linux kernel did not properly restrict access to
        PCI command registers, which might have allowed local guest users to
        cause a denial of service (non-maskable interrupt and host crash) by
        disabling the (1) memory or (2) I/O decoding for a PCI Express device
        and then accessing the device, which triggers an Unsupported Request
        (UR) response (bsc#919463).
      • CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux
        kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users
        to obtain sensitive information from uninitialized locations in host OS
        kernel memory via unspecified vectors (bnc#917830).
      • CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did
        not prevent the TS_COMPAT flag from reaching a user-mode task, which
        might have allowed local users to bypass the seccomp or audit protection
        mechanism via a crafted application that uses the (1) fork or (2) close
        system call, as demonstrated by an attack against seccomp before 3.16
        (bnc#926240).
      • CVE-2015-1805: The Linux kernels implementation of vectored pipe
        read and write functionality did not take into account the I/O vectors
        that were already processed when retrying after a failed atomic access
        operation, potentially resulting in memory corruption due to an I/O vector
        array overrun. A local, unprivileged user could use this flaw to crash
        the system or, potentially, escalate their privileges on the system.
        (bsc#933429).

      Also the following non-security bugs were fixed:

      • audit: keep inode pinned (bsc#851068).
      • btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350).
      • btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350).
      • btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350).
      • cifs: Fix missing crypto allocation (bnc#937402).
      • client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348).
      • drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572).
      • drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572).
      • drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572).
      • drm/mgag200: Do not do full cleanup if mgag200_device_init fails.
      • ext3: Fix data corruption in inodes with journalled data (bsc#936637)
      • ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944).
      • fanotify: Fix deadlock with permission events (bsc#935053).
      • fork: reset mm->pinned_vm (bnc#937855).
      • hrtimer: prevent timer interrupt DoS (bnc#886785).
      • hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
      • hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
      • IB/core: Fix mismatch between locked and pinned pages (bnc#937855).
      • iommu/amd: Fix memory leak in free_pagetable (bsc#935866).
      • iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538).
      • iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).
      • ipr: Increase default adapter init stage change timeout (bsc#930761).
      • ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355).
      • kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).
      • kernel: add panic_on_warn. (bsc#934742)
      • kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953).
      • libata: prevent HSM state change race between ISR and PIO (bsc#923245).
      • md: use kzalloc() when bitmap is disabled (bsc#939994).
      • megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).
      • mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).
      • mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143).
      • mm: restrict access to slab files under procfs and sysfs (bnc#936077).
      • net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362).
      • net: Fix "ip rule delete table 256" (bsc#873385).
      • net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).
      • net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355).
      • nfsd: Fix nfsv4 opcode decoding error (bsc#935906).
      • nfsd: support disabling 64bit dir cookies (bnc#937503).
      • nfs: never queue requests with rq_cong set on the sending queue (bsc#932458).
      • nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910).
      • pagecache limit: add tracepoints (bnc#924701).
      • pagecache limit: Do not skip over small zones that easily (bnc#925881).
      • pagecache limit: export debugging counters via /proc/vmstat (bnc#924701).
      • pagecache limit: fix wrong nr_reclaimed count (bnc#924701).
      • pagecache limit: reduce starvation due to reclaim retries (bnc#925903).
      • pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355).
      • pci: Disable Bus Master only on kexec reboot (bsc#920110).
      • pci: disable Bus Master on PCI device shutdown (bsc#920110).
      • pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110).
      • pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110).
      • perf, nmi: Fix unknown NMI warning (bsc#929142).
      • perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142).
      • rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).
      • sched: fix __sched_setscheduler() vs load balancing race (bnc#921430)
      • scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733).
      • scsi: Set hostbyte status in scsi_check_sense() (bsc#920733).
      • scsi: set host msg status correctly (bnc#933936)
      • scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).
      • st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875).
      • udf: Remove repeated loads blocksize (bsc#933907).
      • usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641).
      • vmxnet3: Bump up driver version number (bsc#936423).
      • vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).
      • vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).
      • vmxnet3: Register shutdown handler for device (fwd) (bug#936423).
      • x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
      • x86, tls: Interpret an all-zero struct user_desc as "no segment" (bsc#920250).
      • x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250).
      • xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
      • xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705)
      • zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491).

      Attachments

        Issue Links

          Activity

            [LU-7200] kernel update [SLES11 SP3 3.0.101-0.47.67]

            Landed for 2.8

            jgmitter Joseph Gmitter (Inactive) added a comment - Landed for 2.8

            Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/16617/
            Subject: LU-7200 kernel: kernel update [SLES11 SP3 3.0.101-0.47.67]
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: 77f345abbe6228f284ec1228efbe1094275ee9e5

            gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/16617/ Subject: LU-7200 kernel: kernel update [SLES11 SP3 3.0.101-0.47.67] Project: fs/lustre-release Branch: master Current Patch Set: Commit: 77f345abbe6228f284ec1228efbe1094275ee9e5

            seeing failure like this on every boot of MDS:

            02:33:55:[    1.798369] modprobe: page allocation failure: order:4, mode:0xd0
            02:33:55:[    1.799381] Pid: 409, comm: modprobe Tainted: G           E   3.0.101-0.47.67_lustre.g71918e8-default #1
            02:33:55:[    1.801128] Call Trace:
            02:33:55:[    1.801750]  [<ffffffff81004b95>] dump_trace+0x75/0x300
            02:33:55:[    1.802653]  [<ffffffff81465033>] dump_stack+0x69/0x6f
            02:33:55:[    1.803551]  [<ffffffff811028d6>] warn_alloc_failed+0xc6/0x170
            02:33:55:[    1.804574]  [<ffffffff811044e1>] __alloc_pages_slowpath+0x561/0x7f0
            02:33:55:[    1.805603]  [<ffffffff81104959>] __alloc_pages_nodemask+0x1e9/0x200
            02:33:55:[    1.806622]  [<ffffffff81146e43>] kmem_getpages+0x53/0x180
            02:33:55:[    1.807563]  [<ffffffff81147c56>] fallback_alloc+0x196/0x270
            02:33:55:[    1.808524]  [<ffffffff81148847>] kmem_cache_alloc+0x207/0x2a0
            02:33:55:[    1.809491]  [<ffffffff8114acb7>] kmem_cache_create+0x297/0x540
            02:33:55:[    1.810472]  [<ffffffffa033a316>] nfs_init_writepagecache+0x1f/0xd09 [nfs]
            02:33:55:[    1.811563]  [<ffffffffa033a185>] init_nfs_fs+0xe5/0x138 [nfs]
            02:33:55:[    1.812545]  [<ffffffff810001cb>] do_one_initcall+0x3b/0x180
            02:33:55:[    1.813496]  [<ffffffff810a2e2f>] sys_init_module+0xcf/0x240
            02:33:55:[    1.814458]  [<ffffffff8146fe72>] system_call_fastpath+0x16/0x1b
            02:33:55:[    1.815442]  [<00007f17535abd5a>] 0x7f17535abd59
            02:33:55:[    1.816299] Mem-Info:
            02:33:55:[    1.816916] Node 0 DMA per-cpu:
            02:33:55:[    1.817655] CPU    0: hi:    0, btch:   1 usd:   0
            02:33:55:[    1.818518] Node 0 DMA32 per-cpu:
            02:33:55:[    1.819303] CPU    0: hi:   42, btch:   7 usd:   0
            02:33:55:[    1.820178] active_anon:1395 inactive_anon:6 isolated_anon:0
            02:33:55:[    1.820179]  active_file:3865 inactive_file:3893 isolated_file:0
            02:33:55:[    1.820179]  unevictable:9609 dirty:0 writeback:0 unstable:0
            02:33:55:[    1.820180]  free:893 slab_reclaimable:893 slab_unreclaimable:4198
            02:33:55:[    1.820181]  mapped:1160 shmem:8 pagetables:356 bounce:0
            02:34:16:[    1.824950] Node 0 DMA free:460kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:308kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
            02:34:16:[    1.830684] lowmem_reserve[]: 0 115 115 115
            02:34:17:[    1.831764] Node 0 DMA32 free:3112kB min:1372kB low:1712kB high:2056kB active_anon:5580kB inactive_anon:24kB active_file:15388kB inactive_file:15572kB unevictable:38436kB isolated(anon):0kB isolated(file):0kB present:118392kB mlocked:8208kB dirty:0kB writeback:0kB mapped:4640kB shmem:32kB slab_reclaimable:3572kB slab_unreclaimable:16792kB kernel_stack:568kB pagetables:1424kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
            02:34:17:[    1.837891] lowmem_reserve[]: 0 0 0 0
            02:34:17:[    1.838916] Node 0 DMA: 3*4kB 0*8kB 0*16kB 0*32kB 3*64kB 2*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 460kB
            02:34:17:[    1.841450] Node 0 DMA32: 142*4kB 126*8kB 54*16kB 17*32kB 2*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3112kB
            02:34:17:[    1.844017] 15327 total pagecache pages
            02:34:17:[    1.844773] 0 pages in swap cache
            02:34:17:[    1.845496] Swap cache stats: add 0, delete 0, find 0/0
            02:34:17:[    1.846396] Free swap  = 0kB
            02:34:17:[    1.847064] Total swap = 0kB
            02:34:17:[    1.847719] 29675 pages RAM
            02:34:17:[    1.848471] FS-Cache: Netfs 'nfs' unregistered from caching
            02:34:17:modprobe: FATAL: Error inserting nfs (/lib/modules/3.0.101-0.47.67_lustre.g71918e8-default/kernel/fs/nfs/nfs.ko): Cannot allocate memory
            

            It doesn't appear fatal. Execution proceeds after these events. Sure to block use of nfs. I believe it's common in many sites and test environments to mount nfs volumes to all servers for common logging or sharing low data rate info.

            bogl Bob Glossman (Inactive) added a comment - seeing failure like this on every boot of MDS: 02:33:55:[ 1.798369] modprobe: page allocation failure: order:4, mode:0xd0 02:33:55:[ 1.799381] Pid: 409, comm: modprobe Tainted: G E 3.0.101-0.47.67_lustre.g71918e8-default #1 02:33:55:[ 1.801128] Call Trace: 02:33:55:[ 1.801750] [<ffffffff81004b95>] dump_trace+0x75/0x300 02:33:55:[ 1.802653] [<ffffffff81465033>] dump_stack+0x69/0x6f 02:33:55:[ 1.803551] [<ffffffff811028d6>] warn_alloc_failed+0xc6/0x170 02:33:55:[ 1.804574] [<ffffffff811044e1>] __alloc_pages_slowpath+0x561/0x7f0 02:33:55:[ 1.805603] [<ffffffff81104959>] __alloc_pages_nodemask+0x1e9/0x200 02:33:55:[ 1.806622] [<ffffffff81146e43>] kmem_getpages+0x53/0x180 02:33:55:[ 1.807563] [<ffffffff81147c56>] fallback_alloc+0x196/0x270 02:33:55:[ 1.808524] [<ffffffff81148847>] kmem_cache_alloc+0x207/0x2a0 02:33:55:[ 1.809491] [<ffffffff8114acb7>] kmem_cache_create+0x297/0x540 02:33:55:[ 1.810472] [<ffffffffa033a316>] nfs_init_writepagecache+0x1f/0xd09 [nfs] 02:33:55:[ 1.811563] [<ffffffffa033a185>] init_nfs_fs+0xe5/0x138 [nfs] 02:33:55:[ 1.812545] [<ffffffff810001cb>] do_one_initcall+0x3b/0x180 02:33:55:[ 1.813496] [<ffffffff810a2e2f>] sys_init_module+0xcf/0x240 02:33:55:[ 1.814458] [<ffffffff8146fe72>] system_call_fastpath+0x16/0x1b 02:33:55:[ 1.815442] [<00007f17535abd5a>] 0x7f17535abd59 02:33:55:[ 1.816299] Mem-Info: 02:33:55:[ 1.816916] Node 0 DMA per-cpu: 02:33:55:[ 1.817655] CPU 0: hi: 0, btch: 1 usd: 0 02:33:55:[ 1.818518] Node 0 DMA32 per-cpu: 02:33:55:[ 1.819303] CPU 0: hi: 42, btch: 7 usd: 0 02:33:55:[ 1.820178] active_anon:1395 inactive_anon:6 isolated_anon:0 02:33:55:[ 1.820179] active_file:3865 inactive_file:3893 isolated_file:0 02:33:55:[ 1.820179] unevictable:9609 dirty:0 writeback:0 unstable:0 02:33:55:[ 1.820180] free:893 slab_reclaimable:893 slab_unreclaimable:4198 02:33:55:[ 1.820181] mapped:1160 shmem:8 pagetables:356 bounce:0 02:34:16:[ 1.824950] Node 0 DMA free:460kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:308kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no 02:34:16:[ 1.830684] lowmem_reserve[]: 0 115 115 115 02:34:17:[ 1.831764] Node 0 DMA32 free:3112kB min:1372kB low:1712kB high:2056kB active_anon:5580kB inactive_anon:24kB active_file:15388kB inactive_file:15572kB unevictable:38436kB isolated(anon):0kB isolated(file):0kB present:118392kB mlocked:8208kB dirty:0kB writeback:0kB mapped:4640kB shmem:32kB slab_reclaimable:3572kB slab_unreclaimable:16792kB kernel_stack:568kB pagetables:1424kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no 02:34:17:[ 1.837891] lowmem_reserve[]: 0 0 0 0 02:34:17:[ 1.838916] Node 0 DMA: 3*4kB 0*8kB 0*16kB 0*32kB 3*64kB 2*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 460kB 02:34:17:[ 1.841450] Node 0 DMA32: 142*4kB 126*8kB 54*16kB 17*32kB 2*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3112kB 02:34:17:[ 1.844017] 15327 total pagecache pages 02:34:17:[ 1.844773] 0 pages in swap cache 02:34:17:[ 1.845496] Swap cache stats: add 0, delete 0, find 0/0 02:34:17:[ 1.846396] Free swap = 0kB 02:34:17:[ 1.847064] Total swap = 0kB 02:34:17:[ 1.847719] 29675 pages RAM 02:34:17:[ 1.848471] FS-Cache: Netfs 'nfs' unregistered from caching 02:34:17:modprobe: FATAL: Error inserting nfs (/lib/modules/3.0.101-0.47.67_lustre.g71918e8-default/kernel/fs/nfs/nfs.ko): Cannot allocate memory It doesn't appear fatal. Execution proceeds after these events. Sure to block use of nfs. I believe it's common in many sites and test environments to mount nfs volumes to all servers for common logging or sharing low data rate info.

            Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/16617
            Subject: LU-7200 kernel: kernel update [SLES11 SP3 3.0.101-0.47.67]
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 03672d45490195a95da80e1de7902dcf35c3dbd6

            gerrit Gerrit Updater added a comment - Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/16617 Subject: LU-7200 kernel: kernel update [SLES11 SP3 3.0.101-0.47.67] Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 03672d45490195a95da80e1de7902dcf35c3dbd6

            People

              bogl Bob Glossman (Inactive)
              bogl Bob Glossman (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: