[LU-17274] RHEL 9.3 support Created: 08/Nov/23  Updated: 05/Jan/24  Resolved: 29/Nov/23

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.16.0
Fix Version/s: Lustre 2.16.0, Lustre 2.15.4

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
is related to LU-17282 gss build error: too few arguments to... Resolved
is related to LU-16802 Kernel 6.4 client support Resolved
is related to LU-17360 kernel update [RHEL 9.3 5.14.0-362.13... Open
is related to LU-17351 RHEL 9.3 ldiskfs support Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

Red Hat Enterprise Linux 9.3 release is available:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index
Kernel version: 5.14.0-362.8.1.el9_3

Security Fix(es):

  • kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)
  • kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)
  • kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)
  • Kernel: race when faulting a device private page in memory manager (CVE-2022-3523)
  • kernel: use-after-free in l1oip timer handlers (CVE-2022-3565)
  • kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
  • kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)
  • kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)
  • hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
  • kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c (CVE-2022-42895)
  • kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
  • kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)
  • kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
  • kernel: hid: Use After Free in asus_remove() (CVE-2023-1079)
  • kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
  • kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)
  • Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (CVE-2023-1652)
  • kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)
  • kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)
  • kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)
  • kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params() (CVE-2023-3772)
  • kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr (CVE-2023-3773)
  • kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability (CVE-2023-4155)
  • kernel: exFAT: stack overflow in exfat_get_uniname_from_ext_entry (CVE-2023-4273)
  • kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
  • kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)
  • kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove() (CVE-2023-33203)
  • kernel: vmwgfx: race condition leading to information disclosure vulnerability (CVE-2023-33951)
  • kernel: vmwgfx: double free within the handling of vmw_buffer_object objects (CVE-2023-33952)
  • kernel: r592: race condition leading to use-after-free in r592_remove() (CVE-2023-35825)
  • kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)
  • kernel: tap: tap_open(): correctly initialize socket uid (CVE-2023-1076)
  • kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code (CVE-2023-1249)
  • kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)
  • kernel: Use after free bug in r592_remove (CVE-2023-3141)
  • kernel: gfs2: NULL pointer dereference in gfs2_evict_inode() (CVE-2023-3212)
  • kernel: NULL pointer dereference due to missing kalloc() return value check in shtp_cl_get_dma_send_buf() (CVE-2023-3358)
  • kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid (CVE-2023-4194)

https://access.redhat.com/errata/RHSA-2023:6583?sc_cid=701600000006NHXAA2

 Comments   
Comment by Gerrit Updater [ 09/Nov/23 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53054
Subject: LU-17274 kernel: new kernel [RHEL 9.3 5.14.0-362.8.1.el9_3]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 5c9869a343562a9e7308b85e19dee5b8f752c9e3

Comment by Gerrit Updater [ 09/Nov/23 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53055
Subject: LU-17274 kernel: new kernel [RHEL 9.3 5.14.0-362.8.1.el9_3]
Project: fs/lustre-release
Branch: b2_15
Current Patch Set: 1
Commit: 7052c644e60b0c65683c221b4e81e851d8fa0874

Comment by Fredrik Nyström [ 09/Nov/23 ]

Has anyone managed to build Lustre client for EL 9.3?

I did some tests with 5.14.0-362.2.1.el9_3 from AlmaLinux 9.3-beta.

b2_15 build stopped:
lustre/include/lustre_compat.h:533:32: error: too few arguments to function ‘register_shrinker’

Most likely due to Linux commit v5.19-rc4-52-ge33c267ab70d backported
in 5.14.0-293, fixed in LU-16328?

master build stopped:
lustre/ptlrpc/gss/gss_svc_upcall.c:681:18: error: too few arguments to function ‘get_expiry’

Likely due to changes in:
/usr/src/kernels/5.14.0-362.2.1.el9_3.x86_64/include/linux/sunrpc/cache.h

Comment by Peter Jones [ 09/Nov/23 ]

Did you try with the b2_15 patch listed above?

Comment by Jian Yu [ 09/Nov/23 ]

Hi nscfreny,
I'm working on that.

Comment by Fredrik Nyström [ 09/Nov/23 ]

Yes, I did try the above patch for b2_15. Thanks for working on this.

Comment by Jian Yu [ 10/Nov/23 ]

You're welcome, nscfreny. I'm still working on the fixes. After local testings pass, I'll rebase the above patches in patch series.

Comment by Jian Yu [ 14/Nov/23 ]

Hi nscfreny, could you please try the following patch series?

Comment by Fredrik Nyström [ 14/Nov/23 ]

Thanks, I will try both...

Comment by Fredrik Nyström [ 14/Nov/23 ]

Build + very basic testing done on Rocky Linux 9.3 (still in staging), kernel-5.14.0-362.8.1.el9_3.x86_64. Clients built with "--disable-server --enable-client". Servers only built and tested with ZFS. No build problems.

  • Client 2.15.3_50_ge2f8df8 (b2_15 + LU-17274)
  • Client 2.15.59_2_ged48443 (master + LU-17274)
  • Server zfs-2.1.13 + lustre-2.15.3_50_ge2f8df8 (b2_15 + LU-17274)
  • Server zfs-2.2.0 + lustre-2.15.59_3_g9947140 (master + LU-17274 + LU-16791)
Comment by Jian Yu [ 15/Nov/23 ]

Thank you, nscfreny.

Comment by Peter Jones [ 15/Nov/23 ]

Yes - thank you indeed! (I did thank you in my presentation at the SC23 Lustre BOF yesterday but I suspect that you probably were not in the room )

Comment by Fredrik Nyström [ 15/Nov/23 ]

Thanks, a few colleagues are at SC but I don't think they attended Lustre BOF.

Comment by Gerrit Updater [ 18/Nov/23 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/53055/
Subject: LU-17274 kernel: new kernel [RHEL 9.3 5.14.0-362.8.1.el9_3]
Project: fs/lustre-release
Branch: b2_15
Current Patch Set:
Commit: 503918da04fce7a25014112956c95e84188985bd

Comment by Gerrit Updater [ 29/Nov/23 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/53054/
Subject: LU-17274 kernel: new kernel [RHEL 9.3 5.14.0-362.8.1.el9_3]
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 9eb87e7ef3a144efc4fe81628352f1ca7f467018

Comment by Peter Jones [ 29/Nov/23 ]

Landed for 2.16

Comment by Gerrit Updater [ 09/Dec/23 ]

"Shaun Tancheff <shaun.tancheff@hpe.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53394
Subject: LU-17274 ldiskfs: RHEL 9.3 ldiskfs server
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: d17622f681679c74645a748927f4eb894b83b850

Comment by Shaun Tancheff [ 09/Dec/23 ]

"Shaun Tancheff <shaun.tancheff@hpe.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53394
Moved to LU-17351
Subject: LU-17351 ldiskfs: RHEL 9.3 ldiskfs server

Generated at Sat Feb 10 03:34:04 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.