[LU-6894] Kernel update for RHEL6.7 [2.6.32-573.3.1.el6] Created: 22/Jul/15  Updated: 01/Jul/16  Resolved: 25/Aug/15

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.8.0

Type: Improvement Priority: Minor
Reporter: Yang Sheng Assignee: Yang Sheng
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Blocker
Related
is related to LU-6956 multiple test failures on el6.7 Resolved
Rank (Obsolete): 9223372036854775807

 Description   
  • A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)
    implementation handled non-huge page migration. A local, unprivileged user
    could use this flaw to crash the kernel by migrating transparent hugepages.
    (CVE-2014-3940, Moderate)
  • A buffer overflow flaw was found in the way the Linux kernel's eCryptfs
    implementation decoded encrypted file names. A local, unprivileged user
    could use this flaw to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-9683, Moderate)
  • A race condition flaw was found between the chown and execve system
    calls. When changing the owner of a setuid user binary to root, the race
    condition could momentarily make the binary setuid root. A local,
    unprivileged user could potentially use this flaw to escalate their
    privileges on the system. (CVE-2015-3339, Moderate)
  • Multiple out-of-bounds write flaws were found in the way the Cherry
    Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
    drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
    control driver, and Sunplus wireless desktop driver handled HID reports
    with an invalid report descriptor size. An attacker with physical access to
    the system could use either of these flaws to write data past an allocated
    memory buffer. (CVE-2014-3184, Low)
  • An information leak flaw was found in the way the Linux kernel's Advanced
    Linux Sound Architecture (ALSA) implementation handled access of the user
    control's state. A local, privileged user could use this flaw to leak
    kernel memory to user space. (CVE-2014-4652, Low)
  • It was found that the espfix functionality could be bypassed by
    installing a 16-bit RW data segment into GDT instead of LDT (which espfix
    checks), and using that segment on the stack. A local, unprivileged user
    could potentially use this flaw to leak kernel stack addresses.
    (CVE-2014-8133, Low)
  • An information leak flaw was found in the Linux kernel's IEEE 802.11
    wireless networking implementation. When software encryption was used, a
    remote attacker could use this flaw to leak up to 8 bytes of plaintext.
    (CVE-2014-8709, Low)
  • It was found that the Linux kernel KVM subsystem's sysenter instruction
    emulation was not sufficient. An unprivileged guest user could use this
    flaw to escalate their privileges by tricking the hypervisor to emulate a
    SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the
    SYSENTER model-specific registers (MSRs). Note: Certified guest operating
    systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER
    MSRs and are thus not vulnerable to this issue when running on a KVM
    hypervisor. (CVE-2015-0239, Low)

Bugs fixed (https://bugzilla.redhat.com/):

734360 - "opcontrol --deinit" cause kernel panic inside guest os.
840708 - misleading (typo) print for "max_report_luns"
986761 - guest kernel will print many "serial8250: too much work for irq3" when using kvm with isa-serial
1025868 - kernel panic when installing RHEL4 with Opteron G3 CPU model
1066702 - Hugepage allocations hang on numa nodes with insufficient memory
1104097 - CVE-2014-3940 Kernel: missing check during hugepage migration
1113406 - CVE-2014-4652 Kernel: ALSA: control: protect user controls against races & memory disclosure
1115545 - NFS4: remove incorrect "Lock reclaim failed!" warning when delegations are used
1116398 - RHEV-H crashes and reboots when ksmd (MOM) is enabled
1141391 - CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines
1144128 - FUSE: Scheduling while atomic OOPSes when using inval_entry
1145751 - kvm_clock lacks protection against tsc going backwards
1150510 - kernel ignores ACPI memory devices (PNP0C80) present at boot time
1156661 - Kernel crash when unmounting Ext4 filesystem
1171317 - xfs may crash after unmount if a log write is delayed
1172797 - CVE-2014-8133 kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS
1173580 - CVE-2014-8709 kernel: net: mac80211: plain text information leak
1183773 - clock_event_device:min_delta_ns can overflow and can never go down
1186448 - CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1187940 - Regression: Loading memory mapped files does not use the optimal sized (large) I/O any more in kernel 2.6.32-504.3.3.el6.x86_64
1193830 - CVE-2014-9683 kernel: buffer overflow in eCryptfs
1196319 - Backport the dm-switch target to RHEL 6
1200541 - Reset socket ignored when socket state is LAST-ACK and connection state is SYN-SENT
1208065 - O_TRUNC ignored on NFS file with invalid cache entry
1214030 - CVE-2015-3339 kernel: race condition between chown() and execve()

 Comments   
Comment by Bob Glossman (Inactive) [ 22/Jul/15 ]

There's already a follow on announcement raising the kernel version to 2.6.32-573.1.1.el6
Pretty sure that's the one we want, not 2.6.32-573.el6

Comment by Bob Glossman (Inactive) [ 22/Jul/15 ]

I think this kernel is a part of the new RHEL 6.7 release, announced today. It may not be an update for el6.6 at all.

see http://www.redhat.com/en/about/press-releases/red-hat-joins-platform-stability-and-open-innovation-latest-version-red-hat-enterprise-linux-6

Comment by Gerrit Updater [ 23/Jul/15 ]

Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/15701
Subject: LU-6894 kernel: new kernel RHEL6.7 [2.6.32-573.1.1.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 3b1fc84b75ef4b349cba905a14135a57e1769beb

Comment by Gerrit Updater [ 07/Aug/15 ]

Yang Sheng (yang.sheng@intel.com) uploaded a new patch: http://review.whamcloud.com/15916
Subject: LU-6894 tests: debug patch
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: f0ff7c14510970ddfaadcb3b0f91b88d04154ec8

Comment by Bob Glossman (Inactive) [ 13/Aug/15 ]

there's already a kernel update from RedHat for el6.7

Since the support for el6.7 hasn't landed yet I'll just retarget this ticket to the newer version instead of creating a whole new one.

kernel version for el6.7 will now be 2.6.32-573.3.1.el6

Comment by Gerrit Updater [ 25/Aug/15 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/15701/
Subject: LU-6894 kernel: new kernel RHEL6.7 [2.6.32-573.3.1.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: c67434cbf27d9a7bb193c2b64b2a3ed40f48c93b

Comment by Joseph Gmitter (Inactive) [ 25/Aug/15 ]

Patch has landed for 2.8.

Comment by Gerrit Updater [ 02/Sep/15 ]

Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/16169
Subject: LU-6894 build: 32 bit config for RHEL6.7 [2.6.32-573.3.1.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 3c0d3e0c7a6ff932badc0b15229451a68ef78ebd

Comment by Martin Hecht [ 03/Dec/15 ]

I have compiled successfully with lustre master and kernel 2.6.32-573.el6 and 2.6.32-573.3.1.el6 on SL6.7 (x86_64) following https://wiki.hpdd.intel.com/pages/viewpage.action?pageId=8126821 step by step, but these kernels don't boot at all. I just get a black screen with a blinking cursor.
If I do the same steps with kernel-2.6.32.431.5.1.el6 from SL6.4 as in the Walk-thru Build tutorial, that lustre kernel boots smoothly and the resulting lustre works fine on my testbed.

Generated at Sat Feb 10 02:04:12 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.