https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-8126 Lustre <p>With the GA announcement of RHEL 6.8 on 5/10 we need to add content to lustre to allow building and running on it.</p> <p>This ticket is intended to cover all the changes needed in the lustre tree for this brand new distro release. This includes new target and config files for the new kernel version, new or revised base kernel and ldiskfs patches, and small incremental changes to lbuild and autoconf.</p> LU-8126

new kernel [RHEL6.8 2.6.32-642.el6]

Bug Major Resolved Fixed Bob Glossman Bob Glossman Tue, 10 May 2016 20:14:38 +0000 Thu, 14 Jun 2018 21:41:12 +0000 Thu, 2 Jun 2016 11:53:46 +0000 Lustre 2.9.0 0 6 <p>Security Fix(es):</p> <ul> <li>It was found that reporting emulation failures to user space could lead to<br/> either a local (CVE-2014-7842) or a L2-&gt;L1 (CVE-2010-5313) denial of service. In<br/> the case of a local denial of service, an attacker must have access to the MMIO<br/> area or be able to access an I/O port. Please note that on certain systems, HPET<br/> is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may<br/> generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313,<br/> CVE-2014-7842, Moderate)</li> </ul> <ul> <li>It was found that the Linux kernel did not properly account file descriptors<br/> passed over the unix socket against the process limit. A local user could use<br/> this flaw to exhaust all available memory on the system. (CVE-2013-4312,<br/> Moderate)</li> </ul> <ul> <li>A buffer overflow flaw was found in the way the Linux kernel's virtio-net<br/> subsystem handled certain fraglists when the GRO (Generic Receive Offload)<br/> functionality was enabled in a bridged network configuration. An attacker on the<br/> local network could potentially use this flaw to crash the system, or, although<br/> unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)</li> </ul> <ul> <li>It was found that the Linux kernel's IPv6 network stack did not properly<br/> validate the value of the MTU variable when it was set. A remote attacker could<br/> potentially use this flaw to disrupt a target system's networking (packet loss)<br/> by setting an invalid MTU value, for example, via a NetworkManager daemon that<br/> is processing router advertisement packets running on the target system.<br/> (CVE-2015-8215, Moderate)</li> </ul> <ul> <li>A NULL pointer dereference flaw was found in the way the Linux kernel's<br/> network subsystem handled socket creation with an invalid protocol identifier. A<br/> local user could use this flaw to crash the system. (CVE-2015-8543, Moderate)</li> </ul> <ul> <li>It was found that the espfix functionality does not work for 32-bit KVM<br/> paravirtualized guests. A local, unprivileged guest user could potentially use<br/> this flaw to leak kernel stack addresses. (CVE-2014-8134, Low)</li> </ul> <ul> <li>A flaw was found in the way the Linux kernel's ext4 file system driver handled<br/> non-journal file systems with an orphan list. An attacker with physical access<br/> to the system could use this flaw to crash the system or, although unlikely,<br/> escalate their privileges on the system. (CVE-2015-7509, Low)</li> </ul> <ul> <li>A NULL pointer dereference flaw was found in the way the Linux kernel's ext4<br/> file system driver handled certain corrupted file system images. An attacker<br/> with physical access to the system could use this flaw to crash the system.<br/> (CVE-2015-8324, Low)</li> </ul> <p>Bugs fixed (<a href="https://bugzilla.redhat.com/):" class="external-link" target="_blank" rel="nofollow noopener">https://bugzilla.redhat.com/):</a></p> <p>1066751 - tmpfs: creates files with inode number 0, rendering parent directory unremovable<br/> 1163762 - CVE-2010-5313 CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace<br/> 1172765 - CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests<br/> 1197875 - CIFS DFS shares fail to mount when specifying sec= option<br/> 1225359 - bonding: fail to configure master mac address by initscripts<br/> 1242239 - md raid1 writemostly feature broken<br/> 1243852 - CVE-2015-5156 kernel: buffer overflow with fraglist larger than MAX_SKB_FRAGS + 2 in virtio-net<br/> 1248507 - kernel: <span class="error">&#91;drm:cpt_set_fifo_underrun_reporting&#93;</span> <b>ERROR</b> uncleared pch fifo underrun on pch transcoder A<br/> 1254020 - RHEL6.6: NFS client has kernel panic after seeing 'VFS: Busy inodes after unmount ... Self-destruct in 5 seconds. Have a nice day'<br/> 1259222 - CVE-2015-7509 kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system<br/> 1259870 - Incomplete nl80211 backport broke hostapd<br/> 1267261 - CVE-2015-8324 kernel: Null pointer dereference when mounting ext4<br/> 1283253 - CVE-2015-8215 kernel: MTU value is not validated in IPv6 stack causing packet loss<br/> 1290475 - CVE-2015-8543 kernel: IPv6 connect causes DoS via NULL pointer dereference<br/> 1297813 - CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted<br/> 1310661 - BUG: unable to handle kernel paging request at 65642072 followed by kernel panic<br/> 697750 - <span class="error">&#91;xfs&#93;</span> concurrent aio/dio got stuck<br/> 723722 - BUG: SELinux is preventing /usr/bin/nautilus (deleted) "write" access on /media/TerraVolume.<br/> 889368 - LVM RAID: I/O can hang if entire stripe (mirror group) of RAID10 LV is killed while under snapshot</p> <p>Bob Glossman (bob.glossman@intel.com) uploaded a new patch: <a href="http://review.whamcloud.com/20106" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/20106</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-8126" title="new kernel [RHEL6.8 2.6.32-642.el6]" class="issue-link" data-issue-key="LU-8126"><del>LU-8126</del></a> kernel: new kernel RHEL 6.8 <span class="error">&#91;2.6.32-642.el6&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: f66668731d2eb58ffa56d3bcc405cc9a9130c2bc</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="http://review.whamcloud.com/20106/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/20106/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-8126" title="new kernel [RHEL6.8 2.6.32-642.el6]" class="issue-link" data-issue-key="LU-8126"><del>LU-8126</del></a> kernel: new kernel RHEL 6.8 <span class="error">&#91;2.6.32-642.el6&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: cb1609b32c21045655f7fe463d0c050c2667ebba</p> <p>Landed for 2.9</p> Blocker LU-8227 Related LU-8205 Development Rank 1|hzyb67: Rank (Obsolete) 9223372036854775807 Severity