Bug 21269 - Update request: kernel-4.9.38-1.mga6
Summary: Update request: kernel-4.9.38-1.mga6
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: feedback MGA6-64-OK MGA6-32-OK advisory
Keywords:
Depends on: 21171
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-17 22:09 CEST by Thomas Backlund
Modified: 2017-07-22 20:29 CEST (History)
4 users (show)

See Also:
Source RPM: kernel
CVE:
Status comment:


Attachments
dmes.txt (105.13 KB, text/plain)
2017-07-22 02:34 CEST, claire robinson
Details
journal.txt (49.60 KB, text/plain)
2017-07-22 02:47 CEST, claire robinson
Details

Description Thomas Backlund 2017-07-17 22:09:36 CEST
So here comes the first kernel update for Mageia 6.
It's already being tested/used in cauldron


Advisory:
Updated kernel packages fixes security and other bugs.

This kernel update is based on upstream 4.9.38 and fixes atleast this
following security issue:

Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support
is vulnerable to a memory leakage issue. It could occur while creating a
virtio gpu object in virtio_gpu_object_create(). A user/process could use
this flaw to leak host kernel memory potentially resulting in Dos
(CVE-2017-10810).

Other Mageia kernel specific fixes in this updates:
- enable support for NFS4_1 and NFS4_2 (mga#21182)
- ALSA: hda/realtek - New codecs support for ALC215/ALC285/ALC289
- ALSA: hda/realtek - New codec device ID for ALC1220
- platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (mga#18756)
- fix Fans blowing at max speed after resuming - ThinkPad X1/T4xx series
  (bko#191181)

For other upstream fixes in this update, read the referenced changelogs.

References:
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.37
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.38



SRPMS:
kernel-4.9.38-1.mga6.src.rpm
kernel-userspace-headers-4.9.38-1.mga6.src.rpm

kmod-vboxadditions-5.1.22-22.mga6.src.rpm
kmod-virtualbox-5.1.22-22.mga6.src.rpm
kmod-xtables-addons-2.12-38.mga6.src.rpm



i586:
cpupower-4.9.38-1.mga6.i586.rpm
cpupower-devel-4.9.38-1.mga6.i586.rpm
kernel-desktop-4.9.38-1.mga6-1-1.mga6.i586.rpm
kernel-desktop586-4.9.38-1.mga6-1-1.mga6.i586.rpm
kernel-desktop586-devel-4.9.38-1.mga6-1-1.mga6.i586.rpm
kernel-desktop586-devel-latest-4.9.38-1.mga6.i586.rpm
kernel-desktop586-latest-4.9.38-1.mga6.i586.rpm
kernel-desktop-devel-4.9.38-1.mga6-1-1.mga6.i586.rpm
kernel-desktop-devel-latest-4.9.38-1.mga6.i586.rpm
kernel-desktop-latest-4.9.38-1.mga6.i586.rpm
kernel-doc-4.9.38-1.mga6.noarch.rpm
kernel-server-4.9.38-1.mga6-1-1.mga6.i586.rpm
kernel-server-devel-4.9.38-1.mga6-1-1.mga6.i586.rpm
kernel-server-devel-latest-4.9.38-1.mga6.i586.rpm
kernel-server-latest-4.9.38-1.mga6.i586.rpm
kernel-source-4.9.38-1.mga6-1-1.mga6.noarch.rpm
kernel-source-latest-4.9.38-1.mga6.noarch.rpm
kernel-userspace-headers-4.9.38-1.mga6.i586.rpm
perf-4.9.38-1.mga6.i586.rpm

vboxadditions-kernel-4.9.38-desktop-1.mga6-5.1.22-22.mga6.i586.rpm
vboxadditions-kernel-4.9.38-desktop586-1.mga6-5.1.22-22.mga6.i586.rpm
vboxadditions-kernel-4.9.38-server-1.mga6-5.1.22-22.mga6.i586.rpm
vboxadditions-kernel-desktop586-latest-5.1.22-22.mga6.i586.rpm
vboxadditions-kernel-desktop-latest-5.1.22-22.mga6.i586.rpm
vboxadditions-kernel-server-latest-5.1.22-22.mga6.i586.rpm
virtualbox-kernel-4.9.38-desktop-1.mga6-5.1.22-22.mga6.i586.rpm

virtualbox-kernel-4.9.38-desktop586-1.mga6-5.1.22-22.mga6.i586.rpm
virtualbox-kernel-4.9.38-server-1.mga6-5.1.22-22.mga6.i586.rpm
virtualbox-kernel-desktop586-latest-5.1.22-22.mga6.i586.rpm
virtualbox-kernel-desktop-latest-5.1.22-22.mga6.i586.rpm
virtualbox-kernel-server-latest-5.1.22-22.mga6.i586.rpm

xtables-addons-kernel-4.9.38-desktop-1.mga6-2.12-38.mga6.i586.rpm
xtables-addons-kernel-4.9.38-desktop586-1.mga6-2.12-38.mga6.i586.rpm
xtables-addons-kernel-4.9.38-server-1.mga6-2.12-38.mga6.i586.rpm
xtables-addons-kernel-desktop586-latest-2.12-38.mga6.i586.rpm
xtables-addons-kernel-desktop-latest-2.12-38.mga6.i586.rpm
xtables-addons-kernel-server-latest-2.12-38.mga6.i586.rpm



x86_64:
cpupower-4.9.38-1.mga6.x86_64.rpm
cpupower-devel-4.9.38-1.mga6.x86_64.rpm
kernel-desktop-4.9.38-1.mga6-1-1.mga6.x86_64.rpm
kernel-desktop-devel-4.9.38-1.mga6-1-1.mga6.x86_64.rpm
kernel-desktop-devel-latest-4.9.38-1.mga6.x86_64.rpm
kernel-desktop-latest-4.9.38-1.mga6.x86_64.rpm
kernel-doc-4.9.38-1.mga6.noarch.rpm
kernel-server-4.9.38-1.mga6-1-1.mga6.x86_64.rpm
kernel-server-devel-4.9.38-1.mga6-1-1.mga6.x86_64.rpm
kernel-server-devel-latest-4.9.38-1.mga6.x86_64.rpm
kernel-server-latest-4.9.38-1.mga6.x86_64.rpm
kernel-source-4.9.38-1.mga6-1-1.mga6.noarch.rpm
kernel-source-latest-4.9.38-1.mga6.noarch.rpm
kernel-userspace-headers-4.9.38-1.mga6.x86_64.rpm
perf-4.9.38-1.mga6.x86_64.rpm

vboxadditions-kernel-4.9.38-desktop-1.mga6-5.1.22-22.mga6.x86_64.rpm
vboxadditions-kernel-4.9.38-server-1.mga6-5.1.22-22.mga6.x86_64.rpm
vboxadditions-kernel-desktop-latest-5.1.22-22.mga6.x86_64.rpm
vboxadditions-kernel-server-latest-5.1.22-22.mga6.x86_64.rpm

virtualbox-kernel-4.9.38-desktop-1.mga6-5.1.22-22.mga6.x86_64.rpm
virtualbox-kernel-4.9.38-server-1.mga6-5.1.22-22.mga6.x86_64.rpm
virtualbox-kernel-desktop-latest-5.1.22-22.mga6.x86_64.rpm
virtualbox-kernel-server-latest-5.1.22-22.mga6.x86_64.rpm

xtables-addons-kernel-4.9.38-desktop-1.mga6-2.12-38.mga6.x86_64.rpm
xtables-addons-kernel-4.9.38-server-1.mga6-2.12-38.mga6.x86_64.rpm
xtables-addons-kernel-desktop-latest-2.12-38.mga6.x86_64.rpm
xtables-addons-kernel-server-latest-2.12-38.mga6.x86_64.rpm
Comment 1 Thomas Backlund 2017-07-17 22:11:56 CEST
This one depends on the microcode update going out at the same time (or before):
https://bugs.mageia.org/show_bug.cgi?id=21171
Comment 2 Manuel Hiebel 2017-07-18 10:03:06 CEST
no issue on an old i5 via x86_64
Comment 3 Len Lawrence 2017-07-18 10:26:57 CEST
mga6  x86_64  nvidia GTX555
Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz

Installed these before the microcode update (not paying attention) so don't know how useful or otherwise this test is.
- cpupower-4.9.38-1.mga6.x86_64
- kernel-desktop-4.9.38-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-4.9.38-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-latest-4.9.38-1.mga6.x86_64
- kernel-desktop-latest-4.9.38-1.mga6.x86_64
- kernel-doc-4.9.38-1.mga6.noarch
- kernel-userspace-headers-4.9.38-1.mga6.x86_64

Also installed perf 4.9.38

Ran glmark2:
GL_RENDERER:   GeForce  GTX 555/PCIe/SSE2
GL_VERSION:    4.5.0 NVIDIA 375.66
score = 2847

30 second stress tests (thanks to Claire for the pointer).
Watching gkrellm.
$ stress -c 6 -t 30
$ stress -m 4 --vm-bytes 512M -t 30

Mate desktop running fine.
Virtualbox launched OK.
Comment 4 James Kerr 2017-07-19 10:35:47 CEST
On mga6-64

microcode update already installed:
$ rpm -q microcode
microcode-0.20170707-1.mga6.nonfree

Packages installed cleanly:
- cpupower-4.9.38-1.mga6.x86_64
- kernel-desktop-4.9.38-1.mga6-1-1.mga6.x86_64
- kernel-desktop-latest-4.9.38-1.mga6.x86_64
- virtualbox-kernel-4.9.38-desktop-1.mga6-5.1.22-22.mga6.x86_64
- virtualbox-kernel-desktop-latest-5.1.22-22.mga6.x86_64

System re-booted normally
$ uname -r
4.9.38-desktop-1.mga6

No regressions noted

Vbox manager - OK
Vbox clients (win7, winxp, cauldron) - OK

OK for mga6-64 on this system:

Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 
Card: Intel HD Graphics 530
CPU: Quad core Intel Core i7-6700 (-HT-MCP-)
PC-BIOS boot
GPT partitions
Comment 5 Brian Rockwell 2017-07-21 06:24:33 CEST
Rpmdrake or one of its priority dependencies needs to be updated first. Rpmdrake will then restart.
stem 
The following 3 packages are going to be installed:

- kernel-desktop-4.9.38-1.mga6-1-1.mga6.i586
- microcode-0.20170707-1.mga6.nonfree.noarch
- urpmi-8.110-2.mga6.noarch

53MB of additional disk space will be used.

49MB of packages will be retrieved.

Is it ok to continue?


- vboxadditions-kernel-4.9.38-desktop-1.mga6-5.1.22-22.mga6.i586- vboxadditions-kernel-4.9.38-desktop-1.mga6-5.1.22-22.mga6.i586


$ uname -a
Linux localhost 4.9.38-desktop-1.mga6 #1 SMP Mon Jul 17 13:02:19 UTC 2017 i686 i686 i686 GNU/Linux

System booting, Libreoffice is opening, I'm able to utilize firefox.
Comment 6 Brian Rockwell 2017-07-21 06:27:00 CEST
Note Intel  - VBox client used.
Comment 7 Len Lawrence 2017-07-21 09:49:50 CEST
mga6 vbox x86_64

The microcode installed fine.  Ran stress on the single core.  OK.
Comment 8 Len Lawrence 2017-07-21 10:10:35 CEST
mga6 vbox x86_64

Installed cpupower, kernel-desktop-latest, perf, 
vboxadditions-kernel-desktop-latest.

Rebooted.  Running fine so far.
Comment 9 claire robinson 2017-07-21 14:11:51 CEST
Tested kernel desktop 64 on a KBL i5 with HT. Microcode installed.

No DKMS modules on this machine. Checked a vbox VM, ok. Checked HT as before.

All hardware seems OK. No issues to report. 

Could do with kernel server tests and dkms builds before validating
Comment 10 Len Lawrence 2017-07-21 17:55:05 CEST
mga6  x86_64 UEFI  nvidia GTX 970
Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
MSI motherboard

Installed via MageiaUpdate:
- cpupower-4.9.38-1.mga6.x86_64
- kernel-desktop-4.9.38-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-4.9.38-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-latest-4.9.38-1.mga6.x86_64
- kernel-desktop-latest-4.9.38-1.mga6.x86_64
- kernel-doc-4.9.38-1.mga6.noarch
- kernel-userspace-headers-4.9.38-1.mga6.x86_64
- microcode-0.20170707-1.mga6.nonfree.noarch
- perf-4.9.38-1.mga6.x86_64
- virtualbox-kernel-desktop-latest
- virtualbox-kernel-4.9.38-desktop-1

nvidia-current installled, vbox modules

Installed individually:
kernel-source-latest
kernel-source-4.9.38-1
vboxadditions-kernel-desktop-latest
vboxadditions-kernel-4.9.38-desktop-1

Everything appeared to have installed cleanly.
Rebooted to Mate desktop.
$ uname -r
4.9.35-desktop-1.mga6

???

The boot menu has entries for 4.9.35 only.
Tried the whole operation twice, on two mga6 installations on different partitions on the same disk and the result was precisely the same.
The partitions were /dev/sda4 and /dev/sda5 and looking in /boot/grub2/grub.cfg
there are these entries:
        set root='hd0,gpt4'
....
        linuxefi /boot/vmlinuz-4.9.38-....	
....
        set root='hd0,gpt5'
....
        linux /boot/vmlinuz-4.9.38
and e.g.
        menuentry 'Mageia (4.9.38-desktop-1.mga6) 6 (on /dev/sda5)'

so it looks like things are OK at this level.
I thought that this might solve the problem but it is still looking at grub.cfg:
# update-grub2
Generating grub configuration file ...
Found theme: /boot/grub2/themes/maggy/theme.txt
Found linux image: /boot/vmlinuz-4.9.38-desktop-1.mga6
Found initrd image: /boot/initrd-4.9.38-desktop-1.mga6.img
Found linux image: /boot/vmlinuz-4.9.35-desktop-1.mga6
Found initrd image: /boot/initrd-4.9.35-desktop-1.mga6.img
Found linux image: /boot/vmlinuz-desktop
Found initrd image: /boot/initrd-desktop.img
Found Mageia 5 (5) on /dev/sda1
Found Mageia 6 (6) on /dev/sda11
Found Mageia 5 (5) on /dev/sda2
Found Mageia 6 (6) on /dev/sda5
Found Mageia 6 (6) on /dev/sda7
Found Mageia 5 (5) on /dev/sda8
done

No effect.  How does one update the bootloader?
Comment 11 James Kerr 2017-07-21 18:22:06 CEST
 "How does one update the bootloader?"

I always run drakboot after a kernel install on a multi-boot system.
Comment 12 Len Lawrence 2017-07-21 19:09:59 CEST
@James - comment 11
Thanks, I'll give that a try.  Meanwhile on this system things went OK.

mga6  x86_64 UEFI  nvidia GTX 770
Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Asus Gigabyte Sniper Z.97 motherboard

Installed all the update candidates (the microcode had already been installed).

No problems.  Rebooted OK.

$ uname -r
4.9.38-desktop-1.mga6

Firefox, virtualbox, stellarium, LO, glmark2, stress; all worked fine.
Comment 13 Len Lawrence 2017-07-21 19:54:32 CEST
After using drakboot the system reported in comment 10 now shows all entries in the advanced options menu at boot time.  kernel 4.9.38 running the Mate desktop without any problems.  Tried the usual tests - no issues.
Comment 14 Len Lawrence 2017-07-21 22:35:02 CEST
mga6  Xfce  UEFI

X86_64 UEFI Broadwell
Aorus laptop
Intel(R) Core(TM) i7-5700HQ CPU @ 2.70GHz
twin nvidia GeForce GTX 965M
running in single mode
16 GB RAM

Installed the update candidates and rebooted.

The old kernel came up, with no other choice.
Ran drakboot and rebooted.
New kernel available but the boot went wrong somewhere - a 2 minute timeout whiletrying to mount two NFS shares then a stack trace.
"Starting fixing recursive fault but reboot is needed"
This appeared to hang so a forced shutdown and reboot was necessary.
This time it booted smoothly to the desktop and everything was functional under the new kernel, including NFS shares.  Tried one of these - vlc with a video file on another machine.  No problem.  Could also access a shared directory of ruby scripts and data files.

The Gimp and other applications like stress, glmark2, stellarium, firefox and emacs worked fine.
Comment 15 claire robinson 2017-07-22 02:25:36 CEST
fix Fans blowing at max speed after resuming - ThinkPad X1/T4xx series (bko#191181)

This seems present now on my HP laptop. I suspect a regression here.
Comment 16 claire robinson 2017-07-22 02:34:55 CEST
Created attachment 9509 [details]
dmes.txt

Resume at timestamp 9477
Comment 17 claire robinson 2017-07-22 02:47:17 CEST
Created attachment 9510 [details]
journal.txt

The relevant bit of the journal. 'G' key doesn't work very well :D
Comment 18 claire robinson 2017-07-22 12:49:08 CEST
I've suspended/resumed a few times this morning to test this further and not had any recurrence so it'll depend on your judgement Thomas. It could be missing the firmware.

There's nothing glaringly wrong in the logs that's different from when it resumes normally.

When it happened it was the first suspend after rebooting for the kernel update and seemed to need a cold boot to fix.
Comment 19 Thomas Backlund 2017-07-22 14:56:37 CEST
(In reply to claire robinson from comment #16)
> Created attachment 9509 [details]
> dmes.txt
> 
> Resume at timestamp 9477

So the fans worked as intended on 4.9.35-1 ?
Comment 20 claire robinson 2017-07-22 15:00:57 CEST
Yes, and seem to be doing so again now.
Comment 21 claire robinson 2017-07-22 20:29:21 CEST
So it's doing it again. That's twice out of about 6 or 7 suspends.

Note You need to log in before you can comment on or make changes to this bug.