Bug 25897 - Update request: kernel-5.4.6-2.mga7
Summary: Update request: kernel-5.4.6-2.mga7
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK, MGA7-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-12-19 12:19 CET by Thomas Backlund
Modified: 2019-12-25 23:59 CET (History)
5 users (show)

See Also:
Source RPM: kernel
CVE:
Status comment:


Attachments

Description Thomas Backlund 2019-12-19 12:19:57 CET
Security and bugfixes....

SRPMS:
kernel-5.4.5-1.mga7.src.rpm
kmod-virtualbox-6.0.14-13.mga7.src.rpm
kmod-xtables-addons-3.7-3.mga7.src.rpm
wireguard-tools-0.0.20191212-1.mga7.src.rpm



i586:
bpftool-5.4.5-1.mga7.i586.rpm
cpupower-5.4.5-1.mga7.i586.rpm
cpupower-devel-5.4.5-1.mga7.i586.rpm
kernel-desktop-5.4.5-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-5.4.5-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-5.4.5-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-latest-5.4.5-1.mga7.i586.rpm
kernel-desktop586-latest-5.4.5-1.mga7.i586.rpm
kernel-desktop-devel-5.4.5-1.mga7-1-1.mga7.i586.rpm
kernel-desktop-devel-latest-5.4.5-1.mga7.i586.rpm
kernel-desktop-latest-5.4.5-1.mga7.i586.rpm
kernel-doc-5.4.5-1.mga7.noarch.rpm
kernel-server-5.4.5-1.mga7-1-1.mga7.i586.rpm
kernel-server-devel-5.4.5-1.mga7-1-1.mga7.i586.rpm
kernel-server-devel-latest-5.4.5-1.mga7.i586.rpm
kernel-server-latest-5.4.5-1.mga7.i586.rpm
kernel-source-5.4.5-1.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.4.5-1.mga7.noarch.rpm
kernel-userspace-headers-5.4.5-1.mga7.i586.rpm
libbpf0-5.4.5-1.mga7.i586.rpm
libbpf-devel-5.4.5-1.mga7.i586.rpm
perf-5.4.5-1.mga7.i586.rpm

virtualbox-kernel-5.4.5-desktop-1.mga7-6.0.14-13.mga7.i586.rpm
virtualbox-kernel-5.4.5-desktop586-1.mga7-6.0.14-13.mga7.i586.rpm
virtualbox-kernel-5.4.5-server-1.mga7-6.0.14-13.mga7.i586.rpm
virtualbox-kernel-desktop586-latest-6.0.14-13.mga7.i586.rpm
virtualbox-kernel-desktop-latest-6.0.14-13.mga7.i586.rpm
virtualbox-kernel-server-latest-6.0.14-13.mga7.i586.rpm

xtables-addons-kernel-5.4.5-desktop-1.mga7-3.7-3.mga7.i586.rpm
xtables-addons-kernel-5.4.5-desktop586-1.mga7-3.7-3.mga7.i586.rpm
xtables-addons-kernel-5.4.5-server-1.mga7-3.7-3.mga7.i586.rpm
xtables-addons-kernel-desktop586-latest-3.7-3.mga7.i586.rpm
xtables-addons-kernel-desktop-latest-3.7-3.mga7.i586.rpm
xtables-addons-kernel-server-latest-3.7-3.mga7.i586.rpm

wireguard-tools-0.0.20191212-1.mga7.i586.rpm



x86_64:
bpftool-5.4.5-1.mga7.x86_64.rpm
cpupower-5.4.5-1.mga7.x86_64.rpm
cpupower-devel-5.4.5-1.mga7.x86_64.rpm
kernel-desktop-5.4.5-1.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-5.4.5-1.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-latest-5.4.5-1.mga7.x86_64.rpm
kernel-desktop-latest-5.4.5-1.mga7.x86_64.rpm
kernel-doc-5.4.5-1.mga7.noarch.rpm
kernel-server-5.4.5-1.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-5.4.5-1.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-latest-5.4.5-1.mga7.x86_64.rpm
kernel-server-latest-5.4.5-1.mga7.x86_64.rpm
kernel-source-5.4.5-1.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.4.5-1.mga7.noarch.rpm
kernel-userspace-headers-5.4.5-1.mga7.x86_64.rpm
lib64bpf0-5.4.5-1.mga7.x86_64.rpm
lib64bpf-devel-5.4.5-1.mga7.x86_64.rpm
perf-5.4.5-1.mga7.x86_64.rpm

virtualbox-kernel-5.4.5-desktop-1.mga7-6.0.14-13.mga7.x86_64.rpm
virtualbox-kernel-5.4.5-server-1.mga7-6.0.14-13.mga7.x86_64.rpm
virtualbox-kernel-desktop-latest-6.0.14-13.mga7.x86_64.rpm
virtualbox-kernel-server-latest-6.0.14-13.mga7.x86_64.rpm

xtables-addons-kernel-5.4.5-desktop-1.mga7-3.7-3.mga7.x86_64.rpm
xtables-addons-kernel-5.4.5-server-1.mga7-3.7-3.mga7.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.7-3.mga7.x86_64.rpm
xtables-addons-kernel-server-latest-3.7-3.mga7.x86_64.rpm

wireguard-tools-0.0.20191212-1.mga7.x86_64.rpm
Comment 1 Thomas Backlund 2019-12-19 15:52:07 CET
Advisory (no CVE references for now), added to svn:



type: security
subject: Updated kernel packages fix security vulnerability
src:
  7:
   core:
     - kernel-5.4.5-1.mga7
     - kmod-virtualbox-6.0.14-13.mga7
     - kmod-xtables-addons-3.7-3.mga7
     - wireguard-tools-0.0.20191212-1.mga7
description: |
  This update is based on upstream 5.4.5 and fixes various potential
  security issues related to buffer overflows, double frees, NUll  pointer
  dereferences, improper / missing input validations and so on. It also
  adds other bugfixes all over the kernel.

  Other fixes added in this update:
  - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure(),
    fixing in deadlock issue.
  - x86/mm: Split vmalloc_sync_all(), fixing up big performance
    regressions in some x86_64 worklolads 
    (example: reaim.jobs_per_min -79.7% regression) 
  - The Intel cpu/gpu specific security fixes in upstream 5.3.11 broke
    RC6 and that prevents CPUs from entering C-states, causing higher
    power consumption. This update adds upstream fixes to restore
    RC6 to a working state (fdo#112315)

  WireGuard has been updated to 0.0.20191212.

  For other fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25897
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.3
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.4
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.5

Keywords: (none) => advisory

Comment 2 Jose Manuel López 2019-12-20 17:37:36 CET
I've installed it in Mageia 7 VirtualBox Plasma x64, no issues, work ok.

Greetings!!

CC: (none) => joselp

Comment 3 Thomas Andrews 2019-12-20 20:50:37 CET
Dell Inspiron 5100, 32-bit P4, 2GB RAM, Radeon 7500 (RV200) graphics, old Atheros wifi, 32-bit Xfce system, using the desktop kernel.

This hardware works OK with the 5.3 series kernel, but has serious video glitches with kernel 5.4.2. Wasn't expecting much, but tried updating to this kernel anyway.

No difference. The video glitches are still there, and it still works OK if I boot into the 5.3.13 kernel.

CC: (none) => andrewsfarm

Comment 4 Thomas Backlund 2019-12-20 20:57:06 CET
(In reply to Thomas Andrews from comment #3)
> Dell Inspiron 5100, 32-bit P4, 2GB RAM, Radeon 7500 (RV200) graphics, old
> Atheros wifi, 32-bit Xfce system, using the desktop kernel.
> 
> This hardware works OK with the 5.3 series kernel, but has serious video
> glitches with kernel 5.4.2. Wasn't expecting much, but tried updating to
> this kernel anyway.
> 
> No difference. The video glitches are still there, and it still works OK if
> I boot into the 5.3.13 kernel.

Ouch. i had hoped your system was affected by the fixes I added to mesa 19.3.1 :/

What is the output of:

lspcidrake -v |grep Card
Comment 5 Thomas Andrews 2019-12-20 23:32:11 CET
lspcidrake -v |grep Card
Card:ATI Radeon HD 4870 and earlier: Advanced Micro Devices, Inc. [AMD/ATI]|RV200/M7 [Mobility Radeon 7500] [DISPLAY_VGA] (vendor:1002 device:4c57 subv:1028 subd:0149)
yenta_socket    : Texas Instruments|PCI4510 PC card Cardbus Controller [BRIDGE_CARDBUS] (vendor:104c device:ac44 subv:d000 subd:0000) (rev: 02)
Comment 6 Thomas Backlund 2019-12-21 01:25:04 CET
Does kernel-desktop-5.4.5-1.1.mga7 from 

http://ftp.free.fr/mirrors/mageia.org/people/tmb/mga7/kernel/x86_64/

work any better?
Comment 7 Thomas Backlund 2019-12-21 01:42:48 CET
Of course that would be 

http://ftp.free.fr/mirrors/mageia.org/people/tmb/mga7/kernel/i586/

for 32bit kernels
Comment 8 Thomas Andrews 2019-12-21 15:23:56 CET
That eliminates the problem on my machine. Good job!

I don't know if it will help others that have expressed problems with AMD GPUs and kernel 5.4.2. Jose' Jorge reported similar problems with his older hardware, and there is Bug 25882 reporting a problem with the 64-bit kernel and an AMD GPU. I don't have that hardware, so can't test.

Note that my machine also has the mesa 19.3.1 update installed. While it didn't seem to make a difference in my case at first, I suppose it may with others.
Comment 9 Thomas Backlund 2019-12-21 17:22:14 CET
(In reply to Thomas Andrews from comment #8)
> That eliminates the problem on my machine. Good job!
> 

Great,

putting this on hold for a new official build

Keywords: (none) => feedback

Comment 10 Thomas Backlund 2019-12-22 16:07:28 CET
Ok, 
new rpms ready for tests...
kernel updated to 5.4.6 and wireguard to 0.0.20191219


SRPMS:
kernel-5.4.6-1.mga7.src.rpm
kmod-virtualbox-6.0.14-14.mga7.src.rpm
kmod-xtables-addons-3.7-4.mga7.src.rpm
wireguard-tools-0.0.20191219-1.mga7.src.rpm



i586:
bpftool-5.4.6-1.mga7.i586.rpm
cpupower-5.4.6-1.mga7.i586.rpm
cpupower-devel-5.4.6-1.mga7.i586.rpm
kernel-desktop-5.4.6-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-5.4.6-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-5.4.6-1.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-latest-5.4.6-1.mga7.i586.rpm
kernel-desktop586-latest-5.4.6-1.mga7.i586.rpm
kernel-desktop-devel-5.4.6-1.mga7-1-1.mga7.i586.rpm
kernel-desktop-devel-latest-5.4.6-1.mga7.i586.rpm
kernel-desktop-latest-5.4.6-1.mga7.i586.rpm
kernel-doc-5.4.6-1.mga7.noarch.rpm
kernel-server-5.4.6-1.mga7-1-1.mga7.i586.rpm
kernel-server-devel-5.4.6-1.mga7-1-1.mga7.i586.rpm
kernel-server-devel-latest-5.4.6-1.mga7.i586.rpm
kernel-server-latest-5.4.6-1.mga7.i586.rpm
kernel-source-5.4.6-1.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.4.6-1.mga7.noarch.rpm
kernel-userspace-headers-5.4.6-1.mga7.i586.rpm
libbpf0-5.4.6-1.mga7.i586.rpm
libbpf-devel-5.4.6-1.mga7.i586.rpm
perf-5.4.6-1.mga7.i586.rpm

virtualbox-kernel-5.4.6-desktop-1.mga7-6.0.14-14.mga7.i586.rpm
virtualbox-kernel-5.4.6-desktop586-1.mga7-6.0.14-14.mga7.i586.rpm
virtualbox-kernel-5.4.6-server-1.mga7-6.0.14-14.mga7.i586.rpm
virtualbox-kernel-desktop586-latest-6.0.14-14.mga7.i586.rpm
virtualbox-kernel-desktop-latest-6.0.14-14.mga7.i586.rpm
virtualbox-kernel-server-latest-6.0.14-14.mga7.i586.rpm

xtables-addons-kernel-5.4.6-desktop-1.mga7-3.7-4.mga7.i586.rpm
xtables-addons-kernel-5.4.6-desktop586-1.mga7-3.7-4.mga7.i586.rpm
xtables-addons-kernel-5.4.6-server-1.mga7-3.7-4.mga7.i586.rpm
xtables-addons-kernel-desktop586-latest-3.7-4.mga7.i586.rpm
xtables-addons-kernel-desktop-latest-3.7-4.mga7.i586.rpm
xtables-addons-kernel-server-latest-3.7-4.mga7.i586.rpm

wireguard-tools-0.0.20191219-1.mga7.i586.rpm



x86_64:
bpftool-5.4.6-1.mga7.x86_64.rpm
cpupower-5.4.6-1.mga7.x86_64.rpm
cpupower-devel-5.4.6-1.mga7.x86_64.rpm
kernel-desktop-5.4.6-1.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-5.4.6-1.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-latest-5.4.6-1.mga7.x86_64.rpm
kernel-desktop-latest-5.4.6-1.mga7.x86_64.rpm
kernel-doc-5.4.6-1.mga7.noarch.rpm
kernel-server-5.4.6-1.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-5.4.6-1.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-latest-5.4.6-1.mga7.x86_64.rpm
kernel-server-latest-5.4.6-1.mga7.x86_64.rpm
kernel-source-5.4.6-1.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.4.6-1.mga7.noarch.rpm
kernel-userspace-headers-5.4.6-1.mga7.x86_64.rpm
lib64bpf0-5.4.6-1.mga7.x86_64.rpm
lib64bpf-devel-5.4.6-1.mga7.x86_64.rpm
perf-5.4.6-1.mga7.x86_64.rpm

virtualbox-kernel-5.4.6-desktop-1.mga7-6.0.14-14.mga7.x86_64.rpm
virtualbox-kernel-5.4.6-server-1.mga7-6.0.14-14.mga7.x86_64.rpm
virtualbox-kernel-desktop-latest-6.0.14-14.mga7.x86_64.rpm
virtualbox-kernel-server-latest-6.0.14-14.mga7.x86_64.rpm

xtables-addons-kernel-5.4.6-desktop-1.mga7-3.7-4.mga7.x86_64.rpm
xtables-addons-kernel-5.4.6-server-1.mga7-3.7-4.mga7.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.7-4.mga7.x86_64.rpm
xtables-addons-kernel-server-latest-3.7-4.mga7.x86_64.rpm

wireguard-tools-0.0.20191219-1.mga7.x86_64.rpm

Summary: Update request: kernel-5.4.5-1.mga7 => Update request: kernel-5.4.6-1.mga7
Keywords: feedback => (none)

Comment 11 Thomas Backlund 2019-12-22 16:14:27 CET
Updated advisory:

type: security
subject: Updated kernel packages fix security vulnerabilities
src:
  7:
   core:
     - kernel-5.4.6-1.mga7
     - kmod-virtualbox-6.0.14-14.mga7
     - kmod-xtables-addons-3.7-4.mga7
     - wireguard-tools-0.0.20191219-1.mga7
description: |
  This update is based on upstream 5.4.6 and fixes various potential
  security issues related to buffer overflows, double frees, NULL pointer
  dereferences, improper / missing input validations and so on. It also
  adds other bugfixes all over the kernel.

  Other fixes added in this update:
  - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure(),
    fixing an deadlock issue.
  - x86/mm: Split vmalloc_sync_all(), fixing up big performance
    regressions in some x86_64 workloads 
    (example: reaim.jobs_per_min -79.7% regression) 
  - The Intel cpu/gpu specific security fixes in upstream 5.3.11 broke
    RC6 and that prevents CPUs from entering C-states, causing higher
    power consumption. This update adds upstream fixes to restore
    RC6 to a working state (fdo#112315)
  - radeon changes in upstream 5.4 to remove the 'need_dma32 flag' has
    been reverted as it caused radeon to malfunction on 32bit kernels 

  WireGuard has been updated to 0.0.20191219.

  For other fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25897
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.3
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.4
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.5
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.6
Comment 12 Thomas Andrews 2019-12-22 23:49:09 CET
The old Inspiron is OK with this one, too. 

Everything seems to work, though it all seems very slow compared to my more modern equipment.
Comment 13 Len Lawrence 2019-12-23 13:30:11 CET
Updated from kernel 5.4.2-desktop-1
nvidia kernel module built 
 
CPU:      10-Core: Intel Core i9-7900X type: MT MCP 
Machine:  Type: Desktop Mobo: ASUSTeK model: TUF X299
Graphics  Device-1: NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 430.64

As with all the latest kernels on this hardware, a cold reboot was required.
Time to open a bug on this but the only information that is available is the journal and dmesg files after the cold reboot.  Warm reboots hang right at the beginning when no diagnostic tools are accessible.  If it has something to do with BIOS settings I would need some guidance.  The BIOS interface is difficult to navigate on this machine.

Apart from that problem everything else is running smoothly.  Leaving it to run, and avoiding reboots.

CC: (none) => tarazed25

Comment 14 Thomas Backlund 2019-12-23 15:30:45 CET
Sorry to do this, but I had to add another fix to get iwlwifi working for some users, so a 5.4.6-2 is now building

Keywords: (none) => feedback

Comment 15 Thomas Backlund 2019-12-24 00:09:30 CET
Ok, so compared to 5.4.6-1 there is only one patch added to fix iwlwifi firmware crash (Confirmed valid fix by Intel guys)


SRPMS:
kernel-5.4.6-2.mga7.src.rpm
kmod-virtualbox-6.0.14-16.mga7.src.rpm
kmod-xtables-addons-3.7-6.mga7.src.rpm
wireguard-tools-0.0.20191219-1.mga7.src.rpm



i586:
bpftool-5.4.6-2.mga7.i586.rpm
cpupower-5.4.6-2.mga7.i586.rpm
cpupower-devel-5.4.6-2.mga7.i586.rpm
kernel-desktop-5.4.6-2.mga7-1-1.mga7.i586.rpm
kernel-desktop586-5.4.6-2.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-5.4.6-2.mga7-1-1.mga7.i586.rpm
kernel-desktop586-devel-latest-5.4.6-2.mga7.i586.rpm
kernel-desktop586-latest-5.4.6-2.mga7.i586.rpm
kernel-desktop-devel-5.4.6-2.mga7-1-1.mga7.i586.rpm
kernel-desktop-devel-latest-5.4.6-2.mga7.i586.rpm
kernel-desktop-latest-5.4.6-2.mga7.i586.rpm
kernel-doc-5.4.6-2.mga7.noarch.rpm
kernel-server-5.4.6-2.mga7-1-1.mga7.i586.rpm
kernel-server-devel-5.4.6-2.mga7-1-1.mga7.i586.rpm
kernel-server-devel-latest-5.4.6-2.mga7.i586.rpm
kernel-server-latest-5.4.6-2.mga7.i586.rpm
kernel-source-5.4.6-2.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.4.6-2.mga7.noarch.rpm
kernel-userspace-headers-5.4.6-2.mga7.i586.rpm
libbpf0-5.4.6-2.mga7.i586.rpm
libbpf-devel-5.4.6-2.mga7.i586.rpm
perf-5.4.6-2.mga7.i586.rpm

virtualbox-kernel-5.4.6-desktop-2.mga7-6.0.14-16.mga7.i586.rpm
virtualbox-kernel-5.4.6-desktop586-2.mga7-6.0.14-16.mga7.i586.rpm
virtualbox-kernel-5.4.6-server-2.mga7-6.0.14-16.mga7.i586.rpm
virtualbox-kernel-desktop586-latest-6.0.14-16.mga7.i586.rpm
virtualbox-kernel-desktop-latest-6.0.14-16.mga7.i586.rpm
virtualbox-kernel-server-latest-6.0.14-16.mga7.i586.rpm

xtables-addons-kernel-5.4.6-desktop-2.mga7-3.7-6.mga7.i586.rpm
xtables-addons-kernel-5.4.6-desktop586-2.mga7-3.7-6.mga7.i586.rpm
xtables-addons-kernel-5.4.6-server-2.mga7-3.7-6.mga7.i586.rpm
xtables-addons-kernel-desktop586-latest-3.7-6.mga7.i586.rpm
xtables-addons-kernel-desktop-latest-3.7-6.mga7.i586.rpm
xtables-addons-kernel-server-latest-3.7-6.mga7.i586.rpm

wireguard-tools-0.0.20191219-1.mga7.i586.rpm



x86_64:
bpftool-5.4.6-2.mga7.x86_64.rpm
cpupower-5.4.6-2.mga7.x86_64.rpm
cpupower-devel-5.4.6-2.mga7.x86_64.rpm
kernel-desktop-5.4.6-2.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-5.4.6-2.mga7-1-1.mga7.x86_64.rpm
kernel-desktop-devel-latest-5.4.6-2.mga7.x86_64.rpm
kernel-desktop-latest-5.4.6-2.mga7.x86_64.rpm
kernel-doc-5.4.6-2.mga7.noarch.rpm
kernel-server-5.4.6-2.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-5.4.6-2.mga7-1-1.mga7.x86_64.rpm
kernel-server-devel-latest-5.4.6-2.mga7.x86_64.rpm
kernel-server-latest-5.4.6-2.mga7.x86_64.rpm
kernel-source-5.4.6-2.mga7-1-1.mga7.noarch.rpm
kernel-source-latest-5.4.6-2.mga7.noarch.rpm
kernel-userspace-headers-5.4.6-2.mga7.x86_64.rpm
lib64bpf0-5.4.6-2.mga7.x86_64.rpm
lib64bpf-devel-5.4.6-2.mga7.x86_64.rpm
perf-5.4.6-2.mga7.x86_64.rpm

virtualbox-kernel-5.4.6-desktop-2.mga7-6.0.14-16.mga7.x86_64.rpm
virtualbox-kernel-5.4.6-server-2.mga7-6.0.14-16.mga7.x86_64.rpm
virtualbox-kernel-desktop-latest-6.0.14-16.mga7.x86_64.rpm
virtualbox-kernel-server-latest-6.0.14-16.mga7.x86_64.rpm

xtables-addons-kernel-5.4.6-desktop-2.mga7-3.7-6.mga7.x86_64.rpm
xtables-addons-kernel-5.4.6-server-2.mga7-3.7-6.mga7.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.7-6.mga7.x86_64.rpm
xtables-addons-kernel-server-latest-3.7-6.mga7.x86_64.rpm

wireguard-tools-0.0.20191219-1.mga7.x86_64.rpm

Summary: Update request: kernel-5.4.6-1.mga7 => Update request: kernel-5.4.6-2.mga7
Keywords: feedback => (none)

Comment 16 Thomas Backlund 2019-12-24 01:16:43 CET
Updated advisory:

type: security
subject: Updated kernel packages fix security vulnerabilities
src:
  7:
   core:
     - kernel-5.4.6-2.mga7
     - kmod-virtualbox-6.0.14-16.mga7
     - kmod-xtables-addons-3.7-6.mga7
     - wireguard-tools-0.0.20191219-1.mga7
description: |
  This update is based on upstream 5.4.6 and fixes various potential
  security issues related to buffer overflows, double frees, NUll  pointer
  dereferences, improper / missing input validations and so on. It also
  adds other bugfixes all over the kernel.

  Other fixes added in this update:
  - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure(),
    fixing an deadlock issue.
  - x86/mm: Split vmalloc_sync_all(), fixing up big performance
    regressions in some x86_64 workloads 
    (example: reaim.jobs_per_min -79.7% regression) 
  - The Intel cpu/gpu specific security fixes in upstream 5.3.11 broke
    RC6 and that prevents CPUs from entering C-states, causing higher
    power consumption. This update adds upstream fixes to restore
    RC6 to a working state (fdo#112315)
  - radeon changes in upstream 5.4 to remove the 'need_dma32 flag' has
    been reverted as it caused radeon to malfunction on 32bit kernels
  - iwlwifi fixes for firmware crashes (mga#25926), failures on warm
    reboot, and performance fixes

  WireGuard has been updated to 0.0.20191219.

  For other fixes in this update, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25897
 - https://bugs.mageia.org/show_bug.cgi?id=25926
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.3
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.4
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.5
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.6
Comment 17 Len Lawrence 2019-12-24 12:46:59 CET
Updated to desktop kernel 5.4.6-2
wireguard-tools-0.0.20191219-1.mga7 already installed.
nvidia kernel module rebuilt during installation 
 
CPU:      10-Core: Intel Core i9-7900X type: MT MCP 
Machine:  Type: Desktop Mobo: ASUSTeK model: TUF X299
Graphics  Device-1: NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 430.64
Using Logitech cordless mouse and keyboard.

As with all the latest kernels on this hardware, a cold reboot was required.
Warm boots simply hang after the Mageia boot menu selection.  A restart from the login screen after a cold reboot resulted in the machine hanging again.  When the black rectangle appears there is no access to the editor - no keyboard response atall.

The system is running normally.
Comment 18 Len Lawrence 2019-12-24 13:40:35 CET
Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0
UEFI: American Megatrends v: 17.8 date: 12/24/2014 
Quad Core: Intel Core i7-4790 type: MT MCP 
NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 430.64
Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet : driver: r8169 
Date: 2019-12-20

Smooth reboot with nvidia.

$ uname -r
5.4.6-desktop-2.mga7

Desktop running fine on this hardware.  stress tests OK.
glmark2 failed to start.
# journalctl -xb | grep nvidia
Dec 24 12:08:36 difda kernel: nvidia: loading out-of-tree module taints kernel.
Dec 24 12:08:36 difda kernel: nvidia: module license 'NVIDIA' taints kernel.
Dec 24 12:08:36 difda kernel: nvidia-nvlink: Nvlink Core is being initialized, major device number 247
Dec 24 12:08:36 difda kernel: nvidia 0000:01:00.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem
Dec 24 12:08:36 difda kernel: nvidia-modeset: Loading NVIDIA Kernel Mode Setting Driver for UNIX platforms  430.64  Sun Oct 27 11:08:21 UTC 2019
Dec 24 12:08:36 difda kernel: [drm] [nvidia-drm] [GPU ID 0x00000100] Loading driver
Dec 24 12:08:36 difda kernel: [drm] Initialized nvidia-drm 0.0.0 20160202 for 0000:01:00.0 on minor 0
Dec 24 12:08:40 difda dkms-autorebuild.sh[1056]: nvidia-current (430.64-1.mga7.nonfree): Already installed on this kernel.
Dec 24 12:09:11 difda kernel: caller _nv000940rm+0x1bf/0x1f0 [nvidia] mapping multiple BARs
Comment 19 Thomas Andrews 2019-12-24 17:33:51 CET
HP Probook 6550b, i3, 8GB RAM, integrated Intel graphics, Intel wifi, 64-bit Plasma system.

Updated firmware packages first, then to kernel-desktop 5.4.6-2. No issues noted.


Thomas, since you say the last round of changes only affected iwlwifi, will I need to test the Inspiron for this one?
Comment 20 Thomas Backlund 2019-12-24 18:22:08 CET
(In reply to Thomas Andrews from comment #19)

> 
> Thomas, since you say the last round of changes only affected iwlwifi, will
> I need to test the Inspiron for this one?


Nope, I consider all 5.4.6-1 tests valid too, and I already have confirmation from Intel and the user of an affected iwlwifi user that the fix added in -2.mga7 works... (And I have to iwlwifi systems here, that still runs nicely)
Comment 21 Thomas Andrews 2019-12-24 23:50:45 CET
Intel i5 2500, 16GB RAM, integrated Intel graphics, wired Internet, 64-bit Plasma system.

Updated microcode, firmware, and kernel in one swoop:

The following 12 packages are going to be installed:

- cpupower-5.4.6-2.mga7.x86_64
- iwlwifi-firmware-20191220-1.mga7.nonfree.noarch
- kernel-desktop-5.4.6-2.mga7-1-1.mga7.x86_64
- kernel-desktop-latest-5.4.6-2.mga7.x86_64
- kernel-firmware-nonfree-20191220-1.mga7.nonfree.noarch
- kernel-userspace-headers-5.4.6-2.mga7.x86_64
- microcode-0.20191115-1.mga7.nonfree.noarch
- radeon-firmware-20191220-1.mga7.nonfree.noarch
- ralink-firmware-20191220-1.mga7.nonfree.noarch
- rtlwifi-firmware-20191220-1.mga7.nonfree.noarch
- virtualbox-kernel-5.4.6-desktop-2.mga7-6.0.14-16.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.14-16.mga7.x86_64

Rebooted to a working desktop. Common apps work, no issues noted.

Looks good on this hardware.
Comment 22 Thomas Andrews 2019-12-25 03:30:04 CET
AMD Phenom II X4 910, 8GB RAM, Radeon HD8490 graphics, Atheros wifi (ath9k), 64-bit Plasma system.

As in Comment 21, updated microcode, firmware, and kernel in one operation.

- cpupower-5.4.6-2.mga7.x86_64
- iwlwifi-firmware-20191220-1.mga7.nonfree.noarch
- kernel-desktop-5.4.6-2.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.4.6-2.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.4.6-2.mga7.x86_64
- kernel-desktop-latest-5.4.6-2.mga7.x86_64
- kernel-firmware-nonfree-20191220-1.mga7.nonfree.noarch
- kernel-userspace-headers-5.4.6-2.mga7.x86_64
- microcode-0.20191115-1.mga7.nonfree.noarch
- radeon-firmware-20191220-1.mga7.nonfree.noarch
- ralink-firmware-20191220-1.mga7.nonfree.noarch
- rtlwifi-firmware-20191220-1.mga7.nonfree.noarch
- virtualbox-kernel-5.4.6-desktop-2.mga7-6.0.14-16.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.14-16.mga7.x86_64

Packages installed cleanly, and rebooted to a working desktop. Common apps work, no issues noted.
Comment 23 James Kerr 2019-12-25 10:31:13 CET
on mga7-64  kernel-desktop  plasma

Packages installed cleanly:
- cpupower-5.4.6-2.mga7.x86_64
- kernel-desktop-5.4.6-2.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-5.4.6-2.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.4.6-2.mga7.x86_64
- kernel-desktop-latest-5.4.6-2.mga7.x86_64
- kernel-userspace-headers-5.4.6-2.mga7.x86_64
- virtualbox-kernel-5.4.6-desktop-2.mga7-6.0.14-16.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.14-16.mga7.x86_64

system re-booted normally:
$ uname -r
5.4.6-desktop-2.mga7

# dkms status
virtualbox, 6.0.14-2.mga7, 5.4.2-desktop-1.mga7, x86_64: installed 
virtualbox, 6.0.14-2.mga7, 5.4.6-desktop-2.mga7, x86_64: installed 
virtualbox, 6.0.14-2.mga7, 5.4.2-desktop-1.mga7, x86_64: installed-binary from 5.4.2-desktop-1.mga7
virtualbox, 6.0.14-2.mga7, 5.4.6-desktop-2.mga7, x86_64: installed-binary from 5.4.6-desktop-2.mga7

vbox and client launched normally

no regressions observed

looks OK for mga7-64 on this system:

Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 
CPU: Intel Core i7-6700
Graphics: Intel HD Graphics 530 (Skylake GT2)

CC: (none) => jim

Thomas Backlund 2019-12-25 23:37:24 CET

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK, MGA7-32-OK

Comment 24 Mageia Robot 2019-12-25 23:59:06 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0414.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.