Update request: kernel-rt-3.4.24-0.rt36.1.mga2 Advisory: - to be written... Testing: test that it installs, boots, runs ok. RPMS: i586: kernel-rt-3.4.24-0.rt36.1.mga2-1-1.mga2.i586.rpm kernel-rt-devel-3.4.24-0.rt36.1.mga2-1-1.mga2.i586.rpm kernel-rt-devel-latest-3.4.24-0.rt36.1.mga2.i586.rpm kernel-rt-doc-3.4.24-0.rt36.1.mga2.noarch.rpm kernel-rt-latest-3.4.24-0.rt36.1.mga2.i586.rpm kernel-rt-source-3.4.24-0.rt36.1.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.24-0.rt36.1.mga2.noarch.rpm x86_64: kernel-rt-3.4.24-0.rt36.1.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-3.4.24-0.rt36.1.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-latest-3.4.24-0.rt36.1.mga2.x86_64.rpm kernel-rt-doc-3.4.24-0.rt36.1.mga2.noarch.rpm kernel-rt-latest-3.4.24-0.rt36.1.mga2.x86_64.rpm kernel-rt-source-3.4.24-0.rt36.1.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.24-0.rt36.1.mga2.noarch.rpm SRPMS: kernel-rt-3.4.24-0.rt36.1.mga2.src.rpm
Status: NEW => ASSIGNEDDepends on: (none) => 8227
Hi Thomas ! I was quite ready to test this kernel ... but To be installed, Kernel rt (or server or dektop...) needs kmod having been updated to version 7-7 from update_testing repo too... kmod 7-7 itself has not been tested as an update... If this update brings some problem would there be a simple possibility to downgrade it to 7-6... or is there a risk to have to reinstall Mageia2 because no boot is anymore possible ? Wouldn't it be more safe to propose first kmod 7-7 as update request to QA to verify if it is strictly compatible with previous stable kernels ? Just a thought . Thanks for your huge work. Philippe
CC: (none) => philippedidier
kmod is already assigned to the QA (personally I use it since some weeks)
hum seems I forget to report my test for this one. so kernel-rt tested this afternoon, Mga2, 64bits, all hardware working fine, dkms are building without issue, latency with qjackctl and lmms seems not that bad.
OK Manuel ! After reading your comment I just saw the update request for it... (bug 8227) Sorry for the noise ! Nevertheless I will wait kmod is validated before testing the kernels on MGA2 32bits :) Thanks Philippe
Or install it and help validate both kmod and kernel-rt :)
Hi Thomas! I have learned to be cautious ... I use my everyday computer for tests : so I use to test only packages that may be easily downgraded or suppressed , and that won't need a total re-installation in case of huge problem.... I can't dare to test kmod if there's a risk that my computer won't boot anymore and so there is no way to simply downgrade this package... and a need to reinstall and tune again a perfect Mageia2 ;)
Advisory: This kernel-rt update provides an upgrade to upstream 3.4-longterm branch. This allows us to benefit from extra tests and maintenance from upstream developers and testers, providing a very good base for Mageia users. It also fixes the following security issues: - Calling uname() with the UNAME26 personality set allows a leak of kernel stack contents. (CVE-2012-0957) - NFC: Fix multiple remotely-exploitable stack-based buffer overflows due to the NCI code pulling length fields directly from incoming frames and copying too much data into statically-sized arrays. (CVE-2012-3364) - A use-after-free flaw has been found in madvise_remove() function in the Linux kernel. madvise_remove() can race with munmap (causing a use-after-free of the vma) or with close (causing a use-after-free of the struct file). An unprivileged local user can use this flaw to crash the system. (CVE-2012-3510) - Pablo Neira Ayuso discovered that avahi and potentially NetworkManager accept spoofed Netlink messages because of a kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the sender did not provide such data, instead of not including any such data at all or including the correct data from the peer (as it is the case with AF_UNIX). (CVE-2012-3520) - As Tetsuo Handa pointed out, request_module() can stress the system while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE. The task T uses "almost all" memory, then it does something which triggers request_module(). Say, it can simply call sys_socket(). This in turn needs more memory and leads to OOM. oom-killer correctly chooses T and kills it, but this can't help because it sleeps in TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by the TIF_MEMDIE task T.A local unprivileged user can make the system unusable. (CVE-2012-4398) - A flaw has been found in the way Linux kernel's KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could use this flaw to crash the system. (CVE-2012-4461) - Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in net/socket.c") introduced a bug where the helper functions to take either a 64-bit or compat time[spec|val] got the arguments in the wrong order, passing the kernel stack pointer off as a user pointer (and vice versa). Because of the user address range check, that in turn then causes an EFAULT due to the user pointer range checking failing for the kernel address. Incorrectly resuling in a failed system call for 32-bit processes with a 64-bit kernel. On odder architectures like HP-PA (with separate user/kernel address spaces), it can be used read kernel memory. (CVE-2012-4467) - A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak. (CVE-2012-4508) - Reading TCP stats when using TCP Illinois congestion control algorithm can cause a divide by zero kernel oops.An unprivileged local user could use this flaw to crash the system. (CVE-2012-4565) Other fixes in this release: - updates to the upstream 3.4.24-rt36 patchset - add support for Atheros AR8161/8165 Atheros PCI-E Gigabit Ethernet Controller (mga #7853) - module: fix symbol waiting when module fails before init, wait when loading a module which is currently initializing. (mga #7375) For other changes in 3.4 series kernel, see the kernelnewbies link, and the referenced stable changelogs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565 http://kernelnewbies.org/Linux_3.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.1 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.2 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.3 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.5 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.6 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.7 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.8 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.9 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.11 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.12 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.13 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.14 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.15 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.17 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.18 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.19 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.20 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.21 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.22 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.23 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.24 https://bugs.mageia.org/show_bug.cgi?id=7375 https://bugs.mageia.org/show_bug.cgi?id=7853 https://bugs.mageia.org/show_bug.cgi?id=8068
Doh, last link should be: https://bugs.mageia.org/show_bug.cgi?id=8515
Additional fixes included: - backport Wacom Intuos 5 support: https://bugs.mageia.org/show_bug.cgi?id=7659 fix for mga #7375 is not in this kernel, will be added later
Updated rpms to validate: Additional fixes: - conflict dkms packages not supporting 3.4 series kernels - kernel-rt-source does not add build & source symlinks anymore as they mess with dkms builds... - A memory disclosure flaw has been found in the way binfmt_script load_script() function handled excessive recursions. An unprivileged local user could use this flaw to leak kernel memory. (CVE-2012-4530) - bug 7375 is now fixed here too i586: kernel-rt-3.4.24-0.rt36.2.mga2-1-1.mga2.i586.rpm kernel-rt-devel-3.4.24-0.rt36.2.mga2-1-1.mga2.i586.rpm kernel-rt-devel-latest-3.4.24-0.rt36.2.mga2.i586.rpm kernel-rt-doc-3.4.24-0.rt36.2.mga2.noarch.rpm kernel-rt-latest-3.4.24-0.rt36.2.mga2.i586.rpm kernel-rt-source-3.4.24-0.rt36.2.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.24-0.rt36.2.mga2.noarch.rpm x86_64: kernel-rt-3.4.24-0.rt36.2.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-3.4.24-0.rt36.2.mga2-1-1.mga2.x86_64.rpm kernel-rt-devel-latest-3.4.24-0.rt36.2.mga2.x86_64.rpm kernel-rt-doc-3.4.24-0.rt36.2.mga2.noarch.rpm kernel-rt-latest-3.4.24-0.rt36.2.mga2.x86_64.rpm kernel-rt-source-3.4.24-0.rt36.2.mga2-1-1.mga2.noarch.rpm kernel-rt-source-latest-3.4.24-0.rt36.2.mga2.noarch.rpm SRPMS: kernel-rt-3.4.24-0.rt36.2.mga2.src.rpm
Summary: Update request: kernel-rt-3.4.24-0.rt36.1.mga2 => Update request: kernel-rt-3.4.24-0.rt36.2.mga2
Updated advisory: This kernel-rt update provides an upgrade to upstream 3.4-longterm branch. This allows us to benefit from extra tests and maintenance from upstream developers and testers, providing a very good base for Mageia users. It also fixes the following security issues: - Calling uname() with the UNAME26 personality set allows a leak of kernel stack contents. (CVE-2012-0957) - NFC: Fix multiple remotely-exploitable stack-based buffer overflows due to the NCI code pulling length fields directly from incoming frames and copying too much data into statically-sized arrays. (CVE-2012-3364) - A use-after-free flaw has been found in madvise_remove() function in the Linux kernel. madvise_remove() can race with munmap (causing a use-after-free of the vma) or with close (causing a use-after-free of the struct file). An unprivileged local user can use this flaw to crash the system. (CVE-2012-3510) - Pablo Neira Ayuso discovered that avahi and potentially NetworkManager accept spoofed Netlink messages because of a kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the sender did not provide such data, instead of not including any such data at all or including the correct data from the peer (as it is the case with AF_UNIX). (CVE-2012-3520) - As Tetsuo Handa pointed out, request_module() can stress the system while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE. The task T uses "almost all" memory, then it does something which triggers request_module(). Say, it can simply call sys_socket(). This in turn needs more memory and leads to OOM. oom-killer correctly chooses T and kills it, but this can't help because it sleeps in TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by the TIF_MEMDIE task T.A local unprivileged user can make the system unusable. (CVE-2012-4398) - A flaw has been found in the way Linux kernel's KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could use this flaw to crash the system. (CVE-2012-4461) - Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in net/socket.c") introduced a bug where the helper functions to take either a 64-bit or compat time[spec|val] got the arguments in the wrong order, passing the kernel stack pointer off as a user pointer (and vice versa). Because of the user address range check, that in turn then causes an EFAULT due to the user pointer range checking failing for the kernel address. Incorrectly resuling in a failed system call for 32-bit processes with a 64-bit kernel. On odder architectures like HP-PA (with separate user/kernel address spaces), it can be used read kernel memory. (CVE-2012-4467) - A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak. (CVE-2012-4508) - A memory disclosure flaw has been found in the way binfmt_script load_script() function handled excessive recursions. An unprivileged local user could use this flaw to leak kernel memory. (CVE-2012-4530) - Reading TCP stats when using TCP Illinois congestion control algorithm can cause a divide by zero kernel oops.An unprivileged local user could use this flaw to crash the system. (CVE-2012-4565) Other fixes in this release: - module: fix symbol waiting when module fails before init, wait when loading a module which is currently initializing. (mga #7375) - backport Wacom Intuos 5 support: (#7659) - add support for Atheros AR8161/8165 Atheros PCI-E Gigabit Ethernet Controller (mga #7853) - conflict dkms packages not supporting 3.4 series kernels - kernel-rt-source does not add build & source symlinks anymore as they mess with dkms builds. For other changes in 3.4 series kernel, see the kernelnewbies link, and the referenced stable changelogs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4530 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4565 http://kernelnewbies.org/Linux_3.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.1 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.2 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.3 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.5 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.6 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.7 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.8 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.9 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.11 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.12 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.13 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.14 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.15 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.16 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.17 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.18 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.19 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.20 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.21 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.22 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.23 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.24 https://bugs.mageia.org/show_bug.cgi?id=7375 https://bugs.mageia.org/show_bug.cgi?id=7659 https://bugs.mageia.org/show_bug.cgi?id=7853 https://bugs.mageia.org/show_bug.cgi?id=8068
Created attachment 3364 [details] dmesg for working kernel-server-3.4.24-3
MGA2 32bits ASUS M2N SLI mainboard Nvidia Geforce 210 graphic card two internal SATA harddisks (using sata_nv module) one internal IDE harddisk (using pata_amd module) one external usb harddisk one external firewire harddisk one internal IDE DVD writer (using pata_amd module) one internal IDE DVD reader (using pata_amd module) Nota Bene: I already tested kernel-server-3.4.24-3.mga2-1-1 which is OK ... testing now : kernel-rt-3.4.24-0.rt36.2.mga2-1-1.mga2.i586.rpm kernel-rt-devel-3.4.24-0.rt36.2.mga2-1-1.mga2.i586.rpm during install the nvidia module is built, using dkms-nvidia-current-295.71-1.mga2.nonfree.i586 Boot begins well (same as kernel-server-3.4.24-3.mga2-1-1.mga2.i586) But it freezes half the way when starting X : black screen no possibility to use Alt+Ctl+Del need to Alt+sysRq+r Alt+sysRq+s Alt+sysRq+e Alt+sysRq+i Alt+sysRq+u Alt+sysRq+b what would be useful for you besides dmesg files ? here are attached dmesg for working kernel-server and dmesg.old for freezing kernel-rt
Created attachment 3365 [details] dmesg.old for freezing kernel-rt-3.4.24-0rt36.2
Philippe, can you check to see if the freeze is also there with the prior version of the rt kernel? The rt kernel worked ok on my system, both x86-64 and i586. As the kernel update includes security fixes, it will only be blocked if the freeze is a regression.
CC: (none) => davidwhodgins
Hi David I had the same freeze problem with kernel-3.2.16-0-rt27.1 on MGA2 32bits... needing to use magic keys, too, to reboot. I thought that it was a only a version problem (3.2 serie ) because : the "normal" kernels version 3.3.6 were OK and then updated kernels 3.3.8 were OK too... (in Mandriva 2010.1 "normal" kernels and kernel-rt used to be from the same version and all of them worked for me) That's the reason why I never wrote a bug report, only hoping that an update to 3.3.x version will appear for kernel-rt... but there had not been any update of the kernel-rt before this one. So, this freeze is not a regression for me : But this new version doesn't bring the hoped solution to the problem I had with previous version 3.2.16... :-( You may validate it for the security fixes if it's OK for you ... (I don't think there is such a lot of people needing a true "real-time-kernel" for Mageia2, since "normal" kernels are quite OK for Computer Assisted Music : I have quite no XRuns with the last 3.3.x versions... when there were indeed the need of a real-time-kernel for Mandriva) Perhaps it's better that I create a new bug report about this freeze for both kernel-3.2.16-0-rt27.1.mga2-1-1.mga2 and kernel-rt-3.4.24-0.rt36.2.mga2-1-1.mga2 if Thomas wants and needs to investigate ?! but I certainly will be alone with this bug (probably nvidia module not working for me) (Nota Bene : it is the same computer, and the dkms nvidia module was OK for both "normal" and rt kernels with Mandriva 2010.1) Post Scriptum : Nevertheless, I am very surprised by the huge difference of weight between rt-kernel 2.4Mo and server-kernel 3.2Mo ! ( in Mandriva the difference was indeed less important, and inverse : rt-kernel 2.6Mo and desktop-kernel 2.2Mo) Regards Philippe
-rt kernel is xz compressed, -server kernel is gzip compressed.
Ah OK! Trying to understand where could be the cause of the non working rt-kernel I "kompared" the config files of -rt kernel and server-kernel : I already noticed this detail : 68 #CONFIG_KERNEL_GZIP is not set ./. 71 CONFIG_KERNEL_XZ=y 69 CONFIG_KERNEL_GZIP=y ./. 72 #CONFIG_KERNEL_XZ is not set but I didn't think that would imply such a difference of weight ! Amongst the other differences, I didn't understand which one could explain the freeze :-(
So, the previous 3.3.8 -server kernel was xz compressed too ... (same option as 3.3.24 -rt : I just Kompared their config now !)
Yep. the 3.4.24 -server kernel just about to be pushed has the info: - switch server kernel image compression back to GZIP so it works with Amazon EC2 and other older XEN setups. so its intentional :)
Thanks Thomas !
As it's not a regression, I'll go ahead and validate the update then. Could someone from the sysadmin team push the srpm kernel-rt-3.4.24-0.rt36.2.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. See Comment 11 for the advisory.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: (none) => MGA2-64-OK MGA2-32-OK
Update pushed. https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0016
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED