Red Hat Enterprise Linux 5.3
Release Notes
Release Notes for all architectures.
Ryan Lerch
Red Hat Engineering Content Services
rlerch@redhat.com
Legal Notice
Copyright © 2008 Red Hat, Inc.. This material may only be
distributed subject to the terms and conditions set forth in the
Open Publication License, V1.0 or later with the restrictions
noted below (the latest version of the OPL is presently available
at http://www.opencontent.org/openpub/).
Distribution of substantively modified versions of this document
is prohibited without the explicit permission of the copyright
holder.
Distribution of the work or derivative of the work in any standard
(paper) book form for commercial purposes is prohibited unless
prior permission is obtained from the copyright holder.
Red Hat and the Red Hat "Shadow Man" logo are registered
trademarks of Red Hat, Inc. in the United States and other
countries.
All other trademarks referenced herein are the property of their
respective owners.
The GPG fingerprint of the security@redhat.com key is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
1801 Varsity Drive
Raleigh, NC 27606-2072USAPhone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588Research Triangle Park, NC 27709USA
Abstract
This document details the Release Notes for Red Hat Enterprise
Linux 5.3.
------------------------------------------------------------------
1. Installation-Related Notes
1.1. All Architectures
1.2. PowerPC Architectures
1.3. s390x Architectures
1.4. ia64 Architecture
2. Feature Updates
3. Driver Updates
3.1. All Architectures
4. Kernel-Related Notes
4.1. All Architectures
4.2. x86 Architectures
4.3. PowerPC Architectures
4.4. x86_64 Architectures
4.5. s390x Architectures
4.6. ia64 Architecture
5. Virtualization
5.1. Feature Updates
5.2. Resolved Issues
5.3. Known Issues
6. Technology Previews
7. Resolved Issues
7.1. All Architectures
7.2. x86_64 Architectures
7.3. s390x Architectures
7.4. PowerPC Architectures
8. Known Issues
8.1. All Architectures
8.2. x86 Architectures
8.3. x86_64 Architectures
8.4. PowerPC Architectures
8.5. s390x Architectures
8.6. ia64 Architecture
A. Revision History
1. Installation-Related Notes
This section includes information specific to Anaconda and the
installation of Red Hat Enterprise Linux 5.3.
Red Hat Network can install the new and changed packages and
upgrade an existing Red Hat Enterprise Linux 5 system.
Alternatively, Anaconda can upgrade an existing Red Hat Enterprise
Linux 5 system or perform a fresh installation of Red Hat
Enterprise Linux 5.3.
Note: upgrading from beta releases of Red Hat Enterprise Linux 5.3
to this GA release is not supported.
Further, although Anaconda provides an option for upgrading from
earlier major versions of Red Hat Enterprise Linux to Red Hat
Enterprise Linux 5.3, Red Hat does not currently support this.
More generally, Red Hat does not support in-place upgrades between
any major versions of Red Hat Enterprise Linux. (A major version
is denoted by a whole number version change. For example, Red Hat
Enteprise Linux 4 and Red Hat Enterprise Linux 5 are both major
versions of Red Hat Enterprise Linux.)
In-place upgrades across major releases do not preserve all system
settings, services or custom configurations. Consequently, Red Hat
strongly recommends fresh installations when upgrading from one
major version to another.
1.1. All Architectures
* The Text Mode installation of Anaconda now offers the option
of switching to Virtual Network Computing (VNC) to complete
the installation.
* Creating or using encrypted software RAID member disks (i.e.
software RAID partitions) is not supported. However, creating
encrypted software RAID arrays (e.g. /dev/md0) is supported.
* The NFS default for RHEL5 is "locking". Therefore, to mount
nfs shares from the %post section of anaconda, use the mount
-o nolock,udp command to start the locking daemon before using
nfs to mount shares.
* When installing from CD-ROM or DVD-ROM on a system with an
iBFT-configured network device, Anaconda will not include any
iBFT-configured storage devices unless networking is
configured. To enable networking for the installation, use the
command linux updates=http://[any] at the installation boot
prompt. Note that [any] can be replaced with any URL.
If your system requires a static IP configuration, use the
command linux updates=http://[any] ip=[IP address]
netmask=[netmask] dns=[dns].
* When installing Red Hat Enterprise Linux 5.3 on a fully
virtualized guest, do not use the kernel-xen kernel. Using
this kernel on fully virtualized guests can cause your system
to hang.
If you are using an Installation Number when installing Red
Hat Enterprise Linux 5.3 on a fully virtualized guest, be sure
to deselect the Virtualization package group during the
installation. The Virtualization package group option installs
the kernel-xen kernel.
Note that paravirtualized guests are not affected by this
issue. Paravirtualized guests always use the kernel-xen
kernel.
* If you are using the Virtualized kernel when upgrading from
Red Hat Enterprise Linux 5 to 5.2, you must reboot after
completing the upgrade. You should then boot the system using
the updated Virtualized kernel.
The hypervisors of Red Hat Enterprise Linux 5 and 5.2 are not
ABI-compatible. If you do not boot the system after upgrading
using the updated Virtualized kernel, the upgraded
Virtualization RPMs will not match the running kernel.
* When upgrading to Red Hat Enterprise Linux 5.1 or later from
Red Hat Enterprise Linux 4.6, gcc4 may cause the upgrade to
fail. As such, you should manually remove the gcc4 package
before upgrading.
* The firstboot language plugin has been removed, as it does not
properly and completely reconfigure the system when a new
language is selected.
* The use of Challenge Handshake Authentication Protocol (CHAP)
during installation is not supported. As such, CHAP should
only be enabled after installation.
If your system boots through an iBFT device, configure CHAP in
the iBFT BIOS/firmware setup screen. Your CHAP settings will
then be used in the next boot.
If your system boots through PXE iSCSI, configure CHAP through
iscsiadm. After configuring, use mkinitrd to ensure that your
CHAP settings are used in the next boot.
* When provisioning guests during installation, the RHN tools
for guests option will not be available. When this occurs, the
system will require an additional entitlement, separate from
the entitlement used by dom0.
To prevent the consumption of additional entitlements for
guests, install the rhn-virtualization-common package manually
before attempting to register the system to Red Hat Network.
* Installing Red Hat Enterprise Linux 5.3 on a system with
multiple network interfaces and manually specified IPv6
addresses may result in a partially incorrect networking
setup. When this occurs, your IPv6 settings will not be
visible on the installed system.
To work around this, set NETWORKING_IPV6 to yes in
/etc/sysconfig/network. Then, restart your network connection
using the command service network restart.
* If your system has yum-rhn-plugin-0.5.2-5.el5_1.2 (or an
earlier version) installed, you will be unable to upgrade to
Red Hat Enterprise Linux 5.3 through yum update. To work
around this, upgrade your yum-rhn-plugin to the latest version
(using yum update yum-rhn-plugin) before running yum update.
* Previously, anaconda could not access more than 8 SmartArray
controllers. In this update, this issue has been resolved.
* A driver disk, supplied by an OEM, is a single image file
(*.img), containing potentially multiple driver packages and
kernel modules. These drivers are used during installation to
support hardware that otherwise would not be recognized by Red
Hat Enterprise Linux 5. Once the driver packages and kernel
modules are installed on the system, they are placed in the
initial RAM disk (initrd) so that they are loaded when the
system boots.
With this release, installation can automatically detect a
driver disk (based on its file system label), thereby using
the content of that disk during installation. This behavior is
controlled by the installation command line option dlabel=on,
which enables the automatic search. dlabel=on is the default
setting for this release.
All block devices with the file system label OEMDRV are
examined and drivers are loaded from these devices in the
order by which they are detected.
* Existing encrypted block devices that contain vfat file
systems will appear as type foreign in the partitioning
interface; as such, these devices will not be mounted
automatically during system boot. To ensure that such devices
are mounted automatically, add an appropriate entry for them
to /etc/fstab. For details on how to do so, refer to man
fstab.
1.2. PowerPC Architectures
* The minimum RAM required to install Red Hat Enterprise Linux
5.2 is 1GB; the recommended RAM is 2GB. If a machine has less
than 1GB RAM, the installation process may hang.
Further, PowerPC-based machines that have only 1GB of RAM
experience significant performance issues under certain
RAM-intensive workloads. For a Red Hat Enterprise Linux 5.2
system to perform RAM-intensive processes optimally, 4GB of
RAM is recommended. This ensures the system has the same
number of physical pages as was available on PowerPC machines
with 512MB of RAM running Red Hat Enterprise Linux 4.5 or
earlier.
1.3. s390x Architectures
* anaconda now supports both ports on CHPID for OSA Express3
cards. The installer will prompt for the port number in the
initial stage of the installation. The value provided for the
port also affects installed network interface startup script.
When port 1 is selected, the value portno=1 is added to
OPTIONS parameter of ifcfg-eth* file.
Note
When installing under z/VM, you can add either PORTNO=0 (to
use port 0) or PORTNO=1 (to use port 1) to the CMS
configuration file to avoid being prompted for the mode.
* Installation on a machine with existing Linux or non-Linux
filesystems on DASD block devices may cause the installer to
halt. If this happens, it is necessary to clear out all
existing partitions on the DASD devices you want to use and
restart the installer.
1.4. ia64 Architecture
* If your system only has 512MB of RAM, attempting to install
Red Hat Enterprise Linux 5.3 may fail. To prevent this,
perform a base installation first and install all other
packages after the installation finishes.
* Using yum to install packages from the 32-bit Compatibility
Layer disc may fail. If it does, it is because the Red Hat
package signing key was not imported into the RPM database.
This happens if you have not yet connected to Red Hat Network
and obtained updates. To import the key manually, run the
following command as root:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Once the Red Hat GPG key is imported, you may now use yum to
install packages from the 32-bit Compatibility Layer disc.
Note that when installing from this disc, it is advisable to
use yum instead of rpm to ensure that base OS dependencies are
addressed during installation.
2. Feature Updates
Block Device Encryption
Red Hat Enterprise Linux 5.3 includes support for block
device encryption using the Linux Unified Key Setup (LUKS)
specification. Encrypting a device protects all data on a
block device against unauthorized access, even if the
device has been physically removed from a system. To
access the contents of an encrypted device, a user must
provide a passphrase or key as authentication.
For information on setting up disk encryption, refer to
Chapter 28 of the Red Hat Enterprise Linux Installation
Guide at: http://redhat.com/docs/
mac80211 802.11a/b/g WiFi protocol stack (mac80211)
The mac80211 stack (formerly known as the
devicescape/d80211 stack) is now a supported feature in
Red Hat Enterprise Linux 5.3. It enables the iwlwifi
4965GN wireless driver for Intel® WiFi Link 4965 hardware
which allows certain wireless devices to connect to any
WiFi network.
Although the mac80211 component is supported in Red Hat
Enterprise Linux 5.3, the symbols are not included in the
symbol whitelist for the kernel.
Global File System 2 (GFS2)
GFS2 is an incremental advancement of GFS. This update
applies several significant improvements that require a
change to the on-disk file system format. GFS file systems
can be converted to GFS2 using the utility gfs2_convert,
which updates the metadata of a GFS file system
accordingly.
In Red Hat Enterprise Linux 5.2, GFS2 was provided as a
kernel module for evaluation purposes. In Red Hat
Enterprise Linux 5.3, GFS2 is now part of the kernel
package. If the Red Hat Enterprise Linux 5.2 GFS2 kernel
modules have been installed they must be removed to use
GFS2 in Red Hat Enterprise Linux 5.3.
Improvements in Driver Disk Support
A driver disk, supplied by an OEM, is a single image file
(*.img), containing potentially multiple driver RPMs and
kernel modules. These drivers are used during installation
to support hardware that otherwise would not be
recognized. The RPMs are installed on the system and
placed into the initrd so that they are supported when the
machine reboots.
With Red Hat Enterprise Linux 5.3, installation can
automatically detect the presence of a driver disk based
on its file system label, and use the content of that disk
during installation. This behavior is controlled by the
installation command line option dlabel=on, which enables
the automatic search. All block devices with the file
system label OEMDRV are examined and drivers are loaded
from these devices in the order in which they are
encountered.
iSCSI Boot Firmware Table
Red Hat Enterprise Linux 5.3 now fully supports the iSCSI
Boot Firmware Table (iBFT) which allows for booting from
iSCSI devices. This support required that iSCSI disks
(nodes) are no longer marked to start up automatically;
the installed system will no longer automatically connect
and login to iSCSI disks when entering runlevel 3 or 5.
iSCSI is usually used for the root filesystem, in which
case this change does does not make a difference as the
initrd will connect and login to the needed iSCSI disks
even before the runlevel is entered.
However if iSCSI disks need to be mounted on non root
directories, for example /home or /srv, then this change
will impact you, since the installed system will no longer
automatically connect and login to iSCSI disks that are
not used for the root filesystem.
Using iSCSI disks mounted on non root directories is still
possible, but requires the use of one of the following
workarounds:
1. Install the system without use of iSCSI disks mounted
on non root directories and later configure the
relevant disks and mount points manually
2. Boot the installed system into runlevel 1, and mark
any iSCSI disks that are not used for the root
filesystem for automatic startup by using the
following command once per disk:
iscsiadm -m node -T target-name -p ip:port -o update
-n node.startup -v automatic
rhythmbox
the rhythmbox audio player has been updated to version
0.11.6. This update provides the option to use proprietary
GStreamer plugins.
lftp Rebase
lftp has now been rebased to version 3.7.1. This applies
several upstream feature updates and bug fixes, including:
* A security flaw in the way lftp quoted scripts
generated by mirror --script (which could cause
unauthorized privilege escalation) is now fixed.
* Using lftp with the option -c no longer causes lftp
to hang.
* lftp no longer corrupts files during a transfer when
using sftp.
For more information on lftp updates applied in this
release, refer to http://lftp.yar.ru/news.html.
TTY Input Auditing
TTY input auditing is now supported. If a process is
marked for TTY input auditing, the data it reads from TTYs
is audited; this will show up on audit records with type
TTY.
You can use the pam_tty_audit module to mark a process
(and its child processes) for TTY input auditing. For
instructions on how to do this, refer to man
pam_tty_audit(8).
The TTY audit records contain the exact keystrokes read by
the audited process. To make data decoding easier, bash
audits the exact command line using the record type
USER_TTY.
The "TTY" audit records contain all data read by audited
processes from the TTY. This includes data inserted into
the input stream by the TIOCSTI ioctl system call.
SystemTap Re-base
SystemTap has been re-based to version 0.7.2. This update
of SystemTap introduces several minor improvements, along
with a few major features. These new features include:
* SystemTap now supports symbolic probing on x86,
x86-64 and PowerPC architectures. This enables
SystemTap scripts to place probes into user-space
applications and shared libraries. As a result,
SystemTap can now provide the same level of debugger
probing on some user-space applications as kernel
probing.
For example, if coreutils-debuginfo is installed, you
can print a callgraph of the ls command using
/usr/share/doc/systemtap-version/examples/general/callgraph.stp,
as in:
stap para-callgraph.stp 'process("ls").function("*")'
-c 'ls -l'
In order to reduce the likelihood of an undetected
version mismatch between the binary and its debuginfo
RPMs, Red Hat advises that you set the
SYSTEMTAP_DEBUGINFO_PATH environment variable to the
value +:.debug:/usr/lib/debug:build.
SystemTap's support for symbolic probes also extends
to markers placed into the kernel of this release. To
use these markers, load the kernel-trace kernel
module in /etc/rc.local (using modprobe
kernel-trace).
* SystemTap also supports remote compilation services.
This enables a single computer on the network to act
as a debuginfo/compiler server for local SystemTap
clients. The clients auto-locate the server using
mDNS (avahi), and only need the systemtap-client and
systemtap-runtime packages to work.
At present, this feature does not use security
mechanisms like encryption. As such, it is advisable
to use remote compilation services only within
trusted networks. For more information, refer to man
stap-server.
* The kernel update for this release includes a kernel
API extension that significantly improves shutdown of
SystemTap scripts. This added kernel API extension
eliminates unnecessary synchronization between
individual probe removal operations. As a result,
SystemTap scripts that have hundreds of kernel probes
are processed much faster.
This is especially useful for administrators that use
scripts with probes containing wildcards that capture
numerous kernel events, such as probe syscall.* {}.
For a complete list of SystemTap updates included in this
release, refer to the following URL:
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=blob_plain;f=NEWS;hb=rhel53
Cluster Manager Update
The Cluster Manager utility (cman) has been updated to
version 2.0.97. This applies several bug fixes and
enhancements, most notably:
* cman now uses the following firmware versions: APC
AOS v3.5.7 and APC rpdu v3.5.6. This fixes a bug that
prevented the APC 7901 from using simple network
management protocol (SNMP) properly.
* fence_drac, fence_ilo, fence_egenera, and
fence_bladecenter agents now support ssh.
* fence_xvmd key files can now be reloaded without
restarting.
* A single fence method can now support up to 8 fence
devices.
sudo Re-base
sudo has been re-based to upstream version 1.6.9. This
version of sudo now supports LDAP, and allows sub-tree
searching instead of just base searching (i.e. tree-level
only) for sudo rights. This allows administrators to
categorize sudo rights in a tree, making user privileges
easier to manage.
RPM Re-Base
The RedHat Package Manager (RPM) is now re-based to the
Fedora 9 upstream version. rpm now adds secondary
architecture-specific macro files on multi-arch systems.
In addition, rpm now meets all certification criteria for
inclusion in Red Hat Enterprise Linux 5.
This update also applies several upstream enhancements and
bug fixes to rpm, including:
* rpm no longer generates unnecessary .rpmnew and
.rpmsave files on multi-arch systems.
* A bug in the rpmgiNext() function of rpm prevented
proper error reporting. This update applies the
proper semantics for error reporting, thereby
ensuring that rpm returns the correct exit code in
all instances.
Open Fabrics Enterprise Distribution (OFED) / opensm
opensm has been updated to the upstream version 3.2,
including a minor change to the opensm library API.
* The format of the opensm.conf file has changed. If
you have made custom modifications to your existing
opensm.conf, rpm will automatically install the new
opensm.conf file as /etc/ofed/opensm.conf.rpmnew. You
will need to migrate your modifications to this file
and then replace the existing opensm.conf file with
the result.
* Red Hat closely tracks the upstream Open Fabrics
Enterprise Distribution (OFED) code base in order to
provide a maximal level of enablement for this still
evolving technology. As a consequence, Red Hat can
only preserve API/ABI compatibility across minor
releases to the degree that the upstream project
does. This is an exception from the general practice
in the development of Red Hat Enterprise Linux.
Because of this, applications build on top of the
OFED stack (listed below), might require
recompilation or even source-level code changes when
moving from one minor release of Red Hat Enterprise
Linux to a newer one.
This generally is not required for other
applications, built on the Red Hat Enterprise Linux
software stack. The components affected are:
* dapl
* compat-dapl
* ibsim
* ibutils
* infiniband-diags
* libcxgb3
* libehca
* libibcm
* libibcommon
* libibmad
* libibumad
* libibverbs
* libipathverbs
* libmlx4
* libmthca
* libnes
* librmdacm
* libsdp
* mpi-selector
* mpitests
* mstflint
* mvapich
* mvapich2
* ofed-docs
* openib
* openib-mstflint
* openib-perftest
* openib-tvflash
* openmpi
* opensm
* perftest
* qlvnictools
* qperf
* rds-tools (future)
* srptools
* tvflash
Net-SNMP Re-Base
Net-SNMP has been re-based to upstream version 5.3.2.2.
This update adds Stream Control Transmission Protocol
(SCTP) support (as per RFC 3873,
http://www.ietf.org/rfc/rfc3873.txt) and introduces two
new configuration options (to be used in /etc/snmpd.conf):
* dontLogTCPWrappersConnects — suppresses logging of
connection attempts.
* v1trapaddress — enables administrators to set an
agent's IP address inside outgoing SNMP traps.
This update also features several bug fixes from upstream,
including:
* The snmpd daemon now functions properly on systems
with more than 255 network interfaces. In addition,
snmpd also reports an error now when it is configured
to listen on any port higher than 65535.
* A race condition that caused the snmpd daemon to leak
file descriptors when reading from /proc is now
fixed.
* The snmpd daemon now correctly reports
hrProcessorLoad object IDs (OID), even on multi-CPU
hardware. Note, however, that it takes approximately
one minute from daemon startup to calculate the value
of the OID.
* The net-snmp-devel package is now dependent on the
lm_sensors-devel package.
OpenSSL Re-Base for FIPS Certification
The openssl packages upgrade the OpenSSL library to a
newer upstream version, which is currently undergoing the
Federal Information Processing Standards validation
process (FIPS-140-2). The FIPS mode is disabled by
default, to ensure that the OpenSSL library maintains
feature parity and ABI compatibility with the previous
releases of the openssl packages in Red Hat Enterprise
Linux 5.
This update also applies the following upstream fixes:
* By default, zlib compression is used for SSL and TLS
connections. On IBM System z architectures with
Central Processor Assist for Cryptographic Function
(CPACF), compression became the main part of the CPU
load, and total performance was determined by the
speed of the compression (not the speed of the
encryption). When compression is disabled, the total
performance is much higher. In these updated
packages, zlib compression for SSL and TLS
connections can be disabled with the
OPENSSL_NO_DEFAULT_ZLIB environment variable. For TLS
connections over a slow network, it is better to
leave compression on, so that the amount of data to
be transferred is lower.
* When using the openssl command with the s_client and
s_server options, the default CA certificates file
(/etc/pki/tls/certs/ca-bundle.crt), was not read.
This resulted in certificates failing verification.
In order for certificates to pass verification, the
-CAfile /etc/pki/tls/certs/ca-bundle.crt option had
to be used. In these updated packages, the default CA
certificates file is read, and no longer needs to be
specified with the -CAfile option.
yum Re-Base
yum has been re-based to upstream version 3.2.18. This
update improves the speed at which yum operates, thereby
alleviating the problem posed by the ever-growing number
of packages included with each minor release. In addition,
this update also introduces the reinstall command,
improves the interface for several commands, and applies
several bug fixes, including:
* Any yum commands would fail if the -c option was used
to specify a configuration file residing on a web
address (http). This bug is now fixed.
* A checkSignal() function in yum called an incorrect
exit function; as such, exiting yum would result in a
traceback instead. With this release, yum now exits
properly.
flash-plugin Re-Base
The flash-plugin package has been re-based to version
10.0.12.36. This update applies several security fixes
that were included in a previous flash-plugin ASYNC
update. Further, this updated plugin also contains Adobe
Flash Player 10, which includes the following bug fixes
and feature enhancements:
* Improved stability on the Linux platform by fixing a
race condition issue in sound output.
* New support for custom filters and effects, native 3D
transformation and animation, advanced audio
processing, a new, more flexible text engine, and GPU
hardware acceleration.
For more information about this update, refer to the Adobe
Flash Player 10 release notes at the following link:
http://www.adobe.com/support/documentation/en/flashplayer/10/Flash_Player_10_Release_Notes.pdf
gdb Rebase
gdb has now been rebased to version 6.8. This applies
several upstream feature updates and bug fixes, most
notably: support for breakpoints inside C++ templates,
constructors and inline functions.
For more information on gdb updates applied in this
release, refer to
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/NEWS?rev=1.259.2.1&cvsroot=src.
Instruction Based Sampling on AMD Family10h processors
New hardware profiling support for the AMD Family10h
processors has been added for Red Hat Enterprise Linux
5.3. These new AMD CPUs support Instruction Based Sampling
(IBS). IBS support requires changes to the oProfile driver
to gather this information and initialize the new Model
Specific Registers (MSRs) associated with these new
features.
This update adds the new IBS_FETCH and IBS_OP profiling
samples to the per CPU buffers and the event buffers of
the oProfile driver. New control entries have also been
added to /dev/oprofile to control IBS sampling. These
changes are backward compatible with the previous PMC only
version of the driver, and a separate patch is available
to oProfile 0.9.3 to use this new data.
For more information on IBS refer to the paper:
Instruction-Based Sampling: A New Performance Analysis
Technique for AMD Family 10h Processors, November 19, 2007
Squid Re-base
Squid has been re-based to the latest stable upstream
version (STABLE21). This update addresses several bugs,
including:
* The squid init script always incorrectly returned an
exit code of 0. This bug is now fixed, making squid
compliant now with Linux Standard Base.
* Using the refresh_stale_hit directive causes error
message Clock going backwards to appear in the squid
log file.
* The squid installation process did not set up correct
ownership of the /usr/local/squid directory. With
this release, the user squid is now the default owner
of /usr/local/squid.
* Whenever squid attempts to use the function
hash_lookup(), it could abort with signal 6.
* Using squid_unix_group could cause squid to crash.
Event Multi-Processing Model in Apache
httpd, the Apache HTTP Server package, now includes the
experimental event Multi-Processing Model (MPM). This MPM
improves performance by using dedicated threads to handle
keepalive connections.
audit Update
The audit package contains user-space utilities for
storing and searching the audit records generated by the
audit subsystem in the kernel. The audit packages have
been updated to the newer upstream version 1.7.7, which
provides both enhancements and bug fixes over the previous
audit packages.
These updated audit packages add the following
enhancements:
* the audit system is now able to perform remote
logging.
* the auditctl utility now supports multiple keys in
the audit rules.
* a sample STIG rules file (stig.rules) which contains
auditctl rules that are loaded whenever the audit
daemon is started by init scripts is now provided as
an example in these updated packages.
* a new utility, ausyscall, has been added for the
purpose of cross-referencing syscall name and number
information.
* aureport now provides a report about keys it sees in
audit events.
* the event log parsing for the ausearch and aureport
programs has been improved.
libgomp re-base
libgomp has been re-based to version 4.3.2-7.el5. The
re-base improves OpenMP performance and adds support for
OpenMP version 3.0 when used with the gcc43 compiler.
iSCSI target capability
The iSCSI target capability, delivered as part of the
Linux Target (tgt) framework, moves from Technology
Preview to full support in Red Hat Enterprise Linux 5.3.
The linux target framework allows a system to serve
block-level SCSI storage to other systems that have a SCSI
initiator. This capability is being initially deployed as
a Linux iSCSI target, serving storage over a network to
any iSCSI initiator.
To set up the iSCSI target, install the scsi-target-utils
RPM and refer to the instructions in:
/usr/share/doc/scsi-target-utils-[version]/README and
/usr/share/doc/scsi-target-utils-[version]/README.iscsi
3. Driver Updates
3.1. All Architectures
General Driver/Platform Updates
* The Intel High Definition Audio driver in ALSA has been
updated.
* High-Definition Multimedia Interface (HDMI) audio support on
AMD ATI integrated chipsets has been updated.
* The following Wacom graphics tablets are now supported through
the linuxwacom drivers:
* Cintiq 20WSX
* Intuos3 4x6
* the lpfc driver for Emulex Fibre Channel Host Bus Adapters has
been updated to version 8.2.0.33.2p. This applies several
upstream changes, most notably:
* the NETLINK_SCSITRANSPORT socket is now used
* Resolved uninitialized node access.
* fixed a bug that caused echotest failure when NPIV is
enabled.
* fcauthd 1.19 is now required for fibre channel
authentication.
* dm-multipath now has inbox support for IBM DS4000.
* The ixgbe driver now supports the 82598AT dual-port adapter
and the 82598 CX4 adapter.
* the jsm driver has been updated to add support for Digi Neo
PCI Express 4 HiProfile I/O adapters.
* hp-ilo: driver added, providing support for HP Integrated
Lights Out (iLO) technology.
* The radeon_tp driver is now fully supported in this release.
This driver enables the ATI R500/R600 chipsets.
This driver also features the following capabilities:
* Modesetting on R500/R600 chipsets
* 2D acceleration on R500 chipsets
* Shadow framebuffer acceleration on R600 chipsets
* The powernow-k8 driver is now included in this release as a
loadable module. This ensures that existing driver frameworks
(such as the Red Hat Driver Update Model and Dell DKMS) can
deliver powernow-k8 driver updates to users as RPM packages
without requiring them to upgrade the kernel.
* For this release, Red Hat is re-adding pnm2ppa in order to
provide support for legacy printers. Note, however, that this
support is deprecated and will be discontinued in future major
releases.
* The ccid driver has been re-based to add support for USB
Smartcard keyboards.
* the uvcvideo drivers for USB video devices has been added to
the kernel in Red Hat Enterprise Linux 5.3.
Network
* The bnx2 driver for the Broadcom NetXtreme II network cards
has been updated to version 1.7.9. This update fixes the
ethernet ring buffer options on controllers that use bnx2 to
fix a bug that caused the system to panic at boot.
* The e1000e driver for Intel PRO/1000 ethernet devices has been
updated to the upstream version 0.3.3.3-k2. With this update,
the EEPROM and NVM of supported devices are now
write-protected.
* igb: driver for Intel Gigabit Ethernet Adapters has been
updated to version 1.2.45-k2, adding support for 82576 based
devices.
* the ixgbe driver for Intel(R) 10 Gigabit PCI Express network
devices has been updated to version 1.3.18-k4.
* the niu driver has been added to Red Hat Enterprise Linux 5.3,
adding support for 10Gbps ethernet devices on Sun CP3220
systems.
* the ipw2100 and ipw2200 drivers for Intel PRO Wireless devices
has been backported to Red Hat Enterprise Linux 5.3 from Linux
Kernel 2.6.25.
* the bcm43xx driver for Broadcom Wireless devices has been
backported to Red Hat Enterprise Linux 5.3 from Linux Kernel
2.6.25.
* the ieee80211 support component for wireless devices has been
backported to Red Hat Enterprise Linux 5.3 from Linux Kernel
2.6.25.
* the zd1211rw driver for ZyDas Wireless devices has been
updated to match the last non-mac80211 version from just prior
to Linux 2.6.25.
* the iwlwifi drivers have been updated to version from 2.6.26,
adding 802.11n support to iwl4965 wireless devices. Several
bug fixes included in post-2.6.26 versions of the driver were
also incorporated into the backported driver.
* the myri10ge driver for Myricom Myri-10G Ethernet devices has
been updated to version 1.3.2-1.269.
* the netxen driver for NetXen network cards has been updated to
version 3.4.18.
* The bnx2x driver for Broadcom Everest network devices has been
updated to version 1.45.23, adding support for the 57711
hardware.
* the forcedeth-msi driver has been updated to fix a bug that
prevented proper link-up detection.
* the ath5k driver for Atheros wireless devices has been
backported to Red Hat Enterprise Linux 5.3 from Linux Kernel
2.6.26.
* the rt2x00 drivers for Ralink wireless devices has been
backported to Red Hat Enterprise Linux 5.3 from Linux Kernel
2.6.26.
* the rtl8180 and rtl8187 drivers for Realtek wireless devices
has been backported to Red Hat Enterprise Linux 5.3 from Linux
Kernel 2.6.26.
* cxgb3: driver (along with corresponding firmware) is now
included with this release. This driver supports the Chelsio
RDMA 10Gb PCI-E Ethernet adapter.
Storage
* 3w-xxxx: driver for 3ware SATA RAID Controllers updated to
version 1.26.03. This applies several upstream changes, most
notably:
* Fixed a bug that caused data corruption when using a
3ware 7000 or 8000 series card in a system with greater
than 2GB of RAM.
* Anaconda no longer hangs on 64-bit architectures when
using a 3ware 8006 series card in a system with greater
than 4GB of RAM.
* The irq handler is now freed when __tw_shutdown() is
initiated. This prevents a possible null pointer
de-reference if an interrupt was shared during shutdown.
* RCD bit for caching mode page is now turned on.
* ioctl resets and scsi resets are now serialized so they
no longer collide.
* 3w-9xxx: driver for 3ware SATA RAID Controllers updated to
version 2.26.08. This applies several upstream changes, most
notably:
* The pci_unmap_single() call now functions correctly on
systems with greater than 4GB of RAM
* Fixed a bug that caused slow write performance.
* The DMA mask setting now reverts to 32-bit if 64-bit
fails.
* Added support for the 3ware 9690SA SAS Controller Device.
* megaraid_sas: driver updated to version 4.01-rh1. Several bug
fixes are applied by this update, including:
* MFI_POLL_TIMEOUT_SECS is now 60 seconds.
* Fixed a bug that caused continuous chip resets and
command timeouts due to frame count calculation.
* Added support for the LSI Generation 2 Controllers (0078,
0079).
* Added a command to shutdown DCMD in the shutdown routine
to improve firmware shutdown.
* Fixed a bug that caused unexpected interrupts in the
hardware Linux driver.
* the SCSI device handler infrastructure (scsi_dh) has been
updated, providing the following improvements:
* a generic ALUA (asymmetric logical unit access) handler
has been implemented.
* added support for LSI RDAC SCSI based storage devices.
* the qla2xxx driver for QLogic Fibre Channel Host Bus Adapters
has been updated, adding support for ISP84XX type cards.
* the ibmvscsi drivers for emulating virtual SCSI (vSCSI)
devices has been updated, providing support for virtualized
tape devices.
* lpfc: driver updated to version 8.2.0.30. This update applies
several bug fixes and enhancements, including:
* Improved Enhanced Error Handling (EEH) for PCI adapters
on PowerPC architectures
* Increased the number of supported NPIV virtual ports
* Improved driver logic to control I/O queue depth
* Added support for Fibre Channel over Ethernet (FCoE)
adapters
* Booting from SAN for new hardware is now supported
* the cciss driver for HP Smart Array controllers has been
updated to version 3.6.20-RH2.
4. Kernel-Related Notes
4.1. All Architectures
* relayfs previously had a buffer size limit of 64MB. In this
update, the limitation of the memory allocated to relayfs for
on-memory buffers has been increased to 4095MB. This allows
SystemTap and other tracing tools that utilize relayfs the
ability to trace more events.
* The driver for Dell Remote Access Controller 4 (DRAC4) was not
present. Consequently, any virtual devices provided by the
DRAC4 were not being detected by the kernel. In this update,
the pata_sil680 kernel module that provides the appropriate
driver has been added, which resolves this issue.
* The message buffers for the relay interface were only
allocated for online CPUs when relay_open() was called.
Consequently, if an off-line CPU was turned on after
relay_open() was called, a kernel panic would occur. In this
update, a new message buffer is allocated dynamically if any
new CPUs are added.
* The driver for 8250 based serial ports has been updated to add
support for DSR/DTR hardware flow control.
* Support for Dell Wireless Wide Area Network (WWAN) cards has
been added to the kernel. Devices that are now supported are:
* Dell Wireless 5700 Mobile Broadband CDMA/EVDO Mini-Card
* Dell Wireless 5500 Mobile Broadband HSDPA Mini-Card
* Dell Wireless 5505 Mobile Broadband HSDPA Mini-Card
* Dell Wireless 5700 Mobile Broadband CDMA/EVDO ExpressCard
* Dell Wireless 5510 Mobile Broadband HSDPA ExpressCard
* Dell Wireless 5700 Mobile Broadband CDMA/EVDO Mini-Card
* Dell Wireless 5700 Mobile Broadband CDMA/EVDO Mini-Card
* Dell Wireless 5720
* Dell Wireless HSDPA 5520
* Dell Wireless HSDPA 5520
* Dell Wireless 5520 Voda I Mobile Broadband (3G HSDPA)
Mini-Card
* the thinkpad_acpi kernel module has been updated to provide
enhanced support for newer Thinkpad models.
* The soft lockup detector can now be configured to trigger a
kernel panic instead of a warning message. This makes it
possible for users to generate and analyze a crash dump during
a soft lockup for forensic purposes.
To configure the soft lockup detector to generate a panic, set
the kernel parameter soft_lockup to 1. This parameter is set
to 0 by default.
* oprofile did not correctly identify processors based on the
Next-Generation Intel Microarchitecture (Nehalem).
Consequently, the performance monitoring unit could not be
used and the processor fell back to the timer interrupt. The
kernel has been updated to resolve this issue.
* Support has been added to the kernel for the CPU power state,
C3, on the Next-Generation Intel Microarchitecture (Nehalem).
The ability to enter C3 (also known as the sleep state)
improves the power efficiency of the CPU when idle.
* Previously, the MAX_ARG_PAGES limit that is set in the kernel
was too low, and may have resulted in the following error:
execve: Argument list too long
In this update, this limit has been increased to 25 percent of
the stack size, which resolves this issue.
* autofs4 updates have been backported to Red Hat Enterprise
Linux 5.3 from linux kernel version 2.6.27.
* Red Hat Enterprise Linux 5.3 now includes the ability to
specify that core files be piped to a forked copy of a user
space application, rather than directly to a file. This is
enabled by placing | path/to/applicationin
/proc/sys/kernel/core_pattern. When a core is dumped, a copy
of the specified application will be executed, and the core
will be piped to it on stdin. This allows for the core to be
augmented, analyzed and actively handled at core dump time.
* The file /proc/cpuinfo now reports the ID of the Advanced
Programmable Interrupt Controller (APIC) that is used by each
individual CPU.
* The Machine Check Exception (MCE) kernel subsystem has been
enhanced to support larger memory configurations as needed by
new systems.
* The mount command now supports Kerberos authentication when
mounting filesystems via Samba. The sec=krb5 or sec=krb5i
switch allows the kernel to call a userspace application
(cifs.upcall) which returns a SPNEGO (Simple and Protected
GSSAPI Negotiation Mechanism) security blob (Binary Large
OBject). The kernel can then use this blob to authenticate
with the server and mount the requested filesystem.
* If you configured the kernel parameter
kernel.unknown_nmi_panic on a system that used the IOAPIC NMI
watchdog method, a kernel panic could occur. This is because
the NMI watchdog could not disable the source of NMIs
securely.
With this release, the NMI watchdog code has been revised to
allow users to safely disable the NMI source. As such, you can
now safely configure the kernel parameter
kernel.unknown_nmi_panic on systems that use the IOAPIC NMI
watchdog method.
4.2. x86 Architectures
* The powernowk8 driver was not performing sufficient checks on
the number of running CPUs. Consequently, when the driver was
started, a kernel oops error message may have been reported.
In this update the powernowk8 driver verifies that the number
of supported CPUs (supported_cpus) equals the number of online
CPUs (num_online_cpus), which resolves this issue.
4.3. PowerPC Architectures
* CPUFreq, the kernel subsystem that scales CPU frequency and
voltage, has been updated with improved support for Cell
Processors. This update implements a Synergistic Processing
Unit (SPU) aware CPUFreq governor that enhances the power
management of Cell processors.
* Error Detection and Correction (EDAC) is now supported on the
Cell Broadband Engine Architecture in Red Hat Enterprise Linux
5.3. To enable EDAC, use the command: modprobe cell_edac
To check this module has been added to your running kernel,
check /var/log/dmesg for output like the following:
EDAC MC: Ver: 2.0.1 Oct 4 2008
EDAC MC0: Giving out device to cell_edac MIC: DEV cbe-mic
EDAC MC1: Giving out device to cell_edac MIC: DEV cbe-mic
If correctable memory errors are encountered, the following
message will be returned to the console:
EDAC MC0: CE page 0xeff, offset 0x5700, grain 0, syndrome 0x51, row 0, channel
0, label "":
* Debugging with hardware watchpoints using a variable that is
shared between multiple threads was causing the GNU Debugger
(GDB) to erratically miss trigger events. The kernel has been
updated to allow GDB to consistently receive the watchpoint
triggers, improving the reliability of the debugging session.
4.4. x86_64 Architectures
* kprobe-booster is now supported on the ia64 and x86_64
architectures, allowing users to probe kernel events much
faster. This feature will also decrease the overhead caused by
probing tools (e.g. SystemTap and Kprobes) on servers running
on 64-bit architecture.
* Support has been added to the kernel for the _PTC (Processor
Throttling Control), _TSS (Throttling Supported States) and
_TPC (Throttling Present Capabilities) objects. This support,
which is part of the Advance Configuration and Power Interface
specification (ACPI) provides improved management of processor
throttling.
4.5. s390x Architectures
* In zipl.conf, parameters enclosed with double quotes inside of
single quotes (ie parameters='vmhalt="LOGOFF"') were being
parsed incorrectly. Consequently, installing the kernel-kdump
package may have failed, resulting in the error:
grubby fatal error: unable to find a suitable template
To resolve this issue, parameters should be enclosed with
single quotes inside of double quotes (ie
parameters="vmhalt='LOGOFF'")
Note
The syntax structure of single quotes inside of double quotes
is the default in Red hat Enterprise Linux 5.
4.6. ia64 Architecture
* The Dual-Core Intel Itanium 2 processor filled out machine
check architecture (MCA) records differently to previous Intel
Itanium processors. The cache check and bus check target
identifiers can now be different in some circumstances. The
kernel has been updated to find the correct target identifier.
* kprobe-booster is now supported on the ia64 and x86_64
architectures, allowing users to probe kernel events much
faster. This feature will also decrease the overhead caused by
probing tools (e.g. SystemTap and Kprobes) on servers running
on 64-bit architecture.
* In this update, support for pselect() and ppoll() system calls
has been added to the kernel.
5. Virtualization
This section contains information about updates made to Red Hat
Enterprise Linux suite of Virtualization tools.
5.1. Feature Updates
* The blktap (blocktap) userspace toolkit has been updated,
providing the functionality to monitor the transfer statistics
of blktap backed virtualized guests.
* Support was added for the Intel Extended Page Table (EPT)
feature, improving performance of fully virtualized guests on
hardware that supports EPT.
* e1000 network device emulation for guests has been added in
this update, supporting only Windows 2003 guests on the ia64
architecture. To use e1000 emulation, the xm command must be
used.
* Drivers for virtio, the platform for I/O virtualization in
KVM, has been backported to Red Hat Enterprise Linux 5.3 from
Linux Kernel 2.6.27. These drivers will enable KVM guests to
achieve higher levels of I/O performance. Various userspace
components such as: anaconda, kudzu, lvm, selinux and mkinitrd
have also been updated to support virtio devices.
* The native Linux kernel supports vmcoreinfo automatically,
but, to setup kdump on dom0 domains, the kernel-xen-debuginfo
package was needed. With this release, the kernel and the
hypervisor have been modified and now support vmcoreinfo
reading and writing kdump natively. Users needing to use kdump
for de-bugging or other investigations on dom0 domains can now
do so without installing the debuginfo or debuginfo-common
packages.
* Fully virtualized Red Hat Enterprise Linux 5 guests
encountered suboptimal performance when using emulated disk
and network devices. In this update, the kmod-xenpv package
has been included to simplify the use of paravirtualized disks
and networks in fully virtualized guests.
Using these drivers in fully virtualized guests can
significantly improve the performance and functionality of
fully virtualized guests. Bug fixes made for netfront and
block front drivers are immediately realized and synchronized
with the kernel package.
* Guests now have the ability to utilize 2MB backing page memory
tables, which can improve system performance.
5.2. Resolved Issues
5.2.1. All Architectures
* Shutting down a paravirtualized guest may have caused the dom0
to stop responding for a period of time. Delays of several
seconds were experienced on guests with large amounts of
memory (ie 12GB and above.) In this update, the virtualized
kernel allows the shutdown of a large paravirtualized guest to
be pre-emptible, which resolves this issue.
* crash was unable to read the relocation address of the
hypervisor from a vmcore file. Consequently, opening a
Virtualized kernel vmcore file with crash would fail,
resulting in the error:
crash: cannot resolve "idle_pg_table_4"
In this update, the hypervisor now saves the address
correctly, which resolves this issue.
* Previously, paravirtualized guests could only have a maximum
of 16 disk devices. In this update, this limit has been
increased to a maximum of 256 disk devices.
* Memory reserved for the kdump kernel was incorrect, resulting
in unusable crash dumps. In this update, the memory
reservation is now correct, allowing proper crash dumps to be
generated.
* Attaching a disk with a specific name (ie. /dev/xvdaa,
/dev/xvdab, /dev/xvdbc etc.) to a paravirtualized guest
resulted in a corrupted /dev device inside the guest. This
update resolves the issue so that attaching disks with these
names to a paravirtualized guest creates the proper /dev
device inside the guest.
* Previously, the number of loopback devices was limited to 4.
Consequently, this limited the ability to create bridges on
systems with more than 4 network interfaces. In this update,
the netloop driver now creates additional loopback devices as
required.
* A race condition could occur when creating and destroying
virtual network devices. In some circumstances — especially
high load situations — this would cause the virtual device
to not respond. In this update, the state of the virtual
device is checked to prevent the race condition from
occurring.
* a memory leak in virt-manager would be encountered if the
application was left running. Consequently, the application
would constantly consume more resources, which may have led to
memory starvation. In this update, the leak has been fixed,
which resolves this issue.
* the crash utility could not analyze x86_64 vmcores from
systems running kernel-xen because the Red Hat Enterprise
Linux hypervisor was relocatable and the relocated physical
base address is not passed in the vmcore file's ELF header.
The new --xen_phys_start command line option for the crash
utility allows the user to pass crash the relocated base
physical address.
* Not all mouse events were being captured and processed by the
Paravirtual Frame Buffer (PVFB). Consequently, the scroll
wheel did not function when interacting with a paravirtualized
guest with the Virtual Machine Console. In this update, scroll
wheel mouse events are now handled correctly, which resolves
this issue.
* On systems with large amounts of memory (ie 256GB or more),
setting up the dom0 could exhaust the hypervisor memory heap.
To work around this, the xenheap and dom0_size command line
arguments had to be set to valid values for the system. In
this update, the hypervisor has been updated to automatically
set these values, which resolves this issue.
* Using Virtualization on a machine with a large number of CPUs
may have caused the hypervisor to crash during guest
installation. In this update, this issue has been resolved.
* A softlockup may have occurred when creating a guest with a
large amount of memory. Consequently, a call trace of the
error was displayed on both the dom0 and the guest. In this
update, this issue has been resolved.
* On Intel processors that return a CPUID family value of 6,
only one performance counter register was enabled in
kernel-xen. Consequently, only counter 0 provided samples. In
this update, this issue has been resolved.
5.2.2. x86 Architectures
* On systems with newer CPU's, the CPU APIC ID differs from the
CPU ID. Consequently, the virtualized kernel was unable to
initialize CPU frequency scaling. In this update, the
virtualized kernel now retrieves CPU APIC ID from the
hypervisor, allowing CPU frequency scaling to be initialized
properly.
* When running an x86 paravirtualized guest, if a process
accessed invalid memory, it would run in a loop instead of
getting a SEGV signal. This was caused a flaw in the way
execshield checks were done under the hypervisor. In this
update, this issue has been resolved.
5.2.3. ia64 Architecture
* A xend bug that previously caused guest installation failures
is now fixed.
* the evtchn event channel device lacked locks and memory
barriers. This led to xenstore becoming unresponsive. In this
update, this issue has been resolved.
* Non-Uniform Memory Access (NUMA) information was not being
displayed by the xm info command. Consequently, node_to_cpu
value for each node was being incorrectly returned as no cpus.
In this update, this issue has been resolved.
* Previously, creating a guest on a Hardware Virtual Machine
(HVM) would fail on processors that include the VT-i2
technology. In this update, this issue has been resolved.
5.2.4. x86_64 Architectures
* When the Dynamic IRQs available for guests virtual machines
were exhausted, the dom0 kernel would crash. In this update,
the crash condition has been fixed, and the number of
available IRQs has been increased, which resolves this issue.
* On systems with newer CPU's, the CPU APIC ID differs from the
CPU ID. Consequently, the virtualized kernel was unable to
initialize CPU frequency scaling. In this update, the
virtualized kernel now retrieves CPU APIC ID from the
hypervisor, allowing CPU frequency scaling to be initialized
properly.
5.3. Known Issues
5.3.1. All Architectures
* Diskette drive media will not be accessible when using the
virtualized kernel. To work around this, use a USB-attached
diskette drive instead.
Note that diskette drive media works well with other
non-virtualized kernels.
* In live migrations of paravirtualized guests, time-dependent
guest processes may function improperly if the corresponding
hosts' (dom0) times are not synchronized. Use NTP to
synchronize system times for all corresponding hosts before
migration.
* Repeated live migration of paravirtualized guests between two
hosts may cause one host to panic. If a host is rebooted after
migrating a guest out of the system and before migrating the
same guest back, the panic will not occur.
* Formatting a disk when running Windows 2008 or Windows Vista
as a guest can crash when the guest has been booted with
multiple virtual CPUs. To work around this, boot the guest
with a single virtual CPU when formatting.
* Fully virtualized guests created through virt-manager may
sometimes prevent the mouse from moving freely throughout the
screen. To work around this, use virt-manager to configure a
USB tablet device for the guest.
* The maximum CPUs must be restricted to less than 128 when on a
128 or greater CPU system. The maximum that is supported at
this time is 126. Use the maxcpus=126 hypervisor argument to
limit the Hypervisor to 126
* Fully virtualized guests cannot correct for time lost due to
the domain being paused and unpaused. Being able to correctly
track the time across pause and unpause events is one of the
advantages of paravirtualized kernels. This issue is being
addressed upstream with replaceable timers, so fully
virtualized guests will have paravirtualized timers.
Currently, this code is under development upstream and should
be available in later versions of Red Hat Enterprise Linux.
* Repeated migration of paravirtualized guests may result in bad
mpa messages on the dom0 console. In some cases, the
hypervisor may also panic.
To prevent a hypervisor kernel panic, restart the migrated
guests once the bad mpa messages appear.
* When setting up interface bonding on dom0, the default
network-bridge script may cause bonded network interfaces to
alternately switch between unavailable and available. This
occurrence is commonly known as flapping.
To prevent this, replace the standard network-script line in
/etc/xen/xend-config.sxp with the following line:
(network-script network-bridge-bonding netdev=bond0)
Doing so will disable the netloop device, which prevents
Address Resolution Protocol (ARP) monitoring from failing
during the address transfer process.
* When running multiple guest domains, guest networking may
temporarily stop working, resulting in the following error
being reported in the dom0 logs:
Memory squeeze in netback driver
To work around this, raise the amount of memory available to
the dom0 with the dom0_mem hypervisor command line option.
5.3.2. x86 Architectures
* Migrating paravirtualized guests through xm migrate [domain]
[dom0 IP address] does not work.
* When installing Red Hat Enterprise Linux 5 on a fully
virtualized SMP guest, the installation may freeze. This can
occur when the host (dom0) is running Red Hat Enterprise Linux
5.2.
To prevent this, set the guest to use a single processor using
the install. You can do this by using the --vcpus=1 option in
virt-install. Once the installation is completed, you can set
the guest to SMP by modifying the allocated vcpus in
virt-manager.
5.3.3. x86_64 Architectures
* Migrating paravirtualized guests through xm migrate [domain]
[dom0 IP address] does not work.
* Installing the Virtualization feature may cause a time went
backwards warning on HP systems with model numbers xw9300 and
xw9400.
To work around this issue for xw9400 machines, configure the
BIOS settings to enable the HPET timer. Note that this option
is not available on xw9300 machines.
* Installing Red Hat Enterprise Linux 3.9 on a fully virtualized
guest may be extremely slow. In addition, booting up the guest
after installation may result in hda: lost interrupt errors.
To avoid this bootup error, configure the guest to use the SMP
kernel.
* Upgrading a host (dom0) system to Red Hat Enterprise Linux 5.2
may render existing Red Hat Enterprise Linux 4.5 SMP
paravirtualized guests unbootable. This is more likely to
occur when the host system has more than 4GB of RAM.
To work around this, boot each Red Hat Enterprise Linux 4.5
guest in single CPU mode and upgrade its kernel to the latest
version (for Red Hat Enterprise Linux 4.5.z).
5.3.4. ia64 Architecture
* Migrating paravirtualized guests through xm migrate [domain]
[dom0 IP address] does not work.
* On some Itanium systems configured for console output to VGA,
the dom0 virtualized kernel may fail to boot. This is because
the virtualized kernel failed to properly detect the default
console device from the Extensible Firmware Interface (EFI)
settings.
When this occurs, add the boot parameter console=tty to the
kernel boot options in /boot/efi/elilo.conf.
* On some Itanium systems (such as the Hitachi Cold Fusion 3e),
the serial port cannot be detected in dom0 when VGA is enabled
by the EFI Maintenance Manager. As such, you need to supply
the following serial port information to the dom0 kernel:
* Speed in bits/second
* Number of data bits
* Parity
* io_base address
These details must be specified in the append= line of the
dom0 kernel in /boot/efi/elilo.conf. For example:
append="com1=19200,8n1,0x3f8 -- quiet rhgb console=tty0
console=ttyS0,19200n8"
In this example, com1 is the serial port, 19200 is the speed
(in bits/second), 8n1 specifies the number of data bits/parity
settings, and 0x3f8 is the io_base address.
* Virtualization does not work on some architectures that use
Non-Uniform Memory Access (NUMA). As such, installing the
virtualized kernel on systems that use NUMA will result in a
boot failure.
Some installation numbers install the virtualized kernel by
default. If you have such an installation number and your
system uses NUMA and does not work with kernel-xen, deselect
the Virtualization option during installation.
* Currently, live migration of fully virtualized guests is not
supported on this architecture. In addition, kexec and kdump
are also not supported for virtualization on this
architecture.
6. Technology Previews
Technology Preview features are currently not supported under Red
Hat Enterprise Linux subscription services, may not be
functionally complete, and are generally not suitable for
production use. However, these features are included as a customer
convenience and to provide the feature with wider exposure.
Customers may find these features useful in a non-production
environment. Customers are also free to provide feedback and
functionality suggestions for a Technology Preview feature before
it becomes fully supported. Erratas will be provided for
high-severity security issues.
During the development of a Technology Preview feature, additional
components may become available to the public for testing. It is
the intention of Red Hat to fully support Technology Preview
features in a future release.
ALUA Mode on EMC Clariion
Explicit active-passive failover (ALUA) mode using
dm-multipath on EMC Clariion storage is now available.
This mode is provided as per T10 specifications, but is
provided in this release only as a technology preview.
For more information about T10, refer to
http://www.t10.org.
ext4
The latest generation of the ext filesystem, ext4, is
available in this release as a Technology Preview. Ext4 is
an incremental improvement on the ext3 file system
developed by Red Hat and the Linux community. The release
name of the file system for the Technology Preview is
ext4dev.
The file system is provided by the ext4dev.ko kernel
module, and a new e4fsprogs package, which contains
updated versions of the familiar e2fsprogs administrative
tools for use with ext4. To use, install e4fsprogs and
then use commands like mkfs.ext4dev from the e4fsprogs
program to create an ext4-base file system. When referring
to the filesystem on a mount commandline or fstab file,
use the filesystem name ext4dev.
FreeIPMI
FreeIPMI is now included in this update as a Technology
Preview. FreeIPMI is a collection of Intelligent Platform
Management IPMI system software. It provides in-band and
out-of-band software, along with a development library
conforming to the Intelligent Platform Management
Interface (IPMI v1.5 and v2.0) standards.
For more information about FreeIPMI, refer to
http://www.gnu.org/software/freeipmi/
TrouSerS and tpm-tools
TrouSerS and tpm-tools are included in this release to
enable use of Trusted Platform Module (TPM) hardware.TPM
hardware features include (among others):
* Creation, storage, and use of RSA keys securely
(without being exposed in memory)
* Verification of a platform's software state using
cryptographic hashes
TrouSerS is an implementation of the Trusted Computing
Group's Software Stack (TSS) specification. You can use
TrouSerS to write applications that make use of TPM
hardware. tpm-tools is a suite of tools used to manage and
utilize TPM hardware.
For more information about TrouSerS, refer to
http://trousers.sourceforge.net/.
eCryptfs
eCryptfs is a stacked cryptographic file system for Linux.
It mounts on individual directories in existing mounted
lower file systems such as EXT3; there is no need to
change existing partitions or file systems in order to
start using eCryptfs.
With this release, eCryptfs has been re-based to upstream
version 56, which provides several bug fixes and
enhancements. In addition, this update provides a
graphical program to help configure eCryptfs
(ecryptfs-mount-helper-gui).
This update also changes the syntax of certain eCryptfs
mount options. If you choose to update to this version of
eCryptfs, you should update any affected mount scripts and
/etc/fstab entries. For information about these changes,
refer to man ecryptfs.
The following caveats apply to this release of eCryptfs:
* Note that the eCryptfs file system will only work
properly if the encrypted file system is mounted once
over the underlying directory of the same name. For
example:
mount -t ecryptfs /mnt/secret /mnt/secret
The secured portion of the file system should not be
exposed, i.e. it should not be mounted to other mount
points, bind mounts, and the like.
* eCryptfs mounts on networked file systems (e.g. NFS,
Samba) will not work properly.
* This version of the eCryptfs kernel driver requires
updated userspace, which is provided by
ecryptfs-utils-56-4.el5 or newer.
For more information about eCryptfs, refer to
http://ecryptfs.sf.net. You can also refer to
http://ecryptfs.sourceforge.net/README and
http://ecryptfs.sourceforge.net/ecryptfs-faq.html for
basic setup information.
Stateless Linux
Stateless Linux is a new way of thinking about how a
system should be run and managed, designed to simplify
provisioning and management of large numbers of systems by
making them easily replaceable. This is accomplished
primarily by establishing prepared system images which get
replicated and managed across a large number of stateless
systems, running the operating system in a read-only
manner (refer to /etc/sysconfig/readonly-root for more
details).
In its current state of development, the Stateless
features are subsets of the intended goals. As such, the
capability remains as Technology Preview.
Red Hat recommends that those interested in testing
stateless code read the HOWTO at
http://fedoraproject.org/wiki/StatelessLinux/HOWTO and
join stateless-list@redhat.com.
The enabling infrastructure pieces for Stateless Linux
were originally introduced in Red Hat Enterprise Linux 5.
AIGLX
AIGLX is a Technology Preview feature of the otherwise
fully supported X server. It aims to enable GL-accelerated
effects on a standard desktop. The project consists of the
following:
* A lightly modified X server.
* An updated Mesa package that adds new protocol
support.
By installing these components, you can have
GL-accelerated effects on your desktop with very few
changes, as well as the ability to enable and disable them
at will without replacing your X server. AIGLX also
enables remote GLX applications to take advantage of
hardware GLX acceleration.
iSCSI Target
The Linux target (tgt) framework allows a system to serve
block-level SCSI storage to other systems that have a SCSI
initiator. This capability is being initially deployed as
a Linux iSCSI target, serving storage over a network to
any iSCSI initiator.
To set up the iSCSI target, install the scsi-target-utils
RPM and refer to the instructions in:
* /usr/share/doc/scsi-target-utils-[version]/README
* /usr/share/doc/scsi-target-utils-[version]/README.iscsi
Replace [version] with the corresponding version of the
package installed.
For more information, refer to man tgtadm.
FireWire
The firewire-sbp2 module is still included in this update
as a Technology Preview. This module enables connectivity
with FireWire storage devices and scanners.
At present, FireWire does not support the following:
* IPv4
* pcilynx host controllers
* multi-LUN storage devices
* non-exclusive access to storage devices
In addition, the following issues still exist in FireWire:
* a memory leak in the SBP2 driver may cause the
machine to become unresponsive.
* a code in this version does not work properly in
big-endian machines. This could lead to unexpected
behavior in PowerPC.
ktune
This release includes ktune (from the ktune package), a
service that sets several kernel tuning parameters to
values suitable for specific system profiles. Currently,
ktune only provides a profile for large-memory systems
running disk-intensive and network-intensive applications.
The settings provides by ktune do not override those set
in /etc/sysctl.conf or through the kernel command line.
ktune may not be suitable on some systems and workloads;
as such, you should test it comprehensively before
deploying to production.
You can disable any configuration set by ktune and revert
to your normall settings by simply stopping the ktune
service using service ktune stop (as root).
SGPIO Support for dmraid
Serial General Purpose Input Output (SGPIO) is an industry
standard communication method used between a main board
and a variety of internal and external hard disk drive bay
enclosures. This method can be used to control LED lights
on an enclosure through the AHCI driver interface.
In this release, SGPIO support in dmraid is included as a
technology preview. This will allow dmraid to work
properly with disk enclosures.
GCC 4.3
The Gnu Compiler Collection version 4.3 (GCC4.3) is now
included in this release as a Technology Preview. This
collection of compilers include C, C++, and Fortran 95
compilers along with support libraries.
Note that in the gcc43 packages, the default for the
gnu89-inline option has been changed to -fgnu89-inline,
whereas upstream and future updates of Red Hat Enterprise
Linux 5 will default to -fno-gnu89-inline. This is
necessary because many headers shipped as part of Red Hat
Enterprise Linux 5 expect GNU in-line semantics instead of
ISO C99 semantics. These headers have not been adjusted to
request GNU in-line semantics through attributes.
Kernel Tracepoint Facility
In this update, a new kernel marker/tracepoint facility
has been implemented as a Technology Preview. This
interface adds static probe points into the kernel, for
use with tools such as SystemTap.
Fibre Channel over Ethernet (FCoE)
The Fibre Channel over Ethernet (FCoE) driver, along with
libfc, provides the ability to run FCoE over a standard
Ethernet card. This capability is provided as a technical
preview in Red Hat Enterprise Linux 5.3.
Red Hat Enterprise Linux 5.3 provides full support for
FCoE on three specialized hardware implementations. These
are: Cisco fnic driver, the Emulex lpfc driver, and the
Qlogic qla2xx driver.
Device Failure Monitoring of RAID sets
Device Failure Monitoring, using the tools dmraid and
dmevent_tool, is included in Red Hat Enterprise Linux 5.3
as a Technology Preview. This provides the ability to
watch and report device failures on component devices of
RAID sets.
7. Resolved Issues
7.1. All Architectures
* The data for TTY device activity reports was not generating
correctly. Consequently, the command sar -y failed, returning
the error:
Requested activities not available in file
In this updated package, sar has been corrected so the -y
option outputs the TTY device activity.
* Previously, setting max_fds to unlimited in
/etc/multipath.conf would prevent the multipathd daemon from
starting. If number of open file descriptors needs to be set
to the system maximum, max_fds should be set to max.
* mod_perl is now re-based to version 2.0.4, the latest upstream
release. This update applies several updates, which include a
bug fix that now allows mod_perl to work properly with
Bugzilla 3.0.
* cups is now re-based to version 1.3.7. This update applies
several bug fixes and enhancements, including:
* Kerberos authentication is now supported.
* User-defined printer and job policies are now loaded
correctly.
* Remote queue caches are no longer loaded when browsing is
disabled.
* The classes.conf configuration file now has correct file
permissions.
* lm_sensors has been re-based to version 2.10.7. This update
applies several upstream enhancements and bug fixes, including
a fix that prevents libsensors from crashing with a General
parse error message when k8temp is also loaded.
* elfutils has been updated in this release to address the
following bugs:
* The eu-readelf utility could crash when reading certain
input files.
* The eu-strip utility is used in the rpmbuild procedures
that create new binary packages. It separates debugging
information from executable code, to make -debuginfo
packages. A bug in this utility resulted in unusable
debugging information for ET_REL files on the s390
platform; this affects Linux kernel module files
(.ko.debug), and caused the generated kernel-debuginfo
packages not to work with Systemtap on s390.
* vnc-server is now re-based to version 4.1.2-14.el5. This
update applies the following fixes:
* A bug that prevented vncserver from printing error
messages when Xvnc failed to start is now fixed.
* Xvnc no longer uses the wrong root window depth; it now
uses the correct window depth specified by the -depth
option.
* A bug that causes the libvnc.so module to crash the X
server is now fixed.
* Xvnc now supports GLX and RENDER extensions on all
architectures.
* smartmontools has been re-based to version 5.38. This update
improves autodetection of hardware devices, improves support
for CCISS RAID arrays, and features a larger database of
supported devices.
This update also fixes a bug wherein SELinux prevented
smartmontools from monitoring 3ware RAID devices.
smartmontools can now monitor such devices properly.
* python-urlgrabber has been re-based to version 3.1.0-5. This
applies several bug fixes from upstream, including:
* yum can now correctly re-download from a yum repository
that does not support partial downloads.
* yum can now resume an interrupted download even if the
yum repository is FTP-based with a specified port.
* The size of progress bars are now dynamic to the terminal
width. In addition, progress bars are now cleaner, and
display a percentage of the total downloaded data.
* The keepalive signal of python-urlgrabber is now fixed.
Previously, a bug in this signal incorrectly increased
memory usage during downloads; in addition, this bug also
prevented reposync and yumdownloader from performing
properly when downloading a large number of packages.
* yum-utils is now re-based to upstream version 1.1.16. This
applies several bug fixes, including:
* yum update --security can now properly locate old
relevant security updates.
* yum-versionlock now works properly against package
obsoletes.
This update also includes the yum-fastestmirror plugin, which
enables yum to choose the fastest repository in a mirrorlist.
* Samba has been re-based to upstream version 3.2.0. This fixes
several bugs, including one that prevented users from joining
domains that used Windows 2003 as their name server. This
update also fixes a bug that caused samba domain membership to
break after changing the system password using net rpc
changetrustpw.
For a more comprehensive list of upstream samba updates
included this release, refer to
http://www.samba.org/samba/history/samba-3.0.32.html
* OpenLDAP has been re-based to upstream version 2.3.43. This
applies several upstream bug fixes, including:
* The init script now reports a warning if the slapd daemon
cannot read a TLS certificate file.
* All libraries in openldap-debuginfo package are now
unstripped.
* Uninstalling the openldap-devel package no longer breaks
OpenLDAP libraries.
Red Hat now distributes additional overlays for OpenLDAP
server. Except for syncprov, all overlays can be found in
separate openldap-servers-overlays packages, compiled as
dynamically loadable modules. The syncprov overlay is
statically linked to the OpenLDAP server to maintain
compatibility with older OpenLDAP releases.
* Because the xterm binary had the set group ID (setgid) bit
configured, certain environmental variables (such as
LD_LIBRARY_PATH and TMPDIR) were unset. In this release, the
xterm binary now has mode 0755 permissions configured, which
resolves this issue.
* The recommended method for balancing the load on NIS servers
when multiple machines are connecting with ypbind has changed
with this release. The ypbind daemon's behavior has not
changed: it still pings all NIS servers listed in the
/etc/ypbind configuration file and then binds to the single
fastest-responding server. Before, it was recommended to list
all available NIS servers in each machine's /etc/ypbind.conf
configuration file. However, because even servers under high
load can respond quickly to this ping, thus inadvertently
increasing their own load, it is now recommended for
administrators to list a smaller number of available NIS
servers in each machine's ypbind.conf, and to vary this list
across machines. In this way, NIS servers are automatically
load-balanced due to not every NIS server being listed as
being available to every machine.
* OpenMotif has been re-based to upstream version 2.3.1. This
update applies several bug fixes, including:
* A bug in the way OpenMotif handled the Grab and Ungrab
events is now fixed. In previous releases, this bug could
cause the display to lock.
* A bug in nedit could cause it to crash when using the
nedit graphical user interface. This was caused by a
function in the code that causes a segmentation fault in
some cases of item selection, which is now fixed.
* dbus has been re-based to version 1.1.2. This update fixes a
bug wherein multi-threaded programs could cause a deadlock in
dbus. In previous releases, as one thread listened to dbus and
processed messages, the second thread would send messages to
dbus.
* strace has been re-based to version 4.5.18. This fixes several
bugs, including:
* A bug that caused strace to crash when the -f option was
used on some multi-threaded programs (particularly on
64-bit systems) is now fixed.
* A bug that prevented the 64-bit version of strace from
executing a vfork() function call on a 32-bit process is
now fixed.
* cpuspeed has been updated to version 1.2.1-5. With this
update, the cpuspeed init script now loads the
speedstep-centrino module if all other module loads fail. In
addition, a user-space bug that prevented the Powernow-k8
module from loading is now fixed.
* The frysk suite of tools have been removed completely from
this distribution. frysk was originally introduced as a
technology preview in Red Hat Enterprise Linux 5.0.
* Previously, the partition I/O statistics provided by the
iostat -x command were incomplete. In this update, partition
statistics are now calculated in the same manner as disk
statistics, providing coherent and comprehensive I/O
statistics at the partition level.
* A password disclosure flaw was found with configuration file
for the Dovecot mail server. If a system had the
ssl_key_password option defined, any local user could view the
SSL key password. (CVE-2008-4870)
Note
This flaw did not allow the attacker to acquire the contents
of the SSL key. The password has no value without the key file
which arbitrary users should not have read access to.
To better protect even this value, however, the dovecot.conf
file now supports the "!include_try" directive. The
ssl_key_password option should be moved from dovecot.conf to a
new file owned by, and only readable and writable by, root (ie
0600). This file should be referenced from dovecot.conf by
setting the !include_try /path/to/password/file option.
7.2. x86_64 Architectures
* ksh has been re-based to version 2008-02-02. This update adds
multi-byte character handling, addresses many job control
problems and applies several bug fixes from upstream. Note
that this update to ksh preserves compatibility for existing
scripts.
7.3. s390x Architectures
* A vmconvert bug prevented it from working properly on the vmur
device node (/dev/0.0.000c). This caused vmconvert to fail
when attempting to access dumps on the vmur device with the
error vmconvert: Open dump file failed! (Permission denied).
An update to s390utils in this release fixes this issue.
* The init script and config file for the mon_procd daemon and
mon_fsstatd daemon were missing from the s390utils package.
Consequently these daemons could not be built and used. The
missing files have been added in this update which resolves
this issue.
7.4. PowerPC Architectures
* A bug that prevented the ehci_hcd module from reloading on
this architecture is now fixed. This ensures that the Belkin
4-port PCI-Express USB Lily adapter (and other similar
devices) now function properly with Red Hat Enterprise Linux 5
when they use the ehci_hcd module.
* The libhugetlbfs library is now re-based to version 1.3. This
update applies several upstream improvements to the library,
thereby improving the performance of applications that use
Huge pages.
For a complete list of updates to libhugetlbfs, refer to the
following link:
http://sourceforge.net/mailarchive/message.php?msg_name=20080515170754.GA1830%40us.ibm.com
* In Red Hat Enterprise Linux 5.2, a 64-bit version of httpd was
included in this architecture in addition to the existing
32-bit httpd. If a user installed both versions, an httpd
conflict would occur, preventing httpd from functioning
properly.
To resolve this issue, the 64-bit version of httpd has been
removed from this release. Upgrading httpd for this release
will automatically remove the 64-bit version of httpd as well.
8. Known Issues
8.1. All Architectures
* When using the new disk encryption feature to encrypt the root
filesystem, the following error message will be reported on
the console when shutting down the system:
Stopping disk encryption [FAILED]
This message can safely be ignored, the shutdown process will
complete successfully.
* When using an encrypted device, the following error message
may be reported during bootup:
insmod: error inserting '/lib/aes_generic.ko': -1 File exists
This message can safely be ignored.
* Installation using a Multiple Device (MD) RAID on top of
multipath will result in a machine that cannot boot. Multipath
to Storage Area Network (SAN) devices which provide RAID
internally are not affected.
* When a large number of LUNs are added to a node, multipath can
significantly increase the time it takes for udev to create
device nodes for them. If you experience this problem, you can
correct it by deleting the following line in
/etc/udev/rules.d/40-multipath.rules:
KERNEL!="dm-[0-9]*", ACTION=="add", PROGRAM=="/bin/bash -c '/sbin/lsmod | /bin/grep ^dm_multipath'", RUN+="/sbin/multipath -v0 %M:%m"
This line causes udev to run multipath every time a block
device is added to the node. Even with this line removed,
multipathd will still automatically create multipath devices,
and multipath will still be called during the boot process,
for nodes with multipathed root filesystems. The only change
is that multipath devices will not be automatically created
when multipathd is not running, which should not be a problem
for the vast majority of multipath users.
* When upgrading from an earlier version of Red Hat Enterprise
Linux to 5.3, you may encounter the following error:
Updating : mypackage ################### [ 472/1655]
rpmdb: unable to lock mutex: Invalid argument
The cause of the locking issue is that the shared futex
locking in glibc was enhanced with per-process futexes between
5.2 and 5.3. As a result, programs running against the 5.2
glibc can not properly perform shared futex locking against
programs running with the 5.3 glibc.
This particular error message is a side effect of a package
calling rpm as part of its install scripts. The rpm instance
performing the upgrade is using the prior glibc throughout the
upgrade, but the rpm instance launched from within the script
is using the new glibc.
To avoid this error, upgrade glibc first in a separate run:
# yum update glibc
# yum update
You will also see this error if you downgrade glibc to an
earlier version on an installed 5.3 system.
* mvapich and mvapich2 in Red Hat Enterprise Linux 5 are
compiled to support only InfiniBand/iWARP interconnects.
Consequently, they will not run over ethernet or other network
interconnects.
* On systems with more than two encrypted block devices,
anaconda has a option to provide a global passphrase. The init
scripts, however, do not support this feature. When booting
the system, entering each individual passphrase for all
encrypted devices will be required.
* When upgrading openmpi using yum, the following warning may be
returned:
cannot open `/tmp/openmpi-upgrade-version.*' for reading: No such file or directory
The message is harmless and can be safely ignored.
* Configuring IRQ SMP affinity has no effect on some devices
that use message signalled interrupts (MSI) with no MSI
per-vector masking capability. Examples of such devices
include Broadcom NetXtreme Ethernet devices that use the bnx2
driver.
If you need to configure IRQ affinity for such a device,
disable MSI by creating a file in /etc/modprobe.d/ containing
the following line:
options bnx2 disable_msi=1
Alternatively, you can disable MSI completely using the kernel
boot parameter pci=nomsi.
* The CD-ROM/DVD-ROM unit on Dell PowerEdge R905 servers does
not work with Red Hat Enterprise Linux 5. Please see
Knowledgebase #13121 for more details:
http://kbase.redhat.com/faq/FAQ_103_13121.
Important
Following the procedure in the aforementioned Knowledgebase
article may result in other issues that cannot be supported by
GSS.
* A bug in the updated /etc/udev/rules.d/50-udev.rules file
prevents the creation of persistent names for tape devices
with numbers higher than 9 in their names. For example, a
persistent name will not be created for a tape device with a
name of nst12.
To work around this, add an asterisk (*) after each occurrence
of the string nst[0-9] in /etc/udev/rules.d/50-udev.rules.
* The smartctl tool cannot properly read SMART parameters from
SATA devices.
* A bug in previous versions of openmpi and lam may prevent you
from upgrading these packages. This bug manifests in the
following error (when attempting to upgrade openmpi or lam:
error: %preun(openmpi-[version]) scriptlet failed, exit status 2
As such, you need to manually remove older versions of openmpi
and lam in order to install their latest versions. To do so,
use the following rpm command:
rpm -qa | grep '^openmpi-\|^lam-' | xargs rpm -e --noscripts
--allmatches
* When using dm-multipath, if features "1 queue_if_no_path" is
specified in /etc/multipath.conf then any process that issues
I/O will hang until one or more paths are restored.
To avoid this, set no_path_retry [N] in /etc/multipath.conf
(where [N] is the number of times the system should retry a
path). When you do, remove the features "1 queue_if_no_path"
option from /etc/multipath.conf as well.
If you need to use "1 queue_if_no_path" and experience the
issue noted here, use dmsetup to edit the policy at runtime
for a particular LUN (i.e. for which all the paths are
unavailable).
To illustrate: run dmsetup message [device] 0
"fail_if_no_path", where [device] is the multipath device name
(e.g. mpath2; do not specify the path) for which you want to
change the policy from "queue_if_no_path" to
"fail_if_no_path".
* Enabling multiple installed versions of the same kernel module
is not supported. In addition to this, a bug in the way kernel
module versions are parsed can sometimes result in enabling an
older version of the same kernel module.
Red Hat recommends that when you install a newer version of an
installed kernel module, you should delete the older one
first.
* Executing kdump on an IBM Bladecenter QS21 or QS22 configured
with NFS root will fail. To avoid this, specify an NFS dump
target in /etc/kdump.conf.
* IBM T60 laptops will power off completely when suspended and
plugged into a docking station. To avoid this, boot the system
with the argument acpi_sleep=s3_bios.
* The QLogic iSCSI Expansion Card for the IBM Bladecenter
provides both ethernet and iSCSI functions. Some parts on the
card are shared by both functions. However, the current
qla3xxx and qla4xxx drivers support ethernet and iSCSI
functions individually. Both drivers do not support the use of
ethernet and iSCSI functions simultaneously.
Because of this limitation, successive resets (via consecutive
ifdown/ifup commands) may hang the device. To avoid this,
allow a 10-second interval after an ifup before issuing an
ifdown. Also, allow the same 10-second interval after an
ifdown before issuing an ifup. This interval allows ample time
to stabilize and re-initialize all functions when an ifup is
issued.
* Laptops equipped with the Cisco Aironet MPI-350 wireless may
hang trying to get a DHCP address during any network-based
installation using the wired ethernet port.
To work around this, use local media for your installation.
Alternatively, you can disable the wireless card in the laptop
BIOS prior to installation (you can re-enable the wireless
card after completing the installation).
* Boot-time logging to /var/log/boot.log is not available in Red
Hat Enterprise Linux 5.3.
* The system may not successfully reboot into a kexec/kdump
kernel if X is running and using a driver other than vesa.
This problem only exists with ATI Rage XL graphics chipsets.
If X is running on a system equipped with ATI Rage XL, ensure
that it is using the vesa driver in order to successfully
reboot into a kexec/kdump kernel.
* When using Red Hat Enterprise Linux 5.2 on a machine with an
nVidia CK804 chipset installed, the following kernel messages
may appear:
kernel: assign_interrupt_mode Found MSI capability
kernel: pcie_portdrv_probe->Dev[005d:10de] has invalid IRQ. Check vendor BIOS
These messages indicate that certain PCI-E ports are not
requesting IRQs. They do not, however, affect the operation of
the machine in any way.
* Removable storage devices (such as CDs and DVDs) do not
automatically mount when you are logged in as root. As such,
you will need to manually mount the device through the
graphical file manager.
Alternatively, you can run the following command to mount a
device to /media:
mount /dev/[device name] /media
* When a LUN is deleted on a configured storage system, the
change is not reflected on the host. In such cases, lvm
commands will hang indefinitely when dm-multipath is used, as
the LUN has now become stale.
To work around this, delete all device and mpath link entries
in /etc/lvm/.cache specific to the stale LUN.
To find out what these entries are, run the following command:
ls -l /dev/mpath | grep [stale LUN]
For example, if [stale LUN] is
3600d0230003414f30000203a7bc41a00, the following results may
appear:
lrwxrwxrwx 1 root root 7 Aug 2 10:33 /3600d0230003414f30000203a7bc41a00 -> ../dm-4
lrwxrwxrwx 1 root root 7 Aug 2 10:33 /3600d0230003414f30000203a7bc41a00p1 -> ../dm-5
This means that 3600d0230003414f30000203a7bc41a00 is mapped to
two mpath links: dm-4 and dm-5.
As such, the following lines should be deleted from
/etc/lvm/.cache:
/dev/dm-4
/dev/dm-5
/dev/mapper/3600d0230003414f30000203a7bc41a00
/dev/mapper/3600d0230003414f30000203a7bc41a00p1
/dev/mpath/3600d0230003414f30000203a7bc41a00
/dev/mpath/3600d0230003414f30000203a7bc41a00p1
* Running the multipath command with the -ll option can cause
the command to hang if one of the paths is on a blocking
device. Note that the driver does not fail a request after
some time if the device does not respond.
This is caused by the cleanup code, which waits until the path
checker request either completes or fails. To display the
current multipath state without hanging the command, use
multipath -l instead.
* Upgrading pm-utils from a Red Hat Enterprise Linux 5.2 Beta
version of pm-utils will fail, resulting in the following
error:
error: unpacking of archive failed on file /etc/pm/sleep.d: cpio: rename
To prevent this from occurring, delete the /etc/pm/sleep.d/
directory prior to upgrading. If /etc/pm/sleep.d contains any
files, move those files to /etc/pm/hooks/.
* Hardware testing for the Mellanox MT25204 has revealed that an
internal error occurs under certain high-load conditions. When
the ib_mthca driver reports a catastrophic error on this
hardware, it is usually related to an insufficient completion
queue depth relative to the number of outstanding work
requests generated by the user application.
Although the driver will reset the hardware and recover from
such an event, all existing connections at the time of the
error will be lost. This generally results in a segmentation
fault in the user application. Further, if opensm is running
at the time the error occurs, then you need to manually
restart it in order to resume proper operation.
* When installing Red Hat Enterprise Linux 5 on a guest, the
guest is configured to explicitly use a temporary installation
kernel provided by dom0. Once installation finishes, it can
then use its own bootloader. However, this can only be
achieved by forcing the guest's first reboot to be a shutdown.
As such, when the Reboot button appears at the end of the
guest installation, clicking it shuts down the guest, but does
not reboot it. This is an expected behavior.
Note that when you boot the guest after this it will then use
its own bootloader.
* Running rpmbuild on the compiz source RPM will fail if any KDE
or qt development packages (for example, qt-devel) are
installed. This is caused by a bug in the compiz configuration
script.
To work around this, remove any KDE or qt development packages
before attempting to build the compiz package from its source
RPM.
* If your system has either ATI Radeon R500 or R600 graphics
card equipped, firstboot will not run after installation. The
system will go directly to the graphical login screen and skip
firstboot altogether. If you attempt to run firstboot manually
(i.e. from a failsafe terminal), the X session will crash.
This issue is caused by the driver used by the ATI Radeon
R500/R600 hardware. The default driver used by these graphics
cards are still in technology preview. To work around this,
backup your /etc/X11/xorg.conf file; then, configure X to use
the supported vesa driver instead using the following command:
system-config-display --reconfig --set-driver=vesa
You can now run firstboot. To switch back to your old
settings, restore your original /etc/X11/xorg.conf.
* If your system uses the TSC timer, the gettimeofday system
call may move backwards. This is because of an overflow issue
that causes the TSC timer to jump forward significantly in
some cases; when this occurs, the TSC timer will correct
itself, but will ultimately register a movement backwards in
time.
This issue is particularly critical for time-sensitive
systems, such as those used for transaction systems and
databases. As such, if your system needs precision timing, Red
Hat strongly recommends that you set the kernel to use another
timer (for example, HPET).
* Attempting to run sniff may result in an error. This is
because some required packages are not installed with dogtail.
To prevent this from occurring, install the following packages
manually:
* librsvg2
* ghostscript-fonts
* pygtk2-libglade
* Thin Provisioning (also known as "virtual provisioning") will
be first released with EMC Symmetrix DMX3 and DMX4. Please
refer to the EMC Support Matrix and Symmetrix Enginuity code
release notes for further details.
* In /etc/multipath.conf, setting max_fds to unlimited will
prevent the multipathd daemon from starting up properly. As
such, you should use a sufficiently high value instead for
this setting.
* SystemTap currently uses GCC to probe user-space events. GCC
is, however, unable to provide debuggers with precise location
list information for parameters. In some cases, GCC also fails
to provide visibility on some parameters. As a consequence,
SystemTap scripts that probe user-space may return inaccurate
readings.
* The IBM T41 laptop model does not enter Suspend Mode properly;
as such, Suspend Mode will still consume battery life as
normal. This is because Red Hat Enterprise Linux 5 does not
yet include the radeonfb module.
To work around this, add a script named
hal-system-power-suspend to /usr/share/hal/scripts/ containing
the following lines:
chvt 1
radeontool light off
radeontool dac off
This script will ensure that the IBM T41 laptop enters Suspend
Mode properly. To ensure that the system resumes normal
operations properly, add the script restore-after-standby to
the same directory as well, containing the following lines:
radeontool dac on
radeontool light on
chvt 7
* If the edac module is loaded, BIOS memory reporting will not
work. This is because the edac module clears the register that
the BIOS uses for reporting memory errors.
The current Red Hat Enterprise Linux Driver Update Model
instructs the kernel to load all available modules (including
the edac module) by default. If you wish to ensure BIOS memory
reporting on your system, you need to manually blacklist the
edac modules. To do so, add the following lines to
/etc/modprobe.conf:
blacklist edac_mc
blacklist i5000_edac
blacklist i3000_edac
blacklist e752x_edac
* Red Hat Enterprise Linux 5.3 can detect online growing or
shrinking of an underlying block device. However, there is no
method to automatically detect that a device has changed size,
so manual steps are required to recognize this and resize any
file systems which reside on the given device(s). When a
resized block device is detected, a message like the following
will appear in the system logs:
VFS: busy inodes on changed media or resized disk sdi
If the block device was grown, then this message can be safely
ignored. However, if the block device was shrunk without
shrinking any data set on the block device first, the data
residing on the device may be corrupted.
It is only possible to do an online resize of a filesystem
that was created on the entire LUN (or block device). If there
is a partition table on the block device, then the file system
will have to be unmounted to update the partition table.
* If your system has a GFS2 file system mounted, a node may hang
if a cached inode is accessed in one node and unlinked on a
different node. When this occurs, the hung node will be
unavailable until you fence and recover it via the normal
cluster recovery mechanism. The function calls
gfs2_dinode_dealloc and shrink_dcache_memory will also appear
in the stack traces of any processes stuck in the hung node.
This issue does not affect single-node GFS2 file systems.
* The following message may be encountered during system boot:
Could not detect stabilization, waiting 10 seconds.
Reading all physical volumes. This may take a while...
This delay (which may be up to 10 seconds, dependant on the
hardware configuration) is necessary to ensure that the kernel
has completed scanning the disks.
* The current implementation of User Payload Access in ipmitool
allows you to configure devices, but does not allow you to
retrieve the current settings for those devices.
* Using the swap --grow parameter in a kickstart file without
setting the --maxsize parameter at the same time makes
anaconda impose a restriction on the maximum size of the swap
partition. It does not allow it to grow to fill the device.
For systems with less than 2GB of physical memory, the imposed
limit is twice the amount of physical memory. For systems with
more than 2GB, the imposed limit is the size of physical
memory plus 2GB.
* The gfs2_convert program may not free up all blocks from the
GFS metadata that are no longer used under GFS2. These unused
metadata blocks will be discovered and freed the next time
gfs2_fsck is run on the file system. It is recommended that
gfs2_fsck be run after the filesystem has been converted to
free the unused blocks. These unused blocks will be flagged by
gfs2_fsck with messages such as:
Ondisk and fsck bitmaps differ at block 137 (0x89)
Ondisk status is 1 (Data) but FSCK thinks it should be 0 (Free)
Metadata type is 0 (free)
These messages do not indicate corruption in the GFS2 file
system, they indicate blocks that should have been freed, but
were not. The number of blocks needing to be freed will vary
depending on the size of the file system and block size. Many
file systems will not encounter this issue at all. Large file
systems may have a small number of blocks (typically less than
100).
8.2. x86 Architectures
* When running the bare-metal (non-Virtualized) kernel, the X
server may not be able to retrieve EDID information from the
monitor. When this occurs, the graphics driver will be unable
to display resolutions highers than 800x600.
To work around this, add the following line to the
ServerLayout section of /etc/X11/xorg.conf:
Option "Int10Backend" "x86emu"
* Recording needs to be manually enabled on Dell M4300 and
M6300. To do this, perform the following steps:
1. Open alsamixer.
2. Press Tab to toggle [Capture] in the View field (located
at the upper left part of the menu).
3. Press the Space bar.
4. To verify that recording is enabled, the text above the
ADCMux field should display L R CAPTUR.
* If encryption is enabled on the boot device during system
installation, the following message will be logged during
system boot:
padlock: VIA PadLock not detected.
This message can safely be ignored.
8.3. x86_64 Architectures
* Some machines that use NVIDIA graphics cards may display
corrupted graphics or fonts when using the graphical installer
or during a graphical login. To work around this, switch to a
virtual console and back to the original X host.
* On an IBM T61 laptop, Red Hat recommends that you refrain from
clicking the glxgears window (when glxgears is run). Doing so
can lock the system.
To prevent this from occurring, disable the tiling feature. To
do so, add the following line in the Device section of
/etc/X11/xorg.conf:
Option "Tiling" "0"
* Recording needs to be manually enabled on Dell M4300 and
M6300. To do this, perform the following steps:
1. Open alsamixer.
2. Press Tab to toggle [Capture] in the View field (located
at the upper left part of the menu).
3. Press the Space bar.
4. To verify that recording is enabled, the text above the
ADCMux field should display L R CAPTUR.
* If your system uses an Intel 945GM graphics card, do not use
the i810 driver. You should use the default intel driver
instead.
* On dual-GPU laptops, if one of the graphics chips is
Intel-based, the Intel graphics mode cannot drive any external
digital connections (including HDMI, DVI, and DisplayPort).
This is a hardware limitation of the Intel GPU. If you require
external digital connections, configure the system to use the
discrete graphics chip (in the BIOS).
8.4. PowerPC Architectures
* When using Alt-SysRq-W to debug, the following warning message
will appear:
Badness in smp_call_function at arch/powerpc/kernel/smp.c:223
Afterwards, the system will also warn that it will hang. This
message should be ignored as it will not cause the system to
hang.
* Recording needs to be manually enabled on Dell M4300 and
M6300. To do this, perform the following steps:
1. Open alsamixer.
2. Press Tab to toggle [Capture] in the View field (located
at the upper left part of the menu).
3. Press the Space bar.
4. To verify that recording is enabled, the text above the
ADCMux field should display L R CAPTUR.
* The size of the PPC kernel image is too large for OpenFirmware
to support. Consequently, network booting will fail, resulting
in the following error message:
Please wait, loading kernel...
/pci@8000000f8000000/ide@4,1/disk@0:2,vmlinux-anaconda: No such file or directory
boot:
To work around this:
1. Boot to the OpenFirmware prompt, by pressing the '8' key
when the IBM splash screen is displayed.
2. Run the following command:
setenv real-base 2000000
3. Boot into System Managment Services (SMS) with the
command:
0> dev /packages/gui obe
8.5. s390x Architectures
* When running Red Hat Enterprise Linux 5.2 on a z/VM that has
more than 2GB of guest storage defined, invalid data can be
read from and written to any FCP and OSA device attached in
QDIO mode with the Queued-I/O assist (QIOASSIST) option
enabled. If your system has any such devices attached, Red Hat
recommends that you download and install the corresponding
z/VM Program Temporary Fix (PTF) from the following link:
http://www-1.ibm.com/support/docview.wss?uid=isg1VM64306
* It is not possible to directly read and convert a z/VM dump
into a file. Instead, you should first copy the dump from the
z/VM reader into a Linux file system using vmur and convert
the dump into a Linux-readable file using vmconvert.
* The IBM System z does not provide a traditional Unix-style
physical console. As such, Red Hat Enterprise Linux 5.2 for
the IBM System z does not support the firstboot functionality
during initial program load.
To properly initialize setup for Red Hat Enterprise Linux 5.2
on the IBM System z, run the following commands after
installation:
* /usr/bin/setup — provided by the setuptool package.
* /usr/bin/rhn_register — provided by the rhn-setup
package.
8.6. ia64 Architecture
* Some Itanium systems cannot properly produce console output
from the kexec purgatory code. This code contains instructions
for backing up the first 640k of memory after a crash.
While purgatory console output can be useful in diagnosing
problems, it is not needed for kdump to properly function. As
such, if your Itanium system resets during a kdump operation,
disable console output in purgatory by adding --noio to the
KEXEC_ARGS variable in /etc/sysconfig/kdump.
* Running perftest will fail if different CPU speeds are
detected. As such, you should disable CPU speed scaling before
running perftest.
* When the kdump kernel is booted, the following error will
appear in the boot log:
mknod: /tmp/initrd.[numbers]/dev/efirtc: No such file or directory
This error results from a malformed request to create the
efirtc in an incorrect path. However, the device path in
question is also created statically in the initramfs when the
kdump service is started. As such, the run-time creation of
the device node is redundant, harmless, and should not affect
the performance of kdump.
* Some systems may be unable to boot the kdump kernel properly.
In such cases, use the machvec=dig kernel parameter.
* Recording needs to be manually enabled on Dell M4300 and
M6300. To do this, perform the following steps:
1. Open alsamixer.
2. Press Tab to toggle [Capture] in the View field (located
at the upper left part of the menu).
3. Press the Space bar.
4. To verify that recording is enabled, the text above the
ADCMux field should display L R CAPTUR.
* On Intel Itanium-based systems running SELinux in enforcing
mode, either the allow_unconfined_execmem_dyntrans or
allow_execmem Booleans must be turned on to allow the IA-32
Execution Layer (the ia32el service) to operate correctly. If
the allow_unconfined_execmem_dyntrans Boolean is off, but the
allow_execmem Boolean is on, which it is by default in Red Hat
Enterprise Linux 5, the ia32el service supports 32-bit
emulation; however, if both Booleans are off, emulation fails.
A. Revision History
Revision History
Revision 1.0 16th October 2008 Ryan Lerch
References
Visible links
. mailto:rlerch@redhat.com
. http://www.opencontent.org/openpub/
. http://redhat.com/docs/
. http://lftp.yar.ru/news.html
. http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=blob_plain;f=NEWS;hb=rhel53
. http://www.ietf.org/rfc/rfc3873.txt
. http://www.adobe.com/support/documentation/en/flashplayer/10/Flash_Player_10_Release_Notes.pdf
. http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/NEWS?rev=1.259.2.1&cvsroot=src
. http://developer.amd.com/assets/AMD_IBS_paper_EN.pdf
. http://www.t10.org/
. http://www.gnu.org/software/freeipmi/
. http://trousers.sourceforge.net/
. http://ecryptfs.sf.net/
. http://ecryptfs.sourceforge.net/README
. http://ecryptfs.sourceforge.net/ecryptfs-faq.html
. http://fedoraproject.org/wiki/StatelessLinux/HOWTO
. mailto:stateless-list@redhat.com
. http://www.samba.org/samba/history/samba-3.0.32.html
. http://sourceforge.net/mailarchive/message.php?msg_name=20080515170754.GA1830%40us.ibm.com
. http://kbase.redhat.com/faq/FAQ_103_13121
. http://www-1.ibm.com/support/docview.wss?uid=isg1VM64306