Red Hat Enterprise Linux 5.3 Release Notes Release Notes for all architectures. Ryan Lerch Red Hat Engineering Content Services rlerch@redhat.com Legal Notice Copyright © 2008 Red Hat, Inc.. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0 or later with the restrictions noted below (the latest version of the OPL is presently available at http://www.opencontent.org/openpub/). Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder. Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries. All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E 1801 Varsity Drive Raleigh, NC 27606-2072USAPhone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588Research Triangle Park, NC 27709USA Abstract This document details the Release Notes for Red Hat Enterprise Linux 5.3. ------------------------------------------------------------------ 1. Installation-Related Notes 1.1. All Architectures 1.2. PowerPC Architectures 1.3. s390x Architectures 1.4. ia64 Architecture 2. Feature Updates 3. Driver Updates 3.1. All Architectures 4. Kernel-Related Notes 4.1. All Architectures 4.2. x86 Architectures 4.3. PowerPC Architectures 4.4. x86_64 Architectures 4.5. s390x Architectures 4.6. ia64 Architecture 5. Virtualization 5.1. Feature Updates 5.2. Resolved Issues 5.3. Known Issues 6. Technology Previews 7. Resolved Issues 7.1. All Architectures 7.2. x86_64 Architectures 7.3. s390x Architectures 7.4. PowerPC Architectures 8. Known Issues 8.1. All Architectures 8.2. x86 Architectures 8.3. x86_64 Architectures 8.4. PowerPC Architectures 8.5. s390x Architectures 8.6. ia64 Architecture A. Revision History 1. Installation-Related Notes This section includes information specific to Anaconda and the installation of Red Hat Enterprise Linux 5.3. Red Hat Network can install the new and changed packages and upgrade an existing Red Hat Enterprise Linux 5 system. Alternatively, Anaconda can upgrade an existing Red Hat Enterprise Linux 5 system or perform a fresh installation of Red Hat Enterprise Linux 5.3. Note: upgrading from beta releases of Red Hat Enterprise Linux 5.3 to this GA release is not supported. Further, although Anaconda provides an option for upgrading from earlier major versions of Red Hat Enterprise Linux to Red Hat Enterprise Linux 5.3, Red Hat does not currently support this. More generally, Red Hat does not support in-place upgrades between any major versions of Red Hat Enterprise Linux. (A major version is denoted by a whole number version change. For example, Red Hat Enteprise Linux 4 and Red Hat Enterprise Linux 5 are both major versions of Red Hat Enterprise Linux.) In-place upgrades across major releases do not preserve all system settings, services or custom configurations. Consequently, Red Hat strongly recommends fresh installations when upgrading from one major version to another. 1.1. All Architectures * The Text Mode installation of Anaconda now offers the option of switching to Virtual Network Computing (VNC) to complete the installation. * Creating or using encrypted software RAID member disks (i.e. software RAID partitions) is not supported. However, creating encrypted software RAID arrays (e.g. /dev/md0) is supported. * The NFS default for RHEL5 is "locking". Therefore, to mount nfs shares from the %post section of anaconda, use the mount -o nolock,udp command to start the locking daemon before using nfs to mount shares. * When installing from CD-ROM or DVD-ROM on a system with an iBFT-configured network device, Anaconda will not include any iBFT-configured storage devices unless networking is configured. To enable networking for the installation, use the command linux updates=http://[any] at the installation boot prompt. Note that [any] can be replaced with any URL. If your system requires a static IP configuration, use the command linux updates=http://[any] ip=[IP address] netmask=[netmask] dns=[dns]. * When installing Red Hat Enterprise Linux 5.3 on a fully virtualized guest, do not use the kernel-xen kernel. Using this kernel on fully virtualized guests can cause your system to hang. If you are using an Installation Number when installing Red Hat Enterprise Linux 5.3 on a fully virtualized guest, be sure to deselect the Virtualization package group during the installation. The Virtualization package group option installs the kernel-xen kernel. Note that paravirtualized guests are not affected by this issue. Paravirtualized guests always use the kernel-xen kernel. * If you are using the Virtualized kernel when upgrading from Red Hat Enterprise Linux 5 to 5.2, you must reboot after completing the upgrade. You should then boot the system using the updated Virtualized kernel. The hypervisors of Red Hat Enterprise Linux 5 and 5.2 are not ABI-compatible. If you do not boot the system after upgrading using the updated Virtualized kernel, the upgraded Virtualization RPMs will not match the running kernel. * When upgrading to Red Hat Enterprise Linux 5.1 or later from Red Hat Enterprise Linux 4.6, gcc4 may cause the upgrade to fail. As such, you should manually remove the gcc4 package before upgrading. * The firstboot language plugin has been removed, as it does not properly and completely reconfigure the system when a new language is selected. * The use of Challenge Handshake Authentication Protocol (CHAP) during installation is not supported. As such, CHAP should only be enabled after installation. If your system boots through an iBFT device, configure CHAP in the iBFT BIOS/firmware setup screen. Your CHAP settings will then be used in the next boot. If your system boots through PXE iSCSI, configure CHAP through iscsiadm. After configuring, use mkinitrd to ensure that your CHAP settings are used in the next boot. * When provisioning guests during installation, the RHN tools for guests option will not be available. When this occurs, the system will require an additional entitlement, separate from the entitlement used by dom0. To prevent the consumption of additional entitlements for guests, install the rhn-virtualization-common package manually before attempting to register the system to Red Hat Network. * Installing Red Hat Enterprise Linux 5.3 on a system with multiple network interfaces and manually specified IPv6 addresses may result in a partially incorrect networking setup. When this occurs, your IPv6 settings will not be visible on the installed system. To work around this, set NETWORKING_IPV6 to yes in /etc/sysconfig/network. Then, restart your network connection using the command service network restart. * If your system has yum-rhn-plugin-0.5.2-5.el5_1.2 (or an earlier version) installed, you will be unable to upgrade to Red Hat Enterprise Linux 5.3 through yum update. To work around this, upgrade your yum-rhn-plugin to the latest version (using yum update yum-rhn-plugin) before running yum update. * Previously, anaconda could not access more than 8 SmartArray controllers. In this update, this issue has been resolved. * A driver disk, supplied by an OEM, is a single image file (*.img), containing potentially multiple driver packages and kernel modules. These drivers are used during installation to support hardware that otherwise would not be recognized by Red Hat Enterprise Linux 5. Once the driver packages and kernel modules are installed on the system, they are placed in the initial RAM disk (initrd) so that they are loaded when the system boots. With this release, installation can automatically detect a driver disk (based on its file system label), thereby using the content of that disk during installation. This behavior is controlled by the installation command line option dlabel=on, which enables the automatic search. dlabel=on is the default setting for this release. All block devices with the file system label OEMDRV are examined and drivers are loaded from these devices in the order by which they are detected. * Existing encrypted block devices that contain vfat file systems will appear as type foreign in the partitioning interface; as such, these devices will not be mounted automatically during system boot. To ensure that such devices are mounted automatically, add an appropriate entry for them to /etc/fstab. For details on how to do so, refer to man fstab. 1.2. PowerPC Architectures * The minimum RAM required to install Red Hat Enterprise Linux 5.2 is 1GB; the recommended RAM is 2GB. If a machine has less than 1GB RAM, the installation process may hang. Further, PowerPC-based machines that have only 1GB of RAM experience significant performance issues under certain RAM-intensive workloads. For a Red Hat Enterprise Linux 5.2 system to perform RAM-intensive processes optimally, 4GB of RAM is recommended. This ensures the system has the same number of physical pages as was available on PowerPC machines with 512MB of RAM running Red Hat Enterprise Linux 4.5 or earlier. 1.3. s390x Architectures * anaconda now supports both ports on CHPID for OSA Express3 cards. The installer will prompt for the port number in the initial stage of the installation. The value provided for the port also affects installed network interface startup script. When port 1 is selected, the value portno=1 is added to OPTIONS parameter of ifcfg-eth* file. Note When installing under z/VM, you can add either PORTNO=0 (to use port 0) or PORTNO=1 (to use port 1) to the CMS configuration file to avoid being prompted for the mode. * Installation on a machine with existing Linux or non-Linux filesystems on DASD block devices may cause the installer to halt. If this happens, it is necessary to clear out all existing partitions on the DASD devices you want to use and restart the installer. 1.4. ia64 Architecture * If your system only has 512MB of RAM, attempting to install Red Hat Enterprise Linux 5.3 may fail. To prevent this, perform a base installation first and install all other packages after the installation finishes. * Using yum to install packages from the 32-bit Compatibility Layer disc may fail. If it does, it is because the Red Hat package signing key was not imported into the RPM database. This happens if you have not yet connected to Red Hat Network and obtained updates. To import the key manually, run the following command as root: rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Once the Red Hat GPG key is imported, you may now use yum to install packages from the 32-bit Compatibility Layer disc. Note that when installing from this disc, it is advisable to use yum instead of rpm to ensure that base OS dependencies are addressed during installation. 2. Feature Updates Block Device Encryption Red Hat Enterprise Linux 5.3 includes support for block device encryption using the Linux Unified Key Setup (LUKS) specification. Encrypting a device protects all data on a block device against unauthorized access, even if the device has been physically removed from a system. To access the contents of an encrypted device, a user must provide a passphrase or key as authentication. For information on setting up disk encryption, refer to Chapter 28 of the Red Hat Enterprise Linux Installation Guide at: http://redhat.com/docs/ mac80211 802.11a/b/g WiFi protocol stack (mac80211) The mac80211 stack (formerly known as the devicescape/d80211 stack) is now a supported feature in Red Hat Enterprise Linux 5.3. It enables the iwlwifi 4965GN wireless driver for Intel® WiFi Link 4965 hardware which allows certain wireless devices to connect to any WiFi network. Although the mac80211 component is supported in Red Hat Enterprise Linux 5.3, the symbols are not included in the symbol whitelist for the kernel. Global File System 2 (GFS2) GFS2 is an incremental advancement of GFS. This update applies several significant improvements that require a change to the on-disk file system format. GFS file systems can be converted to GFS2 using the utility gfs2_convert, which updates the metadata of a GFS file system accordingly. In Red Hat Enterprise Linux 5.2, GFS2 was provided as a kernel module for evaluation purposes. In Red Hat Enterprise Linux 5.3, GFS2 is now part of the kernel package. If the Red Hat Enterprise Linux 5.2 GFS2 kernel modules have been installed they must be removed to use GFS2 in Red Hat Enterprise Linux 5.3. Improvements in Driver Disk Support A driver disk, supplied by an OEM, is a single image file (*.img), containing potentially multiple driver RPMs and kernel modules. These drivers are used during installation to support hardware that otherwise would not be recognized. The RPMs are installed on the system and placed into the initrd so that they are supported when the machine reboots. With Red Hat Enterprise Linux 5.3, installation can automatically detect the presence of a driver disk based on its file system label, and use the content of that disk during installation. This behavior is controlled by the installation command line option dlabel=on, which enables the automatic search. All block devices with the file system label OEMDRV are examined and drivers are loaded from these devices in the order in which they are encountered. iSCSI Boot Firmware Table Red Hat Enterprise Linux 5.3 now fully supports the iSCSI Boot Firmware Table (iBFT) which allows for booting from iSCSI devices. This support required that iSCSI disks (nodes) are no longer marked to start up automatically; the installed system will no longer automatically connect and login to iSCSI disks when entering runlevel 3 or 5. iSCSI is usually used for the root filesystem, in which case this change does does not make a difference as the initrd will connect and login to the needed iSCSI disks even before the runlevel is entered. However if iSCSI disks need to be mounted on non root directories, for example /home or /srv, then this change will impact you, since the installed system will no longer automatically connect and login to iSCSI disks that are not used for the root filesystem. Using iSCSI disks mounted on non root directories is still possible, but requires the use of one of the following workarounds: 1. Install the system without use of iSCSI disks mounted on non root directories and later configure the relevant disks and mount points manually 2. Boot the installed system into runlevel 1, and mark any iSCSI disks that are not used for the root filesystem for automatic startup by using the following command once per disk: iscsiadm -m node -T target-name -p ip:port -o update -n node.startup -v automatic rhythmbox the rhythmbox audio player has been updated to version 0.11.6. This update provides the option to use proprietary GStreamer plugins. lftp Rebase lftp has now been rebased to version 3.7.1. This applies several upstream feature updates and bug fixes, including: * A security flaw in the way lftp quoted scripts generated by mirror --script (which could cause unauthorized privilege escalation) is now fixed. * Using lftp with the option -c no longer causes lftp to hang. * lftp no longer corrupts files during a transfer when using sftp. For more information on lftp updates applied in this release, refer to http://lftp.yar.ru/news.html. TTY Input Auditing TTY input auditing is now supported. If a process is marked for TTY input auditing, the data it reads from TTYs is audited; this will show up on audit records with type TTY. You can use the pam_tty_audit module to mark a process (and its child processes) for TTY input auditing. For instructions on how to do this, refer to man pam_tty_audit(8). The TTY audit records contain the exact keystrokes read by the audited process. To make data decoding easier, bash audits the exact command line using the record type USER_TTY. The "TTY" audit records contain all data read by audited processes from the TTY. This includes data inserted into the input stream by the TIOCSTI ioctl system call. SystemTap Re-base SystemTap has been re-based to version 0.7.2. This update of SystemTap introduces several minor improvements, along with a few major features. These new features include: * SystemTap now supports symbolic probing on x86, x86-64 and PowerPC architectures. This enables SystemTap scripts to place probes into user-space applications and shared libraries. As a result, SystemTap can now provide the same level of debugger probing on some user-space applications as kernel probing. For example, if coreutils-debuginfo is installed, you can print a callgraph of the ls command using /usr/share/doc/systemtap-version/examples/general/callgraph.stp, as in: stap para-callgraph.stp 'process("ls").function("*")' -c 'ls -l' In order to reduce the likelihood of an undetected version mismatch between the binary and its debuginfo RPMs, Red Hat advises that you set the SYSTEMTAP_DEBUGINFO_PATH environment variable to the value +:.debug:/usr/lib/debug:build. SystemTap's support for symbolic probes also extends to markers placed into the kernel of this release. To use these markers, load the kernel-trace kernel module in /etc/rc.local (using modprobe kernel-trace). * SystemTap also supports remote compilation services. This enables a single computer on the network to act as a debuginfo/compiler server for local SystemTap clients. The clients auto-locate the server using mDNS (avahi), and only need the systemtap-client and systemtap-runtime packages to work. At present, this feature does not use security mechanisms like encryption. As such, it is advisable to use remote compilation services only within trusted networks. For more information, refer to man stap-server. * The kernel update for this release includes a kernel API extension that significantly improves shutdown of SystemTap scripts. This added kernel API extension eliminates unnecessary synchronization between individual probe removal operations. As a result, SystemTap scripts that have hundreds of kernel probes are processed much faster. This is especially useful for administrators that use scripts with probes containing wildcards that capture numerous kernel events, such as probe syscall.* {}. For a complete list of SystemTap updates included in this release, refer to the following URL: http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=blob_plain;f=NEWS;hb=rhel53 Cluster Manager Update The Cluster Manager utility (cman) has been updated to version 2.0.97. This applies several bug fixes and enhancements, most notably: * cman now uses the following firmware versions: APC AOS v3.5.7 and APC rpdu v3.5.6. This fixes a bug that prevented the APC 7901 from using simple network management protocol (SNMP) properly. * fence_drac, fence_ilo, fence_egenera, and fence_bladecenter agents now support ssh. * fence_xvmd key files can now be reloaded without restarting. * A single fence method can now support up to 8 fence devices. sudo Re-base sudo has been re-based to upstream version 1.6.9. This version of sudo now supports LDAP, and allows sub-tree searching instead of just base searching (i.e. tree-level only) for sudo rights. This allows administrators to categorize sudo rights in a tree, making user privileges easier to manage. RPM Re-Base The RedHat Package Manager (RPM) is now re-based to the Fedora 9 upstream version. rpm now adds secondary architecture-specific macro files on multi-arch systems. In addition, rpm now meets all certification criteria for inclusion in Red Hat Enterprise Linux 5. This update also applies several upstream enhancements and bug fixes to rpm, including: * rpm no longer generates unnecessary .rpmnew and .rpmsave files on multi-arch systems. * A bug in the rpmgiNext() function of rpm prevented proper error reporting. This update applies the proper semantics for error reporting, thereby ensuring that rpm returns the correct exit code in all instances. Open Fabrics Enterprise Distribution (OFED) / opensm opensm has been updated to the upstream version 3.2, including a minor change to the opensm library API. * The format of the opensm.conf file has changed. If you have made custom modifications to your existing opensm.conf, rpm will automatically install the new opensm.conf file as /etc/ofed/opensm.conf.rpmnew. You will need to migrate your modifications to this file and then replace the existing opensm.conf file with the result. * Red Hat closely tracks the upstream Open Fabrics Enterprise Distribution (OFED) code base in order to provide a maximal level of enablement for this still evolving technology. As a consequence, Red Hat can only preserve API/ABI compatibility across minor releases to the degree that the upstream project does. This is an exception from the general practice in the development of Red Hat Enterprise Linux. Because of this, applications build on top of the OFED stack (listed below), might require recompilation or even source-level code changes when moving from one minor release of Red Hat Enterprise Linux to a newer one. This generally is not required for other applications, built on the Red Hat Enterprise Linux software stack. The components affected are: * dapl * compat-dapl * ibsim * ibutils * infiniband-diags * libcxgb3 * libehca * libibcm * libibcommon * libibmad * libibumad * libibverbs * libipathverbs * libmlx4 * libmthca * libnes * librmdacm * libsdp * mpi-selector * mpitests * mstflint * mvapich * mvapich2 * ofed-docs * openib * openib-mstflint * openib-perftest * openib-tvflash * openmpi * opensm * perftest * qlvnictools * qperf * rds-tools (future) * srptools * tvflash Net-SNMP Re-Base Net-SNMP has been re-based to upstream version 5.3.2.2. This update adds Stream Control Transmission Protocol (SCTP) support (as per RFC 3873, http://www.ietf.org/rfc/rfc3873.txt) and introduces two new configuration options (to be used in /etc/snmpd.conf): * dontLogTCPWrappersConnects — suppresses logging of connection attempts. * v1trapaddress — enables administrators to set an agent's IP address inside outgoing SNMP traps. This update also features several bug fixes from upstream, including: * The snmpd daemon now functions properly on systems with more than 255 network interfaces. In addition, snmpd also reports an error now when it is configured to listen on any port higher than 65535. * A race condition that caused the snmpd daemon to leak file descriptors when reading from /proc is now fixed. * The snmpd daemon now correctly reports hrProcessorLoad object IDs (OID), even on multi-CPU hardware. Note, however, that it takes approximately one minute from daemon startup to calculate the value of the OID. * The net-snmp-devel package is now dependent on the lm_sensors-devel package. OpenSSL Re-Base for FIPS Certification The openssl packages upgrade the OpenSSL library to a newer upstream version, which is currently undergoing the Federal Information Processing Standards validation process (FIPS-140-2). The FIPS mode is disabled by default, to ensure that the OpenSSL library maintains feature parity and ABI compatibility with the previous releases of the openssl packages in Red Hat Enterprise Linux 5. This update also applies the following upstream fixes: * By default, zlib compression is used for SSL and TLS connections. On IBM System z architectures with Central Processor Assist for Cryptographic Function (CPACF), compression became the main part of the CPU load, and total performance was determined by the speed of the compression (not the speed of the encryption). When compression is disabled, the total performance is much higher. In these updated packages, zlib compression for SSL and TLS connections can be disabled with the OPENSSL_NO_DEFAULT_ZLIB environment variable. For TLS connections over a slow network, it is better to leave compression on, so that the amount of data to be transferred is lower. * When using the openssl command with the s_client and s_server options, the default CA certificates file (/etc/pki/tls/certs/ca-bundle.crt), was not read. This resulted in certificates failing verification. In order for certificates to pass verification, the -CAfile /etc/pki/tls/certs/ca-bundle.crt option had to be used. In these updated packages, the default CA certificates file is read, and no longer needs to be specified with the -CAfile option. yum Re-Base yum has been re-based to upstream version 3.2.18. This update improves the speed at which yum operates, thereby alleviating the problem posed by the ever-growing number of packages included with each minor release. In addition, this update also introduces the reinstall command, improves the interface for several commands, and applies several bug fixes, including: * Any yum commands would fail if the -c option was used to specify a configuration file residing on a web address (http). This bug is now fixed. * A checkSignal() function in yum called an incorrect exit function; as such, exiting yum would result in a traceback instead. With this release, yum now exits properly. flash-plugin Re-Base The flash-plugin package has been re-based to version 10.0.12.36. This update applies several security fixes that were included in a previous flash-plugin ASYNC update. Further, this updated plugin also contains Adobe Flash Player 10, which includes the following bug fixes and feature enhancements: * Improved stability on the Linux platform by fixing a race condition issue in sound output. * New support for custom filters and effects, native 3D transformation and animation, advanced audio processing, a new, more flexible text engine, and GPU hardware acceleration. For more information about this update, refer to the Adobe Flash Player 10 release notes at the following link: http://www.adobe.com/support/documentation/en/flashplayer/10/Flash_Player_10_Release_Notes.pdf gdb Rebase gdb has now been rebased to version 6.8. This applies several upstream feature updates and bug fixes, most notably: support for breakpoints inside C++ templates, constructors and inline functions. For more information on gdb updates applied in this release, refer to http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/NEWS?rev=1.259.2.1&cvsroot=src. Instruction Based Sampling on AMD Family10h processors New hardware profiling support for the AMD Family10h processors has been added for Red Hat Enterprise Linux 5.3. These new AMD CPUs support Instruction Based Sampling (IBS). IBS support requires changes to the oProfile driver to gather this information and initialize the new Model Specific Registers (MSRs) associated with these new features. This update adds the new IBS_FETCH and IBS_OP profiling samples to the per CPU buffers and the event buffers of the oProfile driver. New control entries have also been added to /dev/oprofile to control IBS sampling. These changes are backward compatible with the previous PMC only version of the driver, and a separate patch is available to oProfile 0.9.3 to use this new data. For more information on IBS refer to the paper: Instruction-Based Sampling: A New Performance Analysis Technique for AMD Family 10h Processors, November 19, 2007 Squid Re-base Squid has been re-based to the latest stable upstream version (STABLE21). This update addresses several bugs, including: * The squid init script always incorrectly returned an exit code of 0. This bug is now fixed, making squid compliant now with Linux Standard Base. * Using the refresh_stale_hit directive causes error message Clock going backwards to appear in the squid log file. * The squid installation process did not set up correct ownership of the /usr/local/squid directory. With this release, the user squid is now the default owner of /usr/local/squid. * Whenever squid attempts to use the function hash_lookup(), it could abort with signal 6. * Using squid_unix_group could cause squid to crash. Event Multi-Processing Model in Apache httpd, the Apache HTTP Server package, now includes the experimental event Multi-Processing Model (MPM). This MPM improves performance by using dedicated threads to handle keepalive connections. audit Update The audit package contains user-space utilities for storing and searching the audit records generated by the audit subsystem in the kernel. The audit packages have been updated to the newer upstream version 1.7.7, which provides both enhancements and bug fixes over the previous audit packages. These updated audit packages add the following enhancements: * the audit system is now able to perform remote logging. * the auditctl utility now supports multiple keys in the audit rules. * a sample STIG rules file (stig.rules) which contains auditctl rules that are loaded whenever the audit daemon is started by init scripts is now provided as an example in these updated packages. * a new utility, ausyscall, has been added for the purpose of cross-referencing syscall name and number information. * aureport now provides a report about keys it sees in audit events. * the event log parsing for the ausearch and aureport programs has been improved. libgomp re-base libgomp has been re-based to version 4.3.2-7.el5. The re-base improves OpenMP performance and adds support for OpenMP version 3.0 when used with the gcc43 compiler. iSCSI target capability The iSCSI target capability, delivered as part of the Linux Target (tgt) framework, moves from Technology Preview to full support in Red Hat Enterprise Linux 5.3. The linux target framework allows a system to serve block-level SCSI storage to other systems that have a SCSI initiator. This capability is being initially deployed as a Linux iSCSI target, serving storage over a network to any iSCSI initiator. To set up the iSCSI target, install the scsi-target-utils RPM and refer to the instructions in: /usr/share/doc/scsi-target-utils-[version]/README and /usr/share/doc/scsi-target-utils-[version]/README.iscsi 3. Driver Updates 3.1. All Architectures General Driver/Platform Updates * The Intel High Definition Audio driver in ALSA has been updated. * High-Definition Multimedia Interface (HDMI) audio support on AMD ATI integrated chipsets has been updated. * The following Wacom graphics tablets are now supported through the linuxwacom drivers: * Cintiq 20WSX * Intuos3 4x6 * the lpfc driver for Emulex Fibre Channel Host Bus Adapters has been updated to version 8.2.0.33.2p. This applies several upstream changes, most notably: * the NETLINK_SCSITRANSPORT socket is now used * Resolved uninitialized node access. * fixed a bug that caused echotest failure when NPIV is enabled. * fcauthd 1.19 is now required for fibre channel authentication. * dm-multipath now has inbox support for IBM DS4000. * The ixgbe driver now supports the 82598AT dual-port adapter and the 82598 CX4 adapter. * the jsm driver has been updated to add support for Digi Neo PCI Express 4 HiProfile I/O adapters. * hp-ilo: driver added, providing support for HP Integrated Lights Out (iLO) technology. * The radeon_tp driver is now fully supported in this release. This driver enables the ATI R500/R600 chipsets. This driver also features the following capabilities: * Modesetting on R500/R600 chipsets * 2D acceleration on R500 chipsets * Shadow framebuffer acceleration on R600 chipsets * The powernow-k8 driver is now included in this release as a loadable module. This ensures that existing driver frameworks (such as the Red Hat Driver Update Model and Dell DKMS) can deliver powernow-k8 driver updates to users as RPM packages without requiring them to upgrade the kernel. * For this release, Red Hat is re-adding pnm2ppa in order to provide support for legacy printers. Note, however, that this support is deprecated and will be discontinued in future major releases. * The ccid driver has been re-based to add support for USB Smartcard keyboards. * the uvcvideo drivers for USB video devices has been added to the kernel in Red Hat Enterprise Linux 5.3. Network * The bnx2 driver for the Broadcom NetXtreme II network cards has been updated to version 1.7.9. This update fixes the ethernet ring buffer options on controllers that use bnx2 to fix a bug that caused the system to panic at boot. * The e1000e driver for Intel PRO/1000 ethernet devices has been updated to the upstream version 0.3.3.3-k2. With this update, the EEPROM and NVM of supported devices are now write-protected. * igb: driver for Intel Gigabit Ethernet Adapters has been updated to version 1.2.45-k2, adding support for 82576 based devices. * the ixgbe driver for Intel(R) 10 Gigabit PCI Express network devices has been updated to version 1.3.18-k4. * the niu driver has been added to Red Hat Enterprise Linux 5.3, adding support for 10Gbps ethernet devices on Sun CP3220 systems. * the ipw2100 and ipw2200 drivers for Intel PRO Wireless devices has been backported to Red Hat Enterprise Linux 5.3 from Linux Kernel 2.6.25. * the bcm43xx driver for Broadcom Wireless devices has been backported to Red Hat Enterprise Linux 5.3 from Linux Kernel 2.6.25. * the ieee80211 support component for wireless devices has been backported to Red Hat Enterprise Linux 5.3 from Linux Kernel 2.6.25. * the zd1211rw driver for ZyDas Wireless devices has been updated to match the last non-mac80211 version from just prior to Linux 2.6.25. * the iwlwifi drivers have been updated to version from 2.6.26, adding 802.11n support to iwl4965 wireless devices. Several bug fixes included in post-2.6.26 versions of the driver were also incorporated into the backported driver. * the myri10ge driver for Myricom Myri-10G Ethernet devices has been updated to version 1.3.2-1.269. * the netxen driver for NetXen network cards has been updated to version 3.4.18. * The bnx2x driver for Broadcom Everest network devices has been updated to version 1.45.23, adding support for the 57711 hardware. * the forcedeth-msi driver has been updated to fix a bug that prevented proper link-up detection. * the ath5k driver for Atheros wireless devices has been backported to Red Hat Enterprise Linux 5.3 from Linux Kernel 2.6.26. * the rt2x00 drivers for Ralink wireless devices has been backported to Red Hat Enterprise Linux 5.3 from Linux Kernel 2.6.26. * the rtl8180 and rtl8187 drivers for Realtek wireless devices has been backported to Red Hat Enterprise Linux 5.3 from Linux Kernel 2.6.26. * cxgb3: driver (along with corresponding firmware) is now included with this release. This driver supports the Chelsio RDMA 10Gb PCI-E Ethernet adapter. Storage * 3w-xxxx: driver for 3ware SATA RAID Controllers updated to version 1.26.03. This applies several upstream changes, most notably: * Fixed a bug that caused data corruption when using a 3ware 7000 or 8000 series card in a system with greater than 2GB of RAM. * Anaconda no longer hangs on 64-bit architectures when using a 3ware 8006 series card in a system with greater than 4GB of RAM. * The irq handler is now freed when __tw_shutdown() is initiated. This prevents a possible null pointer de-reference if an interrupt was shared during shutdown. * RCD bit for caching mode page is now turned on. * ioctl resets and scsi resets are now serialized so they no longer collide. * 3w-9xxx: driver for 3ware SATA RAID Controllers updated to version 2.26.08. This applies several upstream changes, most notably: * The pci_unmap_single() call now functions correctly on systems with greater than 4GB of RAM * Fixed a bug that caused slow write performance. * The DMA mask setting now reverts to 32-bit if 64-bit fails. * Added support for the 3ware 9690SA SAS Controller Device. * megaraid_sas: driver updated to version 4.01-rh1. Several bug fixes are applied by this update, including: * MFI_POLL_TIMEOUT_SECS is now 60 seconds. * Fixed a bug that caused continuous chip resets and command timeouts due to frame count calculation. * Added support for the LSI Generation 2 Controllers (0078, 0079). * Added a command to shutdown DCMD in the shutdown routine to improve firmware shutdown. * Fixed a bug that caused unexpected interrupts in the hardware Linux driver. * the SCSI device handler infrastructure (scsi_dh) has been updated, providing the following improvements: * a generic ALUA (asymmetric logical unit access) handler has been implemented. * added support for LSI RDAC SCSI based storage devices. * the qla2xxx driver for QLogic Fibre Channel Host Bus Adapters has been updated, adding support for ISP84XX type cards. * the ibmvscsi drivers for emulating virtual SCSI (vSCSI) devices has been updated, providing support for virtualized tape devices. * lpfc: driver updated to version 8.2.0.30. This update applies several bug fixes and enhancements, including: * Improved Enhanced Error Handling (EEH) for PCI adapters on PowerPC architectures * Increased the number of supported NPIV virtual ports * Improved driver logic to control I/O queue depth * Added support for Fibre Channel over Ethernet (FCoE) adapters * Booting from SAN for new hardware is now supported * the cciss driver for HP Smart Array controllers has been updated to version 3.6.20-RH2. 4. Kernel-Related Notes 4.1. All Architectures * relayfs previously had a buffer size limit of 64MB. In this update, the limitation of the memory allocated to relayfs for on-memory buffers has been increased to 4095MB. This allows SystemTap and other tracing tools that utilize relayfs the ability to trace more events. * The driver for Dell Remote Access Controller 4 (DRAC4) was not present. Consequently, any virtual devices provided by the DRAC4 were not being detected by the kernel. In this update, the pata_sil680 kernel module that provides the appropriate driver has been added, which resolves this issue. * The message buffers for the relay interface were only allocated for online CPUs when relay_open() was called. Consequently, if an off-line CPU was turned on after relay_open() was called, a kernel panic would occur. In this update, a new message buffer is allocated dynamically if any new CPUs are added. * The driver for 8250 based serial ports has been updated to add support for DSR/DTR hardware flow control. * Support for Dell Wireless Wide Area Network (WWAN) cards has been added to the kernel. Devices that are now supported are: * Dell Wireless 5700 Mobile Broadband CDMA/EVDO Mini-Card * Dell Wireless 5500 Mobile Broadband HSDPA Mini-Card * Dell Wireless 5505 Mobile Broadband HSDPA Mini-Card * Dell Wireless 5700 Mobile Broadband CDMA/EVDO ExpressCard * Dell Wireless 5510 Mobile Broadband HSDPA ExpressCard * Dell Wireless 5700 Mobile Broadband CDMA/EVDO Mini-Card * Dell Wireless 5700 Mobile Broadband CDMA/EVDO Mini-Card * Dell Wireless 5720 * Dell Wireless HSDPA 5520 * Dell Wireless HSDPA 5520 * Dell Wireless 5520 Voda I Mobile Broadband (3G HSDPA) Mini-Card * the thinkpad_acpi kernel module has been updated to provide enhanced support for newer Thinkpad models. * The soft lockup detector can now be configured to trigger a kernel panic instead of a warning message. This makes it possible for users to generate and analyze a crash dump during a soft lockup for forensic purposes. To configure the soft lockup detector to generate a panic, set the kernel parameter soft_lockup to 1. This parameter is set to 0 by default. * oprofile did not correctly identify processors based on the Next-Generation Intel Microarchitecture (Nehalem). Consequently, the performance monitoring unit could not be used and the processor fell back to the timer interrupt. The kernel has been updated to resolve this issue. * Support has been added to the kernel for the CPU power state, C3, on the Next-Generation Intel Microarchitecture (Nehalem). The ability to enter C3 (also known as the sleep state) improves the power efficiency of the CPU when idle. * Previously, the MAX_ARG_PAGES limit that is set in the kernel was too low, and may have resulted in the following error: execve: Argument list too long In this update, this limit has been increased to 25 percent of the stack size, which resolves this issue. * autofs4 updates have been backported to Red Hat Enterprise Linux 5.3 from linux kernel version 2.6.27. * Red Hat Enterprise Linux 5.3 now includes the ability to specify that core files be piped to a forked copy of a user space application, rather than directly to a file. This is enabled by placing | path/to/applicationin /proc/sys/kernel/core_pattern. When a core is dumped, a copy of the specified application will be executed, and the core will be piped to it on stdin. This allows for the core to be augmented, analyzed and actively handled at core dump time. * The file /proc/cpuinfo now reports the ID of the Advanced Programmable Interrupt Controller (APIC) that is used by each individual CPU. * The Machine Check Exception (MCE) kernel subsystem has been enhanced to support larger memory configurations as needed by new systems. * The mount command now supports Kerberos authentication when mounting filesystems via Samba. The sec=krb5 or sec=krb5i switch allows the kernel to call a userspace application (cifs.upcall) which returns a SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) security blob (Binary Large OBject). The kernel can then use this blob to authenticate with the server and mount the requested filesystem. * If you configured the kernel parameter kernel.unknown_nmi_panic on a system that used the IOAPIC NMI watchdog method, a kernel panic could occur. This is because the NMI watchdog could not disable the source of NMIs securely. With this release, the NMI watchdog code has been revised to allow users to safely disable the NMI source. As such, you can now safely configure the kernel parameter kernel.unknown_nmi_panic on systems that use the IOAPIC NMI watchdog method. 4.2. x86 Architectures * The powernowk8 driver was not performing sufficient checks on the number of running CPUs. Consequently, when the driver was started, a kernel oops error message may have been reported. In this update the powernowk8 driver verifies that the number of supported CPUs (supported_cpus) equals the number of online CPUs (num_online_cpus), which resolves this issue. 4.3. PowerPC Architectures * CPUFreq, the kernel subsystem that scales CPU frequency and voltage, has been updated with improved support for Cell Processors. This update implements a Synergistic Processing Unit (SPU) aware CPUFreq governor that enhances the power management of Cell processors. * Error Detection and Correction (EDAC) is now supported on the Cell Broadband Engine Architecture in Red Hat Enterprise Linux 5.3. To enable EDAC, use the command: modprobe cell_edac To check this module has been added to your running kernel, check /var/log/dmesg for output like the following: EDAC MC: Ver: 2.0.1 Oct 4 2008 EDAC MC0: Giving out device to cell_edac MIC: DEV cbe-mic EDAC MC1: Giving out device to cell_edac MIC: DEV cbe-mic If correctable memory errors are encountered, the following message will be returned to the console: EDAC MC0: CE page 0xeff, offset 0x5700, grain 0, syndrome 0x51, row 0, channel 0, label "": * Debugging with hardware watchpoints using a variable that is shared between multiple threads was causing the GNU Debugger (GDB) to erratically miss trigger events. The kernel has been updated to allow GDB to consistently receive the watchpoint triggers, improving the reliability of the debugging session. 4.4. x86_64 Architectures * kprobe-booster is now supported on the ia64 and x86_64 architectures, allowing users to probe kernel events much faster. This feature will also decrease the overhead caused by probing tools (e.g. SystemTap and Kprobes) on servers running on 64-bit architecture. * Support has been added to the kernel for the _PTC (Processor Throttling Control), _TSS (Throttling Supported States) and _TPC (Throttling Present Capabilities) objects. This support, which is part of the Advance Configuration and Power Interface specification (ACPI) provides improved management of processor throttling. 4.5. s390x Architectures * In zipl.conf, parameters enclosed with double quotes inside of single quotes (ie parameters='vmhalt="LOGOFF"') were being parsed incorrectly. Consequently, installing the kernel-kdump package may have failed, resulting in the error: grubby fatal error: unable to find a suitable template To resolve this issue, parameters should be enclosed with single quotes inside of double quotes (ie parameters="vmhalt='LOGOFF'") Note The syntax structure of single quotes inside of double quotes is the default in Red hat Enterprise Linux 5. 4.6. ia64 Architecture * The Dual-Core Intel Itanium 2 processor filled out machine check architecture (MCA) records differently to previous Intel Itanium processors. The cache check and bus check target identifiers can now be different in some circumstances. The kernel has been updated to find the correct target identifier. * kprobe-booster is now supported on the ia64 and x86_64 architectures, allowing users to probe kernel events much faster. This feature will also decrease the overhead caused by probing tools (e.g. SystemTap and Kprobes) on servers running on 64-bit architecture. * In this update, support for pselect() and ppoll() system calls has been added to the kernel. 5. Virtualization This section contains information about updates made to Red Hat Enterprise Linux suite of Virtualization tools. 5.1. Feature Updates * The blktap (blocktap) userspace toolkit has been updated, providing the functionality to monitor the transfer statistics of blktap backed virtualized guests. * Support was added for the Intel Extended Page Table (EPT) feature, improving performance of fully virtualized guests on hardware that supports EPT. * e1000 network device emulation for guests has been added in this update, supporting only Windows 2003 guests on the ia64 architecture. To use e1000 emulation, the xm command must be used. * Drivers for virtio, the platform for I/O virtualization in KVM, has been backported to Red Hat Enterprise Linux 5.3 from Linux Kernel 2.6.27. These drivers will enable KVM guests to achieve higher levels of I/O performance. Various userspace components such as: anaconda, kudzu, lvm, selinux and mkinitrd have also been updated to support virtio devices. * The native Linux kernel supports vmcoreinfo automatically, but, to setup kdump on dom0 domains, the kernel-xen-debuginfo package was needed. With this release, the kernel and the hypervisor have been modified and now support vmcoreinfo reading and writing kdump natively. Users needing to use kdump for de-bugging or other investigations on dom0 domains can now do so without installing the debuginfo or debuginfo-common packages. * Fully virtualized Red Hat Enterprise Linux 5 guests encountered suboptimal performance when using emulated disk and network devices. In this update, the kmod-xenpv package has been included to simplify the use of paravirtualized disks and networks in fully virtualized guests. Using these drivers in fully virtualized guests can significantly improve the performance and functionality of fully virtualized guests. Bug fixes made for netfront and block front drivers are immediately realized and synchronized with the kernel package. * Guests now have the ability to utilize 2MB backing page memory tables, which can improve system performance. 5.2. Resolved Issues 5.2.1. All Architectures * Shutting down a paravirtualized guest may have caused the dom0 to stop responding for a period of time. Delays of several seconds were experienced on guests with large amounts of memory (ie 12GB and above.) In this update, the virtualized kernel allows the shutdown of a large paravirtualized guest to be pre-emptible, which resolves this issue. * crash was unable to read the relocation address of the hypervisor from a vmcore file. Consequently, opening a Virtualized kernel vmcore file with crash would fail, resulting in the error: crash: cannot resolve "idle_pg_table_4" In this update, the hypervisor now saves the address correctly, which resolves this issue. * Previously, paravirtualized guests could only have a maximum of 16 disk devices. In this update, this limit has been increased to a maximum of 256 disk devices. * Memory reserved for the kdump kernel was incorrect, resulting in unusable crash dumps. In this update, the memory reservation is now correct, allowing proper crash dumps to be generated. * Attaching a disk with a specific name (ie. /dev/xvdaa, /dev/xvdab, /dev/xvdbc etc.) to a paravirtualized guest resulted in a corrupted /dev device inside the guest. This update resolves the issue so that attaching disks with these names to a paravirtualized guest creates the proper /dev device inside the guest. * Previously, the number of loopback devices was limited to 4. Consequently, this limited the ability to create bridges on systems with more than 4 network interfaces. In this update, the netloop driver now creates additional loopback devices as required. * A race condition could occur when creating and destroying virtual network devices. In some circumstances — especially high load situations — this would cause the virtual device to not respond. In this update, the state of the virtual device is checked to prevent the race condition from occurring. * a memory leak in virt-manager would be encountered if the application was left running. Consequently, the application would constantly consume more resources, which may have led to memory starvation. In this update, the leak has been fixed, which resolves this issue. * the crash utility could not analyze x86_64 vmcores from systems running kernel-xen because the Red Hat Enterprise Linux hypervisor was relocatable and the relocated physical base address is not passed in the vmcore file's ELF header. The new --xen_phys_start command line option for the crash utility allows the user to pass crash the relocated base physical address. * Not all mouse events were being captured and processed by the Paravirtual Frame Buffer (PVFB). Consequently, the scroll wheel did not function when interacting with a paravirtualized guest with the Virtual Machine Console. In this update, scroll wheel mouse events are now handled correctly, which resolves this issue. * On systems with large amounts of memory (ie 256GB or more), setting up the dom0 could exhaust the hypervisor memory heap. To work around this, the xenheap and dom0_size command line arguments had to be set to valid values for the system. In this update, the hypervisor has been updated to automatically set these values, which resolves this issue. * Using Virtualization on a machine with a large number of CPUs may have caused the hypervisor to crash during guest installation. In this update, this issue has been resolved. * A softlockup may have occurred when creating a guest with a large amount of memory. Consequently, a call trace of the error was displayed on both the dom0 and the guest. In this update, this issue has been resolved. * On Intel processors that return a CPUID family value of 6, only one performance counter register was enabled in kernel-xen. Consequently, only counter 0 provided samples. In this update, this issue has been resolved. 5.2.2. x86 Architectures * On systems with newer CPU's, the CPU APIC ID differs from the CPU ID. Consequently, the virtualized kernel was unable to initialize CPU frequency scaling. In this update, the virtualized kernel now retrieves CPU APIC ID from the hypervisor, allowing CPU frequency scaling to be initialized properly. * When running an x86 paravirtualized guest, if a process accessed invalid memory, it would run in a loop instead of getting a SEGV signal. This was caused a flaw in the way execshield checks were done under the hypervisor. In this update, this issue has been resolved. 5.2.3. ia64 Architecture * A xend bug that previously caused guest installation failures is now fixed. * the evtchn event channel device lacked locks and memory barriers. This led to xenstore becoming unresponsive. In this update, this issue has been resolved. * Non-Uniform Memory Access (NUMA) information was not being displayed by the xm info command. Consequently, node_to_cpu value for each node was being incorrectly returned as no cpus. In this update, this issue has been resolved. * Previously, creating a guest on a Hardware Virtual Machine (HVM) would fail on processors that include the VT-i2 technology. In this update, this issue has been resolved. 5.2.4. x86_64 Architectures * When the Dynamic IRQs available for guests virtual machines were exhausted, the dom0 kernel would crash. In this update, the crash condition has been fixed, and the number of available IRQs has been increased, which resolves this issue. * On systems with newer CPU's, the CPU APIC ID differs from the CPU ID. Consequently, the virtualized kernel was unable to initialize CPU frequency scaling. In this update, the virtualized kernel now retrieves CPU APIC ID from the hypervisor, allowing CPU frequency scaling to be initialized properly. 5.3. Known Issues 5.3.1. All Architectures * Diskette drive media will not be accessible when using the virtualized kernel. To work around this, use a USB-attached diskette drive instead. Note that diskette drive media works well with other non-virtualized kernels. * In live migrations of paravirtualized guests, time-dependent guest processes may function improperly if the corresponding hosts' (dom0) times are not synchronized. Use NTP to synchronize system times for all corresponding hosts before migration. * Repeated live migration of paravirtualized guests between two hosts may cause one host to panic. If a host is rebooted after migrating a guest out of the system and before migrating the same guest back, the panic will not occur. * Formatting a disk when running Windows 2008 or Windows Vista as a guest can crash when the guest has been booted with multiple virtual CPUs. To work around this, boot the guest with a single virtual CPU when formatting. * Fully virtualized guests created through virt-manager may sometimes prevent the mouse from moving freely throughout the screen. To work around this, use virt-manager to configure a USB tablet device for the guest. * The maximum CPUs must be restricted to less than 128 when on a 128 or greater CPU system. The maximum that is supported at this time is 126. Use the maxcpus=126 hypervisor argument to limit the Hypervisor to 126 * Fully virtualized guests cannot correct for time lost due to the domain being paused and unpaused. Being able to correctly track the time across pause and unpause events is one of the advantages of paravirtualized kernels. This issue is being addressed upstream with replaceable timers, so fully virtualized guests will have paravirtualized timers. Currently, this code is under development upstream and should be available in later versions of Red Hat Enterprise Linux. * Repeated migration of paravirtualized guests may result in bad mpa messages on the dom0 console. In some cases, the hypervisor may also panic. To prevent a hypervisor kernel panic, restart the migrated guests once the bad mpa messages appear. * When setting up interface bonding on dom0, the default network-bridge script may cause bonded network interfaces to alternately switch between unavailable and available. This occurrence is commonly known as flapping. To prevent this, replace the standard network-script line in /etc/xen/xend-config.sxp with the following line: (network-script network-bridge-bonding netdev=bond0) Doing so will disable the netloop device, which prevents Address Resolution Protocol (ARP) monitoring from failing during the address transfer process. * When running multiple guest domains, guest networking may temporarily stop working, resulting in the following error being reported in the dom0 logs: Memory squeeze in netback driver To work around this, raise the amount of memory available to the dom0 with the dom0_mem hypervisor command line option. 5.3.2. x86 Architectures * Migrating paravirtualized guests through xm migrate [domain] [dom0 IP address] does not work. * When installing Red Hat Enterprise Linux 5 on a fully virtualized SMP guest, the installation may freeze. This can occur when the host (dom0) is running Red Hat Enterprise Linux 5.2. To prevent this, set the guest to use a single processor using the install. You can do this by using the --vcpus=1 option in virt-install. Once the installation is completed, you can set the guest to SMP by modifying the allocated vcpus in virt-manager. 5.3.3. x86_64 Architectures * Migrating paravirtualized guests through xm migrate [domain] [dom0 IP address] does not work. * Installing the Virtualization feature may cause a time went backwards warning on HP systems with model numbers xw9300 and xw9400. To work around this issue for xw9400 machines, configure the BIOS settings to enable the HPET timer. Note that this option is not available on xw9300 machines. * Installing Red Hat Enterprise Linux 3.9 on a fully virtualized guest may be extremely slow. In addition, booting up the guest after installation may result in hda: lost interrupt errors. To avoid this bootup error, configure the guest to use the SMP kernel. * Upgrading a host (dom0) system to Red Hat Enterprise Linux 5.2 may render existing Red Hat Enterprise Linux 4.5 SMP paravirtualized guests unbootable. This is more likely to occur when the host system has more than 4GB of RAM. To work around this, boot each Red Hat Enterprise Linux 4.5 guest in single CPU mode and upgrade its kernel to the latest version (for Red Hat Enterprise Linux 4.5.z). 5.3.4. ia64 Architecture * Migrating paravirtualized guests through xm migrate [domain] [dom0 IP address] does not work. * On some Itanium systems configured for console output to VGA, the dom0 virtualized kernel may fail to boot. This is because the virtualized kernel failed to properly detect the default console device from the Extensible Firmware Interface (EFI) settings. When this occurs, add the boot parameter console=tty to the kernel boot options in /boot/efi/elilo.conf. * On some Itanium systems (such as the Hitachi Cold Fusion 3e), the serial port cannot be detected in dom0 when VGA is enabled by the EFI Maintenance Manager. As such, you need to supply the following serial port information to the dom0 kernel: * Speed in bits/second * Number of data bits * Parity * io_base address These details must be specified in the append= line of the dom0 kernel in /boot/efi/elilo.conf. For example: append="com1=19200,8n1,0x3f8 -- quiet rhgb console=tty0 console=ttyS0,19200n8" In this example, com1 is the serial port, 19200 is the speed (in bits/second), 8n1 specifies the number of data bits/parity settings, and 0x3f8 is the io_base address. * Virtualization does not work on some architectures that use Non-Uniform Memory Access (NUMA). As such, installing the virtualized kernel on systems that use NUMA will result in a boot failure. Some installation numbers install the virtualized kernel by default. If you have such an installation number and your system uses NUMA and does not work with kernel-xen, deselect the Virtualization option during installation. * Currently, live migration of fully virtualized guests is not supported on this architecture. In addition, kexec and kdump are also not supported for virtualization on this architecture. 6. Technology Previews Technology Preview features are currently not supported under Red Hat Enterprise Linux subscription services, may not be functionally complete, and are generally not suitable for production use. However, these features are included as a customer convenience and to provide the feature with wider exposure. Customers may find these features useful in a non-production environment. Customers are also free to provide feedback and functionality suggestions for a Technology Preview feature before it becomes fully supported. Erratas will be provided for high-severity security issues. During the development of a Technology Preview feature, additional components may become available to the public for testing. It is the intention of Red Hat to fully support Technology Preview features in a future release. ALUA Mode on EMC Clariion Explicit active-passive failover (ALUA) mode using dm-multipath on EMC Clariion storage is now available. This mode is provided as per T10 specifications, but is provided in this release only as a technology preview. For more information about T10, refer to http://www.t10.org. ext4 The latest generation of the ext filesystem, ext4, is available in this release as a Technology Preview. Ext4 is an incremental improvement on the ext3 file system developed by Red Hat and the Linux community. The release name of the file system for the Technology Preview is ext4dev. The file system is provided by the ext4dev.ko kernel module, and a new e4fsprogs package, which contains updated versions of the familiar e2fsprogs administrative tools for use with ext4. To use, install e4fsprogs and then use commands like mkfs.ext4dev from the e4fsprogs program to create an ext4-base file system. When referring to the filesystem on a mount commandline or fstab file, use the filesystem name ext4dev. FreeIPMI FreeIPMI is now included in this update as a Technology Preview. FreeIPMI is a collection of Intelligent Platform Management IPMI system software. It provides in-band and out-of-band software, along with a development library conforming to the Intelligent Platform Management Interface (IPMI v1.5 and v2.0) standards. For more information about FreeIPMI, refer to http://www.gnu.org/software/freeipmi/ TrouSerS and tpm-tools TrouSerS and tpm-tools are included in this release to enable use of Trusted Platform Module (TPM) hardware.TPM hardware features include (among others): * Creation, storage, and use of RSA keys securely (without being exposed in memory) * Verification of a platform's software state using cryptographic hashes TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. You can use TrouSerS to write applications that make use of TPM hardware. tpm-tools is a suite of tools used to manage and utilize TPM hardware. For more information about TrouSerS, refer to http://trousers.sourceforge.net/. eCryptfs eCryptfs is a stacked cryptographic file system for Linux. It mounts on individual directories in existing mounted lower file systems such as EXT3; there is no need to change existing partitions or file systems in order to start using eCryptfs. With this release, eCryptfs has been re-based to upstream version 56, which provides several bug fixes and enhancements. In addition, this update provides a graphical program to help configure eCryptfs (ecryptfs-mount-helper-gui). This update also changes the syntax of certain eCryptfs mount options. If you choose to update to this version of eCryptfs, you should update any affected mount scripts and /etc/fstab entries. For information about these changes, refer to man ecryptfs. The following caveats apply to this release of eCryptfs: * Note that the eCryptfs file system will only work properly if the encrypted file system is mounted once over the underlying directory of the same name. For example: mount -t ecryptfs /mnt/secret /mnt/secret The secured portion of the file system should not be exposed, i.e. it should not be mounted to other mount points, bind mounts, and the like. * eCryptfs mounts on networked file systems (e.g. NFS, Samba) will not work properly. * This version of the eCryptfs kernel driver requires updated userspace, which is provided by ecryptfs-utils-56-4.el5 or newer. For more information about eCryptfs, refer to http://ecryptfs.sf.net. You can also refer to http://ecryptfs.sourceforge.net/README and http://ecryptfs.sourceforge.net/ecryptfs-faq.html for basic setup information. Stateless Linux Stateless Linux is a new way of thinking about how a system should be run and managed, designed to simplify provisioning and management of large numbers of systems by making them easily replaceable. This is accomplished primarily by establishing prepared system images which get replicated and managed across a large number of stateless systems, running the operating system in a read-only manner (refer to /etc/sysconfig/readonly-root for more details). In its current state of development, the Stateless features are subsets of the intended goals. As such, the capability remains as Technology Preview. Red Hat recommends that those interested in testing stateless code read the HOWTO at http://fedoraproject.org/wiki/StatelessLinux/HOWTO and join stateless-list@redhat.com. The enabling infrastructure pieces for Stateless Linux were originally introduced in Red Hat Enterprise Linux 5. AIGLX AIGLX is a Technology Preview feature of the otherwise fully supported X server. It aims to enable GL-accelerated effects on a standard desktop. The project consists of the following: * A lightly modified X server. * An updated Mesa package that adds new protocol support. By installing these components, you can have GL-accelerated effects on your desktop with very few changes, as well as the ability to enable and disable them at will without replacing your X server. AIGLX also enables remote GLX applications to take advantage of hardware GLX acceleration. iSCSI Target The Linux target (tgt) framework allows a system to serve block-level SCSI storage to other systems that have a SCSI initiator. This capability is being initially deployed as a Linux iSCSI target, serving storage over a network to any iSCSI initiator. To set up the iSCSI target, install the scsi-target-utils RPM and refer to the instructions in: * /usr/share/doc/scsi-target-utils-[version]/README * /usr/share/doc/scsi-target-utils-[version]/README.iscsi Replace [version] with the corresponding version of the package installed. For more information, refer to man tgtadm. FireWire The firewire-sbp2 module is still included in this update as a Technology Preview. This module enables connectivity with FireWire storage devices and scanners. At present, FireWire does not support the following: * IPv4 * pcilynx host controllers * multi-LUN storage devices * non-exclusive access to storage devices In addition, the following issues still exist in FireWire: * a memory leak in the SBP2 driver may cause the machine to become unresponsive. * a code in this version does not work properly in big-endian machines. This could lead to unexpected behavior in PowerPC. ktune This release includes ktune (from the ktune package), a service that sets several kernel tuning parameters to values suitable for specific system profiles. Currently, ktune only provides a profile for large-memory systems running disk-intensive and network-intensive applications. The settings provides by ktune do not override those set in /etc/sysctl.conf or through the kernel command line. ktune may not be suitable on some systems and workloads; as such, you should test it comprehensively before deploying to production. You can disable any configuration set by ktune and revert to your normall settings by simply stopping the ktune service using service ktune stop (as root). SGPIO Support for dmraid Serial General Purpose Input Output (SGPIO) is an industry standard communication method used between a main board and a variety of internal and external hard disk drive bay enclosures. This method can be used to control LED lights on an enclosure through the AHCI driver interface. In this release, SGPIO support in dmraid is included as a technology preview. This will allow dmraid to work properly with disk enclosures. GCC 4.3 The Gnu Compiler Collection version 4.3 (GCC4.3) is now included in this release as a Technology Preview. This collection of compilers include C, C++, and Fortran 95 compilers along with support libraries. Note that in the gcc43 packages, the default for the gnu89-inline option has been changed to -fgnu89-inline, whereas upstream and future updates of Red Hat Enterprise Linux 5 will default to -fno-gnu89-inline. This is necessary because many headers shipped as part of Red Hat Enterprise Linux 5 expect GNU in-line semantics instead of ISO C99 semantics. These headers have not been adjusted to request GNU in-line semantics through attributes. Kernel Tracepoint Facility In this update, a new kernel marker/tracepoint facility has been implemented as a Technology Preview. This interface adds static probe points into the kernel, for use with tools such as SystemTap. Fibre Channel over Ethernet (FCoE) The Fibre Channel over Ethernet (FCoE) driver, along with libfc, provides the ability to run FCoE over a standard Ethernet card. This capability is provided as a technical preview in Red Hat Enterprise Linux 5.3. Red Hat Enterprise Linux 5.3 provides full support for FCoE on three specialized hardware implementations. These are: Cisco fnic driver, the Emulex lpfc driver, and the Qlogic qla2xx driver. Device Failure Monitoring of RAID sets Device Failure Monitoring, using the tools dmraid and dmevent_tool, is included in Red Hat Enterprise Linux 5.3 as a Technology Preview. This provides the ability to watch and report device failures on component devices of RAID sets. 7. Resolved Issues 7.1. All Architectures * The data for TTY device activity reports was not generating correctly. Consequently, the command sar -y failed, returning the error: Requested activities not available in file In this updated package, sar has been corrected so the -y option outputs the TTY device activity. * Previously, setting max_fds to unlimited in /etc/multipath.conf would prevent the multipathd daemon from starting. If number of open file descriptors needs to be set to the system maximum, max_fds should be set to max. * mod_perl is now re-based to version 2.0.4, the latest upstream release. This update applies several updates, which include a bug fix that now allows mod_perl to work properly with Bugzilla 3.0. * cups is now re-based to version 1.3.7. This update applies several bug fixes and enhancements, including: * Kerberos authentication is now supported. * User-defined printer and job policies are now loaded correctly. * Remote queue caches are no longer loaded when browsing is disabled. * The classes.conf configuration file now has correct file permissions. * lm_sensors has been re-based to version 2.10.7. This update applies several upstream enhancements and bug fixes, including a fix that prevents libsensors from crashing with a General parse error message when k8temp is also loaded. * elfutils has been updated in this release to address the following bugs: * The eu-readelf utility could crash when reading certain input files. * The eu-strip utility is used in the rpmbuild procedures that create new binary packages. It separates debugging information from executable code, to make -debuginfo packages. A bug in this utility resulted in unusable debugging information for ET_REL files on the s390 platform; this affects Linux kernel module files (.ko.debug), and caused the generated kernel-debuginfo packages not to work with Systemtap on s390. * vnc-server is now re-based to version 4.1.2-14.el5. This update applies the following fixes: * A bug that prevented vncserver from printing error messages when Xvnc failed to start is now fixed. * Xvnc no longer uses the wrong root window depth; it now uses the correct window depth specified by the -depth option. * A bug that causes the libvnc.so module to crash the X server is now fixed. * Xvnc now supports GLX and RENDER extensions on all architectures. * smartmontools has been re-based to version 5.38. This update improves autodetection of hardware devices, improves support for CCISS RAID arrays, and features a larger database of supported devices. This update also fixes a bug wherein SELinux prevented smartmontools from monitoring 3ware RAID devices. smartmontools can now monitor such devices properly. * python-urlgrabber has been re-based to version 3.1.0-5. This applies several bug fixes from upstream, including: * yum can now correctly re-download from a yum repository that does not support partial downloads. * yum can now resume an interrupted download even if the yum repository is FTP-based with a specified port. * The size of progress bars are now dynamic to the terminal width. In addition, progress bars are now cleaner, and display a percentage of the total downloaded data. * The keepalive signal of python-urlgrabber is now fixed. Previously, a bug in this signal incorrectly increased memory usage during downloads; in addition, this bug also prevented reposync and yumdownloader from performing properly when downloading a large number of packages. * yum-utils is now re-based to upstream version 1.1.16. This applies several bug fixes, including: * yum update --security can now properly locate old relevant security updates. * yum-versionlock now works properly against package obsoletes. This update also includes the yum-fastestmirror plugin, which enables yum to choose the fastest repository in a mirrorlist. * Samba has been re-based to upstream version 3.2.0. This fixes several bugs, including one that prevented users from joining domains that used Windows 2003 as their name server. This update also fixes a bug that caused samba domain membership to break after changing the system password using net rpc changetrustpw. For a more comprehensive list of upstream samba updates included this release, refer to http://www.samba.org/samba/history/samba-3.0.32.html * OpenLDAP has been re-based to upstream version 2.3.43. This applies several upstream bug fixes, including: * The init script now reports a warning if the slapd daemon cannot read a TLS certificate file. * All libraries in openldap-debuginfo package are now unstripped. * Uninstalling the openldap-devel package no longer breaks OpenLDAP libraries. Red Hat now distributes additional overlays for OpenLDAP server. Except for syncprov, all overlays can be found in separate openldap-servers-overlays packages, compiled as dynamically loadable modules. The syncprov overlay is statically linked to the OpenLDAP server to maintain compatibility with older OpenLDAP releases. * Because the xterm binary had the set group ID (setgid) bit configured, certain environmental variables (such as LD_LIBRARY_PATH and TMPDIR) were unset. In this release, the xterm binary now has mode 0755 permissions configured, which resolves this issue. * The recommended method for balancing the load on NIS servers when multiple machines are connecting with ypbind has changed with this release. The ypbind daemon's behavior has not changed: it still pings all NIS servers listed in the /etc/ypbind configuration file and then binds to the single fastest-responding server. Before, it was recommended to list all available NIS servers in each machine's /etc/ypbind.conf configuration file. However, because even servers under high load can respond quickly to this ping, thus inadvertently increasing their own load, it is now recommended for administrators to list a smaller number of available NIS servers in each machine's ypbind.conf, and to vary this list across machines. In this way, NIS servers are automatically load-balanced due to not every NIS server being listed as being available to every machine. * OpenMotif has been re-based to upstream version 2.3.1. This update applies several bug fixes, including: * A bug in the way OpenMotif handled the Grab and Ungrab events is now fixed. In previous releases, this bug could cause the display to lock. * A bug in nedit could cause it to crash when using the nedit graphical user interface. This was caused by a function in the code that causes a segmentation fault in some cases of item selection, which is now fixed. * dbus has been re-based to version 1.1.2. This update fixes a bug wherein multi-threaded programs could cause a deadlock in dbus. In previous releases, as one thread listened to dbus and processed messages, the second thread would send messages to dbus. * strace has been re-based to version 4.5.18. This fixes several bugs, including: * A bug that caused strace to crash when the -f option was used on some multi-threaded programs (particularly on 64-bit systems) is now fixed. * A bug that prevented the 64-bit version of strace from executing a vfork() function call on a 32-bit process is now fixed. * cpuspeed has been updated to version 1.2.1-5. With this update, the cpuspeed init script now loads the speedstep-centrino module if all other module loads fail. In addition, a user-space bug that prevented the Powernow-k8 module from loading is now fixed. * The frysk suite of tools have been removed completely from this distribution. frysk was originally introduced as a technology preview in Red Hat Enterprise Linux 5.0. * Previously, the partition I/O statistics provided by the iostat -x command were incomplete. In this update, partition statistics are now calculated in the same manner as disk statistics, providing coherent and comprehensive I/O statistics at the partition level. * A password disclosure flaw was found with configuration file for the Dovecot mail server. If a system had the ssl_key_password option defined, any local user could view the SSL key password. (CVE-2008-4870) Note This flaw did not allow the attacker to acquire the contents of the SSL key. The password has no value without the key file which arbitrary users should not have read access to. To better protect even this value, however, the dovecot.conf file now supports the "!include_try" directive. The ssl_key_password option should be moved from dovecot.conf to a new file owned by, and only readable and writable by, root (ie 0600). This file should be referenced from dovecot.conf by setting the !include_try /path/to/password/file option. 7.2. x86_64 Architectures * ksh has been re-based to version 2008-02-02. This update adds multi-byte character handling, addresses many job control problems and applies several bug fixes from upstream. Note that this update to ksh preserves compatibility for existing scripts. 7.3. s390x Architectures * A vmconvert bug prevented it from working properly on the vmur device node (/dev/0.0.000c). This caused vmconvert to fail when attempting to access dumps on the vmur device with the error vmconvert: Open dump file failed! (Permission denied). An update to s390utils in this release fixes this issue. * The init script and config file for the mon_procd daemon and mon_fsstatd daemon were missing from the s390utils package. Consequently these daemons could not be built and used. The missing files have been added in this update which resolves this issue. 7.4. PowerPC Architectures * A bug that prevented the ehci_hcd module from reloading on this architecture is now fixed. This ensures that the Belkin 4-port PCI-Express USB Lily adapter (and other similar devices) now function properly with Red Hat Enterprise Linux 5 when they use the ehci_hcd module. * The libhugetlbfs library is now re-based to version 1.3. This update applies several upstream improvements to the library, thereby improving the performance of applications that use Huge pages. For a complete list of updates to libhugetlbfs, refer to the following link: http://sourceforge.net/mailarchive/message.php?msg_name=20080515170754.GA1830%40us.ibm.com * In Red Hat Enterprise Linux 5.2, a 64-bit version of httpd was included in this architecture in addition to the existing 32-bit httpd. If a user installed both versions, an httpd conflict would occur, preventing httpd from functioning properly. To resolve this issue, the 64-bit version of httpd has been removed from this release. Upgrading httpd for this release will automatically remove the 64-bit version of httpd as well. 8. Known Issues 8.1. All Architectures * When using the new disk encryption feature to encrypt the root filesystem, the following error message will be reported on the console when shutting down the system: Stopping disk encryption [FAILED] This message can safely be ignored, the shutdown process will complete successfully. * When using an encrypted device, the following error message may be reported during bootup: insmod: error inserting '/lib/aes_generic.ko': -1 File exists This message can safely be ignored. * Installation using a Multiple Device (MD) RAID on top of multipath will result in a machine that cannot boot. Multipath to Storage Area Network (SAN) devices which provide RAID internally are not affected. * When a large number of LUNs are added to a node, multipath can significantly increase the time it takes for udev to create device nodes for them. If you experience this problem, you can correct it by deleting the following line in /etc/udev/rules.d/40-multipath.rules: KERNEL!="dm-[0-9]*", ACTION=="add", PROGRAM=="/bin/bash -c '/sbin/lsmod | /bin/grep ^dm_multipath'", RUN+="/sbin/multipath -v0 %M:%m" This line causes udev to run multipath every time a block device is added to the node. Even with this line removed, multipathd will still automatically create multipath devices, and multipath will still be called during the boot process, for nodes with multipathed root filesystems. The only change is that multipath devices will not be automatically created when multipathd is not running, which should not be a problem for the vast majority of multipath users. * When upgrading from an earlier version of Red Hat Enterprise Linux to 5.3, you may encounter the following error: Updating : mypackage ################### [ 472/1655] rpmdb: unable to lock mutex: Invalid argument The cause of the locking issue is that the shared futex locking in glibc was enhanced with per-process futexes between 5.2 and 5.3. As a result, programs running against the 5.2 glibc can not properly perform shared futex locking against programs running with the 5.3 glibc. This particular error message is a side effect of a package calling rpm as part of its install scripts. The rpm instance performing the upgrade is using the prior glibc throughout the upgrade, but the rpm instance launched from within the script is using the new glibc. To avoid this error, upgrade glibc first in a separate run: # yum update glibc # yum update You will also see this error if you downgrade glibc to an earlier version on an installed 5.3 system. * mvapich and mvapich2 in Red Hat Enterprise Linux 5 are compiled to support only InfiniBand/iWARP interconnects. Consequently, they will not run over ethernet or other network interconnects. * On systems with more than two encrypted block devices, anaconda has a option to provide a global passphrase. The init scripts, however, do not support this feature. When booting the system, entering each individual passphrase for all encrypted devices will be required. * When upgrading openmpi using yum, the following warning may be returned: cannot open `/tmp/openmpi-upgrade-version.*' for reading: No such file or directory The message is harmless and can be safely ignored. * Configuring IRQ SMP affinity has no effect on some devices that use message signalled interrupts (MSI) with no MSI per-vector masking capability. Examples of such devices include Broadcom NetXtreme Ethernet devices that use the bnx2 driver. If you need to configure IRQ affinity for such a device, disable MSI by creating a file in /etc/modprobe.d/ containing the following line: options bnx2 disable_msi=1 Alternatively, you can disable MSI completely using the kernel boot parameter pci=nomsi. * The CD-ROM/DVD-ROM unit on Dell PowerEdge R905 servers does not work with Red Hat Enterprise Linux 5. Please see Knowledgebase #13121 for more details: http://kbase.redhat.com/faq/FAQ_103_13121. Important Following the procedure in the aforementioned Knowledgebase article may result in other issues that cannot be supported by GSS. * A bug in the updated /etc/udev/rules.d/50-udev.rules file prevents the creation of persistent names for tape devices with numbers higher than 9 in their names. For example, a persistent name will not be created for a tape device with a name of nst12. To work around this, add an asterisk (*) after each occurrence of the string nst[0-9] in /etc/udev/rules.d/50-udev.rules. * The smartctl tool cannot properly read SMART parameters from SATA devices. * A bug in previous versions of openmpi and lam may prevent you from upgrading these packages. This bug manifests in the following error (when attempting to upgrade openmpi or lam: error: %preun(openmpi-[version]) scriptlet failed, exit status 2 As such, you need to manually remove older versions of openmpi and lam in order to install their latest versions. To do so, use the following rpm command: rpm -qa | grep '^openmpi-\|^lam-' | xargs rpm -e --noscripts --allmatches * When using dm-multipath, if features "1 queue_if_no_path" is specified in /etc/multipath.conf then any process that issues I/O will hang until one or more paths are restored. To avoid this, set no_path_retry [N] in /etc/multipath.conf (where [N] is the number of times the system should retry a path). When you do, remove the features "1 queue_if_no_path" option from /etc/multipath.conf as well. If you need to use "1 queue_if_no_path" and experience the issue noted here, use dmsetup to edit the policy at runtime for a particular LUN (i.e. for which all the paths are unavailable). To illustrate: run dmsetup message [device] 0 "fail_if_no_path", where [device] is the multipath device name (e.g. mpath2; do not specify the path) for which you want to change the policy from "queue_if_no_path" to "fail_if_no_path". * Enabling multiple installed versions of the same kernel module is not supported. In addition to this, a bug in the way kernel module versions are parsed can sometimes result in enabling an older version of the same kernel module. Red Hat recommends that when you install a newer version of an installed kernel module, you should delete the older one first. * Executing kdump on an IBM Bladecenter QS21 or QS22 configured with NFS root will fail. To avoid this, specify an NFS dump target in /etc/kdump.conf. * IBM T60 laptops will power off completely when suspended and plugged into a docking station. To avoid this, boot the system with the argument acpi_sleep=s3_bios. * The QLogic iSCSI Expansion Card for the IBM Bladecenter provides both ethernet and iSCSI functions. Some parts on the card are shared by both functions. However, the current qla3xxx and qla4xxx drivers support ethernet and iSCSI functions individually. Both drivers do not support the use of ethernet and iSCSI functions simultaneously. Because of this limitation, successive resets (via consecutive ifdown/ifup commands) may hang the device. To avoid this, allow a 10-second interval after an ifup before issuing an ifdown. Also, allow the same 10-second interval after an ifdown before issuing an ifup. This interval allows ample time to stabilize and re-initialize all functions when an ifup is issued. * Laptops equipped with the Cisco Aironet MPI-350 wireless may hang trying to get a DHCP address during any network-based installation using the wired ethernet port. To work around this, use local media for your installation. Alternatively, you can disable the wireless card in the laptop BIOS prior to installation (you can re-enable the wireless card after completing the installation). * Boot-time logging to /var/log/boot.log is not available in Red Hat Enterprise Linux 5.3. * The system may not successfully reboot into a kexec/kdump kernel if X is running and using a driver other than vesa. This problem only exists with ATI Rage XL graphics chipsets. If X is running on a system equipped with ATI Rage XL, ensure that it is using the vesa driver in order to successfully reboot into a kexec/kdump kernel. * When using Red Hat Enterprise Linux 5.2 on a machine with an nVidia CK804 chipset installed, the following kernel messages may appear: kernel: assign_interrupt_mode Found MSI capability kernel: pcie_portdrv_probe->Dev[005d:10de] has invalid IRQ. Check vendor BIOS These messages indicate that certain PCI-E ports are not requesting IRQs. They do not, however, affect the operation of the machine in any way. * Removable storage devices (such as CDs and DVDs) do not automatically mount when you are logged in as root. As such, you will need to manually mount the device through the graphical file manager. Alternatively, you can run the following command to mount a device to /media: mount /dev/[device name] /media * When a LUN is deleted on a configured storage system, the change is not reflected on the host. In such cases, lvm commands will hang indefinitely when dm-multipath is used, as the LUN has now become stale. To work around this, delete all device and mpath link entries in /etc/lvm/.cache specific to the stale LUN. To find out what these entries are, run the following command: ls -l /dev/mpath | grep [stale LUN] For example, if [stale LUN] is 3600d0230003414f30000203a7bc41a00, the following results may appear: lrwxrwxrwx 1 root root 7 Aug 2 10:33 /3600d0230003414f30000203a7bc41a00 -> ../dm-4 lrwxrwxrwx 1 root root 7 Aug 2 10:33 /3600d0230003414f30000203a7bc41a00p1 -> ../dm-5 This means that 3600d0230003414f30000203a7bc41a00 is mapped to two mpath links: dm-4 and dm-5. As such, the following lines should be deleted from /etc/lvm/.cache: /dev/dm-4 /dev/dm-5 /dev/mapper/3600d0230003414f30000203a7bc41a00 /dev/mapper/3600d0230003414f30000203a7bc41a00p1 /dev/mpath/3600d0230003414f30000203a7bc41a00 /dev/mpath/3600d0230003414f30000203a7bc41a00p1 * Running the multipath command with the -ll option can cause the command to hang if one of the paths is on a blocking device. Note that the driver does not fail a request after some time if the device does not respond. This is caused by the cleanup code, which waits until the path checker request either completes or fails. To display the current multipath state without hanging the command, use multipath -l instead. * Upgrading pm-utils from a Red Hat Enterprise Linux 5.2 Beta version of pm-utils will fail, resulting in the following error: error: unpacking of archive failed on file /etc/pm/sleep.d: cpio: rename To prevent this from occurring, delete the /etc/pm/sleep.d/ directory prior to upgrading. If /etc/pm/sleep.d contains any files, move those files to /etc/pm/hooks/. * Hardware testing for the Mellanox MT25204 has revealed that an internal error occurs under certain high-load conditions. When the ib_mthca driver reports a catastrophic error on this hardware, it is usually related to an insufficient completion queue depth relative to the number of outstanding work requests generated by the user application. Although the driver will reset the hardware and recover from such an event, all existing connections at the time of the error will be lost. This generally results in a segmentation fault in the user application. Further, if opensm is running at the time the error occurs, then you need to manually restart it in order to resume proper operation. * When installing Red Hat Enterprise Linux 5 on a guest, the guest is configured to explicitly use a temporary installation kernel provided by dom0. Once installation finishes, it can then use its own bootloader. However, this can only be achieved by forcing the guest's first reboot to be a shutdown. As such, when the Reboot button appears at the end of the guest installation, clicking it shuts down the guest, but does not reboot it. This is an expected behavior. Note that when you boot the guest after this it will then use its own bootloader. * Running rpmbuild on the compiz source RPM will fail if any KDE or qt development packages (for example, qt-devel) are installed. This is caused by a bug in the compiz configuration script. To work around this, remove any KDE or qt development packages before attempting to build the compiz package from its source RPM. * If your system has either ATI Radeon R500 or R600 graphics card equipped, firstboot will not run after installation. The system will go directly to the graphical login screen and skip firstboot altogether. If you attempt to run firstboot manually (i.e. from a failsafe terminal), the X session will crash. This issue is caused by the driver used by the ATI Radeon R500/R600 hardware. The default driver used by these graphics cards are still in technology preview. To work around this, backup your /etc/X11/xorg.conf file; then, configure X to use the supported vesa driver instead using the following command: system-config-display --reconfig --set-driver=vesa You can now run firstboot. To switch back to your old settings, restore your original /etc/X11/xorg.conf. * If your system uses the TSC timer, the gettimeofday system call may move backwards. This is because of an overflow issue that causes the TSC timer to jump forward significantly in some cases; when this occurs, the TSC timer will correct itself, but will ultimately register a movement backwards in time. This issue is particularly critical for time-sensitive systems, such as those used for transaction systems and databases. As such, if your system needs precision timing, Red Hat strongly recommends that you set the kernel to use another timer (for example, HPET). * Attempting to run sniff may result in an error. This is because some required packages are not installed with dogtail. To prevent this from occurring, install the following packages manually: * librsvg2 * ghostscript-fonts * pygtk2-libglade * Thin Provisioning (also known as "virtual provisioning") will be first released with EMC Symmetrix DMX3 and DMX4. Please refer to the EMC Support Matrix and Symmetrix Enginuity code release notes for further details. * In /etc/multipath.conf, setting max_fds to unlimited will prevent the multipathd daemon from starting up properly. As such, you should use a sufficiently high value instead for this setting. * SystemTap currently uses GCC to probe user-space events. GCC is, however, unable to provide debuggers with precise location list information for parameters. In some cases, GCC also fails to provide visibility on some parameters. As a consequence, SystemTap scripts that probe user-space may return inaccurate readings. * The IBM T41 laptop model does not enter Suspend Mode properly; as such, Suspend Mode will still consume battery life as normal. This is because Red Hat Enterprise Linux 5 does not yet include the radeonfb module. To work around this, add a script named hal-system-power-suspend to /usr/share/hal/scripts/ containing the following lines: chvt 1 radeontool light off radeontool dac off This script will ensure that the IBM T41 laptop enters Suspend Mode properly. To ensure that the system resumes normal operations properly, add the script restore-after-standby to the same directory as well, containing the following lines: radeontool dac on radeontool light on chvt 7 * If the edac module is loaded, BIOS memory reporting will not work. This is because the edac module clears the register that the BIOS uses for reporting memory errors. The current Red Hat Enterprise Linux Driver Update Model instructs the kernel to load all available modules (including the edac module) by default. If you wish to ensure BIOS memory reporting on your system, you need to manually blacklist the edac modules. To do so, add the following lines to /etc/modprobe.conf: blacklist edac_mc blacklist i5000_edac blacklist i3000_edac blacklist e752x_edac * Red Hat Enterprise Linux 5.3 can detect online growing or shrinking of an underlying block device. However, there is no method to automatically detect that a device has changed size, so manual steps are required to recognize this and resize any file systems which reside on the given device(s). When a resized block device is detected, a message like the following will appear in the system logs: VFS: busy inodes on changed media or resized disk sdi If the block device was grown, then this message can be safely ignored. However, if the block device was shrunk without shrinking any data set on the block device first, the data residing on the device may be corrupted. It is only possible to do an online resize of a filesystem that was created on the entire LUN (or block device). If there is a partition table on the block device, then the file system will have to be unmounted to update the partition table. * If your system has a GFS2 file system mounted, a node may hang if a cached inode is accessed in one node and unlinked on a different node. When this occurs, the hung node will be unavailable until you fence and recover it via the normal cluster recovery mechanism. The function calls gfs2_dinode_dealloc and shrink_dcache_memory will also appear in the stack traces of any processes stuck in the hung node. This issue does not affect single-node GFS2 file systems. * The following message may be encountered during system boot: Could not detect stabilization, waiting 10 seconds. Reading all physical volumes. This may take a while... This delay (which may be up to 10 seconds, dependant on the hardware configuration) is necessary to ensure that the kernel has completed scanning the disks. * The current implementation of User Payload Access in ipmitool allows you to configure devices, but does not allow you to retrieve the current settings for those devices. * Using the swap --grow parameter in a kickstart file without setting the --maxsize parameter at the same time makes anaconda impose a restriction on the maximum size of the swap partition. It does not allow it to grow to fill the device. For systems with less than 2GB of physical memory, the imposed limit is twice the amount of physical memory. For systems with more than 2GB, the imposed limit is the size of physical memory plus 2GB. * The gfs2_convert program may not free up all blocks from the GFS metadata that are no longer used under GFS2. These unused metadata blocks will be discovered and freed the next time gfs2_fsck is run on the file system. It is recommended that gfs2_fsck be run after the filesystem has been converted to free the unused blocks. These unused blocks will be flagged by gfs2_fsck with messages such as: Ondisk and fsck bitmaps differ at block 137 (0x89) Ondisk status is 1 (Data) but FSCK thinks it should be 0 (Free) Metadata type is 0 (free) These messages do not indicate corruption in the GFS2 file system, they indicate blocks that should have been freed, but were not. The number of blocks needing to be freed will vary depending on the size of the file system and block size. Many file systems will not encounter this issue at all. Large file systems may have a small number of blocks (typically less than 100). 8.2. x86 Architectures * When running the bare-metal (non-Virtualized) kernel, the X server may not be able to retrieve EDID information from the monitor. When this occurs, the graphics driver will be unable to display resolutions highers than 800x600. To work around this, add the following line to the ServerLayout section of /etc/X11/xorg.conf: Option "Int10Backend" "x86emu" * Recording needs to be manually enabled on Dell M4300 and M6300. To do this, perform the following steps: 1. Open alsamixer. 2. Press Tab to toggle [Capture] in the View field (located at the upper left part of the menu). 3. Press the Space bar. 4. To verify that recording is enabled, the text above the ADCMux field should display L R CAPTUR. * If encryption is enabled on the boot device during system installation, the following message will be logged during system boot: padlock: VIA PadLock not detected. This message can safely be ignored. 8.3. x86_64 Architectures * Some machines that use NVIDIA graphics cards may display corrupted graphics or fonts when using the graphical installer or during a graphical login. To work around this, switch to a virtual console and back to the original X host. * On an IBM T61 laptop, Red Hat recommends that you refrain from clicking the glxgears window (when glxgears is run). Doing so can lock the system. To prevent this from occurring, disable the tiling feature. To do so, add the following line in the Device section of /etc/X11/xorg.conf: Option "Tiling" "0" * Recording needs to be manually enabled on Dell M4300 and M6300. To do this, perform the following steps: 1. Open alsamixer. 2. Press Tab to toggle [Capture] in the View field (located at the upper left part of the menu). 3. Press the Space bar. 4. To verify that recording is enabled, the text above the ADCMux field should display L R CAPTUR. * If your system uses an Intel 945GM graphics card, do not use the i810 driver. You should use the default intel driver instead. * On dual-GPU laptops, if one of the graphics chips is Intel-based, the Intel graphics mode cannot drive any external digital connections (including HDMI, DVI, and DisplayPort). This is a hardware limitation of the Intel GPU. If you require external digital connections, configure the system to use the discrete graphics chip (in the BIOS). 8.4. PowerPC Architectures * When using Alt-SysRq-W to debug, the following warning message will appear: Badness in smp_call_function at arch/powerpc/kernel/smp.c:223 Afterwards, the system will also warn that it will hang. This message should be ignored as it will not cause the system to hang. * Recording needs to be manually enabled on Dell M4300 and M6300. To do this, perform the following steps: 1. Open alsamixer. 2. Press Tab to toggle [Capture] in the View field (located at the upper left part of the menu). 3. Press the Space bar. 4. To verify that recording is enabled, the text above the ADCMux field should display L R CAPTUR. * The size of the PPC kernel image is too large for OpenFirmware to support. Consequently, network booting will fail, resulting in the following error message: Please wait, loading kernel... /pci@8000000f8000000/ide@4,1/disk@0:2,vmlinux-anaconda: No such file or directory boot: To work around this: 1. Boot to the OpenFirmware prompt, by pressing the '8' key when the IBM splash screen is displayed. 2. Run the following command: setenv real-base 2000000 3. Boot into System Managment Services (SMS) with the command: 0> dev /packages/gui obe 8.5. s390x Architectures * When running Red Hat Enterprise Linux 5.2 on a z/VM that has more than 2GB of guest storage defined, invalid data can be read from and written to any FCP and OSA device attached in QDIO mode with the Queued-I/O assist (QIOASSIST) option enabled. If your system has any such devices attached, Red Hat recommends that you download and install the corresponding z/VM Program Temporary Fix (PTF) from the following link: http://www-1.ibm.com/support/docview.wss?uid=isg1VM64306 * It is not possible to directly read and convert a z/VM dump into a file. Instead, you should first copy the dump from the z/VM reader into a Linux file system using vmur and convert the dump into a Linux-readable file using vmconvert. * The IBM System z does not provide a traditional Unix-style physical console. As such, Red Hat Enterprise Linux 5.2 for the IBM System z does not support the firstboot functionality during initial program load. To properly initialize setup for Red Hat Enterprise Linux 5.2 on the IBM System z, run the following commands after installation: * /usr/bin/setup — provided by the setuptool package. * /usr/bin/rhn_register — provided by the rhn-setup package. 8.6. ia64 Architecture * Some Itanium systems cannot properly produce console output from the kexec purgatory code. This code contains instructions for backing up the first 640k of memory after a crash. While purgatory console output can be useful in diagnosing problems, it is not needed for kdump to properly function. As such, if your Itanium system resets during a kdump operation, disable console output in purgatory by adding --noio to the KEXEC_ARGS variable in /etc/sysconfig/kdump. * Running perftest will fail if different CPU speeds are detected. As such, you should disable CPU speed scaling before running perftest. * When the kdump kernel is booted, the following error will appear in the boot log: mknod: /tmp/initrd.[numbers]/dev/efirtc: No such file or directory This error results from a malformed request to create the efirtc in an incorrect path. However, the device path in question is also created statically in the initramfs when the kdump service is started. As such, the run-time creation of the device node is redundant, harmless, and should not affect the performance of kdump. * Some systems may be unable to boot the kdump kernel properly. In such cases, use the machvec=dig kernel parameter. * Recording needs to be manually enabled on Dell M4300 and M6300. To do this, perform the following steps: 1. Open alsamixer. 2. Press Tab to toggle [Capture] in the View field (located at the upper left part of the menu). 3. Press the Space bar. 4. To verify that recording is enabled, the text above the ADCMux field should display L R CAPTUR. * On Intel Itanium-based systems running SELinux in enforcing mode, either the allow_unconfined_execmem_dyntrans or allow_execmem Booleans must be turned on to allow the IA-32 Execution Layer (the ia32el service) to operate correctly. If the allow_unconfined_execmem_dyntrans Boolean is off, but the allow_execmem Boolean is on, which it is by default in Red Hat Enterprise Linux 5, the ia32el service supports 32-bit emulation; however, if both Booleans are off, emulation fails. A. Revision History Revision History Revision 1.0 16th October 2008 Ryan Lerch References Visible links . mailto:rlerch@redhat.com . http://www.opencontent.org/openpub/ . http://redhat.com/docs/ . http://lftp.yar.ru/news.html . http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=blob_plain;f=NEWS;hb=rhel53 . http://www.ietf.org/rfc/rfc3873.txt . http://www.adobe.com/support/documentation/en/flashplayer/10/Flash_Player_10_Release_Notes.pdf . http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/NEWS?rev=1.259.2.1&cvsroot=src . http://developer.amd.com/assets/AMD_IBS_paper_EN.pdf . http://www.t10.org/ . http://www.gnu.org/software/freeipmi/ . http://trousers.sourceforge.net/ . http://ecryptfs.sf.net/ . http://ecryptfs.sourceforge.net/README . http://ecryptfs.sourceforge.net/ecryptfs-faq.html . http://fedoraproject.org/wiki/StatelessLinux/HOWTO . mailto:stateless-list@redhat.com . http://www.samba.org/samba/history/samba-3.0.32.html . http://sourceforge.net/mailarchive/message.php?msg_name=20080515170754.GA1830%40us.ibm.com . http://kbase.redhat.com/faq/FAQ_103_13121 . http://www-1.ibm.com/support/docview.wss?uid=isg1VM64306