Bug 466303
Summary: | IPSec kernel lockup. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael H. Warfield <mhw> |
Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | bojan, kernel-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 2.6.26.6-79.fc9 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-10-23 16:39:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael H. Warfield
2008-10-09 16:53:55 UTC
Another IPSec related fix in 2.6.26.6 which could possibly account for the problem: commit b047cf6dfa81ca03b62f2e3ae63793ef5c300158 Author: Herbert Xu <herbert.org.au> Date: Tue Sep 30 02:03:19 2008 -0700 ipsec: Fix pskb_expand_head corruption in xfrm_state_check_space [ Upstream commit d01dbeb6af7a0848063033f73c3d146fec7451f3 ] We're never supposed to shrink the headroom or tailroom. In fact, shrinking the headroom is a fatal action. Signed-off-by: Herbert Xu <herbert.org.au> Signed-off-by: David S. Miller <davem> Signed-off-by: Greg Kroah-Hartman <gregkh> A 2.6.26.6 based Fedora kernel should be in updates-testing really soon. That's good. It took over 3 hours to build a stock kernel.org kernel for 2.6.26.6 but it's now been running in my VMware test environment for over an hour with restarting the IPSec environment every 5 minutes. I won't claim that's definitive but the 2.5.26.5 kernel would have never lasted this long. Looking good and looking forward to laying my hands on those kernel rpms. Ignore the typo in the past message... 2.6.26.6 not 2.5.26.5. Duh. I'm going to assume that 2.6.26.6 fixes the problem. I think that's a very good assumption. I have not had a single lockup, IPSec related or otherwise, in any of my testbeds running 2.6.26.6 either stock kernel.org kernels or the 2.6.26.6-67 from Koji. I've just build my own 2.6.27-3 kernels for F9 from the Koji srpm and will be tested that next. kernel-2.6.26.6-46.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/kernel-2.6.26.6-46.fc8 kernel-2.6.26.6-71.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/kernel-2.6.26.6-71.fc9 kernel-2.6.26.6-79.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update kernel'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8929 kernel-2.6.26.6-79.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. |