1952863 – RHEL9 - default kernel config

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1952863 - RHEL9 - default kernel config

Summary: RHEL9 - default kernel config

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	beta
Target Release:	---
Assignee:	Benjamin Coddington
QA Contact:	JianHong Yin
Docs Contact:	Michal Stubna
URL:
Whiteboard:
Depends On:
Blocks:	1888950
TreeView+	depends on / blocked

Reported:	2021-04-23 12:01 UTC by Benjamin Coddington
Modified:	2022-05-17 15:42 UTC (History)
CC List:	10 users (show)
Fixed In Version:	kernel-5.14.0-40.el9
Doc Type:	Enhancement
Doc Text:	.Changes in the NFS client and server in RHEL 9 * RHEL 9.0 NFS server and client no longer support the insecure GSS Kerberos 5 encryption type `des-cbc-crc`. * NFS client no longer supports mounting filesystems using UDP transports.
Clone Of:
Environment:
Last Closed:	2022-05-17 15:38:02 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Gitlab	redhat/centos-stream/src/kernel centos-stream-9 merge_requests 113	0	None	None	None	2021-12-08 16:00:19 UTC
Red Hat Bugzilla	1888950	1	None	None	None	2022-05-18 07:40:05 UTC
Red Hat Product Errata	RHBA-2022:3907	0	None	None	None	2022-05-17 15:38:28 UTC

Internal Links: 1966643

Description Benjamin Coddington 2021-04-23 12:01:15 UTC

Let's get started on the right foot with exactly the kernel config we want in RHEL9 for nfsd, nfs, lockd, and sunrpc.

Here's my shortlist of config changes I'd like to see in RHEL9:

NFS_V2 unset
NFS_DISABLE_UDP_SUPPORT set
CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES set

Comment 1 Murphy Zhou 2021-04-25 01:50:05 UTC

(In reply to Benjamin Coddington from comment #0)
> Let's get started on the right foot with exactly the kernel config we want
> in RHEL9 for nfsd, nfs, lockd, and sunrpc.
> 
> Here's my shortlist of config changes I'd like to see in RHEL9:
> 
> NFS_V2 unset
> NFS_DISABLE_UDP_SUPPORT set
> CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES set

Hi Benjamin, could your elaborate more on the impact of each option disable/enable. We need to document this kind of change, especially when it is different with the last release ?

Thanks!

Comment 2 Steve Dickson 2021-08-30 18:45:03 UTC

(In reply to Benjamin Coddington from comment #0)
> Let's get started on the right foot with exactly the kernel config we want
> in RHEL9 for nfsd, nfs, lockd, and sunrpc.
> 
> Here's my shortlist of config changes I'd like to see in RHEL9:
> 
> NFS_V2 unset
This is alread unset.

> NFS_DISABLE_UDP_SUPPORT set
> CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES set
Both of these need to be set.

Here is the difference between upstream (f35) and RHEL9

- Fedora, + RHEL9

-CONFIG_NFS_SWAP=y
+# CONFIG_NFS_SWAP is not set

-CONFIG_NFSD_BLOCKLAYOUT=y
+# CONFIG_NFSD_BLOCKLAYOUT is not set

-CONFIG_NFSD_FLEXFILELAYOUT=y
-CONFIG_NFSD_V4_2_INTER_SSC=y
+# CONFIG_NFSD_FLEXFILELAYOUT is not set
+# CONFIG_NFSD_V4_2_INTER_SSC is not set

-CONFIG_SUNRPC_SWAP=y

+# Does not exist in RHEL9 config

Comment 3 Scott Mayhew 2021-08-31 11:45:23 UTC

(In reply to Steve Dickson from comment #2)
> (In reply to Benjamin Coddington from comment #0)
> > Let's get started on the right foot with exactly the kernel config we want
> > in RHEL9 for nfsd, nfs, lockd, and sunrpc.
> > 
> > Here's my shortlist of config changes I'd like to see in RHEL9:
> > 
> > NFS_V2 unset
> This is alread unset.
> 
> > NFS_DISABLE_UDP_SUPPORT set
> > CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES set
> Both of these need to be set.
> 
> Here is the difference between upstream (f35) and RHEL9
> 
> - Fedora, + RHEL9
> 
> -CONFIG_NFS_SWAP=y
> +# CONFIG_NFS_SWAP is not set
> 
> -CONFIG_NFSD_BLOCKLAYOUT=y
> +# CONFIG_NFSD_BLOCKLAYOUT is not set

We don't want to enable block layout.  Block layout requires the admin to write their own fencing script.  SCSI layout uses block layout but with the added benefit that it handles fencing automatically.

> 
> -CONFIG_NFSD_FLEXFILELAYOUT=y
> -CONFIG_NFSD_V4_2_INTER_SSC=y
> +# CONFIG_NFSD_FLEXFILELAYOUT is not set

We don't want to enable flexfile layout.  It was just an experimental feature for testing flexfile LAYOUTGET and GETDEVICEINFO ops and isn't useful for doing real work.

> +# CONFIG_NFSD_V4_2_INTER_SSC is not set
> 
> -CONFIG_SUNRPC_SWAP=y
> 
> +# Does not exist in RHEL9 config

Comment 5 Benjamin Coddington 2021-10-28 13:43:49 UTC

We're going to want CONFIG_NFS_V4_2_READ_PLUS as well, see bug 1801457, but we should take the change to toggle that define over there.

Comment 32 errata-xmlrpc 2022-05-17 15:38:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: kernel), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3907

Note You need to log in before you can comment on or make changes to this bug.