IC SunsetThe developerWorks Connections Platform is now in read-only mode and content is only available for viewing. No new wiki pages, posts, or messages may be added. Please see our FAQ for more information. The developerWorks Connections platform will officially shut down on March 31, 2020 and content will no longer be available. More details available on our FAQ. (Read in Japanese.)
Topic
  • 66 replies
  • Latest Post - ‏2019-04-26T18:29:42Z by gpfs@us.ibm.com
gpfs@us.ibm.com
gpfs@us.ibm.com
662 Posts

Pinned topic GPFS V4.1.1 Announcements

‏2015-06-27T03:35:03Z | announcements gpfs v4.1.1

GPFS 4.1.1.12 is now available from IBM Fix Central:

http://www-933.ibm.com/support/fixcentral

Problems fixed in GPFS 4.1.1.12

January 12, 2017

* CNFS: fix recursive calls during shutdown which may cause LOGASSERT.
* In rare situations, registered quota files are deallocated or cracked accidentally. This will hinder GPFS FS from mounting. With this commit, a brand-new quota will be populated in this situation and GPFS fs will mount smoothly.
* Warnings are printed when TLS certificates are used to secure node-to-node connections.
* Fix a race condition that could leave a leftover lock that may hang mmcommand.
* Fix data corruption that can occur writing large files using parallel IO and multiple gateway nodes.
* Fix a "RPOName is not valid" error for SW/IW fileset recovery. This is an AFM specific change.
* Fix snapshot restore when building restore operation lists. This issue only happens when there are files with inode numbers bigger than the maximum value a 32 bits integer can hold.
* Fix "cryptographic library could not be initialized" when change cipherList on P8LE environment.
* Fix a problem in which you can get file or directory mismatches between app nodes and gateway nodes.
* Fix a very rare race condition that can lead to a kernel panic. This issue could only occur on Linux cluster when a mix of AIO and buffered IO are being used to read and write to the same file from multiple nodes.
* Fix a problem with online replica compare code that could lead to GPFS daemon assert when online replica compare is invoked concurrently with command to restart down disk via mmchdisk with start option.
* Fix a problem in which mmbackup returns the wrong number of objects handled. This can occur if NUMBERFORMAT is set incorrectly.
* Fix Kernel BUG: illegal operation locks_wake_up_blocks+0x6c.
* mmlsconfig: may not return correct value due to stale cache.
* Fix an AFM error 17 that can occur during a rename operation on an AFM fileset.
* Fix a remote error 17 creating and deleting hardlinks to files during log recovery.
* This modification does not change the functionality of GPFS, neither affects the appearance of the software, however it improves the effectiveness (speed) of the code in certain disk operations and introduces a mechanism (by explicitly distinguishing user- and kernel-space objects) that can be used for implementing other critical parts on s390x platform.
* Fix mmlsquota -j returning a wrong answer that can occur if there is a special character in the name of the stripe group.
* Fix AIX encryption performance.
* Fix a problem in mmedquota that can occur if there is lines in /etc/group or /etc/passwd which is more than 200 characters.
* Fix a problem in which mmbackup with -B value > 32768 causes missed files.
* Fix a problem in which gpfs_getacl returns ENOSPC. This can occur when the acl length exceeds the size of the buffer provided.
* Fix a problem in metanode optimization that can occur during directory lookup.
* Fix write timeouts that can occur during very large writes occurring from multiple gateway nodes.
* Fix a problem in which tslsenclslot logs tons of error messages stating that it failed to gather information. This fix is required for all platforms. The error condition occurs under heavy loads only. The cluster continues to operate correctly without this fix.
* Fix: "Failed to obtain the local environment update lock" error.
* Fix a 112 write error which can occur during a failbackTo primary in DR setup.
* Fix a gateway node crash that can occur during calls to gpfsReadAfmDRLastRPOSnapName. This is zlinux only.
* This update addresses the following APARs: IV89895 IV90403 IV91586 IV91587 IV91589 IV91590 IV91599 IV91600.

GPFS 4.1.1.12 is now available from IBM Fix Central:

http://www-933.ibm.com/support/fixcentral

Problems fixed in GPFS 4.1.1.12

January 12, 2017

* CNFS: fix recursive calls during shutdown which may cause LOGASSERT.
* In rare situations, registered quota files are deallocated or cracked accidentally. This will hinder GPFS FS from mounting. With this commit, a brand-new quota will be populated in this situation and GPFS fs will mount smoothly.
* Warnings are printed when TLS certificates are used to secure node-to-node connections.
* Fix a race condition that could leave a leftover lock that may hang mmcommand.
* Fix data corruption that can occur writing large files using parallel IO and multiple gateway nodes.
* Fix a "RPOName is not valid" error for SW/IW fileset recovery. This is an AFM specific change.
* Fix snapshot restore when building restore operation lists. This issue only happens when there are files with inode numbers bigger than the maximum value a 32 bits integer can hold.
* Fix "cryptographic library could not be initialized" when change cipherList on P8LE environment.
* Fix a problem in which you can get file or directory mismatches between app nodes and gateway nodes.
* Fix a very rare race condition that can lead to a kernel panic. This issue could only occur on Linux cluster when a mix of AIO and buffered IO are being used to read and write to the same file from multiple nodes.
* Fix a problem with online replica compare code that could lead to GPFS daemon assert when online replica compare is invoked concurrently with command to restart down disk via mmchdisk with start option.
* Fix a problem in which mmbackup returns the wrong number of objects handled. This can occur if NUMBERFORMAT is set incorrectly.
* Fix Kernel BUG: illegal operation locks_wake_up_blocks+0x6c.
* mmlsconfig: may not return correct value due to stale cache.
* Fix an AFM error 17 that can occur during a rename operation on an AFM fileset.
* Fix a remote error 17 creating and deleting hardlinks to files during log recovery.
* This modification does not change the functionality of GPFS, neither affects the appearance of the software, however it improves the effectiveness (speed) of the code in certain disk operations and introduces a mechanism (by explicitly distinguishing user- and kernel-space objects) that can be used for implementing other critical parts on s390x platform.
* Fix mmlsquota -j returning a wrong answer that can occur if there is a special character in the name of the stripe group.
* Fix AIX encryption performance.
* Fix a problem in mmedquota that can occur if there is lines in /etc/group or /etc/passwd which is more than 200 characters.
* Fix a problem in which mmbackup with -B value > 32768 causes missed files.
* Fix a problem in which gpfs_getacl returns ENOSPC. This can occur when the acl length exceeds the size of the buffer provided.
* Fix a problem in metanode optimization that can occur during directory lookup.
* Fix write timeouts that can occur during very large writes occurring from multiple gateway nodes.
* Fix a problem in which tslsenclslot logs tons of error messages stating that it failed to gather information. This fix is required for all platforms. The error condition occurs under heavy loads only. The cluster continues to operate correctly without this fix.
* Fix: "Failed to obtain the local environment update lock" error.
* Fix a 112 write error which can occur during a failbackTo primary in DR setup.
* Fix a gateway node crash that can occur during calls to gpfsReadAfmDRLastRPOSnapName. This is zlinux only.
* This update addresses the following APARs: IV89895 IV90403 IV91586 IV91587 IV91589 IV91590 IV91599 IV91600.

Updated on 2017-09-20T16:13:14Z at 2017-09-20T16:13:14Z by gpfs@us.ibm.com
  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-08-03T15:15:47Z  

    Problems fixed in IBM Spectrum Scale 4.1.1.1 [July 30, 2015]

    • Fix a rare case that could cause mmsnmpagentd to consume up to 100% of CPU when GPFS daemon terminates. Only affects clusters where a node is given the SNMP collector role.
    • Avoid rare kernel assert while deleting many snapshots concurrently on a sluggish system.
    • The command mmrpldisk now reports no space error instead of panic the GPFS file systems with several almost full disks.
    • Provide a default user exit for nodeLeave event for FPO clusters so that the disks could be marked as down and the data integrity is not compromised.
    • Print accurate remaining redundancy in the log when rebuild fails due to insufficient disk space.
    • Fix "No disk name found" error when all of the disks are either in "emptied" or "to be emptied" state.
    • nsdperf can hang when used on large number of linux nodes
    • Change gpfs_prealloc not to preallocate blocks when the requested preallocate size is within the last block of the file but less than the file size. The allocation blocks are rounded to GPFS block boundaries when the file has fragments.
    • mmdeldisk (relocation of aclFile blocks) results in lost ACL
    • Fix a rare kernel crash case in incompleteAioListRemove when doing AIO on Linux.
    • Fix a deadlock resulted from running fsck and recovery in parallel.
    • Fsck reports false positive DA corruption
    • Fix a problem that makes file blocks not distributed in metablock unit among nodes when the FPO file system has not enough failure groups.
    • Enhance FPO autorecovery log for clarity
    • Fix a problem encountered when dumping buffers with NSD checksum errors.
    • When a vdisk I/O times out, failover the recovery group to the back up node.
    • Prevent an assert due to a race condition while both creating and deleting snapshots concurrently.
    • By moving the truncation operation of clone child files to the later delta restoring phase, the failure of truncation on clone child files is avoided.
    • By extracting the right log file name from the input of "device" of mmrestorefs command, user should not see this internal failure error when the restore process failed.
    • Fix a deadlock during Ganesha queue clean up. Now when the daemon crash we don't clean the Ganesha queue using the Ganesha thread, clean it later during SG cleanup.
    • Fix slow performance of some administration commands when CCR (Cluster Configuration Repository) is enabled
    • Correct a small vulnerability in takeover after SG manager failure during a snapshot command.
    • Fix secondary kernel exception (get_stcP) on Linux cNFS server
    • Enhance mmfsctl to work with topology vector failure group, NSD stanza file.
    • Fix performance issues in ESS/GSS clusters in very high stress. This fix applies to customer with client nodes in a ESS/GSS cluster containing Connect-IB adapter.
    • Fix memory fault (core dump) in mmimgrestore during exit processing
    • Improve the performance of communication across daemons when the 'cipherList' configuration parameter is set to something other than empty or AUTHONLY.
    • Ganesha: file descriptor was used after it was released causing assertion. Now the release is done at exit after all references the the files are done.
    • Provide inode number information to an assertion within the low-level file write operation.
    • Fix assert "openInstCount >= 0" under stress workload that includes file deletions.
    • kxSendFlock needs to copyin user objects
    • Fix a problem that the disk failed LED may not lit when setting the disk state to failed
    • Fix a problem with AIO write pass the end file where file size change may be lost if GPFS daemon fails or file system panics shortly after write was completed.
    • Fix a problem that mmdf show 0 free blocks for suspended disks
    • Fix a kernel panic due to NULL pointer dereference during hard reboot of the partner node in Ganesha environment
    • Fix a problem with DIRECT_IO write which can cause data loss when file system panic or nod e fails after write pass end of file using DIRECT_IO causes an increase in file size. The file sizeincrease could be lost.
    • Enhanced the file system inconsistency state check during restore process and then graceful exit if detected.
    • Fix the problem that data missed to write to new allocated datablock when file was expanded to size larger than old allocated datablock.
    • Fixed the problem with VMWare NFS v3 client in Ganesha environment by providing an option to enable short_file_handle that VMware NFS client is using.
    • Fixed a replicas mismatch problem that was caused by using wrongblock index in the indirect block.
    • gpfs hadoop connector supports Hadoop 2.7.x release
    • gpfs hadoop connector supports hdfs:// schema
    • This update addresses the following APARs: IV74661 IV74686 IV74697 IV74732 IV75108 IV75394
  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-08-11T17:03:16Z  

    Flash (Alert)

     

    GPFS (IBM Spectrum Scale) V4.1 Rapid Repair function may result in undetected data corruption



    Abstract

    IBM has identified a problem with the GPFS (IBM Spectrum Scale) Rapid Repair function, which is in use by default on GPFS 4.1 format file systems wherever data replication is in use, and may result in undetected data corruption.

    See the full Flash (Alert) at either http://www.ibm.com/support/docview.wss?uid=isg3T1022582 or  http://www.ibm.com/support/docview.wss?uid=ssg1S1005352

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-09-12T03:22:16Z  

    Problems fixed in GPFS 4.1.1.2 [September 10, 2015]

    • Avoid buffer overrun risk in AFM multi-byte scratch file name generation.
    • Fix the cause of a crash of the GPFS mmsnmpagentd daemon. The fix only applies to GPFS clusters where a node has been given the snmp_collector role, as seen in mmlscluster output.
    • Fix mmbackup which could report success even when some designated files did not back up. The count of objects backed up can become inaccurate due to a persistent problem that the reported number of objects backed up can be inflated by "dsmc" when it chooses to back up additional items such as parent directories. Correct the count of objects backed up by carefully monitoring for any possible misrepresentation from the individual dsmc commands.
    • Fix the mmrestorefs command failure at the attributes restore phase of the command.
    • mmfsadm dump improvements: add more loop restriction to exit loop after dumping all the original number of cached record addresses and improve SIGFPE support during dump.
    • Fix rare case of deadlock in direct IO code path when flushing the stolen buffer.
    • Fix memory fault (core dump), loop or hang in mmimgrestore during exit processing.
    • This fix affects environments installing the Object protocol on an external Keystone where the administrator wants the install to automatically create the Swift entries in the Keystone server.
    • When slab allocator creation fails, printk a warning message then fail mmfslinux.ko load instead of panic the kernel.
    • Fix a possible GPFS daemon crash when using the mmcharrier command to replace a disk in the P7 disk enclosure in which some of the disk slots were not populated. Fix is recommended for P7IH customers and not relevant to other systems.
    • Re-enable quota limits automatically after "mmcrfs -Q yes" and "mmchfs -Q yes". It has been disabled wrongly since GPFS v4.
    • Fix potential signal 11 encountered during dump of NSD IO buffers.
    • Fix the daemon hang during handler cleanup in AFM environment.
    • Fix an error when mmafmctl flushpending is invoked without fileset name.
    • Fix the data restore problem for the small file which only has fragment block.
    • This fix affects environments running the Object protocol with a locally-installed Keystone server with SSL support.
    • Fix assert that might occur on systems configured with a small shared segment under stress workload that includes metadata updates and frequent buffer steals.
    • Fix code to avoid removing wrong address during deletion of addresses from the cesiplist configuration file.
    • Increased stability of the library used to retrieve keys used for file encryption from ISKLM.
    • RecLockModuleReset call to __posix_lock_file encounters bad file pointer
    • Fix a deadlock caused by not releasing the DMAPI lock in failure path of AFM read.
    • Fix a problem that suspended disks are still marked as "tobeemptied" after successful restripe.
    • Migrating files in RO fileset causes SetXAttr to be queued at gateway node.
    • Fix the undefined symbols in 32-bit version of libgpfs.so.
    • Fix null pointer dereferencing in AFM expiration code by limiting it to work only on valid and registered fileset handlers.
    • The GSKit toolkit has been updated to version 8.0.50.47, which(1) fixes the vulnerability described in CVE-2015-1788 and (2) improves the performance of secure sends (cipherList is set to a cipher other than empty or AUTHONLY)
    • Fix a problem that the GSS/ESS component database information can appear out of sync.
    • Optimize cifsProcess::isRegistered when the hash chain is empty
    • Fix a specific case where the remote cluster is removed before cleaning up the remote mount entries when using mmremotefs delete.
    • Upgraded LROC to support new NSD disk layout.
    • Drop the GNR track mutex when trying to acquire the log mutex
    • Fix signal 11 in saveInodePts when configured to use a localCache.
    • Fix performance degradation under a workload accessing a large number of files, due to unnecessary atime refresh messages.
    • Improve performance for workloads with large numbers of files on systems with fast metadata storage.
    • Update code to ignore EINPROGRESS error from flush when setting up pipe for invoking external script from GPFS daemon.
    • Fix signal 11 in daemon caused by removing a localCache device.
    • When mmchfs is run with a rapid repair option this fix will check to see if the file system is unmounted before executing the command. An error is issued if the file system is mounted.
    • Update the threshold to print 'memory usage approaching the limit' warning message that was triggered too early.
    • Fix a problem in the AIX operating system, where some system calls like open() may set errno to EPERM, even if returning successfully, when run from non-root users. System calls like shmat() (when used to map a file) may fail with the same value of errno.
    • Relax server license requirement for NSD disks in system.log pool
    • This update addresses the following APARs: IV75396 IV75999 IV76016 IV76017 IV76018 IV76019 IV76020 IV76383 IV76455 IV76457 IV76458 IV76461 IV76467 IV76471 IV76473 IV76475 IV76518 IV76759
  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-09-12T14:35:48Z  

    Security Bulletin: Vulnerability in OpenSSL affects IBM GPFS V4.1 and IBM Spectrum Scale V4.1.1 (CVE-2015-1788)

    Summary
    An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM GPFS V4.1 and IBM Spectrum Scale V4.1.1 use GSKit and addressed the applicable CVE.

    See the complete bulletin at either  http://www-01.ibm.com/support/docview.wss?uid=isg3T1022618    or  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005364

     

    Updated on 2015-09-12T14:37:47Z at 2015-09-12T14:37:47Z by gpfs@us.ibm.com
  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-09-17T18:23:51Z  

    Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2015-4974, CVE-2015-4981)

    Summary

    Security vulnerabilities have been identified in the current levels of IBM Spectrum Scale V4.1.1, IBM GPFS V4.1 and V3.5:
    - could allow a local non privileged attacker to execute commands with root privileges (CVE-2015-4974)
    - could allow a local non privileged attacker to read system memory contents (CVE-2015-4981)

     

    See the complete bulletin at either http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366 or http://www-01.ibm.com/support/docview.wss?uid=isg3T1022637

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-10-31T05:27:51Z  

    GPFS 4.1.1.3 is now available from IBM Fix Central:

    http://www-933.ibm.com/support/fixcentral

    Problems fixed in GPFS 4.1.1.3

    October 30, 2015

    * Fix a problem in a Disaster Recovery (multi-site) environment. If a network outage prevents the two main sites from talking to each
    other while both sites can still communicate with the tie-breaker (single-node) site, it is possible that the cluster manager may end
    up moving from the primary to the backup site. That may cause the primary site to lose quorum.
    * Fix a PreAlloc log assert which happens when "offset + len" wraps through zero.
    * Fix a regression which breaks FPO locality aware restripe.
    * Fix the api gpfs_get_fssnaphandle_by_name to return the proper number of bytes, when called from a 32 bit application, so that the heap is not corrupted.
    * Fix a memory map I/O offset issue that GPFS may not handle I/O properly for very huge file.
    * Fix the mmrestorefs command failure on data changes restore phase.
    * Handle minquorumNodes correctly in CCR enabled cluster.
    * Fix GPFS SNMP subagent to work with newer Net-SNMP versions. This fix should be applied to any GPFS cluster node given the role of snmp_collector, if it is running RHEL 7.1, or some other Linux version that includes Net-SNMP 5.6 or beyond.
    * Do not return AFM-specific internal attributes in gpfs_fgetattrs().
    * On 2.6.39+ linux kernel, add explicit blk_start_plug/blk_finish_plug inside gpfs io submit routine, let io scheduler have more chances to merge IOs into a bigger size one.
    * This update addresses the following APARs: IV77541 IV77542 IV77544 IV78046.

    Updated on 2015-10-31T05:28:41Z at 2015-10-31T05:28:41Z by gpfs@us.ibm.com
  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-11-19T14:30:44Z  

    Flash (Alert) GPFS (IBM Spectrum Scale) Timing hole with running mmdelnsd and mmcrnsd for a given NSD

    Abstract

    IBM has identified a failure in the Spectrum Scale daemon which may occur when a given Network Shared Disk (NSD) object is deleted and then recreated via the mmdelnsd and mmcrnsd commands. When this failure occurs the Spectrum Scale mmfsd daemon will fail with the following assert message:
    logAssertFailed: cfgP->getNsdId() == cfgNP->getNsdId()

    Content

    Problem Summary:

    As a result of a timing hole that may occur in the propagation of changes to the configuration data, an mmfsd assert failure may occur after the mmcrnsd command is run for an NSD that was recently removed by the mmdelnsd command.

     

    See the complete bulletin at either http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005460 or  http://www-01.ibm.com/support/docview.wss?uid=isg3T1022972

     

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-12-04T13:38:38Z  

    Security Bulletin: IBM Spectrum Scale V4.1.1, IBM GPFS V4.1, and IBM V3.5 for AIX are affected by a security vulnerability (CVE-2015-7403)

    Summary

    A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1, IBM GPFS V4.1 and V3.5 that could allow a local attacker to cause the node they are on to crash.

     

    See the complete bulletin at either http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005452 or http://www-01.ibm.com/support/docview.wss?uid=isg3T1022940

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-12-17T15:13:42Z  

    IBM Spectrum Scale 4.1.1.4 is now available from IBM Fix Central:

    http://www-933.ibm.com/support/fixcentral

    Problems fixed in IBM Spectrum Scale 4.1.1.4

    December 15, 2015

    * Fix a problem counting the number of mmpmon clients; prevent improper double close of a file descriptor.
    * Fix GNR AU log long waiters seen in SSD replacement.
    * Fix a deadlock when GPFS writes to memory mapped buffer and the same thread a lock already on it.
    * Fix the truncate(2) up failure issue on clone child file.
    * Add gpdQuorumLossShutdown to be one of the assert condition.
    * Fix the AFM write to sparse file to home hang issue.
    * Fix an issue in log code which can cause log recovery to be incorrectly skipped after a node failure. This could only occur on a 4K aligned filesystem where GPFS runs into problem completing log wrap operation.
    * Fix the restore failure when restoring clone children files.
    * Fix data mismatch on clone child file after restore.
    * Fix data mismatch on regular file which is not clone kind of file after restore.
    * Fix log writebehind code to prevent writing log record to old disk address while log file is being migrated. This issue will show up as a log recovery error if a node fails shortly after a log record was written to a wrong location.
    * Update log recovery code to set junction bit when replay log to recover directory for a newly created fileset.The missing junction bit can only be detected via offline fsck.
    * Fix the failover/resync to support outband trucking.
    * Fix the data inconsistency issue between cache and home during resync on appended files.
    * Fix the restore failure that happened at attributes restoring phase.
    * Fix deadlock scenario that can occur when deleting a snapshot.
    * Fix the ACL/EA mismatch during resync by considering ctime changed option.
    * With NFS backend, ATTR_MTIME_SET implies ATTR_MTIME, but GPFS ignores setattr(ATTR_MTIME_SET) if ATTR_MTIME is also not set.
    * Fix code to avoid high CPU usage by the mmfsd process under Windows.
    * Update locking code to prevent a GPFS daemon assert. The assert could happen when more than MaxFcntlRangesPerFile (default 200) advisory locks were placed on a single file.
    * Customer may experience signal 11 when trying to delete pdisk in the middle of RG fail over. The fix is to eliminate this problem.
    * Fix the dentry count leak by adding the code to call dput in error path.
    * Fix out of quota errors that can occur on filesystems with a format less then 1400.
    * Fix the mtime mismatch between cache and home for zero sized files by copying mtime from openfile to child attributes.
    * Apply if you use -B number with number > 2**31-1 in any of your commands or scripts.
    * Fix is recommended for all GNR (ESS/GSS) customers. The problem could occur in the event of an actual disk enclosure failure.
    * With this feature, user will be able to add a 4K native disk to existing non-4K aligned file system if the disk is used dataOnly, and the file system data block size is at least 128K, and the file system version is at least 4.1.1.4.
    * Fix the issue by allowing prefetch to continue if parent cannot be found for some files.
    * Fix the memory mapped read performance issue on AFM filesets.
    * Fix the mmrestorefs[479] : daemon command memory fault issue.
    * Fix a problem with copying key files in mmsdrrestore where the node that is being restored does not have prompt less password access to the issuing node.
    * Fix the case where the ESS storage enclosure slot location that is cached in the daemon can get stale and is not getting updated.
    * Do not allow the AioWorkerThread to steal a dirty buffer. This prevents a deadlock.
    * Fix the mmdiscovercomp command that is failing with "Constraint error" when trying to add servers to the component database.
    * Fix code to avoid quorum loss declaration of the current cluster manager, when the network is broken between two nodes.
    * Fix the fileset unlink hang by closing the control file before calling unmount.
    * If a system built on GNR/GSS/ESS servers has been getting IO errors on GPFS file systems (reported all the way to the end user application, not internal disk IO errors on individual physical disks), and those IO errors happened exactly at a time when some pdisks were unreachable (for example due to cabling or connectivity issues), and those pdisks would have been reachable from the backup node of the GNR server, then this fix will prevent the IO errors, by failing the recovery group containing the affected vdisk over to the backup node.
    * Add code to flush data buffers first before setting cached bit.
    * Fix the path to the Linux modprobe command that the mmchfirmware command uses when --type adapter is specified.
    * Starting with 4.1.1, GPFS changed the contents of the Linux NFS filehandle, compared to earlier versions (while still supporting older filehandles). This means if the AFM home is upgraded to 4.1.1 or later, existing AFM filesets detect a change in export since the filehandle changes and will suspend future synchronization with home. Similarly, a change from knfsd to Ganesha at home also causes a filehandle change even though the export is the same. The only solution is to resync the cache using failover which is expensive. This fix handles upgrades if home is running GPFS by detecting and upgrading cached filehandle when the filehandle changes for an inode.
    * Fix the mmdiscovercomp command that is failing when there are multiple building blocks.
    * Re-enable online replica compare and repair.
    * This update addresses the following APARs: IV76482 IV78653 IV78662 IV78666 IV78669 IV78672 IV78810 IV78910 IV78912 IV78913 IV78914 IV78915 IV78932 IV79336 IV79338 IV79339.

    Updated on 2015-12-17T15:16:18Z at 2015-12-17T15:16:18Z by gpfs@us.ibm.com
  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2015-12-17T15:50:14Z  

    Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2015-7456)

    Summary

    A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local unprivileged user, or a user with network access to the IBM Spectrum Scale cluster, to access admin passwords for object storage infrastructure. This vulnerability only affects clusters which have installed and deployed the Object protocol.

     

    See the complete bulletin at http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005476

    Updated on 2015-12-17T15:55:32Z at 2015-12-17T15:55:32Z by gpfs@us.ibm.com
  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-01-19T17:07:10Z  

    Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2015-7488)

    Summary

    A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local, unprivileged user or a user with network access to the IBM Spectrum Scale cluster, access to the LDAP directory bind user password when File protocol is deployed with LDAP / LDAP with Kerberos based authentication.

    See the complete bulletin at http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-02-18T21:49:19Z  

    IBM Spectrum Scale 4.1.1.5 is now available from IBM Fix Central:

    http://www-933.ibm.com/support/fixcentral

    Problems fixed in IBM Spectrum Scale 4.1.1.5

    February 16, 2016

    * Fix an issue that could cause the GPFS daemon to abnormally terminate or that could cause the reporting of incorrect performance data when GPFS SNMP subagent, mmpmon, or zimon are utilized.
    * Fix the code to build remote attributes during recovery when there is a version mismatch.
    * Fix the SFSLink failure that can occur when files are created during failbacks.
    * The performance of the daemon has been improved in the cases where the cipherList is set to a value other than 'empty' or AUTHONLY.
    * Fix a quiesce assert that can occur when files are being recovered.
    * Fix a problem that can occur when accessing files with managed regions.
    * Fix a problem that can occur during clone operations.
    * Fix a problem that file sizes were being set incorrectly on sparse files during failback.
    * Fix a problem that can occur on a live file system that results in a deleted file still existing or a created file not existing after a snapshot restore.
    * Fix a crash in msgMgrThreadBody that can occur during unmounting and unlinking filesets on a very busy system.
    * Fix a problem where mmchfs -z, -Q or --perfileset-quota may fail when multiple mmchfs commands are being performed at the same time.
    * Fix a problem in which a incorrect vdisk state is displayed by the mmlsrecoverygroup command during a DA rebuild.
    * Fix a problem in which a signal 11 in verbsDisconnect_i is seen on one node when gpfs shut down on a different node. This problem can occur if the nodes are RDMA connected and are configured with a large fabnum value.
    * Fix a problem with GPFS logging code that could cause GPFS daemon to die with signal 11. This problem can only occur on nodes with LROC enabled.
    * Fix a problem that could cause a FSSTRUCT error to be logged when reading EA from a disk. This could only occur when LROC is enabled and the EA does not fit in the inode.
    * Fix a daemon assert that can occur during recovery.
    * If a GNR system using GSS hardware uses Lenovo-branded disks, this change enables recognizing disk FRU (field replaceable unit) numbers. This simplifies service procedures, and allows disk replacement without error messages.
    * Fix an assert that can occur during a fileset delete. perfileset-quota needs to be enabled and the fileset needs to have quota entries.
    * Fix an assert that can occur after a small write of data in the middle of a clone child on a system that heavily uses clones.
    * Fix a hang that can occur while resync is running on a SW fileset that reaches it's hard memory limit.

    * Fix a mmfsd daemon crash that can occur when Zimon is used to monitor the node, and a file system is force unmounted due to some unrecoverable file system error.
    * Allow changing the daemon interface of a non-quorum node in a CCR enabled cluster.
    * Fix a daemon assert that can occur during the stopping of a NFS server and there exists a fileset with expiration enabled.
    * Restrict the mmchcluster command from disabling CCR in a cluster that has a CES node. Administrator must remove all CES nodes from the cluster or use the --force option to disable CCR.
    * Fix an incorrect fileset name being displayed by the mmlsfileset command. This can occur after deleting a dependent fileset when a snapshot exits with the fileset before it was deleted.
    * Fix a problem in which orphans can not be deleted from the ptrash directory.
    * Fix a GNR server node crash that can occur during a network failure trying to connect the GNR server pair.
    * Fix an assert that can occur when adding pdisks with the --replace option to a cluster and one of the pdisks is in a bad state.
    * Fix an assert that can occur during a snapshot restore of a sparse file with a file size close to the maximum file size limit.
    * Fix an assert that can occur during a fsck recreate of an ACL file.
    * Fix a mmbackup command failure that can occur on an AIX node when the command line arguments are too long.
    * Fix a problem in which a fileset is stuck in an unmounted state that can occur if the remote becomes stale and both the application node and the gateway node are the same.
    * Fix an assert that can occur during a multi-node fsck on a 16MB block size file system that has more then 16M inodes.
    * Fix a node crash that can occur during a rolling upgrade.
    * Fix a mmfsd node crash that can occur when NSDRaid is not enabled.
    * If a system built on GNR/GSS/ESS servers has been getting IO errors on GPFS file systems (reported all the way to the end user application, not internal disk IO errors on individual physical disks), and those IO errors happened exactly at a time when some pdisks were unreachable (for example due to cabling or connectivity issues), and those pdisks would have been reachable from the backup node of the GNR server, then this fix will prevent the IO errors, by failing the recovery group containing the affected vdisk over to the backup node.
    * Fix a problem that can occur in the mmbackup command when /tmp is full.
    * Fix a problem in which mmaddnode fails to copy the committed key file to the new node. This only occurs on a CCR disabled cluster and if there are 2 key files.
    * Fix quorum loss when the network is broken between two nodes and the cluster is configured with tiebreaker disk.
    * Fix a problem in which the hard memory limit is not honored when the fileset is in a disconnected state.
    * Fix command failures in a CCR enabled cluster on nodes that also have non-GPFSgskit packages installed.
    * This update addresses the following APARs: IV79340 IV79341 IV79751 IV79756 IV79761 IV79767 IV80404 IV80405 IV80407 IV80789 IV81068 IV81071.

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-03-14T17:10:54Z  

    Security Bulletin: Vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2015-5252)


    Summary

    A Samba vulnerability which could allow a remote attacker to launch a symlink attack affects IBM Spectrum Scale SMB protocol access method.

    See the complete bulletin at http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005689

     

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-04-04T17:11:11Z  

    Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2016-0263)


    Summary

    A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.2, V4.1 and IBM General Parallel File System V3.5, that could allow a local user, under special circumstances, to escalate their privileges or cause a denial of service when the mmapplypolicy command is issued with certain options and syntax.

     

    See the complete bulletin at either http://www-01.ibm.com/support/docview.wss?uid=isg3T1023450 or http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-04-07T15:45:05Z  

    IBM Spectrum Scale 4.1.1.6 is now available from IBM Fix Central:

    http://www-933.ibm.com/support/fixcentral

    Problems fixed in IBM Spectrum Scale 4.1.1.6

    March 31, 2016

    * Fix for an assert caused by an NSD being deleted and then quickly recreated
    * Fix a cluster not being able to start when a node hosting LROC disks is not available.
    * Fix a problem in which fsck incorrectly reports not enough memory available.
    * Fix a problem in which fsck patchfile apply fails when it encounters a corrupted inode.
    * Fix asserts on didEmpty and Signal 11 faults in delSnapshotEmpty that can occur during snapshot deletion.
    * Fix AFM errors that can occur when writing to a large file during failover/resync.
    * Fix a mmrestorefs assert which can occur during the delete clone file phase. The clone was left in a bad state during a force unlink of a fileset.
    * Fix ENOENT failures that can occur during a snapshot restore and during iopen64 API calls.
    * Fix a problem which may result in a daemon assert when running the mmcheckquota command and a snapshot is corrupted
    * Fix an assert exp(ibdP->llfileP == this) that can occur during an offline fsck.
    * Fix a daemon assert: (poolId != ((SGPoolId) -1)) in line 683 of FSTypes.h. The daemon assert could occur during mmrestripefile or mmchattr with -I yes after storage pool get deleted as part of running mmdeldisk with -p or -c option.
    * Fix fsck repair of inode fullblocks field.
    * Fix fsck handling of corrupt inode filesetId.
    * Fix a deadlock that can occur during a failover while a HSM application is running.
    * Fix assert exp(synched.isNULL()) that can occur during a high work load on a LROC disk.
    * Fix a problem in which the GPFS/gskit installation process or various mm* administration commands can fail if Windows OS environment variables are changed in such a way that they do not exactly match the Windows installation directory name.
    * Fix a problem that the primary RG server can't take back the RG after restoring pdisk paths, e.g. after cable pull, etc.
    * Fix a problem in AFM environment where prefetch overwrites dirty files in local updates mode.
    * Fix a MD5sum mismatch in data after resync operation which can occur if a resync, a touch, and a write all happens at the sametime.* Fix a problem in which fsck wrongly reports holes in an ACL file.
    * Fix a problem in AFM environment where large ACLs cannot be replicated because of buffer allocation issue.
    * Fix a problem where gpfs_getacl returns a bad ACL entry when called with the GPFS_GETACL_STRUCT flag and acl_level GPFS_ACL_LEVEL_V4FLAGS.

    * Fix a E_ROFS write error that can occur when you write over a clone file and make it a clone parent and then run recovery.
    * To prevent confusion in messages between GNR, GSS, ESS products, and the GPFS file system metadata, the word "metadata" was removed from all GNR errors and log messages.
    * Fix a deadlock in AFM environment where peer snapshot creation could deadlock with synchronous messages like (Lookup, Open, Read etc..). This can only occur if peer snapshots are enabled.
    * Allow snapshots to be created while snapshots are being deleted.
    * Fix a problem in AFM environment where replication would stop because of error while replaying Rename operation. AFM queue will be stuck state while replaying Rename operation and no new operations will be replicated.
    * Fix an unexpected CES IP assignment and movement of CES nodes which are not ready to host CES IPs when the address distribution policy node-affinity is selected.
    * Fix the deadlock in AFM environment where readdir results in deadlock under heavy stress over GPFS backend.
    * Fix an gpfs.snap hang on an AFM node with stale NFS mounts.
    * Fix a mmapplypolicy command fail when multiple commands are issued nearly simultaneously AND tscCmdPortRange has been configured in a SONAS environment.
    * Fix a problem which stops autorecovery from being triggered if a node which has only dataAndMetadata disks is down.
    * Fix a problem in which a Windows client lost view of ACLs in mixed Linux cluster.
    * This update addresses the following APARs: IV78971 IV81342 IV81344 IV81347 IV81686 IV81873 IV81879 IV82179 IV82181 IV82182 IV82184 IV82238 IV82610 IV82637 IV83046 IV83110.

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-04-09T14:15:13Z  

    Security Bulletin: Vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2015-7560)


    Summary

    A Samba vulnerability which could allow a remote authenticated attacker to launch a symlink attack affects IBM Spectrum Scale SMB protocol access method.


    See the complete bulletin at http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005727

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-04-14T16:54:19Z  

    Security Bulletin: Multiple vulnerabilities in Samba - including Badlock - affect IBM Spectrum Scale SMB protocol access method


    Summary

    Samba vulnerabilities were disclosed on April 12, 2016. Samba is used by IBM Spectrum Scale SMB protocol access method. IBM Spectrum Scale has addressed the applicable CVEs including the vulnerability commonly referred to as "Badlock".


    See the complete bulletin at http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005740

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-05-19T19:46:43Z  

    Flash (Alert): IBM Spectrum Scale (GPFS) V4.2 and V4.1.1 AFM Async DR requirement for planning

    Abstract

    Our initial feedback from the field suggests that success of a disaster recovery solution depends on administration discipline, including careful design, configuration and testing. Considering this, IBM has decided to disable the Active File Management- based Asynchronous Disaster Recovery feature (AFM DR) by default and require that customers deploying the AFM DR feature first review their deployments with IBM Spectrum Scale development. You should contact Spectrum Scale Support at scale@us.ibm.com to have your use case reviewed. IBM will help optimize your tuning parameters and enable the feature. Please include this message while contacting IBM Support.

     

    Note: This does not apply to base AFM support. This applies only to Async DR available with the IBM Spectrum Scale Advanced Edition.
     

    See the complete bulletin at http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005817

    Updated on 2016-05-25T11:37:31Z at 2016-05-25T11:37:31Z by gpfs@us.ibm.com
  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-05-21T02:49:13Z  

    IBM Spectrum Scale 4.1.1.7 is now available from IBM Fix Central:

    http://www-933.ibm.com/support/fixcentral

    Problems fixed in IBM Spectrum Scale 4.1.1.7

    May 11, 2016

    * Fix fsck duplicate fragment problem report to be in a neater tabular format.
    * Fix a rare fsck deadlock that can occur during fsck termination.
    * Fix a bug that prevented offline fsck from reporting replica mismatches.
    * Enable fsck to detect and repair duplicate sub-directory entries in a directory.
    * Fix a problem with restripefs -R which was incorrectly setting the currentDataReplicas of logfiles.
    * Fix a deadlock that can occur when FPO is enabled and a node's local stripe is panicked.
    * Fix possible deadlock which occurs when a node loses quorum (cluster membership) because of a network adapter or network outage.
    * Fix fsck handling of a compressed disk address.
    * Fix a problem in which online replica compare reports a mismatches on the last block of an inode allocation map and a block allocation map file.
    * Fix a hang that can happen when unmounting the filesystem.
    * Fix a GPFS daemon abort that can occur when a GNR backup is performed and the server is down.
    * Prevent GPFS daemon from asserting on Windows when collecting debug data on waiters.
    * Fix a problem in which disable cluster CCR left an authorized_ccr_keys file behind which may cause a startup problem if cipherLists and or nistCompliance are changed.
    * Fix an assert then can occur during online replica compare when the filesystem has different data / metadata buffer sizes.
    * Fix a bug where offline fsck was not repairing some inode problems detected during dir scan phase.
    * Fix a deadlock that can occur when NFS server/remote mount did not respond after doing AFM internal mount.

    * Offline fsck in read-only mode will now warn about unavailable disks before scanning the file system.
    * Allow mmchconfig to delete an empty nodeclass from the GPFS configuration node.
    * Fix a daemon assert that can occur while doing prefetch reads along with readdir and lookup commands when the application nodes and the gateway nodes are the same.
    * Fix a node crash that can occur during the recovery of another failed node if an EventsExporter "get nodes" request is issued at the same time.
    * Fix an E_NOATTR link failure that can occur on a SW fileset while writing to a file and droppending and resync are being run.
    * Fix autoload issues where GPFS may not come up on configure servers in a SERVER based cluster if files in /var/mmfs/gen/nodeFiles are missing.
    * Fix a problem in which tsgescsiinfo reports invalid ESM information. This fix is required for all platforms. The condition seems to be SAS fabric related.
    * Make a stuck tslsenclslot easier to diagnose
    * Change mmbackup behavior when policy scan fails. Permit operation in a reduced-capacity to do backup and not expire when directory scan results are incomplete. When this happens, no expirations should be processed, just backup. Shadow DB lines for removed files should be left alone.
    * Fix an issue where CES clients fail to connect after failover on Juniper switches.
    * Fix unexpected empty CES IP configuration file.
    * Lift restrictions on -B, --max-backup-count, and --max-expire-count
    * The change ensures that the online replica compare does not throw false positive replica mismatches on files with last block being a sub-block.
    * Install at your convenience, but especially if you have been adventurous trying unsupported QOS features on a 4.1.1 system. To use QOS feature, upgrade to 4.2 or higher. This disables QOS startup.
    * Fix a kernel panic that can occur under a heavy write work load and a dying mmkproc thread.
    * Fix a problem in which an amber disk "fault" light may remain on after temporary disk unavailability.The problem is specific to the 60 disk NetApp disk enclosure only.
    * Fix memory tracking issue in AFM environment where gateway node memory usage appears like growing without any real memory leak. This causes replication to stop.

    * Fixed an issue in AFM environment where random writes to same file causes memory leak after replication.
    * Fix an issue in AFM environment where incorrect dependency causes resync to fail.
    * If asynchronous NFS/NLM locking is used this fix will prevent potential kernel crash.
    * Modification of ACLs via mmputacl or equivalent can render the ACL as missing on a GPFS Windows node.
    * This update addresses the following APARs: IV81870 IV81877 IV83264 IV83271 IV84206 IV84251 IV84252 IV84253 IV84254 IV84255 IV84270 IV84428 IV84573 IV84574 IV84576.

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-05-23T14:04:59Z  

    Security Bulletin: Vulnerabilities in OpenStack affect IBM Spectrum Scale V4.2 and V4.1.1 (CVE-2015-8466 and CVE-2016-0738)


    Summary

    OpenStack vulnerabilities that could allow:
    - with OpenStack Swift 3, a remote attacker to launch a replay attack affects IBM Spectrum Scale (CVE-2015-8466)
    - with OpenStack Object storage(Swift), a remote authenticated attacker could exploit this vulnerability to consume all available proxy-server resources (CVE-2016-0738)

     

    See the complete bulletin at  http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005833

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-05-31T10:54:49Z  

    Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-0392)
    Summary

    A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root.

    See the complete bulletin at either http://www-01.ibm.com/support/docview.wss?uid=isg3T1023763 or http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005781

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-06-30T14:31:40Z  

    Flash (Alert): IBM Spectrum Scale (GPFS) V4 Asynchronous I/O write

     

    Abstract

    IBM has identified an issue with IBM Spectrum Scale V4.1.0.4 through V4.1.1.7 and V4.2.0.0 through V4.2.0.3 levels when asynchronous Direct I/O is used to write to a file on LINUX, using the io_submit interface.
     

    Problem Summary:

    As a result of an asynchronous Direct I/O write using the io_ submit interface, a user file may contain undetected data corruption via writing of stale data to disk.

     

    See the complete Flash at either http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007917 or http://www.ibm.com/support/docview.wss?uid=isg3T1023951

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-07-15T00:33:00Z  

    GPFS 4.1.1.8 is now available from IBM Fix Central:

    http://www-933.ibm.com/support/fixcentral

    Problems fixed in GPFS 4.1.1.8

    July 14, 2016

    * Fix assert "hasLoggedUpdate()" in repUpdate.C, line 1284 under stress workload.
    * Fix problem where stress workload doing appends to a small file could cause kernel panic due to illegal pointer dereference.
    * Fix a problem in which all CPUs hung on a file_lock_lock spinlock.
    * Fix a data corruption issue that can occur after a successful mmrestorefs command completion.
    * Fix an issue of getting incorrect data from the gpfs_ireadx() API. This issue only happens when using the mmrestorefs command and the gpfs_ireadx() API at the same time. This can occur on AIX and Linux systems.
    * Fix Linux kernel asserts BUG_ON(page_mapped(page)) for GPFS file mmap.
    * This issue is specific to GNR environment. It happens when a vdisk dump is issued before the RG is fully recovered after a mmfsd startup.
    * Fix a problem in which the gateway node crashes when unmounting the FS. When this occurs the gateway node has to force unmount the FS.
    * Fix a segmentation fault that can occur during file system panic processing.
    * Fix an issue in the AFM DR environment where file lookup might cause the daemon to assert when the filesystem is already quiesced or suspended.
    * Fix corruption which can occur when hawc is enabled and node failure is happening.
    * Fix mmap page fault performance regression.
    * Fix an issue in the AFM environment during gateway node startup where DR fileset activation for RPO snapshots might cause a deadlock.
    * Fix a problem in buffer flushes that can cause a stale data buffer to be used for reads and writes after a Linux AIO write request was processed via a buffered I/O. This can only occur with AIO on Linux that is using the "io_submit" interface.
    * Fix an issue in the AFM environment where recovery, resync and prefetch operations can fail because of large number of files to be queued.
    * This fix is an improvement for mmap read SMP scalability.
    * This fix will try to force through log recovery even when all stripes of a log home vdisk are marked stale (logically unreadable) in the metadata. This will only occur when run under debug control. This applies to GSS & ESS installations.
    * This fix improves failure response when running helper node with too small a pagepool.
    * Fix deadlock that can occur while calling fcntl with argument F_SETLEASE on Ubuntu 14.04.03.
    * This fix correctly handles a write failure in the rare case where the number of pdisk faults exceed the fault-tolerance of the vdisk. This is seen in GSS & ESS installations.
    * This fix will not let GPFS internal return codes be returned to Ganesha, it will be converted to an EIO rc. This will prevent a Ganesha crash.
    * Fix a restore failure at the file moving phase when there is a very long file name in the file system and fileset.
    * Fix mmgetacl on Windows to show valid instead of random ACL flags.
    * Fix a segmentation fault that can occur when running the mmsetquota command. This issue would only happen when GPFS overwrite tracing is enabled on Linux.

    * Fix a problem in which too much data is dumped when collecting data for deadlocks and expels. This was causing performance issues.
    * Fix an issue in the AFM environment where cached bit is not set on files after reading from the home. This issue happens when the file modification times are not in sync between cache and home.
    * Fix a problem in which old tiebreaker disks cannot be removed from the system.
    * Fix a bug in mmremote to allow mmchconfig pagepool -i option to take affect immediately.
    * Fix problem reading clone child via NFS fast read path.
    * Fix a daemon crash that can occur while trying to execute a pcache command with maxThrottle set.
    * Fix network communication problems that can occur when mmdiag --iohist and overload detection happen at the same time.
    * Fix an alloc segment steal problem that can lead to more than 22 minutes of searching for a free buffer assert.
    * Fix an issue in the AFM environment where filesets are moved to disconnected state because of a large number of filesets. This issue happens when socket descriptor values for home connection exceeds FD_SETSIZE(1024).
    * Fix the random memory corruption and kernel crashes in the AFM environment which are likely to happen while deleting the non empty directory at home or secondary clusters.
    * Fix for a spurious NSD RPC checksum error in GNR environments when processing a DIO workload with unstable IO buffers.
    * GNR avoids reading from failing pdisks, by trying to reconstruct using parity/mirror. If reconstruct is not possible, then as a last resort, GNR reads from the failing pdisk. This will result in a lot less IO errors.
    * Fix a problem in which the wrong errno was returned from dm_read_invis and dm_write_invis library functions in failure case.
    * This fix enables UDEV_SUPPORT on all distributions.
    * Fix a problem in which make Autoconfig fails after installing Ibm Spectrum Scale on the BlueGene IO node.
    * Fix an assert on P7IH systems on which the recovery group was originally created under GPFS 3.4 when they try to upgrade to the current version. GSS and ESS customers are not affected by this change.
    * Fix a mmdiscoverycomp failure that can occur if the cluster is configured to use different admin and daemon node names.
    * Fix abnormal shutdown that can occur when trying to add back a node that has just been deleted.
    * Fix a problem in QOS where skimperm bit calculation is incorrect when _skimf < 0.
    * This update addresses the following APARs: IV83743 IV85083 IV85385 IV85409 IV85411 IV85418 IV85420 IV85421 IV85422 IV85426 IV85428 IV85429 IV85430 IV85432 IV85589 IV85590 IV85790 IV85862 IV85865 IV85866 IV86144 IV86153 IV86689 IV86701.

  • gpfs@us.ibm.com
    gpfs@us.ibm.com
    662 Posts

    Re: GPFS V4.1.1 Announcements

    ‏2016-08-04T16:56:29Z  

    Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2016-2985 and CVE-2016-2984)

     

    Summary

    Security vulnerabilities have been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow:
    - a local attacker to execute commands as root by setting environment variables processed by setuid programs (CVE-2016-2985)
    - a local attacker to execute commands as root by supplying command line parameters to setuid programs (CVE-2016-2984)


    See the complete bulletin at either http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994 or http://www-01.ibm.com/support/docview.wss?uid=isg3T1023945