Hanging processes with Linux Security 11.00 on RHEL/CentOS 7.x

Symptoms

Linux Security 11.00 on RHEL/CentOS 7.x causes processes to hang when on-access scanning is turned on. The system log warns about one or more processes being blocked for more than 120 seconds.

Diagnosis

The Linux kernel version (3.10) used by RHEL/CentOS 7.x suffers from a subtle but serious bug that has been fixed in later kernel versions.

Specifically, the function fanotify_merge() has a faulty logic that replaces fsnotify_event when test_event->refcnt is 2. The original test_event is replaced with a clone and then removed from the notification queue. If the original test_event was carrying an OPEN_PERM event, it has no chance of being woken up again because only the clone of the event will get a response.

Solution

The bug has been fixed in RHEL/CentOS 7.x. Simply run

yum update

to get a current kernel (3.10.0-327.36.1.el7 or later) and reboot.

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
8 of 8
Last update:
2 weeks ago
Updated by: