An issue has been found with the recently released kernel support package for the following Linux platforms:
- SUSE 12
- RHEL 8
- RHEL 6
- Oracle Linux 7
- Ubuntu 16.04
When the server receives a big certificate file in order to do the authentication through TLS/SSL protocol, the server may crash or reboot.
Here is the list of identified kernel support package(KSP) that may cause the unexpected server reboot issue:
- SUSE12 - 20.0.0-2734
- RHEL8 - 20.0.0-2745
- RHEL8 - 20.0.0-2760
- RHEL6 - 20.0.0-2756
- Oracle Linux7 - 20.0.0-2758
- Ubuntu16.04 - 20.0.0-2759
To verify the issue.
When a user encounter crash/reboot issue, check the following error in call track (dmesg) and verify if the ssl_encrypted_verify function caused the reboot.
- ssl_encrypted_verify+0x17/0x50 [dsa_filter]
- ssl_encrypted_verify+0x33/0x60 [dsa_filter]
This issue may not immediately occur. and it is recommended to verify if you are using the faulty KSP release.
Note: If you are not encountering the issue, it is highly recommended to ensure you are running the latest KSP release to prevent the issue. You may jump to step 4 to check and driver info in your Linux server.
To resolve this issue:
- Make sure you have the latest Kernel Support Package, Login to your manager web console and go to Administration > Updates > Software > Local.
- Verify that you have the minimum kernel support package or higher.
- Go to the Computers Tab, select the target computers. Right-Click, go to Actions and click Send Policy.
- SSH to the target computer
- run "cat /proc/driver/dsa/info" and check if KSP version is between 188.8.131.529 and 184.108.40.2067
- Restart the agent service.
run "sudo service ds_agent restart"
- Verify that the new kernel has been update, run "cat /proc/driver/dsa/info" again and check if KSP version has been upgraded to 220.127.116.118 or above
1. From the Computer list, Go to the computer properties.
2. Go to the overview, Go to Actions Tab. and click the deactivate
3. Click Activate
4. Check the driver if updated. run "cat /proc/driver/dsa/info"