Article ID: 113863, created on May 11, 2012, last review on May 1, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7
--------------------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.7 kernel provides
                   an update with security and stability fixes.
Issue date:        05-11-2012
Product:           Parallels Virtuozzo Containers 4.7
Keywords:          "bugfix" "stability" "security"

--------------------------------------------------------------------------------

This document provides information on the new Parallels Virtuozzo Containers 4.7 kernel,
version 2.6.32-042stab055.10.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Virtuozzo Containers 4.7 kernel provides a new
kernel based on the Red Hat 6.2 kernel (2.6.32-220.13.1.el6). The updated
kernel includes a number of security and stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* Several leaks of the "kmemsize" resource under certain circumstances have
  been fixed. (PSBM-11885)

* The "fork bomb" attack protection has been enhanced. (PSBM-11920)

* An invalid NAT rules configuration on a Node with a bridge could lead to a
  kernel panic. (PSBM-11782)

* In rare cases, restoring a previously check-pointed Container could lead
  to a kernel panic if a dead task got into the Container's image. (PCLIN-30811)

* An online migration of a Container could fail with the following error message:
  "Failed to restore mount point: dev 'none', type 'devtmpfs', path '/dev.'"
  The fix required changes to be made to the checkpoint image structure; so
  online migration from the current kernel (2.6.32-042stab055.10) to older kernels
  was not possible. (PCLIN-30804)

* "tcpdump" inside a host-routed Container could fail to show incoming traffic.
  (PCLIN-30814)

* The RAID1/RAID10 resync recover process could cause a Hardware Node deadlock.

* The OOM killer could fail to kill processes on a highly overcommitted
  Hardware Node. (PSBM-12523)

* A second online migration of a Container with the tun device inside could fail.
  (PSBM-12502)

* An online migration of a Container with a running X server inside could fail
  under certain circumstances. (PSBM-12617)

* The old MegaCLI monitoring and configuration tool could cause data corruption
  and, consequently, lead to a kernel panic. (OVZ 2240)

* The memory reclaimer algorithm has been enhanced to handle writebacks
  more efficiently under high memory pressure. (PSBM-11683, OVZ 2188)

* The second value in /proc/uptime (idle time in seconds) has been virtualized.
  Previously, the Parallels Virtuozzo Containers kernel showed idle time of the Hardware Node instead
  of that of a Container. (PCLIN-30774)

* The number of sleeping processes in /proc/vz/stats was always reported as 0.
  (PCLIN-30844)

* The sysinfo() call has been virtualized. Now it properly reports the following
  information inside a Container: uptime, load averages, and the number of
  current processes. (OVZ 2051)

* The sync() system call executed from inside a Container has been modified to
  sync only filesystems that belong to this Container.
  In particular, this fix speeds up the process of stopping Containers.
  (PCLIN-30842)

* A Hardware Node soft lockup on inode_lock spinlock triggered by the vzquota
  code has been fixed. (PCLIN-30858, OVZ 2255)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.7 distribution set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and Parallels Virtuozzo Containers modules.

# rpm -ivh vzkernel-2.6.32-042stab055.10.i686.rpm \
vzmodules-2.6.32-042stab055.10.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels that have been previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the "lilo" command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.32-042stab055.10.i686.rpm
   vzmodules-2.6.32-042stab055.10.i686.rpm

- Enterprise:
   vzkernel-ent-2.6.32-042stab055.10.i686.rpm
   vzmodules-ent-2.6.32-042stab055.10.i686.rpm

- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.32-042stab055.10.i686.rpm
   vzmodules-PAE-2.6.32-042stab055.10.i686.rpm


x86_64 kernels:

- SMP:
   vzkernel-2.6.32-042stab055.10.x86_64.rpm
   vzmodules-2.6.32-042stab055.10.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCES

https://rhn.redhat.com/errata/RHSA-2012-0481.html

https://www.redhat.com/security/data/cve/CVE-2012-0879.html
https://www.redhat.com/security/data/cve/CVE-2012-1090.html
https://www.redhat.com/security/data/cve/CVE-2012-1097.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2012 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

2897d76d56d2010f4e3a28f864d69223 0c05f0c76fec3dd785e9feafce1099a9 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF