Article ID: 114241, created on Jun 28, 2012, last review on May 11, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7

 

--------------------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.7 kernel provides
                   an update with security and stability fixes.
Issue date:        06-29-2012
Product:           Parallels Virtuozzo Containers 4.7
Keywords:          "bugfix" "stability" "security"

--------------------------------------------------------------------------------

This document provides information on the new Parallels Virtuozzo Containers 4.7 kernel,
version 2.6.32-042stab057.1.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Virtuozzo Containers 4.7 kernel provides a new
kernel based on the Red Hat Enterprise Linux 6.2 kernel (2.6.32-220.23.1.el6).
The updated kernel includes a number of security and stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* Support for Containers based on the Fedora 17 template has been added.
  (PSBM-13010, PSBM-13004, PSBM-13213)

* The fuse context pid has been virtualized, which fixes the
  behavior of the "tup" application if it is running in a Container. (OVZ 2245)

* The ext4 filesystem performance has been improved by adding the ability to
  submit large IO requests and optimize the handling of fdatasync() calls
  running in parallel. (PCLIN-30841, PSBM-12094)

* Additional sanity checks have been added to the ext4 filesystem code to
  prevent possible kernel panics if the filesystem gets corrupted. (PSBM-12241)

* Kernel BUG at block/cfq-iosched.c:386 could occur when disabling group
  isolation. (PCLIN-30890)

* The IPv6 hash table function has been enhanced, making "Neighbor table
  overflow" messages appear less often. (PCLIN-30609)

* "vmstat" could fail with the "Floating point exception" message due to
  an incorrect idle time accounting reported via /proc/stat. (PCLIN-30773)

* The locking order in the cgroups code has been corrected to fix possible
  kernel deadlocks. (PSBM-13297)

* A corner case in the memory reclaimer has been enhanced: OOM killer is now
  guaranteed to be invoked if no progress is made in memory reclaiming.
  (PCLIN-30976)

* The initrd kernel image generation has been corrected. This affects only nodes
  running CentOS 5.x and Red Hat Enterprise Linux 5.x Host OSs. (PCLIN-30970)

* Tasks with the SCHED_IDLE or SCHED_BATCH scheduler policy set online migration
  support has been added. (OVZ 2283)

* Kernel compilation without the CONFIG_SCHEDSTATS configuration option has
  been fixed. (OVZ 2299)

* Kernel compilation without the CONFIG_BSD_PROCESS_ACCT configuration option
  has been fixed. (OVZ 2273)

* Kernel debug functionality has been enhanced:
  - Scheduler debug information has been moved from the Alt+SysRQ+t key output
    to Alt+SysRQ+a.
  - kernel.hung_task_verbosity sysctl has been added to configure additional
    debug data printing if a hanged task is detected:
	    1 sysrq-p (cpus)
	    2 sysrq-t (tasks)
	    4 sysrq-m (memory)
	    8 sysrq-a (scheduler)
	    0 default (nothing)
	   -1 anything

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.7 distribution set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and Parallels Virtuozzo Containers modules.

# rpm -ivh vzkernel-2.6.32-042stab057.1.i686.rpm \
vzmodules-2.6.32-042stab057.1.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the "lilo" command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.32-042stab057.1.i686.rpm
   vzmodules-2.6.32-042stab057.1.i686.rpm

- Enterprise:
   vzkernel-ent-2.6.32-042stab057.1.i686.rpm
   vzmodules-ent-2.6.32-042stab057.1.i686.rpm

- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.32-042stab057.1.i686.rpm
   vzmodules-PAE-2.6.32-042stab057.1.i686.rpm


x86_64 kernels:

- SMP:
   vzkernel-2.6.32-042stab057.1.x86_64.rpm
   vzmodules-2.6.32-042stab057.1.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCES

http://rhn.redhat.com/errata/RHSA-2012-0743.html

https://www.redhat.com/security/data/cve/CVE-2012-0044.html
https://www.redhat.com/security/data/cve/CVE-2012-1179.html
https://www.redhat.com/security/data/cve/CVE-2012-2119.html
https://www.redhat.com/security/data/cve/CVE-2012-2121.html
https://www.redhat.com/security/data/cve/CVE-2012-2123.html
https://www.redhat.com/security/data/cve/CVE-2012-2136.html
https://www.redhat.com/security/data/cve/CVE-2012-2137.html
https://www.redhat.com/security/data/cve/CVE-2012-2372.html
https://www.redhat.com/security/data/cve/CVE-2012-2373.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2012 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

0c05f0c76fec3dd785e9feafce1099a9 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF