Article ID: 114657, created on Aug 27, 2012, last review on Apr 26, 2014

  • Applies to:
  • Virtuozzo hypervisor 5.0
----------------------------------------------------------------------
Synopsis:          New Parallels Server Bare Metal 5.0 kernel provides
                   an update with security and stability fixes.
Product:           Parallels Server Bare Metal 5.0
Keywords:          "bugfix" "stability" "security"

----------------------------------------------------------------------

This document provides information on the new Parallels Server Bare Metal 5.0 kernel, version 2.6.32-042stab061.2.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Required RPMs
5. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Server Bare Metal 5.0 kernel provides a
new kernel based on the Red Hat Enterprise Linux 6.3 kernel
(2.6.32-279.5.1.el6). The updated kernel includes a number of security and
stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* Kernel warnings such as "WARNING: at kernel/sched_rt.c:13 pick_next_highest_task_rt"
  have been eliminated. (PCLIN-31148)

* The checkpointing code has been enhanced to keep futex timeouts bound to
  a container's virtualized monotonic time. This ensures proper futex timeout
  values after online migration of a container. (PSBM-14471)

* Sometimes, the "pppd" daemon running in a container would hang, and it would
  be impossible to stop such a container. (PCLIN-31160)

* The "notify_on_release" and "release_agent" cgroups features did not work
  on the Hardware Node. (OVZ 2261)

* If disabled with the "ip_conntrack_disable_ve0=1" nf_conntrack kernel module
  option, ip_conntrack functionality could not be enabled again by removing
  this option until the Node was rebooted. (PCLIN-31123)

* Network devices can now be unregistered and destroyed in parallel. This
  decreases the overall time required to stop multiple containers. (PSBM-11724)

* JAVA processes could hang when running in containers that had the CPUS
  parameter set to 1. This happened because JAVA tried to optimize its code
  on uniprocessor (UP) systems, while containers were not guaranteed to be
  uniprocessor systems, even if their CPUS parameter was set to 1.
  The issue was resolved by creating empty /sys/devices/system/cpu# directories
  for each possible CPU (+1 on UP systems).

  Effectively, this makes glibc think that the _SC_NPROCESSORS_CONF value is always more
  than 1, so userspace applications are not be tempted to "optimize" their
  code. This also helps avoid possible problems with the online migration of
  containers between UP and SMP systems. (PSBM-14103, OVZ 2206)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Server Bare Metal 5.0 distribution set.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

   vzkernel-2.6.32-042stab061.2.x86_64.rpm
   vzkernel-firmware-2.6.32-042stab061.2.noarch.rpm
   vzmodules-2.6.32-042stab061.2.x86_64.rpm
   parallels-kmod-5.0.13271.709218-1.2.6.32_042stab061.2.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCES

http://rhn.redhat.com/errata/RHSA-2012-1156.html
https://www.redhat.com/security/data/cve/CVE-2011-1078.html
https://www.redhat.com/security/data/cve/CVE-2012-2383.html

http://rhn.redhat.com/errata/RHBA-2012-1104.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2012 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

c662da62f00df94fd77ba7a2c9eff4b4 2897d76d56d2010f4e3a28f864d69223 a26b38f94253cdfbf1028d72cf3a498b

Email subscription for changes to this article
Save as PDF