Article ID: 114924, created on Oct 9, 2012, last review on May 6, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7

----------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.7 kernel provides an update with security and stability fixes.
Product:           Parallels Virtuozzo Containers 4.7
Keywords:          "bugfix" "stability" "security"

----------------------------------------------------------------------

This document provides information on the new Parallels Virtuozzo Containers (PVC) 4.7 kernel, version 2.6.32-042stab062.2.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Virtuozzo Containers 4.7 kernel provides a new
kernel based on the Red Hat Enterprise Linux 6.3 kernel (2.6.32-279.9.1.el6).
The updated kernel includes a number of security and stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* The update introduces the kernel module option "tg3_pcie_mrrs_boost" that
  forces the PCI Maximum Read Request Size (MRRS) to increase to 4 KB.
  Normally, a Node's BIOS automatically configures the proper MRRS value for
  hardware. The "tg3_pcie_mrrs_boost" option is intended for use only on
  hardware with a broken BIOS.

  Boosting the MRRS value may increase the performance of network cards, but
  this may also cause some problems on specific hardware platforms. The related
  mainstream commit is 2c55a3d08ade44a778c182c220a7907ec65d5fb8. (PSBM-14240)

* It was impossible to stop a container with an external process in the "T"
  state. Such a situation could occur when a command executed via "vzctl exec"
  was suspended with Ctrl+z. (PCLIN-31083)

* Support for kernel compilation with gcc 4.7 was added. (OVZ 2339)

* VLANs inside containers could fail to work if the "e1000e" driver supported
  a Node's network card. (PCLIN-31132)

  Note: If a VLAN is configured on the Node, VLANs in containers may still
  fail to work. Thus, if the "e1000e" network driver is used, either all VLANs
  you plan to use in containers must be created on the Hardware Node, or the
  Node must have no VLANs configured.

* Under certain circumstances, the Hardware Node could produce the following
  message: 
  "unregister_netdevice: waiting for lo=... to become free. Usage count = 3" (PSBM-14858)

* Not cleaned up TCP hints in the TCP code might be reused by NFS connections
  after timeouts, causing a kernel panic. (PCLIN-31212)

* Using certain types of iptables rules in a container might cause a kernel
  panic if OpenVPN was configured in the container. (OVZ 2322)

* An issue with CPU soft lockups caused by calling inet_twsk_deschedule() with
  the bh enabled was fixed. (OVZ 2346)

* A bug in the ext4 code, which could cause a kernel panic, was fixed. (PCLIN-31215)

* An online container migration could fail if a process in the container
  opened a /proc/$PID/... file of a task and that task died. (OVZ 2315)

* Support for the online migration of mm->saved_auxv data was added. Migrating
  this data is needed, in particular, for process debugging with gdb after the
  online migration. (PSBM-13556)

* The NFS server v4 exclusive locks handling was fixed. (OVZ 2122)

* Memory leaks in the code that provide vznetstat statistics were fixed. (PSBM-15109)

* An issue with CPU hard lockups caused by deadlocks in gathering statistics
  code, which could lead to a kernel panic, has been fixed. (PCLIN-31259)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.7 distribution set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and PVC modules.

# rpm -ivh vzkernel-2.6.32-042stab062.2.i686.rpm \
vzmodules-2.6.32-042stab062.2.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the "lilo" command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.32-042stab062.2.i686.rpm
   vzmodules-2.6.32-042stab062.2.i686.rpm

- Enterprise:
   vzkernel-ent-2.6.32-042stab062.2.i686.rpm
   vzmodules-ent-2.6.32-042stab062.2.i686.rpm

- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.32-042stab062.2.i686.rpm
   vzmodules-PAE-2.6.32-042stab062.2.i686.rpm


x86_64 kernels:

- SMP:
   vzkernel-2.6.32-042stab062.2.x86_64.rpm
   vzmodules-2.6.32-042stab062.2.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCES

http://rhn.redhat.com/errata/RHSA-2012-1304.html

https://www.redhat.com/security/data/cve/CVE-2012-2313.html
https://www.redhat.com/security/data/cve/CVE-2012-2384.html
https://www.redhat.com/security/data/cve/CVE-2012-2390.html
https://www.redhat.com/security/data/cve/CVE-2012-3430.html
https://www.redhat.com/security/data/cve/CVE-2012-3552.html

http://rhn.redhat.com/errata/RHBA-2012-1199.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2012 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

0c05f0c76fec3dd785e9feafce1099a9 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF