Article ID: 115068, created on Oct 31, 2012, last review on May 11, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7
-----------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.7 kernel provides
                   an update with security and stability fixes.
Product:           Parallels Virtuozzo Containers 4.7
Keywords:          "bugfix" "stability" "security"

-----------------------------------------------------------------------

This document provides information on the new Parallels Virtuozzo Containers (PVC) 4.7 kernel,
version 2.6.32-042stab063.2.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Virtuozzo Containers 4.7 kernel provides a new
kernel based on the Red Hat Enterprise Linux 6.3 kernel (2.6.32-279.11.1.el6).
The updated kernel includes a number of security and stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* The Container backup (via the "vzbackup" utility) and migration processes
  restriction algorithm have been enhanced. Now if the backup/migration I/O is
  limited by the VZ_TOOLS_IOLIMIT parameter in the global /etc/vz/vz.conf
  configuration file), the data read from the disk by the backup/migration process
  is not stored in the cache, allowing a more efficient use of the Hardware
  Node RAM. (PSBM-15797)

* The kernel process scheduler has been enhanced to run the processes of a
  Container on no more than the number of virtual CPUs assigned to the
  container. Containers with CPULIMIT set may gain an additional performance
  boost if they also have the CPUS parameter configured, especially if run on
  a Node with NUMA support. (PSBM-14332)

* The processes throttling algorithm (due to Container CPULIMIT restraints)
  has been improved to throttle tasks only when switching to userspace,
  increasing the overall Node performance. (PSBM-15441)

* The Node "load average" value does not include any more the tasks throttled
  due to Container IOLIMIT/IOPSLIMIT restraints.

* A new sysctl, "vm.strict_mem_cpuset," has been introduced ("0" by default).
  If this sysctl is set to "0," memory masks work as a hint. This means that if
  memory allocation from the allowed NUMA Nodes fails, mask constraints are
  ignored. (PSBM-15613)

* A 32-bit Container running on a 64-bit Node could fail to load more than
  approximately 2,000 iptables rules. (PCLIN-31246)

* CPU flags were reported empty in a Container residing on a Node with a single
  physical CPU. In particular, this could affect the yum operation. (OVZ 2373)

* The netlink messages handling code has been fixed by setting the proper
  environment context. In particular, this fixes the network configuration
  using the Network Manager. (OVZ 2353, OVZ 2354)

* Online migration of Containers between the Nodes with the IPv6 kernel module
  unloaded or disabled could fail. (PSBM-15431)

* A memory leak issue in the checkpointing code has been fixed. (PSBM-15373)

* A kernel conditional BUG() in n_tty_read() has been removed. (OVZ 2381)

* The NFS remote locks handling in checkpointing code has been fixed.
  (PSBM-14815)

* Under certain circumstances, a container with an NFS volume inside could
  fail to stop. Another symptom of this issue was the kernel work queue
  (rpciod) running in the "D" state permanently. (PSBM-15630)

* A Container with an NFS volume mounted inside could fail to stop if
  it was recently migrated from another Hardware Node using the online
  migration type. (PCLIN-31282)

* The oom_score_adj" value has been adjusted for the "init" process to be
  killed after all other processes in a Container. (PSBM-15718)

* Under certain circumstances, the OOM killer in a Container could be triggered
  too early if the Container constantly "touched" a lot of files. (PCLIN-31294)

* The drbd driver has been updated to version 8.3.13. (OVZ 2254)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.7 distribution set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and PVC modules.

# rpm -ivh vzkernel-2.6.32-042stab063.2.i686.rpm \
vzmodules-2.6.32-042stab063.2.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. If you do,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the "lilo" command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.32-042stab063.2.i686.rpm
   vzmodules-2.6.32-042stab063.2.i686.rpm

x86_64 kernels:

- SMP:
   vzkernel-2.6.32-042stab063.2.x86_64.rpm
   vzmodules-2.6.32-042stab063.2.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCES

http://rhn.redhat.com/errata/RHSA-2012-1366.html

https://www.redhat.com/security/data/cve/CVE-2012-3412.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2012 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

0c05f0c76fec3dd785e9feafce1099a9 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF