Article ID: 115069, created on Oct 31, 2012, last review on May 11, 2014

  • Applies to:
  • Virtuozzo hypervisor 5.0
-----------------------------------------------------------------------
Synopsis:          New Parallels Server Bare Metal 5.0 kernel provides an update with security and stability fixes.
Product:           Parallels Server Bare Metal 5.0
Keywords:          "bugfix" "stability" "security"

-----------------------------------------------------------------------

This document provides information on the new Parallels Server Bare Metal 5.0 kernel, version 2.6.32-042stab063.2.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Required RPMs
5. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Server Bare Metal 5.0 kernel provides a
new kernel based on the Red Hat Enterprise Linux 6.3 kernel
(2.6.32-279.11.1.el6). The updated kernel includes a number of security and
stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* The Container backup (via the "vzbackup" utility) and migration processes
  restriction algorithm has been enhanced. Now if the backup/migration I/O is
  limited by the VZ_TOOLS_IOLIMIT parameter in the global "/etc/vz/vz.conf"
  configuration file), the data read from disk by the backup/migration process
  is not stored in the cache, allowing a more efficient use of the Hardware
  Node RAM. (PSBM-15797)

* The kernel process scheduler has been enhanced to run the processes of a
  Container on no more than the number of virtual CPUs assigned to the
  Container. Containers with a CPULIMIT set may gain an additional performance
  boost if they also have the CPUS parameter configured, especially if run on
  a Node with NUMA support. (PSBM-14332)

* The processes throttling algorithm (due to Container CPULIMIT restraints)
  has been improved to throttle tasks only when switching to userspace,
  increasing the overall Node performance. (PSBM-15441)

* The Node "load average" value no longer includes tasks that are throttled
  due to Container IOLIMIT/IOPSLIMIT restraints.

* A new sysctl "vm.strict_mem_cpuset" has been introduced ("0" by default).
  If this sysctl is set to "0," memory masks work as a hint. This means that if
  memory allocation from the allowed NUMA nodes fails, mask constraints are
  ignored. (PSBM-15613)

* A 32-bit Container running on a 64-bit Node could fail to load more than
  approximately 2,000 iptables rules. (PCLIN-31246)

* CPU flags were reported empty in a Container residing on a Node with a single
  physical CPU. In particular, this could affect the "yum" operation. (OVZ 2373)

* The netlink messages handling code has been fixed by setting the proper
  environment context. In particular, this fixes the network configuration
  using the Network Manager. (OVZ 2353, OVZ 2354)

* Online migration of Containers between the Nodes with the IPv6 kernel module
  unloaded or disabled could fail. (PSBM-15431)

* A memory leak issue in the checkpointing code has been fixed. (PSBM-15373)

* A kernel conditional BUG() in n_tty_read() has been removed. (OVZ 2381)

* The NFS remote locks handling in the checkpointing code has been fixed.
  (PSBM-14815)

* Under certain circumstances, a Container with an NFS volume inside could
  fail to stop. Another symptom of this issue was the kernel work queue
  (rpciod) running in the "D" state permanently. (PSBM-15630)

* A Container with an NFS volume mounted inside could fail to stop if
  it was recently migrated from another Hardware Node using the online
  migration type. (PCLIN-31282)

* The "oom_score_adj" value has been adjusted for the "init" process to be
  killed after all other processes in a Container. (PSBM-15718)

* Under certain circumstances, the OOM killer in a Container could be triggered
  too early if the Container constantly "touched" a lot of files. (PCLIN-31294)

* The "drbd" driver has been updated to version 8.3.13. (OVZ 2254)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the "vzup2date" utility
included in the Parallels Server Bare Metal 5.0 distribution set.

--------------------------------------------------------------------------------

4. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

   vzkernel-2.6.32-042stab063.2.x86_64.rpm
   vzkernel-firmware-2.6.32-042stab063.2.noarch.rpm
   vzmodules-2.6.32-042stab063.2.x86_64.rpm
   parallels-kmod-5.0.13271.709218-1.2.6.32_042stab063.2.x86_64.rpm

--------------------------------------------------------------------------------

5. REFERENCES

http://rhn.redhat.com/errata/RHSA-2012-1366.html

https://www.redhat.com/security/data/cve/CVE-2012-3412.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2012 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

c662da62f00df94fd77ba7a2c9eff4b4 2897d76d56d2010f4e3a28f864d69223 a26b38f94253cdfbf1028d72cf3a498b

Email subscription for changes to this article
Save as PDF