Article ID: 115640, created on Mar 4, 2013, last review on May 10, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7
Synopsis:          New Parallels Virtuozzo Containers 4.7 kernel
                   provides an update with performance and stability
Product:           Parallels Virtuozzo Containers 4.7
Keywords:          "bugfix" "stability" "security"


This document provides information on the new Virtuozzo Containers 4.7 kernel, version 2.6.32-042stab074.10.


1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References



The current update for the Virtuozzo Containers 4.7 kernel provides a new
kernel based on the Red Hat Enterprise Linux 6.3 kernel (2.6.32-279.22.1.el6).
The updated kernel includes a number of security and stability fixes.



This update contains fixes for the following issues:

* A race condition was found in the way the Linux kernel's ptrace
  implementation handled PTRACE_SETREGS requests when the debuggee was awakened
  due to a SIGKILL signal instead of being stopped. A local, unprivileged
  user could use this flaw to escalate their privileges. (CVE-2013-0871, PSBM-18575)

* A kernel panic could occur if netconsole was used on a Hardware Node
  with a network card supported by the "tg3" driver. (PCLIN-31420)

* Under certain circumstances, a kernel BUG at mm/memory.c:2815 could be
  triggered by high disk I/O. (OVZ 2491)

* Several issues were fixed which could potentially cause a priority
  inversion problem when a Container with the CPULIMIT parameter set to
  a low value indirectly throttled Containers with a greater CPULIMIT
  value or even unlimited Containers. (PSBM-15441)

* Under certain circumstances, running tasks could be throttled by the scheduler
  and never unthrottled, thus causing random process hangs. (PSBM-17658)

* Limiting CPU resources for Containers residing on an NFS volume could cause
  a significant NFS performance decrease for all Containers on the Node. (PCLIN-31507)

* A kernel panic could occur when starting a Container if the "venetdev" module
  was not loaded. (OVZ 2487)

* The missing mnt_drop_write() call has been added; its absence triggered the
  following kernel warning (PSBM-17612):
  "WARNING: at fs/namespace.c:739 mntput_no_expire+0x109/0x110()".

* Due to an incorrect TFD_TIMER_ABSTIME timer handling, the "init" process
  in a Container with Fedora 18 could consume much CPU power during the first
  few minutes after Container start-up. (PSBM-18284)

* The stability of ploop images has been enhanced by fixing several issues
  found during prolonged stress testing. (PSBM-18293, PSBM-18376)

* Support for second-level quota in Containers running Fedora 18 has been
  added. (PSBM-18337)



You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.7 distribution set.



Copyright (c) 1999-2013 Parallels Holdings, Ltd. and its affiliates. All rights

0c05f0c76fec3dd785e9feafce1099a9 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF