Article ID: 116616, created on Aug 1, 2013, last review on May 11, 2014

  • Applies to:
  • Virtuozzo 6.0


Synopsis:         The new Parallels Virtuozzo Containers 4.7 kernel 
provides an update with with security, performance, and stability fixes.
Issue date:       07-01-2013
Product:           Parallels Virtuozzo Containers 4.7
Keywords:        "bugfix" "stability" "security"
This document provides information on the new 
Parallels Virtuozzo Containers 4.7 kernel, version 2.6.32-042stab079.4.
1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References
The current update for the Parallels Virtuozzo Containers 4.7 kernel provides a
new kernel based on the Red Hat Enterprise Linux 6.4 kernel
(2.6.32-358.14.1.el6). The updated kernel includes a number of security,
performance, and stability fixes.
This update contains fixes for the following issues:
* Information leak flaws in the ploop and quota kernel code could allow a local,
  unprivileged user to leak kernel memory to user space. (PSBM-20690,
* A kernel BUG could be triggered in the nf_nat_setup_info() function under certain
  circumstances. (PCLIN-31920)

* Creation of nested pid namespaces inside Containers was disabled. (PSBM-20670)
* "Holy Crap X" debug messages previously printed by the checkpoint code were substituted with user-friendly reports.
* The issues with Parallels Virtuozzo Containers 4.7 kernel compilation with gcc
  4.5 compiler were eliminated.
* The ARAT feature bit is now set for AMD CPUs. This improves performance on AMD
  Opteron 62xx-based systems.
* The NFS server kernel code was enhanced to return file system superblock time
  granulaty on FSINFO request. This enhancement provides a performance boost
  because inodes are not revalidated most of the time. The performance increase
  can be gained only if the NFS server node runs the Parallels Virtuozzo
  Containers 4.7 kernel and the filesystem exported by the NFS server resides on
  an ext4 filesystem. (PCLIN-31863)
* The tcpsndbuf resource counter leak was eliminated. It produced messages like
  "Ub 17843 helds 13080 in tcpsndbuf on put" on Container stops. The issue was
  not a real memory leak, just a counter malfunction. (PCLIN-31931)
* The online permission restrictions for devices provided to Containers were
  corrected. (PSBM-19097)
* Collisions of inode numbers could cause kernel panic on node reboot, if the
  node used the Rebootless Kernel Update feature. (PCLIN-31948)
* A new per-node "" sysctl was introduced. It allows customizing
  of the per-Container limit for allowed mount points (4096 by default).
* The issue with license synchronization between different components of
  Parallels products was fixed. (PSBM-20179)
* A Container could fail to restart because of an issue in the
  synchronize_mapping_faults() function which could cause a deadlock.
* The number of processes that reside in the uninterruptible sleep state could
  be reported incorrectly if a Container was suspended with stopped processes
  inside. This issue did not affect the real node load, but indirectly affected
  the loadaverage reported by the system. (PSBM-21154)

* The kernel scheduler optimizations were done with the assumption that there were no
  nested Containers improved the overall node performance, especially in the case of
  Containers with CPU limits configured, residing on NFS volumes. (PSBM-20273)
Parallels would like to thank Jonathan Salwan of Sysdream Security Laboratory
for reporting CVE-2013-2239.
You can download and install this kernel update using the "vzup2date" utility
included in the Parallels Virtuozzo Containers 4.7 distribution set.
Copyright (c) 1999-2013 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

c62e8726973f80975db0531f1ed5c6a2 2897d76d56d2010f4e3a28f864d69223 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF