Article ID: 117404, created on Sep 20, 2013, last review on May 11, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7

Applies to

  • Parallels Virtuozzo Containers for Linux 4.7

    -----------------------------------------------------------------------
    Synopsis:          A new Parallels Virtuozzo Containers 4.7 kernel update
                       addressing security, performance, and stability issues.
    Product:           Parallels Virtuozzo Containers 4.7
    Keywords:          'bugfix' 'stability' 'security'
    
    -----------------------------------------------------------------------
    
    This document provides information on the new Parallels Virtuozzo Containers 4.7
    kernel, version 2.6.32-042stab081.3.
    
    --------------------------------------------------------------------------------
    CONTENTS
    
    1. About This Update
    2. Update Description
    3. Obtaining the New Kernel
    4. References
    
    --------------------------------------------------------------------------------
    
    1. ABOUT THIS UPDATE
    
    The current update for the Parallels Virtuozzo Containers 4.7 kernel provides a
    new kernel based on the Red Hat Enterprise Linux 6.4 kernel
    (2.6.32-358.18.1.el6). The updated kernel includes a number of security,
    performance, and stability fixes.
    
    --------------------------------------------------------------------------------
    
    2. UPDATE DESCRIPTION
    
    This update includes the following fixes and improvements:
    
    * Ploop has been enhanced to thoroughly collect a succession of bios to improve
      the performance on small requests. (PSBM-19207)
    
    * Performance events are disabled inside the Container by default now.
      Set 'kernel.perf_event_paranoid' sysctl (default 1) to -1 to enable it back.
    
    * Memory compacting algorithm has been enhanced to work better under
      high load. (PSBM-20273)
    
    * A kernel panic could occur while accessing a USB storage device. (PSBM-21015)
    
    * Under certain circumstances, signal pending flag could be lost due to a race
      in the code. (PCLIN-31992)
    
    * The SKB_GSO_TCP flag saving is added to the checkpointing mechanism in order
      to prevent kernel panic of the destination Node that could happen while the
      online migration of Containers was in progress. (PSBM-21181)
    
    * Kernel rpm package now provides appropriate base RHEL6 kernel version
      (like '2.6.32-358.14.1.el6') in the 'kernel' capability.
      This form of 'kernel' capability is required by the 'irqbalance' rpm package.
      (PSBM-21258)
    
    * Under certain conditions, the file system could be left frozen after the
      Container backup operation, which caused some processes to stall awaiting
      for disk I/O. (PCLIN-32011)
    
    * /proc/meminfo output inside a vSwap-enabled Container was extended to
      include the 'Buffers:' line which is expected by some monitoring tools.
      Buffers usage is always reported as 0 inside a Container. (PSBM-19448)
    
    * Under certain circumstances, a checkpointing operation of a Container
      running processes being straced could cause a Hardware Node hard lockup.
      (PCLIN-32020)
    
    * fsck considers ext4 filesystem broken if it was previously resized online.
      (PSBM-21709, OVZ# 2701)
    
    * Manual unmounting of a ploop device while the inner file system is still
      being mounted and used by the Container leads to numerous complaints in
      kernel logs, like: "VFS: Busy inodes after unmount. sb = ffff880108987000,
      fs type = ext4, sb count = 2, sb->s_root = /". (PSBM-21474)
    
    * The resources accounting has been improved by fixing a number of resources
      accounting issues.
    
    * OOM berserker mode algorithm (which is a defense from fork bombs)
      has been tuned to reduce the chances to kill processes from Containers
      which do not run a fork bomb. (PSBM-21293)
    
    * The Container ID has been added to the SYN flood warning message
      in order to identify the problem Container on a Hardware Node.(PCLIN-31975)
    
    * A kernel warning inside ext4_journal_start_sb() function could be reported
      on the Nodes that run both ploop-based Containers and vzfs Containers
      simultaneously. (PSBM-20150)
    
    --------------------------------------------------------------------------------
    
    3. OBTAINING THE NEW KERNEL
    
    You can download and install this kernel update using the vzup2date utility
    included in the Parallels Virtuozzo Containers 4.7 distribution set.
    
    --------------------------------------------------------------------------------
    
    4. REFERENCES
    
    https://rhn.redhat.com/errata/RHSA-2013-1173.html
    
    https://www.redhat.com/security/data/cve/CVE-2012-6544.html
    https://www.redhat.com/security/data/cve/CVE-2013-2146.html
    https://www.redhat.com/security/data/cve/CVE-2013-2206.html
    https://www.redhat.com/security/data/cve/CVE-2013-2224.html
    https://www.redhat.com/security/data/cve/CVE-2013-2232.html
    https://www.redhat.com/security/data/cve/CVE-2013-2237.html
    
    --------------------------------------------------------------------------------
    Copyright (c) 1999-2013 Parallels IP Holdings GmbH and its affiliates. All
    rights reserved.
    

Search Words

PCLIN-32020

PCLIN-31975

PSBM-19448

PSBM-21709

PCLIN-32011

PCLIN-31992

2.6.32-042stab081.3

PSBM-21181

PSBM-19207

PSBM-21293

PSBM-20273

PSBM-21474

PSBM-21015

PSBM-21258

PSBM-20150

0c05f0c76fec3dd785e9feafce1099a9 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF