Article ID: 122647, created on Aug 14, 2014, last review on Aug 14, 2014

  • Applies to:
  • Virtuozzo 6.0
Synopsis:          A Parallels Server Bare Metal 5.0 kernel update
                   introducing introducing stability and security fixes.
Issue date:        2014-08-14
Product:           Parallels Server Bare Metal 5.0
Keywords:          'security'
1. What's Included in This Update
This update includes a new Parallels Server Bare Metal 5.0 kernel (2.6.32-042stab093.4) based on the Red Hat Enterprise Linux 6.5 kernel (2.6.32-431.23.3.el6). The new kernel introduces stability and security fixes.
2. Bug Fixes
- Configuring ipset netfilter rules from inside a Container is prohibited as ipset has not been virtualized yet. (#PSBM-27792, OVZ# 2644)
- Container online migration could fail with messages like:
"Cannot undump the file: Cannot allocate memory
Error: do_rst_vma: sc_m(un)lock failed
Error: do_rst_mm: failed to restore vma 0x01349000-0x0135a000: -12".
This could happen if, inside the Container, a process run by the root user allocated and locked memory, then changed its effective UID. (#PSBM-27938)
- Under certain circumstances, online migration of a Container with an IPv6 address could result in a kernel panic in the inet_csk_reqsk_queue_prune() function due to a bug in the IPv6 socket restoration code. (#PSBM-28004)
- The inactive memory reclaimer algorithm now does not experience "freezes" up to several seconds long in case there is still plenty of free RAM. (#PSBM-28058)
- The number of running processes (nr_running) inside a Container in /proc/stat is now reported for all physical CPUs on the Hardware Node. (#PSBM-28277)
- Under certain circumstances, a Hardware Node with several NUMA nodes could end up with a lot of inactive slab objects (e.g., "buffer_head" objects), exceeding the limit for free slab objects. Eventually, these inactive objects could fill up the memory of the entire NUMA zone. (#PSBM-28323)
- A process could remain in the stopped state (D state) forever after migration of the Container which owned the process from PVCfL 4.0, PVCfL 4.6 or PSBM 4.0 (running 2.6.18-x kernels) to PVCfL 4.7, PSBM 5.0 or PCS 6 (running 2.6.32-x kernels). (#PSBM-28401, OVZ# 3018)
- Idle time reported for Containers in /proc/vz/vestat is now calculated correctly. (#PSBM-28403, OVZ# 3035)
- Changing socket file's UID/GID could cause the application using this socket to fail after Container online migration. (#PSBM-28424, OVZ# 2969)
All users are highly advised to install this update.
3. Obtaining the Update
You can download and install the update using the vzup2date utility included in the Parallels Server Bare Metal 5.0 distribution set.
4. References
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

c62e8726973f80975db0531f1ed5c6a2 2897d76d56d2010f4e3a28f864d69223 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF