Article ID: 8712, created on Jul 21, 2010, last review on May 5, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.0

Release notes

Synopsis:          New Parallels Virtuozzo Containers 4.0 kernel provides a
                            number of important stability fixes and security updates
Issue date:        07-06-2010
Product:            Parallels Virtuozzo Containers 4.0
Keywords:         "stability fixes" "security updates"


This document provides information on the new Virtuozzo Containers 4.0 kernel,
version 2.6.18-028stab070.2

© 1999-2010 Parallels, Inc. All rights reserved.


1. About This Release
2. Updates Description
3. Bugs Fixed
4. Obtaining New Kernel
5. Installing New Kernel
6. Required RPMs
7. Reference List



The current update for the Virtuozzo Containers 4.0 kernel provides a new kernel
based on the new Red Hat 5 kernel (2.6.18-194.8.1.el5). The updated kernel
includes a number of important security and stability fixes from Parallels and
from Red Hat.



The updated Virtuozzo Containers 4.0 kernel includes fixes for the following
security vulnerabilities (including those that were fixed in the
2.6.18-194.8.1.el5 Red Hat kernel):

- Multiple flaws were found in the mmap and mremap implementations. A local
  user could use these flaws to cause a local denial of service or escalate
  their privileges. (CVE-2010-0291, Important)

- A NULL pointer dereference flaw was found in the Fast Userspace Mutexes
  (futexes) implementation. The unlock code path did not check if the futex
  value associated with pi_state->owner had been modified. A local user could
  use this flaw to modify the futex value, possibly leading to a denial of
  service or privilege escalation when the pi_state->owner pointer was
  dereferenced. (CVE-2010-0622, Important)

- A NULL pointer dereference flaw was found in the Linux kernel Network
  File System (NFS) implementation. A local user on a system with an
  NFS-mounted file system could use this flaw to cause a denial of service or
  escalate their privileges on that system. (CVE-2010-1087, Important)

- A flaw was found in the sctp_process_unk_param() function in the Linux
  kernel Stream Control Transmission Protocol (SCTP) implementation. A remote
  attacker could send a specially-crafted SCTP packet to an SCTP-listening
  port on a target system, causing a kernel panic (denial of service).
  (CVE-2010-1173, Important)

- A flaw was found in the Linux kernel Transparent Inter-Process
  Communication protocol (TIPC) implementation. If a client application, on a
  local system where the tipc module was not yet in network mode, attempted to
  send a message to a remote TIPC node, it would dereference a NULL pointer
  on the local system, causing a kernel panic (denial of service).
  (CVE-2010-1187, Important)

- A buffer overflow flaw was found in the Linux kernel Global File System 2
  (GFS2) implementation. In certain cases, a quota could be written past the
  end of a memory page, causing memory corruption, and leaving the quota stored
  on the disk in an invalid state. A user with write access to a GFS2 file system
  could trigger this flaw to cause a kernel crash (denial of service) or
  escalate their privileges on the GFS2 server. This issue can only be
  triggered if the GFS2 file system is mounted with the "quota=on" or
  "quota=account" mount option. (CVE-2010-1436, Important)

- A race condition between finding a keyring by name and destroying a freed
  keyring was found in the Linux kernel key management facility. A local user
  could use this flaw to cause a kernel panic (denial of service) or escalate
  their privileges. (CVE-2010-1437, Important)

- A flaw was found in the link_path_walk() function in the Linux kernel.
  Using the file descriptor returned by the open() function with the
  O_NOFOLLOW flag on a subordinate NFS-mounted file system could result in a
  NULL pointer dereference, causing a denial of service or privilege
  escalation. (CVE-2010-1088, Moderate)

- A missing permission check was found in the gfs2_set_flags() function in
  the Linux kernel GFS2 implementation. A local user could use this flaw to
  change certain attributes of files on a GFS2 file system that they
  do not own. (CVE-2010-1641, Low)
The updated Parallels Virtuozzo Containers 4.0 kernel also includes fixes for
the following issues:

- Hot-adding memory to a system with 4 GB of RAM caused problems with 32-bit
  DMA devices, which led to the system becoming unresponsive. (BZ#587957)

- Running two or more simultaneous write operations with the O_DIRECT flag, on
  two separate partitions of a single disk, resulted in the performance of each
  write being reduced. (BZ#588219)

- The "ethtool" utility is used to display or change Ethernet card settings. It
  was not possible to enable Wake-on-LAN for network devices using the Intel
  PRO/1000 Linux driver that had Wake-on-LAN disabled in their EEPROM memory.

- When an SFQ (Stochastic Fair Queuing) qdisc that limited the queue size to
  two packets was added to a network interface (for example, via tc qdisc add),
  sending traffic through that interface resulted in a kernel crash. (BZ#594054)

- When a system was configured using channel bonding in "mode=0" (round-robin
  balancing) with multicast, IGMP traffic was transmitted via a single
  interface. (BZ#594057)

- On NFS, the read(2) system call could have returned an unexpected EIO
 (input/output error) value. (BZ#594061)

- When an NFS server exported a file system with an explicit fsid=file_system_ID,
  an NFS client mounted that file system on one mount point and a subdirectory
  of that file system on a separate mount point. Then, if the server re-exported
  that file system after un-exporting and unmounting it, it was possible for
  the NFS client to unmount those mount points and receive the following error
  message: "VFS: Busy inodes after unmount..." Additionally, it was possible to
  crash the NFS client's kernel in this situation. (BZ#596384)

- It was previously not possible to dynamically disable LRO for devices in a
  forwarding mode. (BZ#596385)

- The system is unable to use the data in the page cache page due to bad handling
  of the input/output errors in "do_generic_file_read." (BZ#599739)

- Calling the iptables service's stop command causes the iptables init script to
  unload the netfilter modules. Because a clean-up code path was not taken, an
  endless loop would occur, resulting in the init script becoming
  unresponsive. (BZ#600215)

- The timer_interrupt() routine did not scale lost real ticks to logical ticks
  correctly. (BZ#601090)

- Upon startup, the bnx2x network driver experienced a panic dump when more than
  one network interface was configured to start up at boot time. (BZ#607087)

- The e1000 and e1000e drivers for Intel PRO/1000 network devices were updated
  with an enhanced algorithm for adaptive interrupt modulation in the Red Hat
  Enterprise Linux 5.1 release. When InterruptThrottleRate was set to "1" (thus
  enabling the new adaptive mode), certain traffic patterns could have caused
  high CPU usage. This update provides a way to set InterruptThrottleRate to "4,"
  which switches the mode back to the simpler and non-adaptive algorithm. (BZ#599332)

This update also includes fixes for the following Virtuozzo issues:

- Memory leaks were fixed in timer and ipv4 code.

- The "/proc/sys/kernel/hotplug" file was added to containers to make udev and
  some other software work.

- Fixed bug in vzfs that resulted in errors in dcachesize resource accounting.

- Fixed a set of bugs in bonding driver.

We highly recommend that all Parallels Virtuozzo Containers 4.0 users update
their kernel to the latest version.


The following bugs from the previous release have been fixed in the new
Virtuozzo Containers 4.0 kernel:

- #473702 [vzt-ss] 1 task_struct leak

- #476110 The "seeker" utility shows CFQ is much worse than deadline

- #444054 udev start inside a Ubuntu 9.04 CT fails to write into

- #462050 Memory: need to optimize kstat_glb_lock

- #475354 [vzt-ss] [OVZ] kmemsize leaked for 130

- #478828 Kernel panic - not syncing: Fatal exception in interrupt after PVC

- #475938 dcache is not uncharged when reading dirindex

- #479776 kernel panic if bonding initialization fails

- #476604 "ionice" on virtual pid triggers kernel panic

- #477117 Oops in fh_update

- #466858 No environment reset in tcp_probe_timer

- #98958  VZFS: dirindex corrupted during vzt-ss 100

- #475843 vzquota_dparents_check_same warnings in log

- #477985 "Dropped packet, source wrong veid=1" messages



You can download and install this kernel update using the "vzup2date" utility
included in the Parallels Virtuozzo Containers 4.0 distribution set.



To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-2.6.18-028stab070.2.i686.rpm \
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the "lilo" command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new



Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:

- Enterprise:

- Enterprise with the 4GB split feature disabled:

x86_64 kernels:

- SMP:



35c16f1fded8e42577cb3df16429c57a d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF