Article ID: 3533, created on Mar 27, 2009, last review on Apr 26, 2014

  • Applies to:
  • Virtuozzo containers for Linux


Synopsis: New Virtuozzo 3.0 kernel provides security updates, driver
  updates, and some other important fixes.
Issue date: 2007-12-19
Product: Virtuozzo 3.0
Keywords: security updates, driver update, stability fixes

This document provides information on the new Virtuozzo 3.0 kernel, version

(c) SWsoft, 2007. All rights reserved.



1. About This Release
2. Updates Description
3. Bugs Fixed
4. Obtaining New Kernel
5. Installing New Kernel
6. Required RPMs
7. Reference List



The current update for the Virtuozzo 3.0 kernel provides a new kernel based on
the Red Hat 4 Update 6 kernel (2.6.9-67.EL). The updated kernel includes a
number of security updates, driver updates, and important stability fixes.



The updated Virtuozzo 3.0 kernel includes fixes for the following security

  - A memory leak in the Red Hat Content Accelerator kernel patch in both the
  Linux Red Hat and Virtuozzo kernels allows local users to cause a denial
  of service (memory exhaustion) via a large number of open requests
  involving O_ATOMICLOOKUP (CVE-2007-5494).

  - The wait_task_stopped() function both in the Linux and Virtuozzo kernels
  checks the TASK_TRACED bit instead of the exit_state value, which allows
  local users to cause a denial of service (server crash) via unspecified
  vectors (CVE-2007-5500).

The updated Virtuozzo 3.0 kernel includes fixes for the following issues:

  - ext3 may become corrupted due to the presence of bad inodes in the orphan
  list. The following message may accompany the corruption:
  "EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file
  (37901290), 0
  Inode 00000101a15b7840: orphan list check failed!"

  - [CIFS]: A memory corruption due to bad error handling in the cifs code may
  cause an unexpected system behavior. The following message may accompany
  the memory corruption:
  "CIFS VFS: Invalid size SMB length 4 pdu_length 4".

  - Reducing the number of CPUs to be available to a VE using the "--cpus"
  option of the "vzctl set" command may cause a system crash.

  - [CPT]: In kernels with the 4GB split technology enabled (x86 architecture,
  enterprise kernel), online migration may fail due to a bug in the
  kernel/userspace segmentation handling in the CPT restoration code.

  - [CPT]: Under certain circumstances, /proc is considered as an external
  mount point, which causes online migration to fail.

  - [CPT]: Online migration may fail due to a bug in the SLM structures
  restoration with the following message:
  "Can't undump: Channel number out of range".

  - [CPT]: Migrating a VE with the Oracle application installed may fail due
  to a bug in the process start time restoration.

  - The network does not operate if network interfaces are configured in the
  802.3ad bonding mode.

  - [ext3]: A non-destructive assertion accomplishes with the following message:
  "Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363:
  "drop_count != 0 || cleanup_ret != 0"".

  - A kernel memory leak in the IPC code may occur due to a mistake in managing
  already locked segments in both the Linux Red Hat and Virtuozzo kernels.

  - If the SLM mode is disabled, a userbeancounter (UB) reference leak may
  occur causig the UB information to remain in /proc/user_beancounters after
  a VE is stopped.

  - A missed process wake-up may stall data transfer if the value of the
  TCPSNDBUF parameter has been exceeded.

  - A leak in PRIVVMPAGES may occur on mapping zero pages (for example, when
  copying from /dev/zero).

  - Unmounting an NFS partition having the simfs filesystem mounted over it and
  vzquota enabled may cause a system crash.

The updated Virtuozzo 3.0 kernel includes a number of updated drivers:

  - HP Controller SA5xxx SA6xxx driver
  (cciss driver 2.6.16.RH1 version)

  - Acronis True Image driver
  (snapapi driver 0.7.23 version)

  - Universal TUN/TAP device driver
  (tun driver 1.6 version)

Besides, the new Virtuozzo 3.0 kernel includes the following improvements:

  - The kernel has been re-based on the 2.6.9-67.EL4 Red Hat kernel.

  - The support for the tun/tap devices online migration has been added.

  - [CPT]: vzmigrate error messages have been made more verbose.

We highly recommend that all Virtuozzo 3.0 users update their kernel to the
latest version.



The following bugs from the previous release have been fixed in the new
Virtuozzo 3.0 kernel:

- #92189: A memory leak caused by an application which uses O_ATOMICLOOKUP
  flag for open() call (CVE-2007-5494).

- #96307: wait_task_stopped() incorrectly checks the process state

- #83419: ext3 orphan list corruption due to bad inodes in the list.

- #93807: [CIFS]: incorrect kernel_recvmsg() error handling in cifs code.

- #93979: [CPT]: A forked process should re-copy vcpu from current process
  because the old one could become invalid.

- #85041: [CPT] [4GB split]: Missed KERNEL_DS handling in CPT restoration code.

- #87718: [CPT]: Incorrect mount type determination (internal/external).

- #89714: [CPT]: SLM group regulator could be restored incorrectly during the
  online migration.

- #96300: [CPT]: A process start time was restored incorrectly during the
  online migration.

- #79891: [ext3]: JBD cleanup code could skip the last buffer in the list to
  be deleted.

- #78998: A possible kernel memory leak in IPC code.

- #77231: A potential beancounter refcount leak.

- #89127: A missed wakeup on exceeding TCPSNDBUF.

- #80246: A leak in PRIVVMPAGES on mapping zero pages.

- #91898: The HP CISS driver should be updated.

- #90769: The Acronis True Image driver should be updated.

- #83180: [CPT]: vzmigrate does not print the name of the file that it fails
  to open.

The following OpenVZ bugs have been fixed:

- #666: Incorrect carrier state determination for 802.3ad bonding mode.

- #541: vzquota should handle correctly NULL sb->put_super, in particular on

- #642: The support for tun/tap devices online migration is required.



You can get this kernel update in one of the following ways:

- You can download the update from
  If you do not have an ftp account, please contact

- You can download and install the update by using the vzup2date
  utility included in the Virtuozzo 3.0 distribution set.



To install the update, you should perform the following operations:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-smp-2.6.9-023stab046.2.i686.rpm \
Preparing... ################################# [100%]
  1:vzkernel-smp ################################# [50%]
  2:vzmodules-smp ################################# [100%]

  Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
  all the kernels previously installed on your system may be removed from
  the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
  loaded by default. If you use the LILO bootloader, please do not forget to
  execute the 'lilo' command to write the changes to the boot sector:

  # lilo
  Added Virtuozzo2 *
  Added Virtuozzo1
  Added linux
  Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new



Depending on the kind of processor on your Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- Uniprocessor:

- SMP:

- Enterprise:

- Enterprise with the 4GB split feature disabled:

x86_64 kernels:

- Uniprocessor:

- SMP:

ia64 kernel:



The following references have been used in this document:




e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF