[Announce] [security] Kernel RHEL6 042stab074.10 (stable)

Kir Kolyshkin kir at openvz.org
Mon Mar 4 20:46:37 EST 2013 

OpenVZ project has released a new RHEL6 based stable kernel. Read below 
for more information. Everyone using this kernel branch is advised to 
upgrade.


Changes
=======
Since 042stab072.10:
* [security] Rebase to 2.6.32-279.22.1.el6 RHEL6.3 kernel (security and 
bug fixes, see link below)
* [security/utrace] utrace: ensure arch_ptrace/ptrace_request can never 
race with SIGKILL, ported from 2.6.32-358.0.1.el6 RHEL6.4 kernel 
(CVE-2013-0871) (RHSA-2013-0567) (PSBM-18575)
* [net/tg3] kernel panic when netconsole is using (PCLIN-31420)
* [mm/vswap] kernel panic in handle_pte_fault() due to do_vswap_page() 
race with reclaimer (#2491)
* [vzquota/nfs] nfs client quota access to inode reserved space is 
protected by inode lock, preventing possible races (found during 
PSBM-17619 investigation (not a fix))
* [sched] do not throttle on cond_resched(), preventing one more case of 
possible priority inversion (PSBM-15441)
* [cgroup] calling release agent for already dead khelper caused a 
warning. This could happened if Fedora 18 CT is stopped with "--fast". 
(PSBM-17915)
* [sched] running tasks could be throttled and never unthrottled thus 
causing random node hangs. (PSBM-17658)
* [cgroup] added possibility to define the CT0 minimal cpu units in %% 
of all units assigned by all CTs on the Node (min_shares_pct)
* [fence-watchdog] kernel fencing watchgod is implemented.
* [fence-watchdog] The ability to choose, which action to perform in 
case of timeout. The configuration is done via sysfs files: 
/sys/kernel/watchdog_available_actions and /sys/kernel/watchdog_action 
(PSBM-13631)
* [proc] several issues on error paths have been fixed in 
proc_fill_super() (PSBM-17869)
* [fuse] background requests accounting has been fixed (PSBM-18114)
* [sched] possible node lockups have been fixed by correcting throttling 
algorithm (PCLIN-31507)
* [sched] the number of context switches should be reported correctly 
inside a CT in /proc/stat (PSBM-18113)
* [sched] the number of processes should be reported correctly inside a 
CT in /proc/stat (PSBM-18113)
* [sched] fixed another case of cpu priority inversion (PCLIN-31507)
* [sched] corrected handling of cpu shares settings (PSBM-18193)
* [fs] added missing mnt_drop_write(), its absence triggered a warning 
(PSBM-17612)
* [netlink] netlink should advertise userspace about incomplete dumps 
(needed to fix PSBM-17633)
* [mm/debug] added some useful vmstat counters into sysrq-m output.
* [mm/vmscan] fixed possible races in slab shrinker batching
* [cpt] preserve old failcounters during online migration in case the 
appropriate beancounter already exists on the destination node (PSBM-17465)
* [ve/net] fixed kernel panic in case venetdev module is unloaded (#2487)
* [ext4] removed ext4 "optimize_fsync" attribute, leaving the 
optimization code disabled, we do not need this optimization anymore and 
it's broken (PSBM-16762)
* [block/stats] %WA statistic in 'top' should account the time spent in 
fdatasync() call (PSBM-11692)
* [cpt] debug prints corrected: unfrozen tasks should be printed before 
CT wakeups (debug for PSBM-17361)
* [fuse] code has been reviewed and made working after rebase from 
2.6.32-279.19.1.el6 to 2.6.32-279.22.1.el6 (PSBM-18215)
* [fs] handle "hidden" mount options properly, required for secondary 
ploop inside a CT feature (required for PSBM-15338)
* [timers] corrected TFD_TIMER_ABSTIME timer handling, the issue led to 
high cpu usage inside a Fedora 18 CT by 'init' process (PSBM-18284)
* [fuse] one more kernel panic due to incorrect fuse rebase on new RHEL 
kernel update fixed (PSBM-18347)
* [fs] deadlock in unix_bind() has been fixed (PSBM-18292)
* [fuse] fuse patches cleanups were performed (PSBM-18211)
* [fs] get_active_super/umount race has been fixed (backport from 
mainstream) (PSBM-18397)
* [ploop] possible ploop image corruption has been fixed (PSBM-18293)
* [ploop] possible deadlock on ploop snapshot has been fixed (PSBM-18376)
* [fs] CAP_FS_FREEZE capability should be used only when fs is really 
frozen => prevent possible data corruption
* [ext4] fixed ext4_end_aio_dio_nolock() error handling. Before this we 
could get an unkillable process waiting in ..._aios() on exit.
* [ext4] fixed potential deadlock in ext4_nonda_switch()
* [fs] fixed unbalanced write counter in __dentry_open(). Before this we 
could get a process stuck in mntput_no_expire() (PSBM-18369)
* [fs] CAP_FS_FREEZE capability should be used only when fs is really 
frozen => prevent possible data corruption
* [vedev] ioctl(VZCTL_SETDEVPERMS) has been enhanced to pass a device to 
a CT in a more consistent way: register device in CT' devtmpfs, make 
hardlink in CT's /sys/device/... pointing to the host' /sys/device/..., 
make symlink in CT's /sys/class/{block|char} pointing to device, set 
device permissions by adding device to CT' devcgroup whitelist (as it 
used to be before this patchset). This fixes quota issues on ploop for 
Fedora 18 CT (PSBM-18337)
* [cgroups] cgroups should be automatically destroyed on CT stop 
(related to PSBM-17934)
* [fence-watchdog] a message is printed if the node is fenced by 
watchdog (PSBM-18312)
* [fuse] severe kernel memory leak while writing to pStorage (PSBM-18516)



Download
========
http://wiki.openvz.org/Download/kernel/rhel6/042stab074.10


Bug reporting
=============
Use http://bugzilla.openvz.org/ to report any bugs found.


Other sources of info on updates
================================
See http://wiki.openvz.org/News to view all the news (including updates)
online. There you can also find RSS feed links.


Best regards,
   OpenVZ team

More information about the Announce mailing list