This topic describes known issues of Aliyun Linux 2 images, the scope of these issues, and their corresponding solutions.

Enabling the CONFIG_PARAVIRT_SPINLOCK kernel feature causes performance issues

  • Problem description: After you enable the CONFIG_PARAVIRT_SPINLOCK kernel feature, application performance is significantly affected when an ECS instance has a large number of vCPUs and a large number of lock contentions exist in applications. For example, timed-out connections deteriorate the performance of an NGINX application.
  • Solution: The CONFIG_PARAVIRT_SPINLOCK kernel feature for Aliyun Linux 2 is disabled by default. And if you are not sure how to resolve the kernel problem, we recommend that you do not enable the CONFIG_PARAVIRT_SPINLOCK feature.

Setting the THP switch of kernel features to always causes affect system stability and performance issues

  • Problem description: After you set the Transparent Hugepage (THP) switch in your production environment to always, the system becomes unstable and performance is deteriorated.
  • Solution: Set the THP switch to madvise. In scenarios such as running performance benchmark testing by using test suites, system performance is deteriorated if this switch is set to madvise compared with always. However, these testing results might not be reliable or match real-world conditions. Therefore, we recommend that you retain the madvise setting to prevent the system from being affected by other contentions.

A delegation conflict occurs in NFS V4.0

Defects in NFS V4.1 or V4.2 cause applications not to exit

  • Problem description: In NFS V4.1 or V4.2, if you use Asynchronous I/O (AIO) in applications to distribute requests and close the corresponding file descriptors before all I/O operations are returned, a livelock may be triggered and the corresponding process cannot be ended.
  • Solution: This problem was fixed in kernel versions 4.19.30-10.al7 and later. Application exit failure is not likely to occur. Decide whether you need to upgrade the kernel to fix this issue. To upgrade the kernel version, run the sudo yum update kernel -y command.
    • Upgrading the kernel may result in system boot failure. Exercise caution when you perform this action.
    • Before you upgrade the kernel, make sure you have created a snapshot or a custom image to back up data. For more information, see Create a snapshot or Create a custom image by using an instance.

Fixing security vulnerabilities such as Meltdown and Spectre affects system performance

  • Problem description: In the kernel of Aliyun Linux 2, the repair of important security vulnerabilities such as Meltdown or Spectre in processors is enabled by default, which affects system performance. As a result, performance may be deteriorated during performance benchmark testing.
  • Solution: Meltdown and Spectre are two critical vulnerabilities in Intel chips. These vulnerabilities allow attackers to steal sensitive application data from the system memory. We recommend that you do not disable the repair function. However, if you need to maximize system performance, you can run the following commands to disable the repair function:
    1. Run the following commands to add nopti nospectre_v2 to the kernel startup parameters.
      sudo sed -i 's/\(GRUB_CMDLINE_LINUX=".*\)"/\1 nopti nospectre_v2"/' /etc/default/grub
      sudo grub2-mkconfig -o /boot/grub2/grub.cfg
    2. Run the following command to restart the system.
      sudo reboot