From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search


  • IPv6 netfilter functionality, mainstream updates (up to, bugfixes in veth, netfilters, vpids, UBC.

Config changes

Same as 026test014.4, plus


For the complete list of changes in this release, see git changelog for kernel 026test014.4.



Patch from Alexey Kuznetsov <>:
[PATCH] verbose "vzctl start" kills console


Patch from Kirill Korotaev <>:
[CPT] ip_conntrack_alloc() can return ENOMEM now (#64293)


Patch from Kirill Korotaev <>:
Fix inode debug misprint


Patch from Dmitry V. Levin <>:
[PATCH] net/core/dv.c: Export free_divert_blk

I have no idea why ve_netdev_cleanup() from kernel/vecalls.c duplicates some code from net/core/dev.c, but if both CONFIG_NET_DIVERT and CONFIG_VE_CALLS_MODULE are defined, then vzmon gets undefined reference to free_divert_blk symbol. Here is a workaround.

Signed-off-by: Dmitry V. Levin <>
Signed-off-by: Kirill Korotaev <>
Signed-off-by: Pavel Emelianov <>


Patch from Kirill Korotaev <>:
Fix of init process wake up.

Since 2.6.9 kernel threads can't be spawned with CLONE_STOPPED as do_signal() ignores signals for kernel code. Instead, wake_up_init() is called now from wake_up_new_task().


Patch from OpenVZ team <>:
Merged from /linux/kernel/git/stable/linux-2.6.16.y


Patch from Pavel Emelianov <>

Fix of signal_struct->curr_target value after __exit_signal(). When task calls __exit_signal() it moves curr_target pointer on the next thread. If task isn't changed - this pointer must be set to NULL. Otherwise race:

sys_execve()                                        sys_kill()
...                                                 ...
/* at this point thread and leader
* have shared signal_struct but splitted
* (empty) pids lists
sig-&gt;curr_target = next_thread(tsk);
/* at this point curr_target is set to
* tsk since it's PID_TYPE_TGID list is
* empty
...                                                ___group_complete_signal()
                                                  `- t = p-&gt;signal-&gt;curr_target
                                                   /* t is the task which tries to
                                                    * exit on the 1st cpu so its
                                                    * memory may already be freed


Patch from Pavel Emelianov <>:
Export sysctl_tcp_use_sg variable. Without it ipv6 module can't load.


Patch from Vasily Tarasov <>:
Fix missing memory charging in pipe.c


Patch from Kirill Korotaev <>:
Fix of conntracs' sysctl initialization

Conntracks initialization code allocates sysctl array for 15 elements, while requires 21 (#64594)


Patch from Dmitry Mishin <>:
Port of iptables virtualization to ip6tables


Patch from Alexey Kuznetsov <>:
[IPV6] checks of address ownership were wrong

The intention was right (the functions get optional dev and when they do, it is not necessary to verify for VE ownership), but I was lost in mass of || and &&'s, so that only one of three places came out correct.


Patch from Alexey Kuznetsov <>:
[PATCH] incomplete initialization of virtual neighbor tables

neigh_tbl-> was inherited from VE0 neighbour table. The effect is that when a device in VE0 was unregistered, VE still contained the reference to dead data.


Patch from Pavel Emelianov <>:
Fix creation of tcp/udp proc entries.

When we didn't have ipv6 virtualized ipv6-related entries we created locally to ve0. Now we have ipv6 virtualized, so the entries in question must be visible in VEs.


Patch from Dmitry Mishin <>:
Small cleanup in net proc entries registration code


Patch from Andrey Mirkin <>:
[VETH] fix capabilities checking


Patch from Andrey Mirkin <>:
Veth device fix.

There was a bug in veth_stop(): unregister_netdev() must be performed in right context. Plus cosmetic cleanups.


Patch from Andrey Mirkin <>:
[VETH] one more buffer overflow in veth fix


Patch from Andrey Mirkin <>:
[VETH] fix of potential buffer overflow in veth device name allocation


Patch from Pavel Emelianov <>:
Compilation fix for ipv6 netfilter initialization.


Patch from Alexey Kuznetsov <>:
[PATCH] RCU for VPID hash table

In 2.6.16 pid hash table is not protected by tasklist_lock, it uses RCU now. We used to protect VPID hash table with this lock, but now we cannot because the functions, which used to be protected with read_lock(), are not anymore.

So, we switch to RCU for VPID hash table as well. It is quite simple, and unlike use of RCU for global pid hash tables, it is quite obvious that RCU is valid here.


Patch from Alexey Kuznetsov <>:
[PATCH] setpgid() could corrupt pid hash table

Also I add new BUG() into pid.c to assert and obvious invariant that a free pid cannot be released.

This solves OpenVZ Bug #159.