From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search


  • CPT bind mounts migration
  • CPT fixes.
  • Mainstream updates up to
  • Added iptables xt_mac target, SysRq debugger.
  • Conntracks fixes.
  • Memory leaks fixes.
  • UBC, VZDQ, compilation fixes.

Config changes


For the complete list of changes in this release, see git changelog for kernel 026test017.



Patch from Alexey Kuznetsov <>:
[CPT] support checkpointing of bind mounts


Patch from Alexey Kuznetsov <>:
[CPT] Image versioning

Boost image version.


Patch from Pavel Emelianov <>:
Fix CPT module compilation (misprint)


Patch from Vasily Tarasov <>:
[PATCH 2/3] [CPT] Fixes compilation with CONFIG_USER_RESOURCE off

Checkpointing-related fixes.


Patch from Alexey Kuznetsov <>:
[CPT] timers cleanup, ve suspend cleanup

Timers are totally messed in 2.6.16. This fixes bug with randomly stuck sleeps etc.

Also, the same patch fixes two another critical bugs:

  1. vzctl chkpnt N --suspend; vzctl chkpnt N --resume sometimes kills some applications (f.e. strace bash).
  2. when GFP_KERNEL allocation fails (oom killer), checkpoint can fail and leave some processes frozen.


Patch from Alexey Kuznetsov <>:
VE suspend cleanup

Software suspend breaks some processes, when it fails.

The problem is capital. Core assumes that as soon as signal_pending() is set, the only place where the condition is cleared is signal delivery path. Otherwise, processes can occasionally get bare -ERESTART* and die.

The only solution is to avoid clearing TIG_FREEZE ever, leaving this function to refrigrator(). This requires adding a global (or per-VE) flag.


Patch from OpenVZ team <>:
Merged from /linux/kernel/git/stable/linux-2.6.16.y


Patch from Kir Kolyshkin <>:
[x86_64] Compilation fix for net/socket.c

On an x86_64 arch, if CONFIG_NETFILTER is not set, linux/in6.h is not included into net/socket.c and it fails to compile:

net/socket.c: In function 'vz_security_proto_check':
net/socket.c:1106: error: 'IPPROTO_ICMPV6' undeclared (first use in this function)

The fix is to include linux/in6.h explicitly.

OpenVZ bug #206


Patch from Pavel Emelianov <>:
SysRq debugger.

This patch adds small debugger which works via SysRq. With it one can dump memory, resolve kernel symbols and write to memory.

/proc/sysrq-trigger is patched to read more than one character from user, so that debugger works with commands like

echo -n -e 'gd0xc0400000\rq' > /proc/sysrq-trigger


Patch from Vasily Tarasov <>:
[PATCH 1/3] Fixes compilation with CONFIG_USER_RESOURCE off

A misprint in ub_misc.h.


Patch from Kirill Korotaev <>:
nr_files should not limit VEs

We have UBC numfile limit, so skip global check for VE. Long-term solution is to virtualize nr_files variable.


Patch from Pavel Emelianov <>:
Fix for nr_files acct in UB0.

Do not just limit nr_files in UB0 only, but also account.


Patch from Vasily Tarasov <>:
Iptables bug in ipt_flush_table

One cannot set private->size = 0 in ipt_flush_table() 'cause this value is used in xt_free_table_info() later.

OpenVZ Bug #191.


Patch from Dmitry Mishin <>:
xt_mac iptables match virtualization

OpenVZ forum thread #902


Patch from Vasily Tarasov <>:
[PATCH 3/3] Fixes compilation with CONFIG_USER_RESOURCE off

Vecalls-related fixes.


Patch from Alexey Kuznetsov <>:
VE start time cleanup

  • start_time is signed value. After migration it can be negative. Respect this.
  • It is possible some processes started before ve->start_time. (f.e. migrated VE processes from viewpoint of VE0 or processes forked before VE creation and entering it later). The only sane solution is to show in /proc zero times.
  • Set ve->start_time to sane value, so that init does not have negative start time.
  • Deprecate ve->start_jiffies. It is uses only for ve_cpu_stats now.


Patch from Pavel Emelianov <>:
[VZDQ] Fix __vzquota_sync_list() list manipulations

After schedule() on need_resched() need to check for list_empty() again. (#65333)


Patch from Pavel Emelianov <>

[CPT] fget() call returns NULL on error

cpt code expected ERR_PTR values and thus could oops (#64758)


Patch from Pavel Emelianov <>:
Compilation fix for CONFIG_FAIRSCHED=n and CONFIG_SCHED_VCPU=y.

This is the first (and the easiest) part of OpenVZ Bug #173.


Patch from Pavel Emelianov <>:
Print warning if some initcall returned error.

Stop booting the kernel is not correct, but sometimes it's necessary to know that some initcall failed.


Patch from OpenVZ team <>:
Merged from /linux/kernel/git/stable/linux-2.6.16.y


Patch from Alexey Kuznetsov <>:
[PATCH] fdset's leakage

When found, it is obvious. nfds calculated when allocating fdsets is rewritten by calculation of size of fdtable, and when we are unlucky, we try to free fdsets of wrong size.

There is a little problem there, the bug is triggered only under certain combination of initial values for max_fdset and max_fds. They were changed recently, so that bug may be invisible in current mainstream (well, it was invisible because of absence of UBC in any case :-)). Nevertheless, it remains logical bug.


Patch from Alexey Kuznetsov <>:
Memory leak in fs/namei.c

2.6.16 leaks like hell. While testing, I found massive leakage in:

  • filp
  • size-4096

And 1 object leaks in

  • size-32
  • size-64
  • size-128

Bug #63420.


Patch from Kirill Korotaev <>:
Fix of UBC headers.

config.h should not be included from user space.


Patch from Dmitry Mishin <>:
Fixed vzmond cycling due to wrong conntracks cleanup context. Bug #64713.


Patch from Pavel Emelianov <>:

Call notifiers on netdevice moving.

When device moves from ve to ve0 or vice-versa NETDEV_UNREGISTER/NETDEV_REGISTER events must be sent. This at least clears dst entries from device.

Bug #64925.


Patch from Pavel Emelianov <>:
Check for inet_bin_bucket owner in inet(6)_hash_connect.

Noticed by Andrey Savochkin.