From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search



  • Security/mainstream fixes
  • gcc4 compilation fixes
  • Scheduler improvements
  • Area-check patch
  • Code cleanups


The same as 022stab045.1, plus:


Driver updates

  • cciss driver v2.6.8



Patch from Kir, fixed by Kirill:

This patches fixes sched.c compilation with gcc4


Patch from mainstream:

fixes gcc4 compilation of arch/x86_64/kernel/entry.S


Patch from Kir, fixes compilation issue with gcc4:
tss_struct should be declared before ref.


Patch from Pavel:

On UP machines scheduler does not perform active load balancing and sched domains manupulations.


Patch from mainstream, ported by Kir:

fixing compilation issue with gcc4.


Patch from mainstream:

[Security] [BUG] trivially triggered BUG_ON() in do_notify_parent()


Patch from mainstream, fixing compilation issue with gcc4:
[PATCH] prio-tree: remove function prototype inside function


Patch from mainstream, fixing compilation issue with gcc4:
send_IPI_mask_bitmask can't be inlined by gcc4


Patch from mainstream, fixing compilation issue with gcc4.


Patch from Kir:

Patch fixing make oldconfig to not fail with gcc-3.5/gcc-4.


Patch from mainstream:

[PATCH] CVE-2005-2709 sysctl unregistration oops

You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then wait for interface to go away, try to grab as much memory as possible in hope to hit the (kfreed) ctl_table. Then fill it with pointers to your function. Then do read from file you've opened and if you are lucky, you'll get it called as ->proc_handler() in kernel mode. So this is at least an Oops and possibly more. It does depend on an interface going away though, so less of a security risk than it would otherwise be.;a=commitdiff;h=e4e0411221c7d4f2bd82fa5e21745f927a1bff28


Patch from Kirill:

This patch fixes deadlock of stop_machine() vs. synchronous IPI send. The problem is that stop_machine() disables interrupts before disabling preemption on other CPUs. So if another CPU is preempted and then calls something like flush_tlb_all() it will deadlock with CPU doing stop_machine() and which can't process IPI due to disabled IRQs.

I changed stop_machine() to do the same things exactly as it does on other CPUs, i.e. it should disable preemption first on _all_ CPUs including itself and only after that disable IRQs.


Patch from Pavel:
  • shrinked slabs counting during try_to_free_pages() (lost from 2.4);
  • do not call yield() in oom_kill() if suicide hapened (lost from 2.4);
  • oom_kill_counter correct calculations when task is set to be PF_MEMDIE-d oom_kill_counter must be incremented, when this task calls do_exit() - oom_kill_counter decrements. this logic was broken before;
  • code cleanups.


Patch from Kirill and Pavel:

When PF_MEMALLOC is set __alloc_pages() does it best to allocate a page. If even this try fails it is not good to immediately return NULL - try to wait longer.

Bug 44254.


Patch from Pavel:
  • fsys_getpid needs new offset for tgid;
  • fsys_getppid must not be called via fsys (locking);
  • fsys_set_tid_address needs new offset for pid.


Patch from Pavel:

Some info-printk can be triggered by userspace process. No need to spoil main logbuf.


Patch from Pavel:

Ported i386 page fault OOM logic to ia64


Patch from Pavel:

Ported i386 OOM logic in page fault to x86-64.



Patch from mainstream, ported by Pavel:

Collected ioremap fixes:

  • Call change_page_attr correctly
  • Fix a race during iounmap
  • Handle mmio holes without mem_map correctly (needed for SRAT patch)
  • Some cleanups

Plus fix of DoS (CAN-2005-3108).

This is the merge (and port) of these patches:


Patch from Pavel:

task->sleep_avg should be updated under rq->lock.

Bug 53273.


Patch from Dmitry:

fix of page counting on do_wp_page() error path


Patch from Pavel:

Use predefined constants for ub_memory_charge() to specify severity of charging.


Patch from Denis:

This patch fixes lost reference on ext3 current handle in ext3_journalled_writepage


Patch from Oleg Nesterov (
sched_exit race fix from mainstream


Patch from Kir:

fix of ub_misc.c compilation in case CONFIG_UBC_DEBUG_KMEM is not set.


Patch from Pavel:

Print ubc resource name, not just number in __charge_beancounter_locked() when resource is run out.


Patch from Pavel:

Unaligned accesses in userspace are handled with kernel exception handler and appropriate printk() occurs. This printk must go to VE's log.


Patch from Dmitry:

fixed iptable_nat module reference counting

OpenVZ Bug #64.


Patch from Dmitry:

If we have custom iptables entries inside VPS, than on VPS stop related iptable_* modules counts decrements aren't performed. Fixed.


Patch from Pavel:
  • sys32_ptrace searches task by pid (must by vpid);
  • signal handling functions send signal by pid (must by vpid).




Patches from Pavel and Alexander:
Do not alow stopped tasks sleep if they have pending SIGKILL

Bug 50052.


Patch from mainstream:

A kernel BUG() is triggered by a call to set_mempolicy() with a negative first argument. This is because the mode is declared as an int, and the validity check doesnt check < 0 values. Alternatively, mode could be declared as unsigned int or unsigned long.


Patch from Alexander:

make kernel compilable without CONFIG_4KSTACKS

OpenVZ Bug #65.


Patch from Andrey Mirkin:

This patch makes ia64 kernel compile.


Patch from Andrey, fixed/splitted/corrected by Kirill:

This patch adds passive/active balancing in CPU scheduler.


  • doesn't drop rq->lock in schedule_vcpu() on fast path (same VCPU)
  • introduced 5ms VCPU to PCPU affinity
  • fixed initialization of VCPUs and scheduler domains


Patch from mainstream:

The patch below fixes an interesting oddity we're seeing with fedora core development (where we recently started using udev heavily); basically right now filelock_init() is a module_init(), eg runs late. However that breaks down because there are earlier /sbin/hotplug callouts, which with udev, do locking operations. When that happens the kernel oopses because the slabs for file locks aren't initialized yet.

Solution: initialize this way early. It's only a kmem_cache_create after all, so can happen early.

Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>

Bug 54025.


Patch from Alexey, modified by Kirill:

[PATCH] vpid allocator was broken

alloc_pidmap sometimes returned 65536. I understood its logic incorreclty, apparently pid_max does not mean a strict limit on pid value, it just prescribes to allocate pid < pid_max, if there is at least one free value in this range.

Plus, it was suboptimal because nr_free never reached 0, so if we have all low pids allocated, it always will scan bitmap.


Patch from Pavel:

unregister_sysctl_table held sysctl_lock (spinlock) and called remove_proc_entry, which in turn tried to down_write some semaphore...

fixes bad interaction of:

  • diff-CVE-2005-2709-sysctl-unreg
  • diff-proc-locks-20050930


Patch from Kir:

fixing compilation issue of kernel/sched.c using gcc4.


Patch from Andrey:

This patch adds forgotten by Pavel ub include in arch/ia64/mm/fault.c.

This issue appears after applying diff-ubc-hardsoft-cleanup-20051103 patch.


Patch from mainstream:

[PATCH] x86_64: correct copy_user_generic return value when exception happens

Fix a bug that arch/x86_64/lib/copy_user:copy_user_generic will return a wrong value when exception happens.

In the case the address is not 8-byte aligned (i.e. go into Lbad_alignment), if exception happens in Ls11, %rdx will be wrong number of copied bytes, then copy_user_generic returns wrong value. It also fixed a bug of zeroing wrong number of bytes of destination at this situation. (In Lzero_rest)

Signed-off-by: Yanmin Zhang <>
Signed-off-by: Nanhai Zou <>
Signed-off-by: Gordon Jin <>
Signed-off-by: Suresh Siddha <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>

Bug 54154.


Patch from Dmitry:

fixed VPS operations when CONFIG_LEGACY_PTYS is not set


Patch from mainstream:

[PATCH] fix de_thread() vs send_group_sigqueue() race

When non-leader thread does exec, de_thread calls release_task(leader) before calling exit_itimers(). If local timer interrupt happens in between, it can oops in send_group_sigqueue() while taking ->sighand->siglock == NULL.

However, we can't change send_group_sigqueue() to check p->signal != NULL, because sys_timer_create() does get_task_struct() only in SIGEV_THREAD_ID case. So it is possible that this task_struct was already freed and we can't trust p->signal.

This patch changes de_thread() so that leader released after exit_itimers() call.

X-Git-Tag: v2.6.14.2


Patch from Dmitry:

print "VZDQ: unexpected creation context" debug messages only if timeout is more than 3 seconds

Bug 49285.


Patch from Denis pointed out by Alexey:

This patch fixes incorrect UB handling in tcp_fragment.

Bug 53926.


Patch from Dmitry, based on Solar Designer idea:


Bug 53938.


Patch from mainstream:

[PATCH] Don't auto-reap traced children

If a task is being traced we never auto-reap it even if it might look like its parent doesn't care. The tracer obviously _does_ care.

X-Git-Tag: v2.6.15-rc1

Bug 54815.


Patch from mainstream:

Fix close() vs posix lock race

A threaded app that posix-locks and closes the same file in two threads concurrently may result in a posix lock that was never visible to the closer, and that thus needs cleanup on the final fput. Handle it together with the regular flocks.

Bug 54772.


Patch from Vasiliy:

Fixes -EIO with sim_statfs and sim_statfs64, when quota is disabled.

OpenVZ Bug #70.


Patch from Kirill:

This patch fixes two typos found by a gentoo user ( when he tried compiling 022stab045 kernel with CONFIG_HUGETLBFS and CONFIG_HUGETLB_PAGE options turned on.


Patch from Vasiliy Tarasov:

There is now /proc/cmdline file inside VPS. It's empty.

Bug 54370.


Patch from Dmitry, issue mentioned by Alexey:

default devpts entries uid/gid are virtualized

Bug 54489.


Patch from Pavel:

Due to wrong calculations of file position `ls /proc/vz/vzaquota` could show last entry 3 times. Found during testing of multiple quota partitions.


Patch from Pavel:

Adds necessary typed for aacraid and cciss drivers. Cut from diff-aacraid-addon-20051021


Patch from Dmitry, issue found by Solar Designer:

fixed bug in VPS pty_driver initialization leading to node crashes

Bug 54874.