Download/kernel/rhel5/028stab049.1/changes

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search

Changes

  • TUN/TAP support in CPT
  • bunch of iptables 32-bit compat fixes
  • minor compilation and other fixes

Patches

diff-arch-4gb-nohighmem-20071006

Patch from Kirill Korotaev <dev@openvz.org>
[PATCH] 4GB split: fix compilation w/o HIGHMEM support

actually it's a hack. 4GB split obviously won't work w/o HIGHMEM support, due to errors in pgd_ctor()/pmd_ctor().

OpenVZ Bug #720.

diff-cpt-iptables-comp-fix-20071107

Patch from Evgeny Kravtsunov <emkravts@openvz.org>
[PATCH] CPT: fix compilation in case CONFIG_VE_IPTABLES=n

With CONFIG_VE_IPTABLES off the following compilation error takes place:

CONFIG_VE=y
CONFIG_VE_CALLS=m
CONFIG_VZ_GENCALLS=y
CONFIG_VE_NETDEV=m
CONFIG_VE_ETHDEV=m
CONFIG_VZ_DEV=m
CONFIG_VZ_WDOG=m
CONFIG_VZ_CHECKPOINT=m
......
  CC [M]  kernel/cpt/cpt_net.o
kernel/cpt/cpt_net.c: In function ‘cpt_dump_iptables’:
kernel/cpt/cpt_net.c:365: error: ‘struct ve_struct’ has no member named
‘_iptables_modules’
make[2]: *** [kernel/cpt/cpt_net.o] Error 1
make[1]: *** [kernel/cpt] Error 2
make: *** [kernel] Error 2

Attached patch fixes the error by placing the body of cpt_dump_iptables under

diff-cpt-tun-tap-20071106

Patch from Evgeny Kravtsunov <emkravts@openvz.org>
[PATCH] CPT: TUN/TAP support in checkpointing

Now live migration of VE with openvpn inside is supported.

1) tun/tap driver updated:
- Field void *bind_file added to tun_struct. Field is used for storing pointer to open /dev/net/tun file. This pointer is to be written to dumpfile: on restore it is necessary to carry out binding of created tun_struct to open file /dev/net/tun.

2) dump:
- Introduced struct cpt_tuntap_image for storing tun/tap device related data. Corresponding object type CPT_OBJ_NET_TUNTAP added.

- Flag value CPT_DENTRY_TUNTAP introduced. It is necessary for setting corresponding bit in cpt_lflags field of cpt_file_image for /dev/net/tun file.

- Call of function cpt_dump_ifinfo is placed after cpt_dump_files_struct and cpt_dump_fs_struct. This is necessary for finding /dev/net/tun file pos in file image and storing pos value during dump of tun/tap device.

- Function cpt_dump_tuntap introduced, cpt_dump_link is updated by call of cpt_dump_tuntap. The CPT_SECT_NET_DEVICE section, that is common for all net devices is used for tun/tap device: tun->dev netdevice data is stored in cpt_netdev_image image type and tun_struct data is stored inside cpt_tuntap_image. Both cpt_netdev_image and cpt_tuntap_image images are stored inside CPT_SECT_NET_DEVICE section.

- Set of checks updated that allow dumping netdevices (in check_unsupported_netdevices and cpt_dump_link) and open files (dump_one_file, dump_content_chrdev).

3) restore:
- Function rst_restore_tuntap introduced. Call of rst_restore_tuntap is placed to rst_restore_netdev. rst_restore_tuntap creates tun/tap netdevice and tun_struct on destination HN, initializes them by values taken from cpt_netdev_image and cpt_tuntap_image objects, restores /dev/net/tun file from corresponding position of cpt_file_image and binds opened file to newly created tun_struct.

- Function open_special updated by adding check for tun/tap related file. This makes possible to restore /dev/net/tun char device by calling rst_file.

OpenVZ Bug #642.

diff-cpt-tun-tap-core-20071106

Patch from Evgeny Kravtsunov <emkravts@openvz.org>
[PATCH] TUN: add core changes for CPT support

diff-cpt-vsyscall-comp-20071006

Patch from (GalaxyMaster) <gm.outside+OpenVZ@gmail.com>
[PATCH] CPT: fix compilation when CONFIG_CPT=y (instead of m)

OpenVZ Bug #721.

diff-cpt-warn-20071106

Patch from Kirill Korotaev <dev@openvz.org>
[PATCH] CPT: compilation warn fix

diff-grsec-2.1.10-comp-off-20071106

Patch from Kirill Korotaev <dev@openvz.org>
[PATCH] grsecurity: fix compilation when GRSEC=n

diff-grsec-2.1.10-tpe-comp-20071106

Patch from Kirill Korotaev <dev@openvz.org>
[PATCH] grsecurity: fix compilation with GRSEC, but w/o GRSEC_TPE

Fix compilation with GRSEC, but w/o GRSEC_TPE config option.

OpenVZ Bug #718.

diff-ms-emt64-dumpstack-20071106

Patch from Denis Lunev <den@openvz.org>
[PATCH] fix oops in dump_trace() in NMI

This patch fixes OOPS of dump_trace in NMI. If one is running 32 bit task and NMI tries to dump_stack() OOPS happens, since user space stack is tried to be dumped. Backport of patch from mainstream.

Bug #93558.

diff-ms-emt64-trace-enosys-20071106

Patch from Jan Beulich <jbeulich@novell.com>
[PATCH] x86-64: Fix ENOSYS in system call tracing

This patch:

- out of range system calls failing to return -ENOSYS under system call tracing

[AK: split out from another patch by Jan as separate bugfix]

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andi Kleen <ak@suse.de>

cc7d479fe56133e79840beffe9cb4fd193af93aa

diff-ms-nf-compat-fix-20070605

Patch from Dmitry Mishin <dim@openvz.org>
[NETFILTER]: ip_tables: fix compat related crash

check_compat_entry_size_and_hooks iterates over the matches and calls compat_check_calc_match, which loads the match and calculates the compat offsets, but unlike the non-compat version, doesn't call ->checkentry yet. On error however it calls cleanup_matches, which in turn calls ->destroy, which can result in crashes if the destroy function (validly) expects to only get called after the checkentry function.

Add a compat_release_match function that only drops the module reference on error and rename compat_check_calc_match to compat_find_calc_match to reflect the fact that it doesn't call the checkentry function.

Reported by Jan Engelhardt <jengelh@linux01.gwdg.de>
Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

Git-Url: 4c1b52bc7a2f5ee01ea3fc248a8748a1c6843f7c

OpenVZ Bug #708.

diff-ms-nf-ipt-CONNMARK-compat-20071102

Patch from Konstantin Khorenko <khorenko@openvz.org>
[PATCH] netfilter: add xt_CONNMARK 32bit compat

xt_CONNMARK doesn't have the compat function while its entry structure (xt_connmark_target_info) requires it.

Bug #93689.

diff-ms-nf-ipt-MARK-compat-20071102

Patch from Konstantin Khorenko <khorenko@openvz.org>
[PATCH] netfilter: add xt_MARK 32bit compat

xt_MARK doesn't have the compat function while its entry structure (xt_mark_target_info_v1) requires it.

Note 1:

/* Version 0 */
struct xt_mark_target_info {
        unsigned long mark;
};

So the struct size differs for 32bit/64bit nodes, but mainstream does not have a compat for it. ipv6 variant uses xt_mark_target_info (v0) so the testing will show if the compat is really required.

Bug #93689.

diff-ms-nf-ipt-connmark-compat-20071102

Patch from Konstantin Khorenko <khorenko@openvz.org>
[PATCH] netfilter: add xt_connmark 32bit compat

ipt_connmark doesn't have the compat function while its entry structure (xt_connmark_info) requires it.

Bug #93543.

diff-ms-nf-ipt-conntrack-compat-20071102

Patch from Konstantin Khorenko <khorenko@openvz.org>
[PATCH] netfilter: add xt_conntrack 32bit compat

xt_conntrack doesn't have the compat function while its entry structure (xt_conntrack_info) requires it.

diff-ms-nf-ipt-hashlimit-compat-20071102

Patch from Konstantin Khorenko <khorenko@openvz.org>
[PATCH] netfilter: add ipt_hashlimit 32bit compat

ipt_hashlimit doesn't have the compat function while its entry structure (ipt_hashlimit_info) requires it.

The patch introduces compat function and fixes an oops while trying to use ipt_hashlimit module from inside 32bit VE on a 64bit host HN.

OpenVZ Bug #707.

diff-ms-nf-ipt-hdrs-compat-20071108

Patch from Kirill Korotaev <dev@openvz.org>
[PATCH] netfilter: fix compats compilation on ppc

ppc has no linux/compat.h included by default

diff-ms-nf-ipt-mark-compat-20071102

Patch from Konstantin Khorenko <khorenko@openvz.org>
[PATCH] netfilter: add xt_mark 32bit compat

xt_mark doesn't have the compat function while its entry structure (xt_mark_info) requires it.

Bug #93543.

diff-rh-oom-lost-unlock-20071101

Patch from Denis Lunev <den@openvz.org>
[PATCH] RHEL5: missed task_unlock() in badness()

This patch adds missed task_unlock into badness() call.

Bug #93650.

diff-ve-deprecated-task-by-pid-20071030

Patch from Michael Stoler <mstoler@openvz.org>
[PATCH] VE: restore back find_task_by_pid() for ATI video driver

find_task_by_pid_all() and macro find_task_by_pid() are returned back, since ATI binary driver is using it (what for???). Print a big warning when this function is used still.

OpenVZ Bug #634.

diff-ve-mod-vzlist-user-hdrs-20071106

Patch from Andrey Zaitsev <azaitsev@sw.ru>
[PATCH] fix use of vzlist.h from user-space

__user is declared in kernel headers only for sparse.

diff-ve-nf-conntrack-comp-fix-20071107

Patch from Evgeny Kravtsunov <emkravts@openvz.org>
[PATCH] VE: fix ip_conntrack compilation in case CONFIG_VE_IPTABLES=n

With CONFIG_VE_IPTABLES off the following compilation error takes place:

CONFIG_VE=y
CONFIG_VE_CALLS=m
CONFIG_VZ_GENCALLS=y
CONFIG_VE_NETDEV=m
CONFIG_VE_ETHDEV=m
CONFIG_VZ_DEV=m
CONFIG_VZ_WDOG=m
CONFIG_VZ_CHECKPOINT=m
.....
  CC [M]  net/ipv4/netfilter/ip_conntrack_core.o
net/ipv4/netfilter/ip_conntrack_core.c:77: error: static declaration of
helpers’ follows non-static declaration
include/linux/netfilter_ipv4/ip_conntrack_helper.h:47: error: previous
declaration of ‘helpers’ was here
make[3]: *** [net/ipv4/netfilter/ip_conntrack_core.o] Error 1
make[2]: *** [net/ipv4/netfilter] Error 2
make[1]: *** [net/ipv4] Error 2
make: *** [net] Error 2

Attached patch fixes the error by placing list_head helpers declaration under

diff-ve-nf-ipt-recent-20071102

Patch from Evgeny Kravtsunov <emkravts@openvz.org>
[PATCH] VE: virtualize ipt_recent

Patch virtualizes ipt_recent module in the following way:

1) Introduced struct ve_ipt_recent and corresponding _ipt_recent entry in ve_struct. ve_ipt_recent contains global variables from ipt_recent module.

2) Functions init_ipt_recent, fini_ipt_recent implemented. Current functions designed to be called from ipt_recent_init/fini and ipt_recent_checkentry/destroy in purpose to alloc ve_ipt_recent structure and initialize/cleanup _ipt_recent entry in ve_struct .

3) Functions ipt_recent_init, ipt_recent_exit updated.

Note: ipt_recent match does not need compat function as it is needed for hashlimit for example. It is so because sizeof(struct ipt_recent_info) does not depend on the architecture:

struct ipt_recent_info {
        u_int32_t   seconds;
        u_int32_t   hit_count;
        u_int8_t    check_set;
        u_int8_t    invert;
        char        name[IPT_RECENT_NAME_LEN];
        u_int8_t    side;
};

Testing was carried out for both 64- and 32-bit ve on 64-bit HN.

OpenVZ Bug #117.

diff-ve-venet-vlan-incapable-20071106

Patch from Alexey Dobriyan <adobriyan@openvz.org>
[PATCH] VE: mark venet as vlan-incapable

Many places in vlan code assume ethernet underlying device, which is not working for venet. So mark vene as vlan-incapable.

Given that vlan over veth works and vlan over venet reliably oopses kernel, mark venet as vlan-incapable, so that registration code will bail out quickly.

OpenVZ Bug #703.

diff-ve-vzversion-20071029

Patch from Michael Stoler <mstoler@openvz.org>
[PATCH] VE: introduce OVZ version in oops output and in /proc/vz/version

Introduce OVZ-specific build version in /proc/vz/version file and print it in oops messages. This should help OVZ developers to identify OVZ patch version in different distros like Debian/ALTLinux.

diff-vzdq-aquota-cleanup-20071106

Patch from Michael Stoler <mstoler@openvz.org>
[PATCH] VZDQ: small cleanup to avoid hardcoded string length

small cleanup to avoid hardcoded string length and future errors like we had before

diff-vzdq-warn-20071106

Patch from Kirill Korotaev <dev@openvz.org>
[PATCH] VZDQ: compilation warn fixes