6,534
edits
Changes
cre (not yet finished)
== Changes ==
* Critical fix in CPT.
* Minor fixes for bridge, XEN x8664, CPT, 4GB split, nfs, vpids, etc.
* Fix swsusp on SLES
* CBQ fairness on low rates fixed
* NFS startup deadlock.
Rebased on EL5-8.1.8 kernel.
=== Config changes ===
Added:
* +<code>CONFIG_DM_DELAY=m</code>
<includeonly>[[{{PAGENAME}}/changes#Patches|{{Long changelog message}}]]</includeonly><noinclude>
=== Patches ===
==== diff-arch-4gb-xen-b-20070613 ====
<div class="change">
Patch from Sergey Ya Korshunoff (seyko2@)
<br/>
Fix TSS handling in vm86.c in Xen kernel.
<pre class="simple">
Fix TSS handling in vm86.c in Xen kernel.
There was a stupid misprint due to which load_esp0()
was not called in Xen kernels at all.
</pre>
</div>
==== diff-cpt-deleted-ref-b-20070613 ====
<div class="change">
Patch from Andrey Mirkin <major@openvz.org>
<br/>
[PATCH] CPT: remove redundant kfree()
<pre class="simple">
Remove redundant kfree() call from open_deleted() function.
Now ii is static structure and kfree on it leads to oops :/
</pre>
Bug #84173
</div>
==== diff-ms-bridge-nf-ebt-among-20070607 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org><br/>
[PATCH] ebtables: ebtables_among fails on check() on x86-64
<pre class="simple">
ebtables module calls the checker ebt_among_check()
that compares the correct size of user supplied data.
Userspace size is calculated in the following way (ebtables-2.0.8-1):
EBT_ALIGN(EBT_ALIGN(sizeof(struct ebt_among_info)) + X)
While kernel calculates size as:
EBT_ALIGN(sizeof(struct ebt_among_info) + X)
On x86_64 EBT_ALIGN does alignment on 8 bytes, so the problem arises.
</pre>
{{bug|576}}
</div>
==== diff-ms-net-bridge-via-eth-c-20070613 ====
<div class="change">
Patch from Dmitry Mishin <dim@openvz.org>
<br/>
[PATCH] Fix bridge removal with active master device
<pre class="simple">
Fix bridge removal with active master device:
simple misprint
</pre>
</div>
==== diff-rh-mmap-return-addr-b-20070608 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
<br/>
[PATCH] IA64: mmap returns EINVAL if len==0
<pre class="simple">
mmap on IA64 architecture returns EINVAL when len==0,
while old kernel behaviour is to return addr in this case.
Though POSIX requires EINVAL in this case and it was
fixed in mainstream around ~2.6.16, we still
have to keep compatibility for some time with old stupid
apps like rpm which did exactly this and expected success :/
</pre>
Bug #83938
</div>
==== diff-arch-4gb-suspend-fix-20070629 ====
<div class="change">
Patch from Dmitry Monakhov <dmonakhov@openvz.org>
<br/>
[PATCH] 4gb split: fix broken suspend
<pre class="simple">
Following code was removed by 4gb split patch set,
after this suspend was broken. Fix it.
</pre>
Bug #84909
</div>
==== diff-cpt-dump-eintr-20070622 ====
<div class="change">
Patch from Andrey Mirkin <major@openvz.org><br/>
[PATCH] CPT: check ctx->file for NULL
<pre class="simple">
We need to be sure that dumpfile pointer (ctx->file) is not NULL, because we
can't start dump without it.
Also we need to return error like EINTR instead of ERESTART*, because we just
can't simply restart dump ioctl. The reason is that dumpfile is already
closed and we need to reopen it before calling dump ioctl second time.
</pre>
Bug #84412
</div>
==== diff-cpt-kernel-thread-ign-sigs-20070628 ====
<div class="change">
Patch from Andrey Mirkin <major@openvz.org><br/>
[PATCH] CPT: ignore user signals in kernel threads
<pre class="simple">
Under ptrace signals are not handled immediately and we have non-zero
shared_pending mask on current task, so fork() returns -ERESTARTNOINTR and
wait4() returns -ERESTARTSYS.
We need to block signals SIGCHLD, SIGWINCH, SIGCONT and SIGURG to be sure that
this signals will be ignored while kernel thread creation.
</pre>
Bug #84412
</div>
==== diff-cpt-rm-kill-external-process-20070702 ====
<div class="change">
Patch from Kirill Korotaev <dev@openvz.org>
<br/>
[PATCH] CPT: remove killing of external processes
<pre class="simple">
External processes can't be easily detected.
Even if process has a virtual pid, it doesn't
mean it has no any connectiions to VE0 like
opened files/libraries etc.
So remove this feature at all and return back as
it was - external processes should prevent from CPT.
Revert of the patches:
diff-cpt-kill-external-process-20070125
diff-cpt-kill-external-processes-b-20070515
</pre>
</div>
==== diff-ms-ia32-compat-autofs4-20070618 ====
<div class="change">
Patch from Roman Chechnev <rchechnev@openvz.org>
<br/>
[PATCH] autofs4: compat layer for x8664
<pre class="simple">
autofs4 uses platform dependant protocol
which has 'long' data types inside data structures
which are passed to/from user-space via pipe (sic!)...
Thanks to this 32bit autofs tools do not work with 64 bit kernel.
</pre>
Bug #82040
</div>
==== diff-ms-jbd-cpt-list-20070702 ====
<div class="change">
Patch from Jan Kara <jack@suse.cz><br/>
[PATCH] jbd: remove_transaction fix
<pre class="simple">
We have to check that also the second checkpoint list is non-empty before
dropping the transaction.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
X-Git-Tag: v2.6.16-rc2~350
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=43c3e6f5abdf6acac9b90c86bf03f995bf7d3d92
</pre>
</div>
==== diff-ms-net-bridge-carrier-check-20070627 ====
<div class="change">
Patch from Konstantin Khorenko <khorenko@openvz.org>
<br/>
[PATCH] bridge: race between br_del_if() and port_carrier_check()
<pre class="simple">
This patch eliminates a race between br_del_if() and port_carrier_check()
which leads to the oops in the latter function.
This patch is a port of 2 mainstream patches:
[BRIDGE] br_if: Fix oops in port_carrier_check
Signed-off-by: Jarek Poplawski <jarkao2@o2.pl>
Acked-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit a10d567c89dfba90dde2e0515e25760fd74cde06
and
[BRIDGE]: eliminate workqueue for carrier check
Having a work queue for checking carrier leads to lots of race issues.
Simpler to just get the cost when data structure is created and
update on change.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit 269def7c505b4d229f9ad49bf88543d1e605533e
http://bugzilla.kernel.org/show_bug.cgi?id=7962
</pre>
Bug #84789
</div>
==== diff-ms-net-bridge-port-enable-20070627 ====
<div class="change">
Patch from Konstantin Khorenko <khorenko@openvz.org><br/>
[BRIDGE]: adding new device to bridge should enable if up
<pre class="simple">
Port of mainsteram patch:
[BRIDGE]: adding new device to bridge should enable if up
Aji Srinivas [Thu, 8 Mar 2007 00:10:53 +0000 (16:10 -0800)]
One change introduced by the workqueue removal patch is that adding an
interface that is up to a bridge which is also up does not ever call
br_stp_enable_port(), leaving the port in DISABLED state until we do
ifconfig down and up or link events occur.
The following patch to the br_add_if function fixes it.
This is a regression introduced in 2.6.21.
Submitted-by: Aji_Srinivas@emc.com
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit de79059ecd7cd650f3788ece978a64586921d1f1
</pre>
Bug #84789
</div>
==== diff-ms-net-bridge-via-eth-d-20070622 ====
<div class="change">
Patch from Kirill Korotaev <dev@openvz.org>
<br/>
[PATCH] bridge: fix unaligned access to br->bridge_id
<pre class="simple">
bridge_id is an unaligned structure of chars, which
MUST be aligned on 2 bytes boundary for compare_ether_addr().
However, when we added
unsigned char via_phys_dev;
field to struct net_bridge we broke this inexplicit alignment.
So move our field to a bit another place,
returning back alignment of bridge_id.
</pre>
Bug #84852
</div>
==== diff-ms-net-sched-cbq-dbg-20070626 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
<br/>
Debug and workaround patch for "division by zero" in sch_cbq module
<pre class="simple">
Debug and workaround patch for "division by zero" in sch_cbq module
(in cbq_normalize_quanta() function).
For some unknown reason "division by zero" occurs and this patch
should help to understand the broken math.
</pre>
Bug #83243
</div>
==== diff-ms-reiser-key-decr-20070412 ====
<div class="change">
Patch from Kirill Korotaev <dev@openvz.org><br/>
[PATCH] reiserfs: fix key decrementing
<pre class="simple">
This patch fixes a bug in function decrementing a key of stat data item.
Offset of reiserfs keys are compared as signed values. To set key offset
to maximal possible value maximal signed value has to be used.
This bug is responsible for severe reiserfs filesystem corruption which
shows itself as warning vs-13060. reiserfsck fixes this corruption by
filesystem tree rebuilding.
Signed-off-by: Vladimir Saveliev <vs@namesys.com>
Cc: <reiserfs-dev@namesys.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
X-Git-Tag: v2.6.21-rc7~16
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=6d205f120547043de663315698dcf5f0eaa31b5c
</pre>
</div>
==== diff-ms-rm-proc-warn-20070508 ====
<div class="change">
Patch from Alexey Dobriyan <adobriyan@openvz.org><br/>
[PATCH] proc: remove pathetic ->deleted WARN_ON
<pre class="simple">
WARN_ON(de && de->deleted); is sooo unreliable. Why?
proc_lookup remove_proc_entry
=========== =================
lock_kernel();
spin_lock(&proc_subdir_lock);
[find proc entry]
spin_unlock(&proc_subdir_lock);
spin_lock(&proc_subdir_lock);
[find proc entry]
proc_get_inode
WARN_ON(de && de->deleted); ...
if (!atomic_read(&de->count))
free_proc_entry(de);
else
de->deleted = 1;
So, if you have some strange oops [1], and doesn't see this WARN_ON it means
nothing.
[1] try_module_get() of module which doesn't exist, two lines below
should suffice, or not?
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
X-Git-Tag: v2.6.22-rc1~756
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=578c8183c116e623d53b05d4c79762d053c7090f
</pre>
</div>
==== diff-rh-utrace-late-ptrace-may-attach-20070626 ====
<div class="change">
Patch from Alexey Dobriyan <adobriyan@openvz.org>
<br/>
Code implementing ptrace_attach() does ~1/3 of job of attaching _before_
<pre class="simple">
Code implementing ptrace_attach() does ~1/3 of job of attaching _before_
checking if attaching process have permissions to mess with target task
at all. Given the overall raciness of utrace such code is recipe for
trouble. Do ptrace_may_attach() check earlier.
NOTE: Right now
while (1)
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
reliably (and _quickly_) crashes kernel if pid is pid of process
like syslogd normal user can't attach to:
Unable to handle kernel NULL pointer dereference at 0000000000000000
RIP: [<0000000000000000>]
report_quiescent+0x36/0x154
utrace_quiescent+0x2b/0x238
utrace_get_signal+0x45d/0x4c0
get_signal_to_deliver+0x169/0x47a
do_notify_resume+0xd0/0x7e2
_spin_unlock_irqrestore+0x3f/0x45
trace_hardirqs_on+0x11b/0x13f
tty_read+0x81/0xc7
trace_hardirqs_on_thunk+0x35/0x37
trace_hardirqs_on+0x11b/0x13f
sysret_signal+0x21/0x31
ptregscall_common+0x67/0xac
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245735
</pre>
</div>
==== diff-ve-nf-nat-assertion-20070620 ====
<div class="change">
Patch from Vasily Tarasov <vtaras@openvz.org><br/>
[PATCH] netfilter: wrong debug assertion in nat code
<pre class="simple">
Simple compilation fix if NETFILTER_DEBUG is on
</pre>
</div>
==== diff-ve-rm-nf_debug-20070620 ====
<div class="change">
Patch from Vasily Tarasov <vtaras@openvz.org><br/>
[PATCH] netfilter: skb struct doesn't have nf_debug anymore
<pre class="simple">
nf_debug field is missing in modern kernels,
but in some places we still refer to it.
</pre>
{{bug|627}}
</div>
==== diff-ve-veinfo-large-space-20070620 ====
<div class="change">
Patch from Vasily Tarasov <vtaras@openvz.org><br/>
[PATCH] venet: lots of spaces in /proc/vz/veinfo output
<pre class="simple">
After introducing IPv6 support for venet device, field width for IP
addresses in /proc/vz/veinfo was increased from 15 to 39:
http://git.openvz.org/?p=linux-2.6.16-openvz;a=commitdiff;h=ddb2b95ff38b528f5def1bd4ae87108bf3fa6b7a
The output seems a bit ridiculous, when VE owns only IPv4 addresses: to
much strange spaces.
This patch corrects it and fixes the bug:
</pre>
{{bug|625}}
</div>
==== diff-xen-x8664-subarch-changes-20070702 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org>
<br/>
[PATCH] Xen: x8664 OVZ changes
<pre class="simple">
x8664 Xen OVZ changes according to x8664 arch changes.
</pre>
</div>
==== diff-arch-4gb-copy-mnt-options-20070703 ====
<div class="change">
Patch from Andrey Mirkin <major@openvz.org>
<br/>
[PATCH] 4GB split: add KERNEL_DS handling to copy_mount_options()
<pre class="simple">
On i386 arch with 4gb split kernel addresses can be more than
TASK_SIZE (e.g. > 0xc0000000).
That causes copy_mount_options() to return -EFAULT
when called with kernel supplied buffers, i.e.
when get_fs() == KERNEL_DS.
</pre>
Bug #85041
</div>
==== diff-fairsched-off-comp-20070712 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org><br/>
[PATCH]: small fix to compile kernel without VCPU support
</div>
==== diff-ms-security-h323-20070706 ====
<div class="change">
Patch from Jing Min Zhao <zhaojingmin@vivecode.com><br/>
[NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index values
<pre class="simple">
Choices' index values may be out of range while still encoded in the fixed
length bit-field. This bug may cause access to undefined types (NULL
pointers) and thus crashes (Reported by Zhongling Wen).
This patch also adds checking of decode flag when decoding SEQUENCEs.
Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
</pre>
</div>
==== diff-ms-security-random-buf-20070711 ====
<div class="change">
Patch from Matt Mackall <mpm@selenic.com>
<br/>
[PATCH] PaX: wakeup threshold limits
<pre class="simple">
If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes.
(Bug reported by the PaX Team <pageexec@freemail.hu>)
Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
drivers/char/random.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
</pre>
</div>
==== diff-ms-shmem-lock-user-leak-20070716 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
<br/>
[PATCH] IPC: fix potential user leak
<pre class="simple">
When user locks an ipc shmem segmant with SHM_LOCK ctl and the
segment is already locked the shmem_lock() function returns 0. After this the subsequent code leaks the existing user struct:
== ipc/shm.c: sys_shmctl() ==
...
err = shmem_lock(shp->shm_file, 1, user);
if (!err) {
shp->shm_perm.mode |= SHM_LOCKED;
shp->mlock_user = user;
}
...
Other results of this are:
1. the new shp->mlock_user is not get-ed and will point to freed
memory when the task dies.
2. the RLIMIT_MEMLOCK is screwed on both user structs.
The exploit looks like this:
id = shmget(...);
setresuid(uid, 0, 0);
shmctl(id, SHM_LOCK, NULL);
setresuid(uid + 1, 0, 0);
shmctl(id, SHM_LOCK, NULL);
My solution is to return 0 to the userspace and do not change the
segment's user.
</pre>
Bug #78998
</div>
==== diff-ms-swiotlb-phys-to-virt-20070713 ====
<div class="change">
Patch from David Moore <dcm@acm.org><br/>
[PATCH] swiotlb: add missing phys_to_virt() call
<pre class="simple">
Adds missing call to phys_to_virt() in the
lib/swiotlb.c:swiotlb_sync_sg() function. Without this change, a kernel
panic will always occur whenever a SWIOTLB bounce buffer from a
scatter-gather list gets synced. Affected are especially Intel x86_64
machines with more than about 3 GB RAM.
Signed-off-by: David Moore <dcm@acm.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-2.6.20.y.git;a=commitdiff_plain;h=e16b67f9a0ac6d9f89f680b7f3b439abfb1dac5e
</pre>
{{bug|645}}
</div>
==== diff-ubc-mmap-accounting-flags-20070709 ====
<div class="change">
Patch from Dmitry Monakhov <dmonakhov@openvz.org>
<br/>
[PATCH] BC: recharge vma if vm_flags changed after ->mmap() call
<pre class="simple">
Several device drivers (sigh... ATI) can change vm_flags
in their f_op->mmap method. Because of this mm->locked_vm
changed after f_op->mmap was called.
If ->vm_flags has been changed we have to recharge ub memory.
</pre>
</div>
==== diff-ubc-ub-pb-conflict-20070710 ====
<div class="change">
Patch from Dmitry Monakhov <dmonakhov@openvz.org>
<br/>
[PATCH] BC: aidband - uncharge UB pages before charging to PB
<pre class="simple">
By design we assume that page may be accounted only in UB or only
in PB counter.
Unfortunately this is not always true, and ATI driver does
some strange things like mmaping pages with PTEs to user space
(maybe it is even a security hole in ATI driver, who knows?)
So ATI driver exports pages via mmap(2) to userspace
which was already accounted in UB (pte pages are charged to kmemsize).
In this case accounting conflict happens and
BUG_ON(head->pb_magic != PB_MAGIC) is triggered.
Solution: Uncharge page from UB counter and account it in PB.
Changes from v1: Add WARN_ON_ONCE according to Pavel's cmomments.
</pre>
</div>
==== diff-ve-allow-kthreads-20070716 ====
<div class="change">
Patch from Denis Lunev <den@openvz.org>
<br/>
[PATCH] allow kthreads by default in VE (for NFS)
<pre class="simple">
This patch allows kernel threads by default inside VE.
</pre>
</div>
==== diff-ve-net-protocols-check-20070705 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org><br/>
When creating socket within VE the following ones are allowed:
<pre class="simple">
-----------------------------------------------------------------------------------
family | type | protocol
---------------------------------------------------------------------------------
PF_UNIX | |
PF_LOCAL | |
PF_PACKET | Any existing* | Any existing
PF_NETLINK | |
---------------------------------------------------------------------------------
PF_INET | SOCK_DGRAM + IPPROTO_UDP
| SOCK_STREAM + IPPROTO_TCP
| SOCK_RAW + Any
| | forced to
| | IPPROTO_IP
---------------------------------------------------------------------------------
PF_INET6 | SOCK_DGRAM + IPPROTO_UDP
| SOCK_STREAM + IPPROTO_TCP
| SOCK_RAW + Any
| | forced to
| | IPPROTO_IP
--------------------------------------------------------------------------------
* Here "any existing" means that only SOCK_RAW and SOCK_DGRAM will work:
other ones will be rejected by corresponding ->create function (for.ex.
netlink_create). And this reject is ok, as it is not bug provoking.
Other families (PF_IPX, PF_X25, PF_AX25, PF_ATMPVC, PF_APPLETALK) are not
allowed for sockets within VE as they are not virtualized.
The problem is function vz_security_proto_check prevents creating sockets with
family=PF_INET/PF_INET6 type=SOCK_RAW protocol=(something except IP, UDP,
TCP, ICMP, RAW) which are valid according to source.
Patch splits vz_security_proto_check into 2 separate checks: 1) family check
vz_security_family_check and 2) protocol check vz_security_protocol_check.
First one checks is the family value allowed in __sock_create, second one -
checks if created socket contains the correct (virtualized) protocol.
vz_security_protocol_check is placed inside create functions inet_create and
inet6_create. This change will allow to create any socket within VE with type
SOCK_RAW for any protocol that is not implemented in kernel and encapsulates
its packets into IP packet (for example VRRP protocol).
In rtnetlink_dump_all and rtnetlink_rcv_msg functions calls of
vz_security_proto_check are replaced by the call of vz_security_family_check.
Patch implements default deny security policy.
</pre>
{{bug|611}}
</div>
==== diff-ve-net-udp-regress-20070712 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
<br/>
[PATCH] net: excessive UDP lost on VE send path
<pre class="simple">
When tring to send big UDP packets from VE then other side
receive about 60% of all IP fragmentated packets and about 10% of all UDP packets
that was sent from VE. Fragmentated IP-packets are dropped on an ethernet interface
because an interface's queue is full.
The ethernet interface's queue get full as venet/veth device passes
fragmentated IP-packet with calling a sk_buff's destructor (by skb_orphan),
socket's buffer become free, although it
IP-packet isn't passed through the ethernet device.
Therefore bulk IP-packets are sent through venet/veth interface
that is much more than the real ethernet interface can transfer.
Decision:
venet/veth interface call skb_orphan only for non IP-packets.
For IP packets skb_orhpan (actually destructor) is called later:
in IP local or when skb is delivered to ethernet and __kfree_skb() is called.
Tested with venet, veth, veth + vlan (host-node).
Thanks to Denis Lunev and Alexey Kuznetsov for ideas and help.
</pre>
</div>
==== diff-ve-nfs-stop-c-20070704 ====
<div class="change">
Patch from Denis Lunev <den@openvz.org>
<br/>
This patch ensures that VE is up and running during RPC connect. This
<pre class="simple">
This patch ensures that VE is up and running during RPC connect. This
staff can be run as a schedule_work when all tasks has been dead.
</pre>
{{bug|513}}
</div>
==== diff-ve-vpid-tsk-pgid-20070706 ====
<div class="change">
Patch from Kirill Korotaev <dev@openvz.org>
<br/>
[PATCH] VE: sys_getpgid/sid should depend on context
<pre class="simple">
sys_getpgid/sid() should return global pid of
VE task if info is requisted from VE0 task.
Actually, not critical, but still. let's fix it.
</pre>
Bug #85662
</div>
==== diff-xen-x8664-subarch-changes-b-20070709 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org>
<br/>
Patch fixes compilation error: XEN_CPUID is undefined in
<pre class="simple">
Patch fixes compilation error: XEN_CPUID is undefined in
include/asm-x86_64/mach-xen/asm/msr.h. To define XEN_CPUID on x84_64 patch
attached makes msr.h to include xen/interface/arch-x86_64.h.
linux-2.6.18-drbd-8.0.3-8.0.4.patch:
Patch prepared by Evgeniy Kravtsunov:
DRBD driver update 8.0.3 -> 8.0.4
Patch attached updates drbd version from 8.0.3 to 8.0.4.
In 8.0.4 a set of oopses is fixed according to drbd changelog:
http://svn.drbd.org/drbd/trunk/ChangeLog.
</pre>
{{bug|615}}
</div>
==== diff-megaraid-64bit-dma-20070716 ====
<div class="change">
Patch from Vasily (vvs@):
<br/>
RHEL5 forget to apply last of our megaraid_mbox fixes:
<pre class="simple">
RHEL5 forget to apply last of our megaraid_mbox fixes:
http://forum.openvz.org/index.php?t=msg&goto=14975
From: Andrey Mirkin <amirkin@sw.ru>
Date: Mon, 16 Oct 2006 08:08:43 +0000 (+0400)
Subject: [PATCH] scsi: megaraid_{mm,mbox}: 64-bit DMA capability fix
X-Git-Tag: v2.6.19-rc3~208
X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=8741ca71a3f626a56595b88200ebf952ce77ceef
[PATCH] scsi: megaraid_{mm,mbox}: 64-bit DMA capability fix
It is known that 2 LSI Logic MegaRAID SATA RAID Controllers (150-4 and
150-6) don't support 64-bit DMA. Unfortunately currently this check is
wrong and driver sets 64-bit DMA mode for these devices.
Signed-off-by: Andrey Mirkin <amirkin@sw.ru>
Acked-by: Vasily Averin <vvs@sw.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
</pre>
</div>
==== diff-gfs-bh-leak-fix-20070716 ====
<div class="change">
Patch from Dmitry Monakhov (dmonakhov@):<br/>
If gfs_blk2rgrpd() has failed bh is leaked on error path in gfs_shrink().
</div>
==== diff-backport-dm-delay-20070716 ====
<div class="change">
Patch from Vagin Andrey (avagin@):
Device-Mapper's "delay" target delays reads and/or writes
and maps them to different devices.
QA team needs this feature to do certain tests on top of a slow storage:
vzabackup, filesystem tests, etc.
Backport from 2.6.22
</pre>
</div>
==== diff-ms-emt64-swsusp-oops-20070717 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org><br/>
[PATCH] x86-64: do not use virt_to_page on kernel data address
* virt_to_page() call should be used on kernel linear addresses and not on kernel text and data addresses. Swsusp code uses it on kernel data (statically allocated swsusp_header).
* Allocate swsusp_header dynamically so that virt_to_page() can be used safely.
* I am changing this because in next few patches, __pa() on x86_64 will no longer support kernel text and data addresses and hibernation breaks.
Signed-off-by: Vivek Goyal <vgoyal@in.ibm.com><br/>
Signed-off-by: Andi Kleen <ak@suse.de>
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1b29c1643c0d82512477ccd97dc290198fe23e22
[SWSUSP]: correct virt_to_page() usage in swsusp
Bug #86406
</div>
==== diff-ms-net-cbq-fairness2-20070720 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
<br/>
[PATCH] CBQ: fix unfairness when gettimeofday clock source is used
sch_cbq with gettimeofday clock source has limit 2000000 usec for the idle
(undertime) time.
Therefore when we try to set bandwidth less than 10000 bits/s then
sch_cbq doesn't work (idle time want to become about 4000000 usec).
Triggered by RHEL5 which switched from jiffies clocksource to gettimeofday()
BTW, why? According to ANK this should work poorly, since
gettimeofday can take as much as 100 microseconds...
Bug #86375.
</div>
==== diff-ubc-proc-issues-20070717 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org><br/>
[PATCH] BC: fix several issues in /proc/bc
<pre class="simple">
find /proc/bc doesn't work with several errors reported.
Reasons:
1. getdents() sometimes returns EOVERFLOW due to sign expansion in
generated entries' inode numbers;
2. bc and subbc have equal generated inode numbers;
3. /proc/bc has broken (from find's POV) nlink count.
Fix it all.
</pre>
</div>
==== diff-ve-allow-ethtool-20070718 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org> <br/>
[PATCH] net: allow ethtool ops inside VE
This patch allows ethtool operations into VE with
CAP_VE_NET_ADMIN capability.
</div>
==== diff-ve-net-udp-regress-b-20070716 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org> <br/>
[PATCH] venet: compilation warning fix
<pre class="simple">
label "out" is not used anymore. Fix the warning.
</pre>
</div>
==== diff-ve-opseminit-20070723 ====
<div class="change">
Patch from Denis Lunev <den@openvz.org> <br/>
[PATCH] initialize ve0.op_sem earlier
ve0->op_sem has been initialized on vecalls modules loading,
but nowdays can be used before vzmon during NFS initialization...
Bug #86869.
</div>
==== diff-ve-vpsdumpable-extend-b-20070718 ====
<div class="change">
Patch from Alexey Dobriyan <adobriyan@openvz.org> <br/>
[PATCH] ptrace: fix task->mm dereference out of task_lock()
Utrace code removed task_lock() around ->mm checks in ptrace_attach(),
but ->mm->vps_dumpable continued to be checked without task_lock().
</div>
</noinclude>
* Critical fix in CPT.
* Minor fixes for bridge, XEN x8664, CPT, 4GB split, nfs, vpids, etc.
* Fix swsusp on SLES
* CBQ fairness on low rates fixed
* NFS startup deadlock.
Rebased on EL5-8.1.8 kernel.
=== Config changes ===
Added:
* +<code>CONFIG_DM_DELAY=m</code>
<includeonly>[[{{PAGENAME}}/changes#Patches|{{Long changelog message}}]]</includeonly><noinclude>
=== Patches ===
==== diff-arch-4gb-xen-b-20070613 ====
<div class="change">
Patch from Sergey Ya Korshunoff (seyko2@)
<br/>
Fix TSS handling in vm86.c in Xen kernel.
<pre class="simple">
Fix TSS handling in vm86.c in Xen kernel.
There was a stupid misprint due to which load_esp0()
was not called in Xen kernels at all.
</pre>
</div>
==== diff-cpt-deleted-ref-b-20070613 ====
<div class="change">
Patch from Andrey Mirkin <major@openvz.org>
<br/>
[PATCH] CPT: remove redundant kfree()
<pre class="simple">
Remove redundant kfree() call from open_deleted() function.
Now ii is static structure and kfree on it leads to oops :/
</pre>
Bug #84173
</div>
==== diff-ms-bridge-nf-ebt-among-20070607 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org><br/>
[PATCH] ebtables: ebtables_among fails on check() on x86-64
<pre class="simple">
ebtables module calls the checker ebt_among_check()
that compares the correct size of user supplied data.
Userspace size is calculated in the following way (ebtables-2.0.8-1):
EBT_ALIGN(EBT_ALIGN(sizeof(struct ebt_among_info)) + X)
While kernel calculates size as:
EBT_ALIGN(sizeof(struct ebt_among_info) + X)
On x86_64 EBT_ALIGN does alignment on 8 bytes, so the problem arises.
</pre>
{{bug|576}}
</div>
==== diff-ms-net-bridge-via-eth-c-20070613 ====
<div class="change">
Patch from Dmitry Mishin <dim@openvz.org>
<br/>
[PATCH] Fix bridge removal with active master device
<pre class="simple">
Fix bridge removal with active master device:
simple misprint
</pre>
</div>
==== diff-rh-mmap-return-addr-b-20070608 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
<br/>
[PATCH] IA64: mmap returns EINVAL if len==0
<pre class="simple">
mmap on IA64 architecture returns EINVAL when len==0,
while old kernel behaviour is to return addr in this case.
Though POSIX requires EINVAL in this case and it was
fixed in mainstream around ~2.6.16, we still
have to keep compatibility for some time with old stupid
apps like rpm which did exactly this and expected success :/
</pre>
Bug #83938
</div>
==== diff-arch-4gb-suspend-fix-20070629 ====
<div class="change">
Patch from Dmitry Monakhov <dmonakhov@openvz.org>
<br/>
[PATCH] 4gb split: fix broken suspend
<pre class="simple">
Following code was removed by 4gb split patch set,
after this suspend was broken. Fix it.
</pre>
Bug #84909
</div>
==== diff-cpt-dump-eintr-20070622 ====
<div class="change">
Patch from Andrey Mirkin <major@openvz.org><br/>
[PATCH] CPT: check ctx->file for NULL
<pre class="simple">
We need to be sure that dumpfile pointer (ctx->file) is not NULL, because we
can't start dump without it.
Also we need to return error like EINTR instead of ERESTART*, because we just
can't simply restart dump ioctl. The reason is that dumpfile is already
closed and we need to reopen it before calling dump ioctl second time.
</pre>
Bug #84412
</div>
==== diff-cpt-kernel-thread-ign-sigs-20070628 ====
<div class="change">
Patch from Andrey Mirkin <major@openvz.org><br/>
[PATCH] CPT: ignore user signals in kernel threads
<pre class="simple">
Under ptrace signals are not handled immediately and we have non-zero
shared_pending mask on current task, so fork() returns -ERESTARTNOINTR and
wait4() returns -ERESTARTSYS.
We need to block signals SIGCHLD, SIGWINCH, SIGCONT and SIGURG to be sure that
this signals will be ignored while kernel thread creation.
</pre>
Bug #84412
</div>
==== diff-cpt-rm-kill-external-process-20070702 ====
<div class="change">
Patch from Kirill Korotaev <dev@openvz.org>
<br/>
[PATCH] CPT: remove killing of external processes
<pre class="simple">
External processes can't be easily detected.
Even if process has a virtual pid, it doesn't
mean it has no any connectiions to VE0 like
opened files/libraries etc.
So remove this feature at all and return back as
it was - external processes should prevent from CPT.
Revert of the patches:
diff-cpt-kill-external-process-20070125
diff-cpt-kill-external-processes-b-20070515
</pre>
</div>
==== diff-ms-ia32-compat-autofs4-20070618 ====
<div class="change">
Patch from Roman Chechnev <rchechnev@openvz.org>
<br/>
[PATCH] autofs4: compat layer for x8664
<pre class="simple">
autofs4 uses platform dependant protocol
which has 'long' data types inside data structures
which are passed to/from user-space via pipe (sic!)...
Thanks to this 32bit autofs tools do not work with 64 bit kernel.
</pre>
Bug #82040
</div>
==== diff-ms-jbd-cpt-list-20070702 ====
<div class="change">
Patch from Jan Kara <jack@suse.cz><br/>
[PATCH] jbd: remove_transaction fix
<pre class="simple">
We have to check that also the second checkpoint list is non-empty before
dropping the transaction.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
X-Git-Tag: v2.6.16-rc2~350
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=43c3e6f5abdf6acac9b90c86bf03f995bf7d3d92
</pre>
</div>
==== diff-ms-net-bridge-carrier-check-20070627 ====
<div class="change">
Patch from Konstantin Khorenko <khorenko@openvz.org>
<br/>
[PATCH] bridge: race between br_del_if() and port_carrier_check()
<pre class="simple">
This patch eliminates a race between br_del_if() and port_carrier_check()
which leads to the oops in the latter function.
This patch is a port of 2 mainstream patches:
[BRIDGE] br_if: Fix oops in port_carrier_check
Signed-off-by: Jarek Poplawski <jarkao2@o2.pl>
Acked-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit a10d567c89dfba90dde2e0515e25760fd74cde06
and
[BRIDGE]: eliminate workqueue for carrier check
Having a work queue for checking carrier leads to lots of race issues.
Simpler to just get the cost when data structure is created and
update on change.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit 269def7c505b4d229f9ad49bf88543d1e605533e
http://bugzilla.kernel.org/show_bug.cgi?id=7962
</pre>
Bug #84789
</div>
==== diff-ms-net-bridge-port-enable-20070627 ====
<div class="change">
Patch from Konstantin Khorenko <khorenko@openvz.org><br/>
[BRIDGE]: adding new device to bridge should enable if up
<pre class="simple">
Port of mainsteram patch:
[BRIDGE]: adding new device to bridge should enable if up
Aji Srinivas [Thu, 8 Mar 2007 00:10:53 +0000 (16:10 -0800)]
One change introduced by the workqueue removal patch is that adding an
interface that is up to a bridge which is also up does not ever call
br_stp_enable_port(), leaving the port in DISABLED state until we do
ifconfig down and up or link events occur.
The following patch to the br_add_if function fixes it.
This is a regression introduced in 2.6.21.
Submitted-by: Aji_Srinivas@emc.com
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit de79059ecd7cd650f3788ece978a64586921d1f1
</pre>
Bug #84789
</div>
==== diff-ms-net-bridge-via-eth-d-20070622 ====
<div class="change">
Patch from Kirill Korotaev <dev@openvz.org>
<br/>
[PATCH] bridge: fix unaligned access to br->bridge_id
<pre class="simple">
bridge_id is an unaligned structure of chars, which
MUST be aligned on 2 bytes boundary for compare_ether_addr().
However, when we added
unsigned char via_phys_dev;
field to struct net_bridge we broke this inexplicit alignment.
So move our field to a bit another place,
returning back alignment of bridge_id.
</pre>
Bug #84852
</div>
==== diff-ms-net-sched-cbq-dbg-20070626 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
<br/>
Debug and workaround patch for "division by zero" in sch_cbq module
<pre class="simple">
Debug and workaround patch for "division by zero" in sch_cbq module
(in cbq_normalize_quanta() function).
For some unknown reason "division by zero" occurs and this patch
should help to understand the broken math.
</pre>
Bug #83243
</div>
==== diff-ms-reiser-key-decr-20070412 ====
<div class="change">
Patch from Kirill Korotaev <dev@openvz.org><br/>
[PATCH] reiserfs: fix key decrementing
<pre class="simple">
This patch fixes a bug in function decrementing a key of stat data item.
Offset of reiserfs keys are compared as signed values. To set key offset
to maximal possible value maximal signed value has to be used.
This bug is responsible for severe reiserfs filesystem corruption which
shows itself as warning vs-13060. reiserfsck fixes this corruption by
filesystem tree rebuilding.
Signed-off-by: Vladimir Saveliev <vs@namesys.com>
Cc: <reiserfs-dev@namesys.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
X-Git-Tag: v2.6.21-rc7~16
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=6d205f120547043de663315698dcf5f0eaa31b5c
</pre>
</div>
==== diff-ms-rm-proc-warn-20070508 ====
<div class="change">
Patch from Alexey Dobriyan <adobriyan@openvz.org><br/>
[PATCH] proc: remove pathetic ->deleted WARN_ON
<pre class="simple">
WARN_ON(de && de->deleted); is sooo unreliable. Why?
proc_lookup remove_proc_entry
=========== =================
lock_kernel();
spin_lock(&proc_subdir_lock);
[find proc entry]
spin_unlock(&proc_subdir_lock);
spin_lock(&proc_subdir_lock);
[find proc entry]
proc_get_inode
WARN_ON(de && de->deleted); ...
if (!atomic_read(&de->count))
free_proc_entry(de);
else
de->deleted = 1;
So, if you have some strange oops [1], and doesn't see this WARN_ON it means
nothing.
[1] try_module_get() of module which doesn't exist, two lines below
should suffice, or not?
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
X-Git-Tag: v2.6.22-rc1~756
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=578c8183c116e623d53b05d4c79762d053c7090f
</pre>
</div>
==== diff-rh-utrace-late-ptrace-may-attach-20070626 ====
<div class="change">
Patch from Alexey Dobriyan <adobriyan@openvz.org>
<br/>
Code implementing ptrace_attach() does ~1/3 of job of attaching _before_
<pre class="simple">
Code implementing ptrace_attach() does ~1/3 of job of attaching _before_
checking if attaching process have permissions to mess with target task
at all. Given the overall raciness of utrace such code is recipe for
trouble. Do ptrace_may_attach() check earlier.
NOTE: Right now
while (1)
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
reliably (and _quickly_) crashes kernel if pid is pid of process
like syslogd normal user can't attach to:
Unable to handle kernel NULL pointer dereference at 0000000000000000
RIP: [<0000000000000000>]
report_quiescent+0x36/0x154
utrace_quiescent+0x2b/0x238
utrace_get_signal+0x45d/0x4c0
get_signal_to_deliver+0x169/0x47a
do_notify_resume+0xd0/0x7e2
_spin_unlock_irqrestore+0x3f/0x45
trace_hardirqs_on+0x11b/0x13f
tty_read+0x81/0xc7
trace_hardirqs_on_thunk+0x35/0x37
trace_hardirqs_on+0x11b/0x13f
sysret_signal+0x21/0x31
ptregscall_common+0x67/0xac
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245735
</pre>
</div>
==== diff-ve-nf-nat-assertion-20070620 ====
<div class="change">
Patch from Vasily Tarasov <vtaras@openvz.org><br/>
[PATCH] netfilter: wrong debug assertion in nat code
<pre class="simple">
Simple compilation fix if NETFILTER_DEBUG is on
</pre>
</div>
==== diff-ve-rm-nf_debug-20070620 ====
<div class="change">
Patch from Vasily Tarasov <vtaras@openvz.org><br/>
[PATCH] netfilter: skb struct doesn't have nf_debug anymore
<pre class="simple">
nf_debug field is missing in modern kernels,
but in some places we still refer to it.
</pre>
{{bug|627}}
</div>
==== diff-ve-veinfo-large-space-20070620 ====
<div class="change">
Patch from Vasily Tarasov <vtaras@openvz.org><br/>
[PATCH] venet: lots of spaces in /proc/vz/veinfo output
<pre class="simple">
After introducing IPv6 support for venet device, field width for IP
addresses in /proc/vz/veinfo was increased from 15 to 39:
http://git.openvz.org/?p=linux-2.6.16-openvz;a=commitdiff;h=ddb2b95ff38b528f5def1bd4ae87108bf3fa6b7a
The output seems a bit ridiculous, when VE owns only IPv4 addresses: to
much strange spaces.
This patch corrects it and fixes the bug:
</pre>
{{bug|625}}
</div>
==== diff-xen-x8664-subarch-changes-20070702 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org>
<br/>
[PATCH] Xen: x8664 OVZ changes
<pre class="simple">
x8664 Xen OVZ changes according to x8664 arch changes.
</pre>
</div>
==== diff-arch-4gb-copy-mnt-options-20070703 ====
<div class="change">
Patch from Andrey Mirkin <major@openvz.org>
<br/>
[PATCH] 4GB split: add KERNEL_DS handling to copy_mount_options()
<pre class="simple">
On i386 arch with 4gb split kernel addresses can be more than
TASK_SIZE (e.g. > 0xc0000000).
That causes copy_mount_options() to return -EFAULT
when called with kernel supplied buffers, i.e.
when get_fs() == KERNEL_DS.
</pre>
Bug #85041
</div>
==== diff-fairsched-off-comp-20070712 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org><br/>
[PATCH]: small fix to compile kernel without VCPU support
</div>
==== diff-ms-security-h323-20070706 ====
<div class="change">
Patch from Jing Min Zhao <zhaojingmin@vivecode.com><br/>
[NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index values
<pre class="simple">
Choices' index values may be out of range while still encoded in the fixed
length bit-field. This bug may cause access to undefined types (NULL
pointers) and thus crashes (Reported by Zhongling Wen).
This patch also adds checking of decode flag when decoding SEQUENCEs.
Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
</pre>
</div>
==== diff-ms-security-random-buf-20070711 ====
<div class="change">
Patch from Matt Mackall <mpm@selenic.com>
<br/>
[PATCH] PaX: wakeup threshold limits
<pre class="simple">
If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes.
(Bug reported by the PaX Team <pageexec@freemail.hu>)
Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
drivers/char/random.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
</pre>
</div>
==== diff-ms-shmem-lock-user-leak-20070716 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
<br/>
[PATCH] IPC: fix potential user leak
<pre class="simple">
When user locks an ipc shmem segmant with SHM_LOCK ctl and the
segment is already locked the shmem_lock() function returns 0. After this the subsequent code leaks the existing user struct:
== ipc/shm.c: sys_shmctl() ==
...
err = shmem_lock(shp->shm_file, 1, user);
if (!err) {
shp->shm_perm.mode |= SHM_LOCKED;
shp->mlock_user = user;
}
...
Other results of this are:
1. the new shp->mlock_user is not get-ed and will point to freed
memory when the task dies.
2. the RLIMIT_MEMLOCK is screwed on both user structs.
The exploit looks like this:
id = shmget(...);
setresuid(uid, 0, 0);
shmctl(id, SHM_LOCK, NULL);
setresuid(uid + 1, 0, 0);
shmctl(id, SHM_LOCK, NULL);
My solution is to return 0 to the userspace and do not change the
segment's user.
</pre>
Bug #78998
</div>
==== diff-ms-swiotlb-phys-to-virt-20070713 ====
<div class="change">
Patch from David Moore <dcm@acm.org><br/>
[PATCH] swiotlb: add missing phys_to_virt() call
<pre class="simple">
Adds missing call to phys_to_virt() in the
lib/swiotlb.c:swiotlb_sync_sg() function. Without this change, a kernel
panic will always occur whenever a SWIOTLB bounce buffer from a
scatter-gather list gets synced. Affected are especially Intel x86_64
machines with more than about 3 GB RAM.
Signed-off-by: David Moore <dcm@acm.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-2.6.20.y.git;a=commitdiff_plain;h=e16b67f9a0ac6d9f89f680b7f3b439abfb1dac5e
</pre>
{{bug|645}}
</div>
==== diff-ubc-mmap-accounting-flags-20070709 ====
<div class="change">
Patch from Dmitry Monakhov <dmonakhov@openvz.org>
<br/>
[PATCH] BC: recharge vma if vm_flags changed after ->mmap() call
<pre class="simple">
Several device drivers (sigh... ATI) can change vm_flags
in their f_op->mmap method. Because of this mm->locked_vm
changed after f_op->mmap was called.
If ->vm_flags has been changed we have to recharge ub memory.
</pre>
</div>
==== diff-ubc-ub-pb-conflict-20070710 ====
<div class="change">
Patch from Dmitry Monakhov <dmonakhov@openvz.org>
<br/>
[PATCH] BC: aidband - uncharge UB pages before charging to PB
<pre class="simple">
By design we assume that page may be accounted only in UB or only
in PB counter.
Unfortunately this is not always true, and ATI driver does
some strange things like mmaping pages with PTEs to user space
(maybe it is even a security hole in ATI driver, who knows?)
So ATI driver exports pages via mmap(2) to userspace
which was already accounted in UB (pte pages are charged to kmemsize).
In this case accounting conflict happens and
BUG_ON(head->pb_magic != PB_MAGIC) is triggered.
Solution: Uncharge page from UB counter and account it in PB.
Changes from v1: Add WARN_ON_ONCE according to Pavel's cmomments.
</pre>
</div>
==== diff-ve-allow-kthreads-20070716 ====
<div class="change">
Patch from Denis Lunev <den@openvz.org>
<br/>
[PATCH] allow kthreads by default in VE (for NFS)
<pre class="simple">
This patch allows kernel threads by default inside VE.
</pre>
</div>
==== diff-ve-net-protocols-check-20070705 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org><br/>
When creating socket within VE the following ones are allowed:
<pre class="simple">
-----------------------------------------------------------------------------------
family | type | protocol
---------------------------------------------------------------------------------
PF_UNIX | |
PF_LOCAL | |
PF_PACKET | Any existing* | Any existing
PF_NETLINK | |
---------------------------------------------------------------------------------
PF_INET | SOCK_DGRAM + IPPROTO_UDP
| SOCK_STREAM + IPPROTO_TCP
| SOCK_RAW + Any
| | forced to
| | IPPROTO_IP
---------------------------------------------------------------------------------
PF_INET6 | SOCK_DGRAM + IPPROTO_UDP
| SOCK_STREAM + IPPROTO_TCP
| SOCK_RAW + Any
| | forced to
| | IPPROTO_IP
--------------------------------------------------------------------------------
* Here "any existing" means that only SOCK_RAW and SOCK_DGRAM will work:
other ones will be rejected by corresponding ->create function (for.ex.
netlink_create). And this reject is ok, as it is not bug provoking.
Other families (PF_IPX, PF_X25, PF_AX25, PF_ATMPVC, PF_APPLETALK) are not
allowed for sockets within VE as they are not virtualized.
The problem is function vz_security_proto_check prevents creating sockets with
family=PF_INET/PF_INET6 type=SOCK_RAW protocol=(something except IP, UDP,
TCP, ICMP, RAW) which are valid according to source.
Patch splits vz_security_proto_check into 2 separate checks: 1) family check
vz_security_family_check and 2) protocol check vz_security_protocol_check.
First one checks is the family value allowed in __sock_create, second one -
checks if created socket contains the correct (virtualized) protocol.
vz_security_protocol_check is placed inside create functions inet_create and
inet6_create. This change will allow to create any socket within VE with type
SOCK_RAW for any protocol that is not implemented in kernel and encapsulates
its packets into IP packet (for example VRRP protocol).
In rtnetlink_dump_all and rtnetlink_rcv_msg functions calls of
vz_security_proto_check are replaced by the call of vz_security_family_check.
Patch implements default deny security policy.
</pre>
{{bug|611}}
</div>
==== diff-ve-net-udp-regress-20070712 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
<br/>
[PATCH] net: excessive UDP lost on VE send path
<pre class="simple">
When tring to send big UDP packets from VE then other side
receive about 60% of all IP fragmentated packets and about 10% of all UDP packets
that was sent from VE. Fragmentated IP-packets are dropped on an ethernet interface
because an interface's queue is full.
The ethernet interface's queue get full as venet/veth device passes
fragmentated IP-packet with calling a sk_buff's destructor (by skb_orphan),
socket's buffer become free, although it
IP-packet isn't passed through the ethernet device.
Therefore bulk IP-packets are sent through venet/veth interface
that is much more than the real ethernet interface can transfer.
Decision:
venet/veth interface call skb_orphan only for non IP-packets.
For IP packets skb_orhpan (actually destructor) is called later:
in IP local or when skb is delivered to ethernet and __kfree_skb() is called.
Tested with venet, veth, veth + vlan (host-node).
Thanks to Denis Lunev and Alexey Kuznetsov for ideas and help.
</pre>
</div>
==== diff-ve-nfs-stop-c-20070704 ====
<div class="change">
Patch from Denis Lunev <den@openvz.org>
<br/>
This patch ensures that VE is up and running during RPC connect. This
<pre class="simple">
This patch ensures that VE is up and running during RPC connect. This
staff can be run as a schedule_work when all tasks has been dead.
</pre>
{{bug|513}}
</div>
==== diff-ve-vpid-tsk-pgid-20070706 ====
<div class="change">
Patch from Kirill Korotaev <dev@openvz.org>
<br/>
[PATCH] VE: sys_getpgid/sid should depend on context
<pre class="simple">
sys_getpgid/sid() should return global pid of
VE task if info is requisted from VE0 task.
Actually, not critical, but still. let's fix it.
</pre>
Bug #85662
</div>
==== diff-xen-x8664-subarch-changes-b-20070709 ====
<div class="change">
Patch from Evgeny Kravtsunov <emkravts@openvz.org>
<br/>
Patch fixes compilation error: XEN_CPUID is undefined in
<pre class="simple">
Patch fixes compilation error: XEN_CPUID is undefined in
include/asm-x86_64/mach-xen/asm/msr.h. To define XEN_CPUID on x84_64 patch
attached makes msr.h to include xen/interface/arch-x86_64.h.
linux-2.6.18-drbd-8.0.3-8.0.4.patch:
Patch prepared by Evgeniy Kravtsunov:
DRBD driver update 8.0.3 -> 8.0.4
Patch attached updates drbd version from 8.0.3 to 8.0.4.
In 8.0.4 a set of oopses is fixed according to drbd changelog:
http://svn.drbd.org/drbd/trunk/ChangeLog.
</pre>
{{bug|615}}
</div>
==== diff-megaraid-64bit-dma-20070716 ====
<div class="change">
Patch from Vasily (vvs@):
<br/>
RHEL5 forget to apply last of our megaraid_mbox fixes:
<pre class="simple">
RHEL5 forget to apply last of our megaraid_mbox fixes:
http://forum.openvz.org/index.php?t=msg&goto=14975
From: Andrey Mirkin <amirkin@sw.ru>
Date: Mon, 16 Oct 2006 08:08:43 +0000 (+0400)
Subject: [PATCH] scsi: megaraid_{mm,mbox}: 64-bit DMA capability fix
X-Git-Tag: v2.6.19-rc3~208
X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=8741ca71a3f626a56595b88200ebf952ce77ceef
[PATCH] scsi: megaraid_{mm,mbox}: 64-bit DMA capability fix
It is known that 2 LSI Logic MegaRAID SATA RAID Controllers (150-4 and
150-6) don't support 64-bit DMA. Unfortunately currently this check is
wrong and driver sets 64-bit DMA mode for these devices.
Signed-off-by: Andrey Mirkin <amirkin@sw.ru>
Acked-by: Vasily Averin <vvs@sw.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
</pre>
</div>
==== diff-gfs-bh-leak-fix-20070716 ====
<div class="change">
Patch from Dmitry Monakhov (dmonakhov@):<br/>
If gfs_blk2rgrpd() has failed bh is leaked on error path in gfs_shrink().
</div>
==== diff-backport-dm-delay-20070716 ====
<div class="change">
Patch from Vagin Andrey (avagin@):
Device-Mapper's "delay" target delays reads and/or writes
and maps them to different devices.
QA team needs this feature to do certain tests on top of a slow storage:
vzabackup, filesystem tests, etc.
Backport from 2.6.22
</pre>
</div>
==== diff-ms-emt64-swsusp-oops-20070717 ====
<div class="change">
Patch from Alexandr Andreev <aandreev@openvz.org><br/>
[PATCH] x86-64: do not use virt_to_page on kernel data address
* virt_to_page() call should be used on kernel linear addresses and not on kernel text and data addresses. Swsusp code uses it on kernel data (statically allocated swsusp_header).
* Allocate swsusp_header dynamically so that virt_to_page() can be used safely.
* I am changing this because in next few patches, __pa() on x86_64 will no longer support kernel text and data addresses and hibernation breaks.
Signed-off-by: Vivek Goyal <vgoyal@in.ibm.com><br/>
Signed-off-by: Andi Kleen <ak@suse.de>
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1b29c1643c0d82512477ccd97dc290198fe23e22
[SWSUSP]: correct virt_to_page() usage in swsusp
Bug #86406
</div>
==== diff-ms-net-cbq-fairness2-20070720 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
<br/>
[PATCH] CBQ: fix unfairness when gettimeofday clock source is used
sch_cbq with gettimeofday clock source has limit 2000000 usec for the idle
(undertime) time.
Therefore when we try to set bandwidth less than 10000 bits/s then
sch_cbq doesn't work (idle time want to become about 4000000 usec).
Triggered by RHEL5 which switched from jiffies clocksource to gettimeofday()
BTW, why? According to ANK this should work poorly, since
gettimeofday can take as much as 100 microseconds...
Bug #86375.
</div>
==== diff-ubc-proc-issues-20070717 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org><br/>
[PATCH] BC: fix several issues in /proc/bc
<pre class="simple">
find /proc/bc doesn't work with several errors reported.
Reasons:
1. getdents() sometimes returns EOVERFLOW due to sign expansion in
generated entries' inode numbers;
2. bc and subbc have equal generated inode numbers;
3. /proc/bc has broken (from find's POV) nlink count.
Fix it all.
</pre>
</div>
==== diff-ve-allow-ethtool-20070718 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org> <br/>
[PATCH] net: allow ethtool ops inside VE
This patch allows ethtool operations into VE with
CAP_VE_NET_ADMIN capability.
</div>
==== diff-ve-net-udp-regress-b-20070716 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org> <br/>
[PATCH] venet: compilation warning fix
<pre class="simple">
label "out" is not used anymore. Fix the warning.
</pre>
</div>
==== diff-ve-opseminit-20070723 ====
<div class="change">
Patch from Denis Lunev <den@openvz.org> <br/>
[PATCH] initialize ve0.op_sem earlier
ve0->op_sem has been initialized on vecalls modules loading,
but nowdays can be used before vzmon during NFS initialization...
Bug #86869.
</div>
==== diff-ve-vpsdumpable-extend-b-20070718 ====
<div class="change">
Patch from Alexey Dobriyan <adobriyan@openvz.org> <br/>
[PATCH] ptrace: fix task->mm dereference out of task_lock()
Utrace code removed task_lock() around ->mm checks in ptrace_attach(),
but ->mm->vps_dumpable continued to be checked without task_lock().
</div>
</noinclude>