Open main menu

OpenVZ Virtuozzo Containers Wiki β

Download/kernel/rhel4/023stab044.11/changes

< Download‎ | kernel‎ | rhel4‎ | 023stab044.11
Revision as of 07:36, 20 March 2008 by Kir (talk | contribs) (reformatted to use level 4 headings and blockquote)

Contents

Changes

  • Major x86_64 security fix (CVE-2007-4573)
  • areca and r8169 driver updates
  • Rebased to RHEL4-55.0.2.EL

Configs

Same as 023stab044.4, plus:

  • +CONFIG_MD_RAID6=y

Patches

diff-ms-security-x8664-rax-check-20070919

x86_64: Zero extend all registers after ptrace in 32bit entry path.

Strictly it's only needed for eax.

It actually does a little more than strictly needed -- the other registers
are already zero extended.

Also remove the now unnecessary and non functional compat task check
in ptrace.

This is CVE-2007-4573

Found by Wojciech Purczynski

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

X-Git-Url: 176df2457ef6207156ca1a40991c54ca01fef567

linux-2.6.9-arcmsr-1.20.0X.14.devel.patch

Areca driver was provided to Thomas Krenn AG by Areca people.
https://helpdesk.swsoft.com/index.html?q=351134

Requested by Thomas Krenn AG due to memory leak caused by Areca command line
utility (about 7 MB per execution of the CLI according to Thomas Krenn AG).
Declared to fix the memory leak problem.

Bug #87569.

P.S. the issue with ARCMSR_MAX_XFER_SECTORS[_B] fixed (see the bug).

linux-2.6.9-r8169-2.2LK-NAPI-ms-2.6.22.patch

Patch prepared by Kostja (khorenko@):
r8169 driver updated upto version 2.2LK-NAPI.

Requested by Padberg-IT (web4.hm).
Sources are backported from mainstream 2.6.22 kernel.

diff-simfs-stat64-20070622

Patch from Vasily (vtaras@):
[PATCH][2.6.9] simfs: add stat64 hook

Initial problem: per-user/group disk quota in VE doesn't work, if you
use 2.6.9-based kernel.

The thing is that during `vzctl start`, vzctl gives the required
permission to the appropriate device. If simfs is used, the device
should be an anon device.
But stat() system call on any simfs inode (this syscall is used by vzctl
to obtain major/minor number of device) returns major/minor of
_underlying_  device. Consequently vzctl gives the permission to
underlying device! Note, it is a potential security hole.

The patch adds hook to vfs_getstat64 and creates sim_getstat64: the same
approach as in vfs_getstat/sim_getsat.

OpenVZ Bug #632