Contents
Changes
- VPS checkpointing/restore (live migration)
- UBC fixes
- Mainstream updates (2.6.16.8)
- Netfilter fixes
- Security fixes
- Compilation tunes
- Quota improvements
- Debugging facilities
Config changes
Changed:
CONFIG_MICROCODE=m
(was y)CONFIG_FUSION_SPI=m
(was y)CONFIG_FUSION_FC=m
(was y)CONFIG_FUSION_SAS=m
(was y)CONFIG_FUSION_CTL=m
(was y)CONFIG_FUSION_LAN=m
(was y)
Added:
- +
CONFIG_VZ_CHECKPOINT=m
- +
CONFIG_DCDBAS=m
- +
CONFIG_MD_RAID10=y
- +
CONFIG_MD_MULTIPATH=y
- +
CONFIG_DM_CRYPT=y
- +
CONFIG_DM_MIRROR=y
- +
CONFIG_DM_ZERO=y
- +
CONFIG_DM_MULTIPATH=y
- +
CONFIG_DM_MULTIPATH_EMC=y
- +
CONFIG_SKY2=m
- +
CONFIG_OPROFILE=m
Compatibility notes
- fusion driver is module now (was built-in)
- microcode is module now (was built-in)
For the complete list of changes in this release, see git changelog for kernel 026test009.1.
Patches
diff-cpt-aio
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] Comb AIO for CPT
diff-cpt-copy-page-range
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] add __copy_page_range to clone arbitrary pages
diff-cpt-core-misc
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] Misc core modifications required for CPT
- pn_state tracking
- disable_net
- TIF_FREEZE
- jiffies_fixup<
- remove bogus try_to_freeze() from sigtimedwait()
- VE_LOCK
- Export some symbols from VZ core
diff-cpt-cwd-error
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT] error was not reported when CWD cannot be saved
NOTE. Until recently I honestly did not know that paths with length > PATH_MAX are not prohibited. At the moment checkpointing fails, when some file/cwd/... has such a path. We could save it correctly, it is not a problem, but I have no code for restore of such paths, it is going to be real tricky.
diff-cpt-direct-aio
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT] AIO for O_DIRECT
It was supposed to work, but happened to be a little buggy. We waited for AIO completion _after_ dumping VM, so that the ring went out of sync.
Also, we cannot read/write on O_DIRECT files with kernel buffer Kernel tries get_user_pages() and fails.
diff-cpt-emt64-hrtimer
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[X86_64] Upgrade compat.c to use hrtimer
Must be pushed to mainstream
diff-cpt-emt64-segments
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT X86_64] Renumber segment register on x86_64 to match i386
It is necessary to allow migration from ia32/x86_64 to/from i386
diff-cpt-emt64-sigmask
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[X86_64] TIF_RESTORE_SIGMASK for x86_64
We need this right now. It is going to be replaced with a version suggested by x86_64 maintainers
diff-cpt-emt64-strace
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[X86_64] An ugly fixup for previous patch to cure x86_64 strace
It is crazy, strace distinguishes ia32 emulated programs by numeric value of segment reg. :-)
diff-cpt-eventpoll
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] Comb eventpoll for CPT
diff-cpt-exports
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] Export miscellaneous symbols required for CPT
diff-cpt-ipc
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] Comb SYSV IPC for CPT
diff-cpt-ipc-addid
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT] check for succesful reallocation in ipc_addid
Found occasionally while searching for another bug in SYSV IPC.
diff-cpt-ip-conntrack
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] Comb IP conntrack for CPT
diff-cpt-kconfig-fix
Patch from Pavel Emelianov <xemul@openvz.org>:
Fix kernel/power/Kconfig to remove SOFTWARE_SUSPEND dependency on SMP. Needed by CPT.
diff-cpt-makefile-kconfig
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[VZ] Hook cpt/ to build system
diff-cpt-modules
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT] CPT modules
diff-cpt-networking
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] Comb networking for CPT
diff-cpt-ngroups
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT] > 32 supplementary groups are not checkpointed
Bug is not fixed, too hairy on pre-release time. We just fail.
Comment is added.
diff-cpt-restore-tty-attrs
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT] tty attributes were restored incorrectly
setattr mask was uninitialized and i_size on tty inodes was restored at a random value. At the first sight it is difficult to notice, i_size on tty inodes is never used. But glibc uses stat64 and translates the result. When i_size is weird enough, stat() returns EOVERFLOW. In this case ps skips correct path and find the next appropriate variant, which is /dev/pts/N.
BTW this opens another (minor) problem. If a process inside VE has controlling terminal, but it is not open by this process (f.e. do sleep 3600 < /dev/null >& /dev/null &), ps will show wrong pts path too.
diff-cpt-swap-err
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[KERNEL] Do not map random pages while swapoff errors
If read failed we cannot map not-uptodate page to user space. It is an obvious security issue, plus it is not sane. Actually, we are in serious troubles, we do not even know what process to kill. So, the only variant remains: to stop swapoff() and allow someone to kill processes to zap invalid pages.
diff-cpt-task-size
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT X86_64] Fix task size for ia32/x86_64.
Otherwise we cannot migrate from ia32/x86_64 to i386
diff-cpt-vsyscall-disable
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT KERNEL] Add sysctls to disable exporting vsyscall. Disable it by
default.
Note, the page still exists and mapped. We just do not tell to dynamic loader about this.
diff-cpt-x8664-mm
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT] forgotten chunk in cpt_mm.c
Ugly, but necessary.
diff-cpt-zombie-count
Patch from Pavel Emelianov <xemul@openvz.org>:
Increment zombie count on restoring if creating a zombie process.
diff-getppid-fix-20060307
Patch from Pavel Emelianov <xemul@openvz.org>:
Move old code in sys_getppid back when debugging is off.
Taking tasklist_lock each time decreases performance and
nothing more in non-debugging case.
Noticed by Kirill Korotaev <dev@openvz.org>
diff-ipc-memcpy-bug-20060413
Patch from Alexey Kuznetsov <alexey@openvz.org>:
SYSV IPC writes beyond allocated memory
diff-list-firt-entry
Patch from Pavel Emelianov <xemul@openvz.org>:
Add list_firt_entry() macro
diff-merge-2.6.16.5-20060413
Patch from OpenVZ team <devel@openvz.org>:
Merge /linux/kernel/git/stable/linux-2.6.16.y
diff-ms-ia64-unaligned-ratelimit
Patch from Pavel Emelianov <xemul@openvz.org>:
Rate limit unaligned access warnings from kernel
diff-ms-ia64-unalign-skrunfilter
Patch from Dmitry Mishin <dim@openvz.org>:
Fixed unaligned access in sk_run_filter.
Data offset comes from userspace, so use of get_unaligned() is the best way.
diff-oops-decode
Patch from Kirill Korotaev <dev@openvz.org>:
Added sysctl variable to disable automatic call traces decoding.
Required for machines not connected to any kind of console.
diff-security-ipid-20060324
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[TCP]: Do not use inet->id of global tcp_socket when sending RST.
The problem is in ip_push_pending_frames(), which uses:
if (!df) { __ip_select_ident(iph, &rt->u.dst, 0); } else { iph->id = htons(inet->id++); }
instead of ip_select_ident().
Right now I think the code is a nonsense. Most likely, I copied it from
old ip_build_xmit(), where it was really special, we had to decide
whether to generate unique ID when generating the first (well, the last)
fragment.
In ip_push_pending_frames() it does not make sense, it should use plain
ip_select_ident() instead.
http://www.securityfocus.com/archive/1/427622/100/0/threaded
Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff-smp-nmi-show-regs
Patch from OpenVZ team <devel@openvz.org>:
This patch adds dumping of calltraces on _all_ CPUs on AltSysRq-P and NMI
LOCKUP. It does this via sending NMI IPI interrupts to the cpus.
Taken back from -mm tree.
Signed-off-by: Kirill Korotaev <dev@sw.ru>
Signed-off-by: Pavel Emelianov <xemul@sw.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
diff-smp-nmi-show-regs-emt64
Patch from Pavel Emelianov <xemul@openvz.org>:
Print calltraces on all CPUs on x86_64 arch.
This patch supplements the one made for i386.
diff-smp-nmi-show-regs-fixes
Patch from OpenVZ team <devel@openvz.org>:
Fix of previous patch for voyager.
Cc: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Kirill Korotaev <dev@sw.ru>
Signed-off-by: Pavel Emelianov <xemul@sw.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
diff-sw-lic-20060404
Patch from OpenVZ team <devel@openvz.org>:
Licensing
diff-ubc-copy-page-range-fix-20060406
Patch from Pavel Emelianov <xemul@openvz.org>:
Some fixes of page beancounters accounting.
- moved pb_alloc_all closer to pb_alloc and co;
- removed pb_add_list_ref - now pb_add_ref acts similar in both cases;
- changed logic on copying pages - if a page isn't accounted in pbc for parent it will not be in child. pb_dup_ref was introduced for it.
diff-ubc-mlock-deadlock-20060412
Patch from Alexey Kuznetsov <alexey@openvz.org>:
Mlock was ported incorrectly
Two bugs actually:
1. In 2.6 mlock_fixup _MUST_ return correct prev VMA, otherwise
mlockall deadlocks.
2. Inaccurate port: in error path memory is not uncharged.
diff-ubc-page-uncharge-race-20060414
Patch from Pavel Emelianov <xemul@openvz.org>:
Fix of race between ub_page_charge/_uncharge.
Pages were first put into global list of free pages and ther - uncharged.
During this gap page_alloc could charge not uncharged yet page thus
causing a BUG().
Moved ub_page_uncharge above freeing and out of local_irq_save to reduce time spent with irqs off.
diff-ubc-pbfree-oops-20060417
Patch from Pavel Emelianov <xemul@openvz.org>:
Wrong error path in copy_pte_range.
pb_free_list must be called since pbc may be
1. set to PB_COPE_SAME, but pb_free is unaware of it (OOPs);
2. allocated with pb_alloc_list and pb_free will leak all but one.
pb_alloc_list may be called more than once (goto again;) so pb_free_list must be called even on pb_alloc_list failure to cleanup first call allocations.
diff-ubc-zero-page-fix-20060417
Patch from Pavel Emelianov <xemul@openvz.org>:
Don't pb_add_ref to ZERO_PAGE in do_anonymous_page
since ZERO_PAGE must not have refs at all.
Also remove __pb_alloc as noone need it anymore.
diff-ve-exec-set-links-20060403
Patch from Pavel Emelianov <xemul@openvz.org>:
Add task to VPS task list on exec.
If a non-leader thread calls exec it becomes a thread group leader and thus
SET_VE_LINKS/REMOVE_VE_LINKS will manipulate list on this task.
Meanwhile such task after exec will not be in list because it was not added
there on fork. This may lead to creation of invisible by ps task, unstopable
VPS, since do_initproc_exit will not find this task to kill it, and even ve task
list corruption.
diff-ve-inkernel-compilation
Patch from OpenVZ team <devel@openvz.org>:
This patch fixes comilation with CONFIG_MODULES=n
diff-ve-ipc-freeids-20060405
Patch from Pavel Emelianov <xemul@openvz.org>:
Fix of VPS IPC ids cleanup.
Do not try to free ipc_ids->entries in case their allocation
failed before, i.e. they are set to &ids->nullentry.
diff-ve-net-netfilter-xt-lock-20060414
Patch from Dmitry Mishin <dim@openvz.org>:
Fixed lockup due to uninitialized lock
diff-ve-net-netfilter-xt-tcpudp-20060412
Patch from Dmitry Mishin <dim@openvz.org>:
Virtualized xt_tcpudp module, managed by VE_IP_TABLES mask.
http://forum.openvz.org/index.php?t=tree&th=466&start=0
diff-ve-net-nf-event-fix-20060403
Patch from Dmitry Mishin <dim@openvz.org>:
Fixed endless loop on VPS stop with CONFIG_IP_NF_CONNTRACK_EVENTS enabled.
Loop was due to last put under wrong context.
diff-ve-net-nf-getorigdst-20060405
Patch from Dmitry Mishin <dim@openvz.org>:
Fixed oops introduced by previous patch
diff-ve-net-nf-icmp-errpath-20060406
Patch from Dmitry Mishin <dim@openvz.org>:
Fixed init_iptables error path
diff-ve-net-nf-ipt-proc-20060405
Patch from Dmitry Mishin <dim@openvz.org>:
Iptables related entries are visible under /proc/net/ now.
diff-ve-setxattr-20060403
Patch from Vasily Tarasov <vtaras@openvz.org>:
Setxattr and getxattr have to check CAP_VE_ADMIN
in order to return proper errors inside VE, similar to host.
diff-ve-sysfs-root-20060405
Patch from Vasily Tarasov <vtaras@openvz.org>:
Fix of sysfs tree visibility in VPS.
sysfs_root variable must be virtualized, so that VPS see
only class subsystem and class net.
diff-ve-userhdrs-types
Patch from Kirill Korotaev <dev@openvz.org>:
This patch fixes usage of kernel type cycles_t in user interface header.
Related to OpenVZ Bug #123.
diff-ve-userhdrs-types2
Patch from Kirill Korotaev <dev@openvz.org>:
Fix of user space headers for vzctl
diff-ve-vzwdog-modparm-20060405
Patch from Dmitry Mishin <dim@openvz.org>:
Remove obsoleted MODULE_PARM call, use module_parm instead
diff-vzdq-mnt-20060410
Patch from Vasily Tarasov <vtaras@openvz.org>:
All root dentries are unhashed. We have to check for it in vzquota_check_dtree().
http://forum.openvz.org/index.php?t=tree&goto=2552&#msg_2552 OpenVZ Bug #133.
diff-vzdq-off-sync-20060407
Patch from Kirill Korotaev <dev@openvz.org>:
[VZDQ] Speed up vzquota-off process.
vzquota off syncs inodes, so that inodes are synced one by one and waited for. This is slow. This patch changes the logic: all inodes should be kicked for syncing first, and then only waited for. This makes VPS creation to be faster.
diff-merge-2.6.16.8-20060419
Merged linux-2.6.16.8 fixes
diff-suspend-traced
Roll back merged fix. Original fix's sha is 6b2467e45179a336f1e5b70d2b2ae1fe89a00133
diff-ubc-tsoaccount-20060419
Patch from Vasily Tarasov <vtaras@openvz.org>
Add tcpsndbuff charging in tso_fragment()