Open main menu

OpenVZ Virtuozzo Containers Wiki β

Download/kernel/2.6.8/022stab072.2/changes

< Download‎ | kernel‎ | 2.6.8‎ | 022stab072.2
Revision as of 16:40, 21 March 2008 by Kir (talk | contribs) (created)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Contents

Changes

  • Many mainstream bug and security fixes
  • bunch of IA64/x86-64 mainstream fixes
  • TUN/TAP virtualization fix
  • 32bit iptables in VPS on 64bit host OS support
  • virtualized ipt_REDIRECT
  • new/updated hardware drivers

Compatibility

  • ipt_REDIRECT support requires vzctl >= 3.0.0-4

Configs

Same as 022stab070.1, plus:

  • +CONFIG_DM_SNAPSHOT=y
  • +CONFIG_BLK_DEV_DRBD=m
  • +CONFIG_SCSI_ARCMSR=y
  • +CONFIG_SERIAL_8250_ACPI=y (ia64)
  • ~CONFIG_MICROCODE=m (was y; see OpenVZ Bug #118)
  • +CONFIG_IP_NF_TARGET_REDIRECT=m

Patches

diff-ve-ipt-redirect-20060316

Patch from Jason Stubbs:
This patch virtualizes the ipt_REDIRECT iptables module.

Signed-Off-By: Kirill Korotaev <dev@openvz.org>

diff-ms-tty-lockup-20060302

Patch from mainstream, prepared by Pavel:

A lockup can occur in tty driver: receive_chars() is calld with port.lock held and calls via file.work.func this:

fluch_to_ldisc
n_tty_receive_chars
uart_flush_chars
uart_start,

which tries to lock port again...

This is a part from http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.356.2.

And a lost hunk from diff-ms-tty-lockup-20050207 patch taken from mainstream also.

The first patch goes in mainstream before the second, so that's why we've dropped hunk from the 2nd...

http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.356.2

Bug #59907.

diff-ve-ipv6-comp-20060302

Patch from Kirill:

Backported from 2.6.15 patch which allows to enable IPv6 in host system. Requested in OpenVZ.

diff-ve-devbase-cleanup-20060302

Patch from Pavel:

Rename visible_dev_base into dev_base.

Remove visible_dev_tail and prepare_netdev.

Removing visible_ prefix from dev_base and dev_tail makes driver updates easier.

Bug #59613.

diff-fairsched-tune-sysctl-20060302

Patch from Kirill (dev@), fixed by Pavel:

This patch fixes VCPU affinity check in schedule_vcpu() and adds some sysctls to tune vsched VCPU affinity and PCPU<->VCPU affinity.

diff-ve-inkernel-compilation

Patch from Alexander:
This patch fixes compilation with CONFIG_MODULES=n

OpenVZ Bug #52.

diff-ms-early-intel-workarounds

Patch from mainstream:

[PATCH] i386: Move phys_proc_id/early intel workaround to correct function

early_cpu_detect only runs on the BP, but this code needs to run on all CPUs. This will fix problems with the powernow-k8 driver on dual core systems and general misdetection of AMD dual core.

Looks like a mismerge somewhere. Also add a warning comment.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

X-Git-Url

diff-ms-ia64-update-mmu-cache-2

Patch from Pavel, taken from mainstream:

Fix of diff-ms-ia64-update-mmu-cache: Need to call lazy_mmu_prot_update() with new pte value, not old one.

Bug #59847.

diff-ms-shmdt-align

Patch from mainstream:

[PATCH] shmdt cannot detach not-alined shm segment cleanly.

sys_shmdt() can manage shm segments which are covered by multiple vmas. (This can happen when a user uses mprotect() after shmat().)

This works well if shm is aligned to PAGE_SIZE, but if not, the last segment cannot be detached. It is because a comparison in sys_shmdt():

   (vma->vm_end - addr) < size
       addr == return address of shmat()
       size == shmsize, argments to shmget()

size should be aligned to PAGE_SIZE before being compared with vma->vm_end, which is aligned.

Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>

X-Git-Url

diff-ms-mempol-getnodes-sanity

Patch from mainstream:

[PATCH] sys_mbind sanity checking

Make sure maxnodes is safe size before calculating nlongs in get_nodes().

Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[chrisw: fix units, pointed out by Andi]
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

X-Git-Url

diff-ms-zaptread-ptrace

Patch from mainstream:

  1. The tracee can go from ptrace_stop() to do_signal_stop() after __ptrace_unlink(p).
  2. It is unsafe to __ptrace_unlink(p) while p->parent may wait for tasklist_lock in ptrace_detach().

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

X-Git-Url

Bug #59130.

diff-ms-do-sigaction-unblockable

Patch from mainstream:

Clear unblockable signals beforehand.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

X-Git-Url

Bug #59127.

diff-ms-sig-empty-samask

Patch from mainstream:

sys_signal() forgets to initialize ->sa_mask.

Pointed out by Linus Torvalds.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

X-Git-Url

Bug #59127.

diff-security-bad-elf-entry

Patch from mainstream:

Fixes a local DOS on Intel systems that lead to an endless recursive fault. AMD machines don't seem to be affected.

Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

X-Git-Url

Bug #59129.

diff-ubc-shmpages-20060220

Patch from Pavel:

Charging UB_SHMPAGES was performed each time shmem_swp_alloc() was called. Meanwhile this function does not always allocates new entries.

Bug #58445.

diff-ve-netdev-virtflag-20060228

Patch from Pavel:

Added a flag IFF_VIRTUAL to distinguish devices accessible from VE. venet, lo and tun/tap devices set this flag on creation. (use features mask instead of flags, because flags is short and all bits are busy already).

Bug #59657.

diff-ms-ia64-unlign-skrunfilter

Patch from Dmitry:

Fixed unaligned access in sk_run_filter. Data offset comes from userspace, so use of get_unaligned() is the best way.

Bug #59290.

diff-ms-ipt-compat-20060222

Patch from Dmitry: This patch allows 32bit iptables tool work on 64bit kernel. it includes interface for conversion matches and targets and conversion of matches/targets, included in ip_tables module itself.

diff-ms-ipt-compat2-20060214

Patch from Dmitry:

This patch allows 32bit iptables tool work on 64bit kernel. it includes matches/targets code, based on introduced in previous patch interface.

diff-ms-ia64-ptrace-regs

Patch from mainstream:
[IA64] ptrace.c: Fix unchecked user-memory accesses due to ptrace_{get,set}regs()

Here is another fix for a sparse-detected bug: turns out ptrace_getregs() and ptrace_putregs() did unchecked user-memory accesses! These were tricky to see, so it's not surprising that they went unnoticed so far. Fortunately, sparse can detect these trivially. Patch below should fix the problem, but it's completely untested (I don't have any testcases for getregs/putregs).

Signed-off-by: davidm@hpl.hp.com
Signed-off-by: Tony Luck <tony.luck@intel.com>

http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.99.4

Bug #59494.

diff-ms-ia64-unlign-ratelimit

Patch from Pavel:

Rate limit unaligned access warnings from kernel

diff-ms-tun-frame-align

Patch from mainstream:

[TUN]: Align only ethernet packets to NET_IP_ALIGN.

Signed-off-by: Sven Henkel <shenkel@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Bug #59465.

diff-ms-ia64-numanosrat-2006022

Patch from mainstream:

[IA64] SMP systems may not have SRAT, still need to mark node0 online.

This only causes a problem in the -mm tree now, but Zou Nan hai and Shaohua Li sent me this fix so that SMP systems compiled with the generic kernel (which turns on NUMA and CPUSETS in -mm) won't hit a BUG_ON in kernel/cpuset.c guarantee_online_mems() which is called from acpi_early_init()

Signed-off-by: Tony Luck <tony.luck@intel.com>

Bug #59539.

diff-ms-ia64-unwind-checks

Patch from mainstream:

Detect user space by the unwind frame with predicate PRED_USER_STACK set, instead of a user space IP. Tighten up the last ditch check for running off the top of the kernel stack.

Based on a suggestion by David Mosberger, reworked to fit the current tree. This survives my stress test which used to break 2.6.9 kernels. Unlike 2.6.11, the stress test now unwinds to the correct point, so gdb can get the user space registers.

X-Git-Url

Bug #59467.

diff-ve-tun-devlist-20060224

Patch from Vasily (vvs@),

virtualised tun_dev_list check, fixed openvpn failure issue.

Bug #59657.

diff-ms-compat-tunioctl

Patch from mainstream:

[COMPAT]: TUNSETIFF needs to copy back data after ioctl.

It is defined as a _IOW() which is erroneous, it should have been defined as _IORW() but that cannot be changed now without breaking all existing applications using this ioctl.

Signed-off-by: David S. Miller <davem@davemloft.net>

Bug #59565.

diff-ext3-vprintk-warns

Patch from mainstream:

Fixes ext3/jbd module compilation: export vprintk()

diff-ms-ia64-unwind-unat

Patch from mainstream:

[IA64] unwind.c uses wrong unat from switch_stack

unwind.c can read the wrong unat bits from switch_stack. sw->caller_unat is the value of ar.unat when the task was blocked. sw->ar_unat is the value of ar.unat after doing st8.spill for r4-7. IOW, ar_unat is caller_unat with 4 bits changed.

unw_access_gr() uses sw->ar_unat for r4-7 (correct), but it also uses sw->ar_unat for other scratch registers (incorrect). sw->ar_unat should only be used for r4-7, everything else should use sw->caller_unat, unless modified by unwind info. Using sw->ar_unat risks picking up the 4 bits that were overwritten when r4-7 were saved.

Also this line is wrong

unw.sw_off[unw.preg_index[UNW_REG_PFS]] = SW(AR_UNAT);

and should be

unw.sw_off[unw.preg_index[UNW_REG_PFS]] = SW(AR_PFS);

Signed-off-by: Keith Owens <kaos@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>

GIT: b833961bd30eec201b9a94eec36aa7ac96f9c9c0

http://linux.bkbits.net:8080/linux-2.6/cset@1.3332.1.371

diff-ms-ia64-unwind-cleanup

Patch from mainstream:
[IA64] cleanup C usage of global/root-function predicates

The patch below is purely a cleanup but it's a prerequisite for the next bug fix patch.

Signed-off-by: David Mosberger-Tang <davidm@hpl.hp.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>

http://linux.bkbits.net:8080/linux-2.6/cset@1.1966.2.31

diff-ms-ia64-entry-misprint

Patch from mainstream:
[IA64] Drop spurious paren in entry.h

The latest assembler catches this typo. (reported by Jim Wilson).

Signed-off-by: David Mosberger-Tang <davidm@hpl.hp.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>

GIT: 34b727c135ff651f153be5757056d25678b6d018 http://linux.bkbits.net:8080/linux-2.6/cset@1.3192.10.2

diff-usb-hid-20060216

Patch from mainstream, found by Vasily Tarasov:

fixes annoying messages on usb device attach: drivers/usb/input/hid-core.c: ctrl urb status -32 received

X-Git-Url

Bug #55536.

diff-usb-kbddetach-20060216

Patch from mainstream, modified by Vasily:

fixes annoying messages on usb device detach: drivers/usb/input/hid-core.c: input irq status -84 received

X-Git-Url

Bug #55536.

diff-cciss-timeout-20060228

Patch from Kostja:

During initialization cciss driver uses

set_current_state(TASK_INTERRUPTIBLE);
schedule_timeout(...);

in a loop with fixed number of iterations. schedule_timeout() returns too fast and resulted timeout is not enough for controller board initialization.

diff-qla4xx-inkernel-comp

Patch from Alexander:

This patch fixes qla4xx in kernel compilation.

OpenVZ Bug #52.

linux-2.6.8.1-fusion-3.02.18.patch

Patch from Pavel:

[DRIVER UPDATE] Fusion from 3.01.09 to 3.02.18 (RHEL4u2)

diff-fusion-crashdump-20060303

Patch from Pavel:

Fix fusion compilation w/o crashdump.

diff-ve-inkernel-compilation-b

Patch from Kirill:

Fix of warning caused by previous diff-ve-inkernel-compilation patch.

diff-ms-emt64-sigrestart-rax

Patch from mainstream:

[PATCH] x86_64: fix syscall/signal restart bug

Fix a pretty bad bug that caused sometimes signals on x86-64 to be restarted like system calls. This corrupted the RIP and in general caused undesirable effects.

The problem happens because orig_rax is unsigned on x86-64, but it originally was signed when the signal code was written. And the if (orig_rax >= 0) ended up always true. And gcc didn't warn about this, because the warning is only in -Wextra.

In 2.4 we still had a cast for it, but somehow it got dropped in 2.5.

Credit goes to John Slice for tracking it down and Erich Boleyn for the original fix. All blame to me. I fixed it at another place too.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.464.1

RHEL4u3: linux-2.6.9-x86_64-syscall_signal-restart.patch

diff-ms-emt64-compat-sigrestart

Patch from mainstream:

[PATCH] x86_64: Fix 32bit system call restart

The test case at 1-5.c fails if it runs as a 32bit process on x86_86 machines.

The root cause is the sub 32bit process fails to restart the syscall after it is interrupted by a signal.

The syscall number of sys_restart_syscall in table sys_call_table is __NR_restart_syscall (219) while it's __NR_ia32_restart_syscall (0) in ia32_sys_call_table. When regs->rax==(unsigned long)-ERESTART_RESTARTBLOCK, function do_signal doesn't distinguish if the process is 64bit or 32bit, and always sets restart syscall number as __NR_restart_syscall (219).

Signed-off-by: Zhang Yanmin <yanmin.zhang@intel.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

GIT: 607a16858397829806c5a4db999ce6daf327f98c

http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.3.44

diff-ms-ia64-pci-ext

Patch from mainstream:

[PATCH] PCI: pci_raw_ops should use unsigned args

Convert pci_raw_ops to use unsigned segment (aka domain), bus, and devfn. With the previous code, various ia64 config accesses fail due to segment sign-extension problems.

ia64:

  • With a signed seg >= 0x8, unwanted sign-extension occurs when "seg << 28" is cast to u64 in PCI_SAL_EXT_ADDRESS()
  • PCI_SAL_EXT_ADDRESS(): cast to u64 *before* shifting; otherwise "seg << 28" is evaluated as unsigned int (32 bits) and gets truncated when seg > 0xf
  • pci_sal_read(): validate "value" ptr as other arches do
  • pci_sal_{read,write}(): return -EINVAL rather than SAL error status

RHEL4u3: linux-2.6.9-ia64-pci-ext.patch

http://linux.bkbits.net:8080/linux-2.6/cset@1.1982.54.8

diff-ms-ia64-nat-coredump

Patch from mainstream:

[IA64] Avoid .spillpsp directive in handcoded assembly

Some time ago, GAS was fixed to bring the .spillpsp directive in line with the Intel assembler manual (there was some disagreement as to whether or not there is a built-in 16-byte offset). Unfortunately, there are two places in the kernel where this directive is used in handwritten assembly files and those of course relied on the "buggy" behavior. As a result, when using a "fixed" assembler, the kernel picks up the UNaT bits from the wrong place (off by 16) and randomly sets NaT bits on the scratch registers. This can be noticed easily by looking at a coredump and finding various scratch registers with unexpected NaT values. The patch below fixes this by using the .spillsp directive instead, which works correctly no matter what assembler is in use.

Signed-off-by: David Mosberger-Tang <davidm@hpl.hp.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>

GIT: bfd68594082d8384781c242aa72a7950b5cf51aa

http://linux.bkbits.net:8080/linux-2.6/cset@1.2976.3.2

RHEL4u3: linux-2.6.9-ia64-nat-coredump.patch

diff-ms-ia64-usercopy-sanity

Patch from mainstream:

[IA64] make exception handler in copy_user more robust

The exception handler in copy user always expects fault occurs only on user space address and the fall back recovery code is written with that very assumption in mind. Recent source code inspection revealed that while it worked splendid and to the expectation under normal circumstances, It broke down under unexpected condition where some address calculation might go outside the legal address range the original copy_user was called for. This patch is to make copy_user exception handler more robust and to prevent potential memory corruption.

Signed-off-by: Ken Chen <kenneth.w.chen@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>

GIT: 295bd89279aad6959f0d363ee8e946d4766f9ad8

http://linux.bkbits.net:8080/linux-2.6/cset@1.3332.274.2

diff-ms-ia64-usercopy-unaligned

Patch from mainstream:

[IA64] __copy_user breaks on unaligned src

memcpy_mck.S::__copy_user breaks in the prefetch code under these conditions :-

  • src is unaligned and
  • dst is near the end of a page and
  • the page after dst is unmapped.

Signed-off-by: Keith Owens <kaos@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>

GIT: 6118ec847e8e35393efc0f88394c2f5dd48c3313

http://linux.bkbits.net:8080/linux-2.6/cset@1.2596

Red Hat Bug #167634

RHEL4u3: linux-2.6.13-ia64-memcpy.patch

diff-ms-ia64-die-if-kernel

Patch from mainstream:

[PATCH] die_if_kernel() can return (CVE-2006-0742)

arch/ia64/kernel/unaligned.c erroneously marked die_if_kernel() with a "noreturn" attribute ... which is silly (it returns whenever the argument regs say that the fault happened in user mode, as one might expect given the "if_kernel" part of its name!). Thanks to Alan and Gareth for pointing this out.

Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>

X-Git-Url

diff-ve-kmsg-20060303

Patch from Vasiliy:
This patch adds /proc/kmsg inside VE

OpenVZ Bug #113.

linux-2.6.8.1-areca-1.20.0X.12.patch

Sources from Areca site, prepared by Kostja (khorenko@):

Areca driver v1.20.0X.12 added.

Sources URL. Bug #59933.