Open main menu

OpenVZ Virtuozzo Containers Wiki β

Download/kernel/2.6.8/022stab034.1/changes

< Download‎ | kernel‎ | 2.6.8‎ | 022stab034.1
Revision as of 18:23, 22 October 2009 by Kir (talk | contribs) (Protected "Download/kernel/2.6.8/022stab034.1/changes": Robot: Protecting a list of files. [edit=autoconfirmed:move=autoconfirmed])
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Contents

Changes

  • Mainstream kernel security fixes
  • Fairscheduler debug code and fixes
  • Statistics fixes

Compatibility

  • Kernel headers resides under /lib/modules/`$kernel_ver`/build/include directory now. Package vzkernel-headers is removed.

Patches

diff-ve-procperms-20050826

Patch from Denis, based on idea from Dmitry:

This patch removes permission granting for unnamed devices, registered during VPS creation.

diff-fairsched-initlate-20050824

Patch from Pavel:

Relocates fairsched_init_late into proper place.

Bug 50457.

diff-ve-proc-lookup-20050824

Patch from Pavel, edited by Andrey:
  • fixup of nlink counter and mode for proc inodes;
  • small code cleanup.

diff-vzdq-filefini-20050824

Patch from Andrey:

Fixes oops in VPS fini hook in vzdq_file if the VPS doesn't have disk quota.
Bug 50161.

diff-fs-dcookie-20050823

Patch from Alexey, modified by Pavel:
  • dgets dentry instead of incrementing its d_count
  • mntgets vfsmount instead of incrementing its mnt_count (at Andrey's request)

diff-ve-opsemcomment-20050824

Patch from Andrey, rewritten version of a patch by Pavel:

Comment about barrier properties of op_sem.

diff-ve-listadd-20050815

Patch from Denis:

This patch fixes race between do_env_cleanup (removes VPS from list, vzctl finishes, VPS start allowed) and subsequent do_env_create->fairsched_mknod, where the fairsched node still exist.

diff-ve-fairsched-err-20050824

Patch from Andrey:

Adds error checks in fairsched node creation/switch/removal at VPS start/stop. Eliminates one of the reasons of vcpu_attach oops.

diff-ve-freeveproc-20050817

Patch from Denis:

This patch fixes oops in free_ve_proc called on cleanup path in do_env_create.
Bug 50322.

diff-ve-cleanup-cleanup-20050812

Patch from Pavel:
  • no need to set exec environment in vzlmond before calling env_cleanup, since env_cleanup sets it itself;
  • make code look nicer with list_first_entry.

diff-fairsched-setvsched-20050812

Patch from Pavel:

misprint in migrate task. Wrong macro was used, but it happened to be harmless since both macros expand into the same expression.

diff-ve-procstat{iow|idl}-20050819

Patch from Pavel:

read ve idle time in proc and vecalls.

(Andrey's comments, renamed get_ve_idle_cpu into ve_sched_get_idle_time)

diff-ve-fairsched-statiow-20050823

Patch from Pavel:

Calculates ve's per-vcpu iowait time

diff-ve-fairsched-statidl-20050823

Patch from Pavel:
  • account ve idle time per-vcpu;
  • removed fairsched idle time accounting.

Makes comparison between cycles like in time_after.

diff-ve-procstat-20050819

Patch from Pavel:
  • fixup of wall_to_monotonic access in show_stat();
  • optimisation and code cleanup in show_stat().

diff-ve-loadavg-20050823

Patch from Pavel:

Introduces nr_running_ve, nr_iowait_ve and ve_uninterruptible_ve that are used in /proc to show statistics in VPS. Fixups these functions to check returned result for "< 0".

diff-ve-vzstat-nrs-20050823

Patch from Pavel:
  • global accounting for running/sleeping/etc tasks;
  • removes cycles from ve_nr_sunning_inc/_dec;
  • ve's nr_running etc accounting is per Vcpu;
  • fixed type of sym in nr_sleeping and nr_stopped;
  • removed inc/dec of ve_nr_running from pull_task.

diff-dbg-nmi-printk-20050803

Patch from Andrey:

This patch fixes/improves printk() locking thus making it possible to call it from NMI/scheduler code using special printk_no_wake variable.

diff-dbg-nmi-printk-20050808

Patch from Andrey:

Improvements of printk from schedule/NMI:

  • per-cpu variables can't be used (they are initialized too late),
  • operations in nmi_watchdog_tick() reordered a bit,
  • check for printk_no_wake added to bust_spinlocks,
  • a timer to wake up processes after missing wakeup from printk implemented.

diff-dbg-fairsched-20050824

Patch from Andrey:

Debug print in case of loop in schedule_vcpu. no new issues

diff-dbg-fairsched-20050901

Patch from Andrey:

Additional fairscheduler lookup debug.

diff-dbg-fairsched-loopcleanup-20050901

Patch from Denis:

This patch does the following:

  • incorrect VCPU id in deactivate_task (in __migrate_task)
  • too small counter in schedule_vcpu deadlock detection
  • FSN->pcpu decreased if schedule_vcpu deadlock detection fired
  • incorrect spin_lock_irq in __show_vsched cleared
  • rq_vcpu macro introduced

Bug 50622.
Bug 50635.

diff-fairsched-cleanup-20050908

Patch from Kirill:

This patches cleanups fairsched code:

  • set_task_cpu replaced by set_task_vcpu in many places
  • additional BUG_ON added to __migrate_task
  • fixed BUG in migration_thread: vcpu_offline should be checked
  • reorganized vsched_del_vcpu to make it more obvious
  • irqsave replaced by irq where save not needed

diff-mainstream-elfzerobss-20050908

Patch from mainstream:

[PATCH] binfmt_elf: clearing bss may fail

So we discover that Borland's Kylix application builder emits weird elf files which describe a non-writeable bss segment. So remove the clear_user() check at the place where we zero out the bss. I don't _think_ there are any security implications here (plus we've never checked that clear_user() return value, so whoops if it is a problem).

Signed-off-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

OpenVz Bug 34

diff-ubc-vma-rss-20050822

Patch from Pavel:

This patch fixes vm_rss accounting in vma_merge.
Bug 50328.

diff-ubc-doswappage-err-20050824

Patch from Pavel:

Corrected error path on pbc allocation failure in do_swap_page.
Bug 50329.

diff-fairsched-vcpuadderr-20050810

Patch from Pavel:

Fix of memory leak in __add_vcpu on error path: not installed vcpu must be kfree-ed

diff-ve-emt64-envcreate-20050907

Patch from Pavel:

Fixup of compilation of alloc_ve_tty_drivers in x86_64. When size was int gcc thought it was __builtin_constant and compiled symbol __you_cannot_kmalloc_that_much into module.

diff-emt64-headers-20050907

Patch from Pavel:

Fix include/linux/vsyscall.h to be includable from user space (for vzctl)

diff-ve-emt64-showregs-20050907

Patch from Andrey Mirkin:

Added VPS info in show_registers on x86_64 arch.

diff-ve-nfsxprt-20050811

Patch from Vasily:

fixed missed context restoring in xprt_create_socket()

diff-vzdq-headers-20050905

Patch from Denis:

This patch fixes quota.h to make it includable from user space.

diff-mainstream-initrd-20050902

Patch from Alexey:

Virtuozzo kernel does not compile without initrd. Reason: previous patch for GRUB + initrd.

diff-mainstream-icmpleak-20050818

Patch from mainstream:

[PATCH] Fix DST leak in icmp_push_reply()

Based upon a bug report and initial patch by Ollie Wild:
>>> If the ip_append_data() call in icmp_push_reply() fails,
>>> ip_flush_pending_frames() needs to be called. Otherwise, ip_rt_put()
>>> is never called on inet_sk(icmp_socket->sk)->cork.rt, which prevents
>>> the route (and net_device) from ever being freed.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>

X-Git-Tag: v2.6.12.6
http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commitdiff;h=3ad543d4783e47b413300715d790b5ad652567ff

diff-security-sockopt-20050806

Patch from mainstream:

[PATCH] Restrict socket policy loading to CAP_NET_ADMIN - CAN-2005-2555

The interface needs much redesigning if we wish to allow normal users to do this in some way.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>

X-Git-Tag: v2.6.12.6
http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commitdiff;h=332b8bee402fe1076e50d08dfa535a9f0a349cba/

diff-security-zisofs-20050806

Patch from mainstream:

[PATCH] Check input buffer size in zisofs

Add fakey 'deflateBound()' function to the in-kernel zlib routines It's not the real deflateBound() in newer zlib libraries, partly because the upcoming usage of it won't have the "stream" available, so we can't have the same interfaces anyway.

This uses the new deflateBound() thing to sanity-check the input to the zlib decompressor before we even bother to start reading in the blocks.

CAN-2005-2457

Problem noted by Tim Yamin <plasmaroo@gentoo.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>

X-Git-Tag: v2.6.12.5
http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commitdiff;h=49f8907fb9de31d3a0a099fef0f42ccdcdc9c7e7

diff-security-zlib-20050815

Patch from mainstream:

[PATCH] Update in-kernel zlib routines (CAN-2005-2458, CAN-2005-2459)

Fix outstanding security bugs in the Linux zlib implementations. See:

Signed-off-by: Tim Yamin <plasmaroo@gentoo.org>
Signed-off-by: Tavis Ormandy <taviso@gentoo.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

X-Git-Tag: v2.6.12.5
http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commitdiff;h=885605316d76c3fdce23dffe9c59e20539287c6b

diff-mainstream-autofs4-20050727

Patch from mainstream:

[PATCH] autofs4: fix infamous "Busy inodes after umount ..." message

If the automount daemon receives a signal which causes it to sumarily terminate the autofs4 module leaks dentries. The same problem exists with detached mount requests without the warning.

This patch cleans these dentries at umount.

Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Bug 50326.