Open main menu

OpenVZ Virtuozzo Containers Wiki β

Changes

Download/kernel/rhel5/028stab049.1/changes

13,558 bytes added, 21:50, 20 March 2008
created
== Changes ==
* TUN/TAP support in CPT
* bunch of iptables 32-bit compat fixes
* minor compilation and other fixes
<includeonly>[[{{PAGENAME}}/changes#Patches|{{Long changelog message}}]]</includeonly><noinclude>
=== Patches ===

==== diff-arch-4gb-nohighmem-20071006 ====
<div class="change">
Patch from Kirill Korotaev &lt;dev@openvz.org&gt;<br/>
[PATCH] 4GB split: fix compilation w/o HIGHMEM support

actually it's a hack. 4GB split obviously won't work
w/o HIGHMEM support, due to errors in pgd_ctor()/pmd_ctor().

{{bug|720}}.
</div>

==== diff-cpt-iptables-comp-fix-20071107 ====
<div class="change">
Patch from Evgeny Kravtsunov &lt;emkravts@openvz.org&gt;
<br/>
[PATCH] CPT: fix compilation in case CONFIG_VE_IPTABLES=n

With CONFIG_VE_IPTABLES off the following compilation error takes place:

<pre class="simple">
CONFIG_VE=y
CONFIG_VE_CALLS=m
CONFIG_VZ_GENCALLS=y
CONFIG_VE_NETDEV=m
CONFIG_VE_ETHDEV=m
CONFIG_VZ_DEV=m
CONFIG_VZ_WDOG=m
CONFIG_VZ_CHECKPOINT=m
......
CC [M] kernel/cpt/cpt_net.o
kernel/cpt/cpt_net.c: In function ‘cpt_dump_iptables’:
kernel/cpt/cpt_net.c:365: error: ‘struct ve_struct’ has no member named
‘_iptables_modules’
make[2]: *** [kernel/cpt/cpt_net.o] Error 1
make[1]: *** [kernel/cpt] Error 2
make: *** [kernel] Error 2
</pre>

Attached patch fixes the error by placing the body of cpt_dump_iptables under
</div>

==== diff-cpt-tun-tap-20071106 ====
<div class="change">
Patch from Evgeny Kravtsunov &lt;emkravts@openvz.org&gt;<br/>
[PATCH] CPT: TUN/TAP support in checkpointing

Now live migration of VE with openvpn inside is supported.

1) tun/tap driver updated:<br/>
- Field void *bind_file added to tun_struct. Field is used for storing pointer
to open /dev/net/tun file. This pointer is to be written to dumpfile: on
restore it is necessary to carry out binding of created tun_struct to open
file /dev/net/tun.

2) dump:<br/>
- Introduced struct cpt_tuntap_image for storing tun/tap device related data.
Corresponding object type CPT_OBJ_NET_TUNTAP added.

- Flag value CPT_DENTRY_TUNTAP introduced. It is necessary for setting
corresponding bit in cpt_lflags field of cpt_file_image for /dev/net/tun
file.

- Call of function cpt_dump_ifinfo is placed after cpt_dump_files_struct and
cpt_dump_fs_struct. This is necessary for finding /dev/net/tun file pos in
file image and storing pos value during dump of tun/tap device.

- Function cpt_dump_tuntap introduced, cpt_dump_link is updated by call of
cpt_dump_tuntap. The CPT_SECT_NET_DEVICE section, that is common for all net
devices is used for tun/tap device: tun-&gt;dev netdevice data is stored in
cpt_netdev_image image type and tun_struct data is stored inside
cpt_tuntap_image. Both cpt_netdev_image and cpt_tuntap_image images are
stored inside CPT_SECT_NET_DEVICE section.

- Set of checks updated that allow dumping netdevices (in
check_unsupported_netdevices and cpt_dump_link) and open files
(dump_one_file, dump_content_chrdev).

3) restore:<br/>
- Function rst_restore_tuntap introduced. Call of rst_restore_tuntap is placed
to rst_restore_netdev. rst_restore_tuntap creates tun/tap netdevice and
tun_struct on destination HN, initializes them by values taken from
cpt_netdev_image and cpt_tuntap_image objects, restores /dev/net/tun file
from corresponding position of cpt_file_image and binds opened file to newly
created tun_struct.

- Function open_special updated by adding check for tun/tap related file. This
makes possible to restore /dev/net/tun char device by calling rst_file.

{{bug|642}}.
</div>

==== diff-cpt-tun-tap-core-20071106 ====
<div class="change">
Patch from Evgeny Kravtsunov &lt;emkravts@openvz.org&gt;<br/>
[PATCH] TUN: add core changes for CPT support
</div>

==== diff-cpt-vsyscall-comp-20071006 ====
<div class="change">
Patch from (GalaxyMaster) &lt;gm.outside+OpenVZ@gmail.com&gt;<br/>
[PATCH] CPT: fix compilation when CONFIG_CPT=y (instead of m)

{{bug|721}}.
</div>

==== diff-cpt-warn-20071106 ====

<div class="change">
Patch from Kirill Korotaev &lt;dev@openvz.org&gt;<br/>
[PATCH] CPT: compilation warn fix
</div>

==== diff-grsec-2.1.10-comp-off-20071106 ====
<div class="change">
Patch from Kirill Korotaev &lt;dev@openvz.org&gt;<br/>
[PATCH] grsecurity: fix compilation when GRSEC=n
</div>

==== diff-grsec-2.1.10-tpe-comp-20071106 ====
<div class="change">
Patch from Kirill Korotaev &lt;dev@openvz.org&gt; <br/>
[PATCH] grsecurity: fix compilation with GRSEC, but w/o GRSEC_TPE

Fix compilation with GRSEC, but w/o GRSEC_TPE config option.

{{bug|718}}.
</div>

==== diff-ms-emt64-dumpstack-20071106 ====
<div class="change">
Patch from Denis Lunev &lt;den@openvz.org&gt; <br/>
[PATCH] fix oops in dump_trace() in NMI

This patch fixes OOPS of dump_trace in NMI.
If one is running 32 bit task and NMI tries to dump_stack()
OOPS happens, since user space stack is tried to be dumped.
Backport of patch from mainstream.

Bug #93558.
</div>

==== diff-ms-emt64-trace-enosys-20071106 ====
<div class="change">
Patch from Jan Beulich &lt;jbeulich@novell.com&gt; <br/>
[PATCH] x86-64: Fix ENOSYS in system call tracing

This patch:

- out of range system calls failing to return -ENOSYS under system call tracing

[AK: split out from another patch by Jan as separate bugfix]

<pre class="simple">
Signed-off-by: Jan Beulich &lt;jbeulich@novell.com&gt;
Signed-off-by: Andi Kleen &lt;ak@suse.de&gt;

cc7d479fe56133e79840beffe9cb4fd193af93aa
</pre>
</div>

==== diff-ms-nf-compat-fix-20070605 ====
<div class="change">
Patch from Dmitry Mishin &lt;dim@openvz.org&gt;<br/>
[NETFILTER]: ip_tables: fix compat related crash

check_compat_entry_size_and_hooks iterates over the matches and calls
compat_check_calc_match, which loads the match and calculates the
compat offsets, but unlike the non-compat version, doesn't call
-&gt;checkentry yet. On error however it calls cleanup_matches, which in
turn calls -&gt;destroy, which can result in crashes if the destroy
function (validly) expects to only get called after the checkentry
function.

Add a compat_release_match function that only drops the module reference
on error and rename compat_check_calc_match to compat_find_calc_match to
reflect the fact that it doesn't call the checkentry function.

<pre class="simple">
Reported by Jan Engelhardt &lt;jengelh@linux01.gwdg.de&gt;
Signed-off-by: Dmitry Mishin &lt;dim@openvz.org&gt;
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>

[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c1b52bc7a2f5ee01ea3fc248a8748a1c6843f7c Git-Url: 4c1b52bc7a2f5ee01ea3fc248a8748a1c6843f7c]

{{bug|708}}.
</div>

==== diff-ms-nf-ipt-CONNMARK-compat-20071102 ====
<div class="change">
Patch from Konstantin Khorenko &lt;khorenko@openvz.org&gt; <br/>
[PATCH] netfilter: add xt_CONNMARK 32bit compat

xt_CONNMARK doesn't have the compat function while
its entry structure (xt_connmark_target_info) requires it.

Bug #93689.
</div>

==== diff-ms-nf-ipt-MARK-compat-20071102 ====
<div class="change">
Patch from Konstantin Khorenko &lt;khorenko@openvz.org&gt;<br/>
[PATCH] netfilter: add xt_MARK 32bit compat

xt_MARK doesn't have the compat function while its entry
structure (xt_mark_target_info_v1) requires it.

Note 1:
<source lang="c">
/* Version 0 */
struct xt_mark_target_info {
unsigned long mark;
};
</source>
So the struct size differs for 32bit/64bit nodes, but mainstream does not
have a compat for it. ipv6 variant uses xt_mark_target_info (v0) so
the testing will show if the compat is really required.

Bug #93689.
</div>

==== diff-ms-nf-ipt-connmark-compat-20071102 ====
<div class="change">
Patch from Konstantin Khorenko &lt;khorenko@openvz.org&gt; <br/>
[PATCH] netfilter: add xt_connmark 32bit compat

ipt_connmark doesn't have the compat function
while its entry structure (xt_connmark_info) requires it.

Bug #93543.
</div>

==== diff-ms-nf-ipt-conntrack-compat-20071102 ====
<div class="change">
Patch from Konstantin Khorenko &lt;khorenko@openvz.org&gt; <br/>
[PATCH] netfilter: add xt_conntrack 32bit compat

xt_conntrack doesn't have the compat function
while its entry structure (xt_conntrack_info) requires it.
</div>

==== diff-ms-nf-ipt-hashlimit-compat-20071102 ====
<div class="change">
Patch from Konstantin Khorenko &lt;khorenko@openvz.org&gt; <br/>
[PATCH] netfilter: add ipt_hashlimit 32bit compat

ipt_hashlimit doesn't have the compat function while
its entry structure (ipt_hashlimit_info) requires it.

The patch introduces compat function and fixes an oops
while trying to use ipt_hashlimit module from inside 32bit VE
on a 64bit host HN.

{{bug|707}}.
</div>

==== diff-ms-nf-ipt-hdrs-compat-20071108 ====
<div class="change">
Patch from Kirill Korotaev &lt;dev@openvz.org&gt;<br/>
[PATCH] netfilter: fix compats compilation on ppc

ppc has no linux/compat.h included by default
</div>

==== diff-ms-nf-ipt-mark-compat-20071102 ====
<div class="change">
Patch from Konstantin Khorenko &lt;khorenko@openvz.org&gt; <br/>
[PATCH] netfilter: add xt_mark 32bit compat

xt_mark doesn't have the compat function
while its entry structure (xt_mark_info) requires it.

Bug #93543.
</div>

==== diff-rh-oom-lost-unlock-20071101 ====
<div class="change">
Patch from Denis Lunev &lt;den@openvz.org&gt;<br/>
[PATCH] RHEL5: missed task_unlock() in badness()

This patch adds missed task_unlock into badness() call.

Bug #93650.
</div>

==== diff-ve-deprecated-task-by-pid-20071030 ====
<div class="change">
Patch from Michael Stoler &lt;mstoler@openvz.org&gt; <br/>
[PATCH] VE: restore back find_task_by_pid() for ATI video driver

find_task_by_pid_all() and macro find_task_by_pid() are returned back,
since ATI binary driver is using it (what for???).
Print a big warning when this function is used still.

{{bug|634}}.
</div>

==== diff-ve-mod-vzlist-user-hdrs-20071106 ====
<div class="change">
Patch from Andrey Zaitsev &lt;azaitsev@sw.ru&gt; <br/>
[PATCH] fix use of vzlist.h from user-space

__user is declared in kernel headers only for sparse.
</div>

==== diff-ve-nf-conntrack-comp-fix-20071107 ====
<div class="change">
Patch from Evgeny Kravtsunov &lt;emkravts@openvz.org&gt; <br/>
[PATCH] VE: fix ip_conntrack compilation in case CONFIG_VE_IPTABLES=n

With CONFIG_VE_IPTABLES off the following compilation error takes place:

<pre class="simple">
CONFIG_VE=y
CONFIG_VE_CALLS=m
CONFIG_VZ_GENCALLS=y
CONFIG_VE_NETDEV=m
CONFIG_VE_ETHDEV=m
CONFIG_VZ_DEV=m
CONFIG_VZ_WDOG=m
CONFIG_VZ_CHECKPOINT=m
.....
CC [M] net/ipv4/netfilter/ip_conntrack_core.o
net/ipv4/netfilter/ip_conntrack_core.c:77: error: static declaration of
helpers’ follows non-static declaration
include/linux/netfilter_ipv4/ip_conntrack_helper.h:47: error: previous
declaration of ‘helpers’ was here
make[3]: *** [net/ipv4/netfilter/ip_conntrack_core.o] Error 1
make[2]: *** [net/ipv4/netfilter] Error 2
make[1]: *** [net/ipv4] Error 2
make: *** [net] Error 2
</pre>
Attached patch fixes the error by placing list_head helpers declaration under
</div>

==== diff-ve-nf-ipt-recent-20071102 ====
<div class="change">
Patch from Evgeny Kravtsunov &lt;emkravts@openvz.org&gt;<br/>
[PATCH] VE: virtualize ipt_recent

Patch virtualizes ipt_recent module in the following way:

1) Introduced struct ve_ipt_recent and corresponding _ipt_recent entry in
ve_struct. ve_ipt_recent contains global variables from ipt_recent module.

2) Functions init_ipt_recent, fini_ipt_recent implemented.
Current functions designed to be called from ipt_recent_init/fini and
ipt_recent_checkentry/destroy in purpose to alloc ve_ipt_recent
structure and initialize/cleanup _ipt_recent entry in ve_struct .

3) Functions ipt_recent_init, ipt_recent_exit updated.

Note: ipt_recent match does not need compat function as it is needed for
hashlimit for example. It is so because sizeof(struct ipt_recent_info) does
not depend on the architecture:
<source lang="c">
struct ipt_recent_info {
u_int32_t seconds;
u_int32_t hit_count;
u_int8_t check_set;
u_int8_t invert;
char name[IPT_RECENT_NAME_LEN];
u_int8_t side;
};
</source>
Testing was carried out for both 64- and 32-bit ve on 64-bit HN.

{{bug|117}}.
</div>

==== diff-ve-venet-vlan-incapable-20071106 ====
<div class="change">
Patch from Alexey Dobriyan &lt;adobriyan@openvz.org&gt; <br/>
[PATCH] VE: mark venet as vlan-incapable

Many places in vlan code assume ethernet underlying device,
which is not working for venet.
So mark vene as vlan-incapable.

Given that vlan over veth works and vlan over venet reliably
oopses kernel, mark venet as vlan-incapable, so that registration code
will bail out quickly.

{{bug|703}}.
</div>

==== diff-ve-vzversion-20071029 ====
<div class="change">
Patch from Michael Stoler &lt;mstoler@openvz.org&gt; <br/>
[PATCH] VE: introduce OVZ version in oops output and in /proc/vz/version

Introduce OVZ-specific build version in /proc/vz/version file and print it in
oops messages. This should help OVZ developers to identify OVZ patch
version in different distros like Debian/ALTLinux.
</div>

==== diff-vzdq-aquota-cleanup-20071106 ====
<div class="change">
Patch from Michael Stoler &lt;mstoler@openvz.org&gt;
<br/>
[PATCH] VZDQ: small cleanup to avoid hardcoded string length

small cleanup to avoid hardcoded string length
and future errors like we had before
</div>

==== diff-vzdq-warn-20071106 ====
<div class="change">
Patch from Kirill Korotaev &lt;dev@openvz.org&gt;<br/>
[PATCH] VZDQ: compilation warn fixes
</div>