Download/kernel/rhel5/028stab051.1/changes
Contents
- 1 Changes
- 1.1 Config changes
- 1.2 Patches
- 1.2.1 diff-cpt-check-unsupported-features-20071114
- 1.2.2 diff-cpt-check-unsupported-features-b-20071121
- 1.2.3 diff-cpt-exports-b-20071120
- 1.2.4 diff-cpt-tun-tap-rst-fix-20071121
- 1.2.5 diff-cpt-utrace-core-b-20071120
- 1.2.6 diff-cpt-utrace-update-20071119
- 1.2.7 diff-fairsched-inc-vcpu-timeslice-20071121
- 1.2.8 diff-ms-security-cifs-corrupt-20071118
- 1.2.9 diff-ms-security-wait-stopped-20071114
- 1.2.10 diff-smp-nmi-show-regs-c-20071121
- 1.2.11 diff-ubc-ioacct-dont-mangle-ub0-20071120
- 1.2.12 diff-ve-oom-fix-loop-20071120
- 1.2.13 diff-ve-taskstats-vpid-20071119
- 1.2.14 diff-cpt-emt64-personality-rst-20071127
- 1.2.15 diff-cpt-tun-tap-bind-init-20071123
- 1.2.16 diff-cpt-utrace-strace-20071129
- 1.2.17 diff-fairsched-fix-vcpu-stat-20071126
- 1.2.18 diff-ms-fasteroom-20071122
- 1.2.19 diff-simfs-fix-highquota-20071119
- 1.2.20 diff-ve-nfs-lockd-fix-unclosed-socket-20071127
- 1.2.21 diff-ve-setattr-proc-c-20071129
- 1.2.22 diff-forcedeth-fix-timeout-20071129
- 1.2.23 linux-2.6.18-drbd-8.0.6-8.0.7.patch
- 1.2.24 diff-gfs-rm-lockfs-support-20071129
 
 
Changes
- Updated to RHEL5.1 kernel (2.6.18-53.el5) -- new drivers, lots of updates
- Mainstream security fixes
- DRBD update to 8.0.7
- Forcedeth driver 7 hours hang fixed
- TUN/TAP CPT fixed
- GFS lockfs disabled since broken
- OOM hangs for long when run out of swap fix
- minor compilation and other fixes
Config changes
- +CONFIG_IP_NF_TARGET_SAME=n(was m)
New RHEL5.1 options:
- +CONFIG_TICK_DIVIDER=n
- +CONFIG_ACPI_BAY=y
- +CONFIG_ACPI_IBM_BAY=y
- +CONFIG_CFG80211=m
- +CONFIG_WIRELESS_EXT=y
- +CONFIG_NET_WIRELESS_RTNETLINK=y
- +CONFIG_MAC80211=m
- +CONFIG_MAC80211_LEDS=y
- +CONFIG_MAC80211_DEBUG=y
- +CONFIG_SCSI_QLA_ISCSI=m
- +CONFIG_ATA=m
- +CONFIG_ATA_ACPI=y
- +CONFIG_SATA_AHCI=m
- +CONFIG_SATA_SVW=m
- +CONFIG_ATA_PIIX=m
- +CONFIG_SATA_MV=m
- +CONFIG_SATA_NV=m
- +CONFIG_PDC_ADMA=m
- +CONFIG_SATA_QSTOR=m
- +CONFIG_SATA_PROMISE=m
- +CONFIG_SATA_SX4=m
- +CONFIG_SATA_SIL=m
- +CONFIG_SATA_SIL24=m
- +CONFIG_SATA_SIS=m
- +CONFIG_SATA_ULI=m
- +CONFIG_SATA_VIA=m
- +CONFIG_SATA_VITESSE=m
- +CONFIG_SATA_INIC162X=m
- +CONFIG_PATA_MARVELL=m
- +CONFIG_PATA_PDC2027X=m
- +CONFIG_PATA_SIS=m
- +CONFIG_ATA_INTEL_COMBINED=y
- +CONFIG_DM_MULTIPATH_RDAC=m
- +CONFIG_FIREWIRE=m
- +CONFIG_FIREWIRE_OHCI=m
- +CONFIG_FIREWIRE_SBP2=m
- +CONFIG_E1000E=m
- +CONFIG_IGB=m
- +CONFIG_CHELSIO_T3=m
- +CONFIG_NETXEN_NIC=m
- +CONFIG_IWLWIFI=y
- +CONFIG_IWLWIFI_DEBUG=y
- +CONFIG_IWL4965=m
- +CONFIG_SENSORS_K8TEMP=m
- +CONFIG_INFINIBAND_AMSO1100=m
- +CONFIG_INFINIBAND_CXGB3=m
- +CONFIG_INFINIBAND_VNIC=m
- +CONFIG_INFINIBAND_VNIC_STATS=y
- +CONFIG_INFTL=m
- +CONFIG_MTD_COMPLEX_MAPPINGS=y
- +CONFIG_MTD_PCI=m
- +CONFIG_SCSI_ADVANSYS=m
- +CONFIG_SCSI_DC390T=m
- +CONFIG_PCMCIA_AHA152X=m
- +CONFIG_PCMCIA_NINJA_SCSI=m
- +CONFIG_PCMCIA_QLOGIC=m
- +CONFIG_PCMCIA_SYM53C500=m
- +CONFIG_SUNDANCE=m
- +CONFIG_ATP=m
- +CONFIG_DE600=m
- +CONFIG_DE620=m
- +CONFIG_HAMACHI=m
- +CONFIG_YELLOWFIN=m
- +CONFIG_QLA3XXX=m
- +CONFIG_R3964=m
- +CONFIG_DRM_TDFX=m
- +CONFIG_DRM_SIS=m
- +CONFIG_MWAVE=m
- +CONFIG_I2C_PCA_ISA=m
- +CONFIG_GENERIC_ALLOCATOR=y
- +CONFIG_HAS_IOMEM=y
- +CONFIG_HAS_IOPORT=y
- +CONFIG_HAS_DMA=y
Patches
diff-cpt-check-unsupported-features-20071114
Patch from Andrey Mirkin <major@openvz.org>:
[PATCH] CPT: improve dst capabilities checks
- Return different error codes in case of unsupported features and insufficient cpu capabilities.
- Print error messages with prefix "Error: ". This should improve checks of dst node capabilities.
Bug #81355.
diff-cpt-check-unsupported-features-b-20071121
Patch from Kirill Korotaev <dev@openvz.org>:
[PATCH] CPT: fix misprint in Andrey changes
Compilation fix: misprint in Andrey patch.
diff-cpt-exports-b-20071120
Patch from Kirill Korotaev <dev@openvz.org>:
[PATCH] CPT: declare recalc_sigpending_tsk() back
It was hidden in RHEL5.1, while CPT uses it.
diff-cpt-tun-tap-rst-fix-20071121
Patch from Evgeny Kravtsunov <emkravts@openvz.org>:
[PATCH] CPT: fix tun/tap dev flags restore
dev flags were corrupted in rst_restore_tuntap. As a result dev->qdisc->enqueue was not set to &pfifo_fast_enqueue but stayed to be &noop_enqueue after restore. noop_enqueue drops all the skbs.
Bug #94879.
diff-cpt-utrace-core-b-20071120
Patch from Kirill Korotaev <dev@openvz.org>:
[PATCH] CPT: utrace core changes
utrace core changes for CPT in RHEL5.1
diff-cpt-utrace-update-20071119
Patch from Kirill Korotaev <dev@openvz.org>:
[PATCH] CPT: update utrace support for RHEL5.1
update utrace code according to changes in RHEL5.1
diff-fairsched-inc-vcpu-timeslice-20071121
Patch from Alexandr Andreev <aandreev@openvz.org>:
[PATCH] fairsched: increase max VCPU timeslice
Increase default MAX VCPU timeslice, this increases performance under high load (vConsolidate test).
FYI: VMware uses VCPU timeslice much bigger, 50ms.
diff-ms-security-cifs-corrupt-20071118
Patch from Jeff Layton <jlayton@redhat.com>:
[CIFS] fix bad handling of EAGAIN error on kernel_recvmsg in cifs_demultiplex_thread
It's a part of the following commit from mainstream
When kernel_recvmsg returns -EAGAIN or -ERESTARTSYS, then cifs_demultiplex_thread sleeps for a bit and then tries the read again. When it does this, it's not zeroing out the length and that throws off the value of total_read. Fix it to zero out the length. Can cause memory corruption: If kernel_recvmsg returns an error and total_read is a large enough value, then we'll end up going through the loop again. total_read will be a bogus value, as will (pdu_length-total_read). When this happens we end up calling kernel_recvmsg with a bogus value (possibly larger than the current iov_len). At that point, memcpy_toiovec can overrun iov. It will start walking up the stack, casting other things that are there to struct iovecs (since it assumes that it's been passed an array of them). Any pointer on the stack at an address above the kvec is a candidate for corruption here. Many thanks to Ulrich Obergfell for pointing this out.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
X-Git-Tag: v2.6.24-rc1~1382~5
X-Git-Url: c18c732ec6bf372aa959ca6534cbfc32e464defd
diff-ms-security-wait-stopped-20071114
Patch from Roland McGrath <roland@redhat.com>:
wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)
patch a3474224e6a01924be40a8255636ea5522c1023a in mainline
The original meaning of the old test (p->state > TASK_STOPPED) was "not dead", since it was before TASK_TRACED existed and before the state/exit_state split. It was a wrong correction in commit 14bf01bb0599c89fc7f426d20353b76e12555308 to make this test for TASK_TRACED instead. It should have been changed when TASK_TRACED was introducted and again when exit_state was introduced.
Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Alexey Dobriyan <adobriyan@sw.ru>
Cc: Kees Cook <kees@ubuntu.com>
Acked-by: Scott James Remnant <scott@ubuntu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
X-Git-Tag: v2.6.23.8~1
X-Git-Url: 36ef66c5d137b9a31fd8c35d236fb9e26ef74f97
diff-smp-nmi-show-regs-c-20071121
Patch from Vitaliy Gusev <vgusev@openvz.org>:
[PATCH] Alt-sysrq-p: do synchronous NMI IPI
Wait for completion of the NMI IPI callbacks then do sysrq_handle_showregs(). Otherwise nested bust_spinlocks() calls may occur.
Bug #94875.
diff-ubc-ioacct-dont-mangle-ub0-20071120
Patch from Kirill Korotaev <dev@openvz.org>:
[PATCH] ioacct: don't mangle VE0 statistics
Instead show whole node I/O stats as VE0 one.
diff-ve-oom-fix-loop-20071120
Patch from Kirill Korotaev <dev@openvz.org>:
[PATCH] VE: fix OOM loop in RHEL5.1
diff-ve-taskstats-vpid-20071119
Patch from Pavel Emelianov <xemul@openvz.org>:
[PATCH] taskstats: consider the pid, coming from the user-space to be a virtual one
When the user send a netlink message to get the taskstats it can validly be a virtual one, but the find_task_by_pid_all() (which is used to convert this pid to task) assumes (with the appropriate BUG_ON) that his pid is global.
Fix it by using the find_task_by_pid_ve() searching routine. The rest of the taskstats.c code seems to handle pids properly.
OpenVZ Bug #730.
Bug #94329.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
diff-cpt-emt64-personality-rst-20071127
Patch from Evgeny Kravtsunov <emkravts@openvz.org>:
[PATCH] set PER_LINUX32 personality when restoring 32bit app on 64bit OS
Current implementation of task personality migration is incorrect:
cpt:
static int dump_one_process(cpt_object_t *obj, struct cpt_context *ctx)
{
...
 v->cpt_personality = tsk->personality;
...
}rst:
static int hook(void *arg)
{
...
 if (ti->cpt_personality != 0)
   __set_personality(ti->cpt_personality);
...
}On both i686 and x86_64 task->personality == 0 == PER_LINUX. But for 32-bit VE running on x86_64 personality must be set to PER_LINUX32.
Solution is to set the personality of 32-bit tasks to PER_LINUX32 during restore process on x86_64 node. Attribute ti->cpt_64bit allows to distinguish 32-bit tasks that came from i686 node.
Bug #94205.
diff-cpt-tun-tap-bind-init-20071123
Patch from Evgeny Kravtsunov <emkravts@openvz.org>:
[PATCH] CPT: another fix for TUN/TAP restore
1) Restore of tun->bind_file attribute added in rst_restore_tuntap.
tun->bind_file contains the pointer to open file which tun_struct is binded to. tun->bind_file data is used for cpt/rst only. This attribute is to be initialized on creating tun/tap device (tun_set_iff) and on restore tun/tap device (rst_restore_tuntap). If it is not initialized on restore, futher dumps will not contain any information on the open file binded, so futher restore will fail.
Bug #94995.
2) Restoring bind file (rst_file call) is moved up to be called before allocating and registering tunX netdevice. This is done to avoid doing netdevice related cleanups when rst_file returns error.
Bug #94992.
diff-cpt-utrace-strace-20071129
Patch from Alexey Kuznetsov <alexey@openvz.org>:
[CPT] strace blocked checkpointing
PTRACE_SYSCALL was not detected and checkpointing rejected to checkpoint due to one of sanity checks.
diff-fairsched-fix-vcpu-stat-20071126
Patch from Vitaliy Gusev <vgusev@openvz.org>:
[PATCH] fairsched: fixup per-VE nrrunning/nrunint stats on VCPU add/del
When any online ( >=2 ) vcpu is removed and attached again then its statistic is initialized. It leads to bad loadavg results. Right way is merge statistic of deleted VCPU into any online VCPU.
diff-ms-fasteroom-20071122
Patch from Denis Lunev <den@openvz.org>:
[PATCH] OOM if swap is full even for GFP_NOFS allocation.
The problem is that when swap if over, the kernel can hang tens of minutes looking for a memory... So when swap is over we have to be more agressive...
Bug #93284.
diff-simfs-fix-highquota-20071119
Patch from Vitaliy Gusev <vgusev@openvz.org>:
[PATCH] simfs: fix statfs() in case of HUGE limits
If quota is too big then unsigned becomes negative signed. Get rid of explicit type cast and do honest math.
diff-ve-nfs-lockd-fix-unclosed-socket-20071127
Patch from Vitaliy Gusev <vgusev@openvz.org>:
[PATCH] NFS: lockd has unclosed sockets when stopping VE.
Try force destroy hosts (nlm_host) when VE is stopped. It is needed because some hosts may exists and has opened sockets when we call fini_venet(). But at the time of fini_venet() all sockets related to given VE must be closed.
Thanks to Denis Lunev <den@openvz.org> for help.
Bug #94468.
diff-ve-setattr-proc-c-20071129
Patch from Vitaliy Gusev <vgusev@openvz.org>:
[PATCH] proc: don't update /proc file permissions when not needed.
Update only when needed fields in proc_dir_entry in proc_notify_change(). VE can mess VE0 /proc mode, uid, gid on entries which have global PDE only. No much harm can be done, i.e. not exploitable. But still very unpleasant.
Bug #95301.
diff-forcedeth-fix-timeout-20071129
From Kirill Korotaev (dev@):
linux-2.6-net-forcedeth-update-to-driver-version-0-60.patch patch from RHEL5.1 added the following piece of code to nv_probe():
       if (id->driver_data & DEV_HAS_MGMT_UNIT) {
               /* management unit running on the mac? */
               if (readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_PHY_INIT) {
                       np->mac_in_use = readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_MGMT_ST;
                       dprintk(KERN_INFO "%s: mgmt unit is running. mac in use %x.\n", pci_name(pci_dev), np->mac_in_use);
                       for (i = 0; i < 5000; i++) {
                               msleep(1);
                               if (nv_mgmt_acquire_sema(dev)) {
                                       /* management unit setup the phy already? */
                                       if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
                                           NVREG_XMITCTL_SYNC_PHY_INIT) {
                                               /* phy is inited by mgmt unit */
                                               phyinitialized = 1;
                                               dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
                                       } else {
                                               /* we need to init the phy */
                                       }
                                       break;
                               }
                       }
               }
       }Obviously, this loops 5000 times and calls nv_mgmt_acquire_sema() inside, which in the worst case does msleep(500) 10 times. So this loop can last 5000*10*0.5sec = 25000sec = 6.94 hours This is exactly what we face in the bug: boot hanged at 14:04:19, continued at 21:02:02, i.e. it took ~25063 seconds.
Bug #95327.
linux-2.6.18-drbd-8.0.6-8.0.7.patch
Patch from Evgeniy Kravtsunov:
Patch updates drbd from 8.0.6 to 8.0.7.
Sources taken from http://oss.linbit.com/drbd/8.0/drbd-8.0.7.tar.gz
Here is the announcement: http://lists.linbit.com/pipermail/drbd-announce/2007-November/000061.html
diff-gfs-rm-lockfs-support-20071129
patch from Dmitry Monakhov (dmonakhov@):
[PATCH] GFS: disable lockfs support since it's broken
Currently gfs lockfs fearure is broken. Some applications such LVM snapshot, acronis trueimage, and etc. trying to use it cause system livelock. So in order to be on the safe side it is beter to disable this "feature".
