Download/kernel/2.6.8/022stab072.2/changes
< Download | kernel | 2.6.8 | 022stab072.2Contents
Changes
- Many mainstream bug and security fixes
- bunch of IA64/x86-64 mainstream fixes
- TUN/TAP virtualization fix
- 32bit iptables in VPS on 64bit host OS support
- virtualized ipt_REDIRECT
- new/updated hardware drivers
Compatibility
- ipt_REDIRECT support requires vzctl >= 3.0.0-4
Configs
Same as 022stab070.1, plus:
- +CONFIG_DM_SNAPSHOT=y
- +CONFIG_BLK_DEV_DRBD=m
- +CONFIG_SCSI_ARCMSR=y
- +CONFIG_SERIAL_8250_ACPI=y(ia64)
- ~CONFIG_MICROCODE=m (was y; see OpenVZ Bug #118)
- +CONFIG_IP_NF_TARGET_REDIRECT=m
Patches
diff-ve-ipt-redirect-20060316
Patch from Jason Stubbs:
This patch virtualizes the ipt_REDIRECT iptables module.
Signed-Off-By: Kirill Korotaev <dev@openvz.org>
diff-ms-tty-lockup-20060302
Patch from mainstream, prepared by Pavel:
A lockup can occur in tty driver: receive_chars() is calld with port.lock held and calls via file.work.func this:
fluch_to_ldisc n_tty_receive_chars uart_flush_chars uart_start,
which tries to lock port again...
This is a part from http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.356.2.
And a lost hunk from diff-ms-tty-lockup-20050207 patch taken from mainstream also.
The first patch goes in mainstream before the second, so that's why we've dropped hunk from the 2nd...
http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.356.2
Bug #59907.
diff-ve-ipv6-comp-20060302
Patch from Kirill:
Backported from 2.6.15 patch which allows to enable IPv6 in host system. Requested in OpenVZ.
diff-ve-devbase-cleanup-20060302
Patch from Pavel:
Rename visible_dev_base into dev_base.
Remove visible_dev_tail and prepare_netdev.
Removing visible_ prefix from dev_base and dev_tail makes driver updates easier.
Bug #59613.
diff-fairsched-tune-sysctl-20060302
This patch fixes VCPU affinity check in schedule_vcpu() and adds some sysctls to tune vsched VCPU affinity and PCPU<->VCPU affinity.
diff-ve-inkernel-compilation
Patch from Alexander:
This patch fixes compilation with CONFIG_MODULES=n
diff-ms-early-intel-workarounds
[PATCH] i386: Move phys_proc_id/early intel workaround to correct function
early_cpu_detect only runs on the BP, but this code needs to run on all CPUs. This will fix problems with the powernow-k8 driver on dual core systems and general misdetection of AMD dual core.
Looks like a mismerge somewhere. Also add a warning comment.
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff-ms-ia64-update-mmu-cache-2
Fix of diff-ms-ia64-update-mmu-cache: Need to call lazy_mmu_prot_update() with new pte value, not old one.
Bug #59847.
diff-ms-shmdt-align
[PATCH] shmdt cannot detach not-alined shm segment cleanly.
sys_shmdt() can manage shm segments which are covered by multiple vmas. (This can happen when a user uses mprotect() after shmat().)
This works well if shm is aligned to PAGE_SIZE, but if not, the last segment cannot be detached. It is because a comparison in sys_shmdt():
   (vma->vm_end - addr) < size
       addr == return address of shmat()
       size == shmsize, argments to shmget()size should be aligned to PAGE_SIZE before being compared with vma->vm_end, which is aligned.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
diff-ms-mempol-getnodes-sanity
[PATCH] sys_mbind sanity checking
Make sure maxnodes is safe size before calculating nlongs in get_nodes().
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[chrisw: fix units, pointed out by Andi]
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff-ms-zaptread-ptrace
Patch from mainstream:
- The tracee can go from ptrace_stop() to do_signal_stop() after __ptrace_unlink(p).
- It is unsafe to __ptrace_unlink(p) while p->parent may wait for tasklist_lock in ptrace_detach().
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Bug #59130.
diff-ms-do-sigaction-unblockable
Clear unblockable signals beforehand.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Bug #59127.
diff-ms-sig-empty-samask
sys_signal() forgets to initialize ->sa_mask.
Pointed out by Linus Torvalds.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Bug #59127.
diff-security-bad-elf-entry
Fixes a local DOS on Intel systems that lead to an endless recursive fault. AMD machines don't seem to be affected.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Bug #59129.
diff-ubc-shmpages-20060220
Charging UB_SHMPAGES was performed each time shmem_swp_alloc() was called. Meanwhile this function does not always allocates new entries.
Bug #58445.
diff-ve-netdev-virtflag-20060228
Added a flag IFF_VIRTUAL to distinguish devices accessible from VE. venet, lo and tun/tap devices set this flag on creation. (use features mask instead of flags, because flags is short and all bits are busy already).
Bug #59657.
diff-ms-ia64-unlign-skrunfilter
Fixed unaligned access in sk_run_filter. Data offset comes from userspace, so use of get_unaligned() is the best way.
Bug #59290.
diff-ms-ipt-compat-20060222
Patch from Dmitry: This patch allows 32bit iptables tool work on 64bit kernel. it includes interface for conversion matches and targets and conversion of matches/targets, included in ip_tables module itself.
diff-ms-ipt-compat2-20060214
Patch from Dmitry:
This patch allows 32bit iptables tool work on 64bit kernel. it includes matches/targets code, based on introduced in previous patch interface.
diff-ms-ia64-ptrace-regs
Patch from mainstream:
[IA64] ptrace.c: Fix unchecked user-memory accesses due to ptrace_{get,set}regs()
Here is another fix for a sparse-detected bug: turns out ptrace_getregs() and ptrace_putregs() did unchecked user-memory accesses! These were tricky to see, so it's not surprising that they went unnoticed so far. Fortunately, sparse can detect these trivially. Patch below should fix the problem, but it's completely untested (I don't have any testcases for getregs/putregs).
Signed-off-by: davidm@hpl.hp.com
Signed-off-by: Tony Luck <tony.luck@intel.com>
http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.99.4
Bug #59494.
diff-ms-ia64-unlign-ratelimit
Rate limit unaligned access warnings from kernel
diff-ms-tun-frame-align
[TUN]: Align only ethernet packets to NET_IP_ALIGN.
Signed-off-by: Sven Henkel <shenkel@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug #59465.
diff-ms-ia64-numanosrat-2006022
[IA64] SMP systems may not have SRAT, still need to mark node0 online.
This only causes a problem in the -mm tree now, but Zou Nan hai and Shaohua Li sent me this fix so that SMP systems compiled with the generic kernel (which turns on NUMA and CPUSETS in -mm) won't hit a BUG_ON in kernel/cpuset.c guarantee_online_mems() which is called from acpi_early_init()
Signed-off-by: Tony Luck <tony.luck@intel.com>
Bug #59539.
diff-ms-ia64-unwind-checks
Detect user space by the unwind frame with predicate PRED_USER_STACK set, instead of a user space IP. Tighten up the last ditch check for running off the top of the kernel stack.
Based on a suggestion by David Mosberger, reworked to fit the current tree. This survives my stress test which used to break 2.6.9 kernels. Unlike 2.6.11, the stress test now unwinds to the correct point, so gdb can get the user space registers.
Bug #59467.
diff-ve-tun-devlist-20060224
virtualised tun_dev_list check, fixed openvpn failure issue.
Bug #59657.
diff-ms-compat-tunioctl
[COMPAT]: TUNSETIFF needs to copy back data after ioctl.
It is defined as a _IOW() which is erroneous, it should have been defined as _IORW() but that cannot be changed now without breaking all existing applications using this ioctl.
Signed-off-by: David S. Miller <davem@davemloft.net>
Bug #59565.
diff-ext3-vprintk-warns
Fixes ext3/jbd module compilation: export vprintk()
diff-ms-ia64-unwind-unat
[IA64] unwind.c uses wrong unat from switch_stack
unwind.c can read the wrong unat bits from switch_stack. sw->caller_unat is the value of ar.unat when the task was blocked. sw->ar_unat is the value of ar.unat after doing st8.spill for r4-7. IOW, ar_unat is caller_unat with 4 bits changed.
unw_access_gr() uses sw->ar_unat for r4-7 (correct), but it also uses sw->ar_unat for other scratch registers (incorrect). sw->ar_unat should only be used for r4-7, everything else should use sw->caller_unat, unless modified by unwind info. Using sw->ar_unat risks picking up the 4 bits that were overwritten when r4-7 were saved.
Also this line is wrong
unw.sw_off[unw.preg_index[UNW_REG_PFS]] = SW(AR_UNAT);and should be
unw.sw_off[unw.preg_index[UNW_REG_PFS]] = SW(AR_PFS);Signed-off-by: Keith Owens <kaos@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
GIT: b833961bd30eec201b9a94eec36aa7ac96f9c9c0
diff-ms-ia64-unwind-cleanup
Patch from mainstream:
[IA64] cleanup C usage of global/root-function predicates
The patch below is purely a cleanup but it's a prerequisite for the next bug fix patch.
Signed-off-by: David Mosberger-Tang <davidm@hpl.hp.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
diff-ms-ia64-entry-misprint
Patch from mainstream:
[IA64] Drop spurious paren in entry.h
The latest assembler catches this typo. (reported by Jim Wilson).
Signed-off-by: David Mosberger-Tang <davidm@hpl.hp.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
GIT: 34b727c135ff651f153be5757056d25678b6d018 http://linux.bkbits.net:8080/linux-2.6/cset@1.3192.10.2
diff-usb-hid-20060216
fixes annoying messages on usb device attach: drivers/usb/input/hid-core.c: ctrl urb status -32 received
Bug #55536.
diff-usb-kbddetach-20060216
Patch from mainstream, modified by Vasily:
fixes annoying messages on usb device detach: drivers/usb/input/hid-core.c: input irq status -84 received
Bug #55536.
diff-cciss-timeout-20060228
During initialization cciss driver uses
set_current_state(TASK_INTERRUPTIBLE);
schedule_timeout(...);in a loop with fixed number of iterations. schedule_timeout() returns too fast and resulted timeout is not enough for controller board initialization.
diff-qla4xx-inkernel-comp
This patch fixes qla4xx in kernel compilation.
linux-2.6.8.1-fusion-3.02.18.patch
[DRIVER UPDATE] Fusion from 3.01.09 to 3.02.18 (RHEL4u2)
diff-fusion-crashdump-20060303
Fix fusion compilation w/o crashdump.
diff-ve-inkernel-compilation-b
Fix of warning caused by previous diff-ve-inkernel-compilation patch.
diff-ms-emt64-sigrestart-rax
[PATCH] x86_64: fix syscall/signal restart bug
Fix a pretty bad bug that caused sometimes signals on x86-64 to be restarted like system calls. This corrupted the RIP and in general caused undesirable effects.
The problem happens because orig_rax is unsigned on x86-64, but it originally was signed when the signal code was written. And the if (orig_rax >= 0) ended up always true. And gcc didn't warn about this, because the warning is only in -Wextra.
In 2.4 we still had a cast for it, but somehow it got dropped in 2.5.
Credit goes to John Slice for tracking it down and Erich Boleyn for the original fix. All blame to me. I fixed it at another place too.
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.464.1
RHEL4u3: linux-2.6.9-x86_64-syscall_signal-restart.patch
diff-ms-emt64-compat-sigrestart
[PATCH] x86_64: Fix 32bit system call restart
The test case at 1-5.c fails if it runs as a 32bit process on x86_86 machines.
The root cause is the sub 32bit process fails to restart the syscall after it is interrupted by a signal.
The syscall number of sys_restart_syscall in table sys_call_table is __NR_restart_syscall (219) while it's __NR_ia32_restart_syscall (0) in ia32_sys_call_table. When regs->rax==(unsigned long)-ERESTART_RESTARTBLOCK, function do_signal doesn't distinguish if the process is 64bit or 32bit, and always sets restart syscall number as __NR_restart_syscall (219).
Signed-off-by: Zhang Yanmin <yanmin.zhang@intel.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
GIT: 607a16858397829806c5a4db999ce6daf327f98c
diff-ms-ia64-pci-ext
[PATCH] PCI: pci_raw_ops should use unsigned args
Convert pci_raw_ops to use unsigned segment (aka domain), bus, and devfn. With the previous code, various ia64 config accesses fail due to segment sign-extension problems.
ia64:
- With a signed seg >= 0x8, unwanted sign-extension occurs when "seg << 28" is cast to u64 in PCI_SAL_EXT_ADDRESS()
- PCI_SAL_EXT_ADDRESS(): cast to u64 *before* shifting; otherwise "seg << 28" is evaluated as unsigned int (32 bits) and gets truncated when seg > 0xf
- pci_sal_read(): validate "value" ptr as other arches do
- pci_sal_{read,write}(): return -EINVAL rather than SAL error status
RHEL4u3: linux-2.6.9-ia64-pci-ext.patch
diff-ms-ia64-nat-coredump
[IA64] Avoid .spillpsp directive in handcoded assembly
Some time ago, GAS was fixed to bring the .spillpsp directive in line with the Intel assembler manual (there was some disagreement as to whether or not there is a built-in 16-byte offset). Unfortunately, there are two places in the kernel where this directive is used in handwritten assembly files and those of course relied on the "buggy" behavior. As a result, when using a "fixed" assembler, the kernel picks up the UNaT bits from the wrong place (off by 16) and randomly sets NaT bits on the scratch registers. This can be noticed easily by looking at a coredump and finding various scratch registers with unexpected NaT values. The patch below fixes this by using the .spillsp directive instead, which works correctly no matter what assembler is in use.
Signed-off-by: David Mosberger-Tang <davidm@hpl.hp.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
GIT: bfd68594082d8384781c242aa72a7950b5cf51aa
http://linux.bkbits.net:8080/linux-2.6/cset@1.2976.3.2
RHEL4u3: linux-2.6.9-ia64-nat-coredump.patch
diff-ms-ia64-usercopy-sanity
[IA64] make exception handler in copy_user more robust
The exception handler in copy user always expects fault occurs only on user space address and the fall back recovery code is written with that very assumption in mind. Recent source code inspection revealed that while it worked splendid and to the expectation under normal circumstances, It broke down under unexpected condition where some address calculation might go outside the legal address range the original copy_user was called for. This patch is to make copy_user exception handler more robust and to prevent potential memory corruption.
Signed-off-by: Ken Chen <kenneth.w.chen@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
GIT: 295bd89279aad6959f0d363ee8e946d4766f9ad8
diff-ms-ia64-usercopy-unaligned
[IA64] __copy_user breaks on unaligned src
memcpy_mck.S::__copy_user breaks in the prefetch code under these conditions :-
- src is unaligned and
- dst is near the end of a page and
- the page after dst is unmapped.
Signed-off-by: Keith Owens <kaos@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
GIT: 6118ec847e8e35393efc0f88394c2f5dd48c3313
http://linux.bkbits.net:8080/linux-2.6/cset@1.2596
RHEL4u3: linux-2.6.13-ia64-memcpy.patch
diff-ms-ia64-die-if-kernel
[PATCH] die_if_kernel() can return (CVE-2006-0742)
arch/ia64/kernel/unaligned.c erroneously marked die_if_kernel() with a "noreturn" attribute ... which is silly (it returns whenever the argument regs say that the fault happened in user mode, as one might expect given the "if_kernel" part of its name!). Thanks to Alan and Gareth for pointing this out.
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
diff-ve-kmsg-20060303
Patch from Vasiliy:
This patch adds /proc/kmsg inside VE
linux-2.6.8.1-areca-1.20.0X.12.patch
Areca driver v1.20.0X.12 added.
Sources URL. Bug #59933.