6,534
edits
Changes
created
== Changes ==
Since {{kernel link|rhel5|028stab057.2}}:
* Rebased on 2.6.18-92.1.10 RHEL5 update
* Compilation fixes with some .config variants
* Race in checkpointing wrt half-open connection restore
* OpenVZ-in-Xen compilation fixed
* Long standing deadlock in dropping caches fixed
<includeonly>[[{{PAGENAME}}/changes#Patches|{{Long changelog message}}]]</includeonly><noinclude>
=== Patches ===
==== diff-cpt-synwait-restore-lock-20080821 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
cpt: lock sock before restoring its synwait queue
This new socket already has all the necessary TCP timers armed,
so tcp_keepalive_timer can fire during the rst_restore_synwait_queue
and (for the latter being lockless) can spoil the queue.
Locking in the restoring procedure is requires.
Bug #118912.
</div>
==== diff-fs-quotcompat-xencomp-fix-20080806 ====
<div class="change">
Patch from Marat Stanichenko <mstanichenko@openvz.org>
quota: Compilation fix for XEN kernels
CONFIG_QUOTA_COMPAT is not enabled in Xen config so we bump into the
problem of undefined structures.
Bug #118177.
</div>
==== diff-ms-add-limits_h-to-sumversions_c-20080820 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
Fix sumversion.c compilation with some modern compilers
{{Bug|951}}.
</div>
==== diff-ms-cifs-lanman-off-compilation-20080820 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
cifs: fix compilation for no-lanman case
backported mainstream commit 516897a208bc1423d561ce2ccce0624c3b652275
{{Bug|951}}.
</div>
==== diff-ms-fix-xfrm-compilation-20080818 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
[PATCH] Fix compilation error when CONFIG_XFRM is not set.
{{bug|963}}.
</div>
==== diff-ms-sigqueue-alloc-race-20080820 ====
<div class="change">
Patch from Konstantin Khlebnikov <khlebnikov@openvz.org>
Fix sigqueue_alloc vs switch_uid race
Such a race can result in arbitraru memory corruption (actually).
This is a merge of two mainstream patches from Linus:
commit 45c18b0bb579b5c1b89f8c99f1b6ffa4c586ba08
Author: Linus Torvalds <torvalds@g5.osdl.org>
Date: Sat Nov 4 10:06:02 2006 -0800
Fix unlikely (but possible) race condition on task->user access
There's a possible race condition when doing a "switch_uid()" from one
user to another, which could race with another thread doing a signal
allocation and looking at the old thread ->user pointer as it is freed.
This explains an oops reported by Lukasz Trabinski:
http://permalink.gmane.org/gmane.linux.kernel/462241
We fix this by delaying the (reference-counted) freeing of the user
structure until the thread signal handler lock has been released, so
that we know that the signal allocation has either seen the new value or
has properly incremented the reference count of the old one.
Race identified by Oleg Nesterov.
Cc: Lukasz Trabinski <lukasz@wsisiz.edu.pl>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
commit 10b1fbdb0a0ca91847a534ad26d0bc250c25b74f
Author: Linus Torvalds <torvalds@g5.osdl.org>
Date: Sat Nov 4 13:03:00 2006 -0800
Make sure "user->sigpending" count is in sync
The previous commit (45c18b0bb579b5c1b89f8c99f1b6ffa4c586ba08, aka "Fix
unlikely (but possible) race condition on task->user access") fixed a
potential oops due to __sigqueue_alloc() getting its "user" pointer out
of sync with switch_user(), and accessing a user pointer that had been
de-allocated on another CPU.
It still left another (much less serious) problem, where a concurrent
__sigqueue_alloc and swich_user could cause sigqueue_alloc to do signal
pending reference counting for a _different_ user than the one it then
actually ended up using. No oops, but we'd end up with the wrong signal
accounting.
Another case of Oleg's eagle-eyes picking up the problem.
This is trivially fixed by just making sure we load whichever "user"
structure we decide to use (it doesn't matter _which_ one we pick, we
just need to pick one) just once.
Acked-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
{{bug|848}}.
</div>
==== diff-rh-export-flush_tbl_page-for-xen-20080806 ====
<div class="change">
Patch from Marat Stanichenko <mstanichenko@openvz.org>
xen: Fix build for x86_64 arch
we have to export flush_tlb_page() symbol in Xen-x86_64 kernel because
cpt modules uses this symbol.
Bugs #118432, #118177.
</div>
==== diff-rh-xen-include-cacheflush-20080806 ====
<div class="change">
Patch from Marat Stanichenko <mstanichenko@openvz.org>
xen: Bad "#include" directives position causes Xen-i386 compilation error.
arch/i386/mm/ioremap-xen.c
|#include <asm/cacheflush.h> (#define _I386_CACHEFLUSH_H)
|#include <linux/mm.h>
|#include <linux/pagemap.h>
|#include <linux/highmem.h>
|#include <asm/cacheflush.h>
(but nothing actually includes right now(see #define _I386_CACHEFLUSH_H)).
cacheflush.h uses the functions from <asm/cacheflush.h> so the definition of
the functions occurs after somebody uses them.
Bug #118177.
</div>
==== diff-rh-xfrm-more-macros-compilation-20080820 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
xfrm: more compilation fixes for wierd openvz users config
{{bug|951}}.
</div>
==== diff-ubc-subbcino-gen-fix-20080820 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
bc: fix subbeancounter inode number calculations in /proc/bc
0 and 0.0 still have the same number...
Bug #116868.
</div>
==== diff-ve-nf-ct-checksum-ro-inve-20080722 ====
<div class="change">
Patch from Vasily Averin <vvs@openvz.org>
netfilter: Fix broken isolation for ip_conntrack_checksum sysctl
net.ipv4.netfilter.ip_conntrack_checksum should be read-only inside VE.
Bug #117138.
</div>
==== diff-vfs-lock-inversion-in-drop_pagecache_sb-20080820 ====
<div class="change">
Patch from Dmitry Monakhov <dmonakhov@openvz.org>
vfs: fix lock inversion in drop_pagecache_sb()
backport mainstream commit: eccb95cee4f0d56faa46ef22fb94dd4a3578d3eb
Fix longstanding lock inversion in drop_pagecache_sb by dropping inode_lock
before calling __invalidate_mapping_pages(). We just have to make sure inode
won't go away from under us by keeping reference to it and putting the
reference only after we have safely resumed the scan of the inode list. A bit
tricky but not too bad...
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Fengguang Wu <wfg@mail.ustc.edu.cn>
Cc: David Chinner <dgc@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug #116673.
</div>
==== diff-cciss-reformat-error-handling, diff-cciss-add-sg-io-ioctl, diff-cciss-printk-creq-flags, diff-scsi-add-modalias-mainstream ====
<div class="change">
Patches from Marat Stanichenko <mstanichenko@parallels.com>
Various kludges to make cciss work properly and make udev
receive scsi uevents.
Bugs #114972, #114130.
</div>
Since {{kernel link|rhel5|028stab057.2}}:
* Rebased on 2.6.18-92.1.10 RHEL5 update
* Compilation fixes with some .config variants
* Race in checkpointing wrt half-open connection restore
* OpenVZ-in-Xen compilation fixed
* Long standing deadlock in dropping caches fixed
<includeonly>[[{{PAGENAME}}/changes#Patches|{{Long changelog message}}]]</includeonly><noinclude>
=== Patches ===
==== diff-cpt-synwait-restore-lock-20080821 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
cpt: lock sock before restoring its synwait queue
This new socket already has all the necessary TCP timers armed,
so tcp_keepalive_timer can fire during the rst_restore_synwait_queue
and (for the latter being lockless) can spoil the queue.
Locking in the restoring procedure is requires.
Bug #118912.
</div>
==== diff-fs-quotcompat-xencomp-fix-20080806 ====
<div class="change">
Patch from Marat Stanichenko <mstanichenko@openvz.org>
quota: Compilation fix for XEN kernels
CONFIG_QUOTA_COMPAT is not enabled in Xen config so we bump into the
problem of undefined structures.
Bug #118177.
</div>
==== diff-ms-add-limits_h-to-sumversions_c-20080820 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
Fix sumversion.c compilation with some modern compilers
{{Bug|951}}.
</div>
==== diff-ms-cifs-lanman-off-compilation-20080820 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
cifs: fix compilation for no-lanman case
backported mainstream commit 516897a208bc1423d561ce2ccce0624c3b652275
{{Bug|951}}.
</div>
==== diff-ms-fix-xfrm-compilation-20080818 ====
<div class="change">
Patch from Vitaliy Gusev <vgusev@openvz.org>
[PATCH] Fix compilation error when CONFIG_XFRM is not set.
{{bug|963}}.
</div>
==== diff-ms-sigqueue-alloc-race-20080820 ====
<div class="change">
Patch from Konstantin Khlebnikov <khlebnikov@openvz.org>
Fix sigqueue_alloc vs switch_uid race
Such a race can result in arbitraru memory corruption (actually).
This is a merge of two mainstream patches from Linus:
commit 45c18b0bb579b5c1b89f8c99f1b6ffa4c586ba08
Author: Linus Torvalds <torvalds@g5.osdl.org>
Date: Sat Nov 4 10:06:02 2006 -0800
Fix unlikely (but possible) race condition on task->user access
There's a possible race condition when doing a "switch_uid()" from one
user to another, which could race with another thread doing a signal
allocation and looking at the old thread ->user pointer as it is freed.
This explains an oops reported by Lukasz Trabinski:
http://permalink.gmane.org/gmane.linux.kernel/462241
We fix this by delaying the (reference-counted) freeing of the user
structure until the thread signal handler lock has been released, so
that we know that the signal allocation has either seen the new value or
has properly incremented the reference count of the old one.
Race identified by Oleg Nesterov.
Cc: Lukasz Trabinski <lukasz@wsisiz.edu.pl>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
commit 10b1fbdb0a0ca91847a534ad26d0bc250c25b74f
Author: Linus Torvalds <torvalds@g5.osdl.org>
Date: Sat Nov 4 13:03:00 2006 -0800
Make sure "user->sigpending" count is in sync
The previous commit (45c18b0bb579b5c1b89f8c99f1b6ffa4c586ba08, aka "Fix
unlikely (but possible) race condition on task->user access") fixed a
potential oops due to __sigqueue_alloc() getting its "user" pointer out
of sync with switch_user(), and accessing a user pointer that had been
de-allocated on another CPU.
It still left another (much less serious) problem, where a concurrent
__sigqueue_alloc and swich_user could cause sigqueue_alloc to do signal
pending reference counting for a _different_ user than the one it then
actually ended up using. No oops, but we'd end up with the wrong signal
accounting.
Another case of Oleg's eagle-eyes picking up the problem.
This is trivially fixed by just making sure we load whichever "user"
structure we decide to use (it doesn't matter _which_ one we pick, we
just need to pick one) just once.
Acked-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
{{bug|848}}.
</div>
==== diff-rh-export-flush_tbl_page-for-xen-20080806 ====
<div class="change">
Patch from Marat Stanichenko <mstanichenko@openvz.org>
xen: Fix build for x86_64 arch
we have to export flush_tlb_page() symbol in Xen-x86_64 kernel because
cpt modules uses this symbol.
Bugs #118432, #118177.
</div>
==== diff-rh-xen-include-cacheflush-20080806 ====
<div class="change">
Patch from Marat Stanichenko <mstanichenko@openvz.org>
xen: Bad "#include" directives position causes Xen-i386 compilation error.
arch/i386/mm/ioremap-xen.c
|#include <asm/cacheflush.h> (#define _I386_CACHEFLUSH_H)
|#include <linux/mm.h>
|#include <linux/pagemap.h>
|#include <linux/highmem.h>
|#include <asm/cacheflush.h>
(but nothing actually includes right now(see #define _I386_CACHEFLUSH_H)).
cacheflush.h uses the functions from <asm/cacheflush.h> so the definition of
the functions occurs after somebody uses them.
Bug #118177.
</div>
==== diff-rh-xfrm-more-macros-compilation-20080820 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
xfrm: more compilation fixes for wierd openvz users config
{{bug|951}}.
</div>
==== diff-ubc-subbcino-gen-fix-20080820 ====
<div class="change">
Patch from Pavel Emelianov <xemul@openvz.org>
bc: fix subbeancounter inode number calculations in /proc/bc
0 and 0.0 still have the same number...
Bug #116868.
</div>
==== diff-ve-nf-ct-checksum-ro-inve-20080722 ====
<div class="change">
Patch from Vasily Averin <vvs@openvz.org>
netfilter: Fix broken isolation for ip_conntrack_checksum sysctl
net.ipv4.netfilter.ip_conntrack_checksum should be read-only inside VE.
Bug #117138.
</div>
==== diff-vfs-lock-inversion-in-drop_pagecache_sb-20080820 ====
<div class="change">
Patch from Dmitry Monakhov <dmonakhov@openvz.org>
vfs: fix lock inversion in drop_pagecache_sb()
backport mainstream commit: eccb95cee4f0d56faa46ef22fb94dd4a3578d3eb
Fix longstanding lock inversion in drop_pagecache_sb by dropping inode_lock
before calling __invalidate_mapping_pages(). We just have to make sure inode
won't go away from under us by keeping reference to it and putting the
reference only after we have safely resumed the scan of the inode list. A bit
tricky but not too bad...
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Fengguang Wu <wfg@mail.ustc.edu.cn>
Cc: David Chinner <dgc@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug #116673.
</div>
==== diff-cciss-reformat-error-handling, diff-cciss-add-sg-io-ioctl, diff-cciss-printk-creq-flags, diff-scsi-add-modalias-mainstream ====
<div class="change">
Patches from Marat Stanichenko <mstanichenko@parallels.com>
Various kludges to make cciss work properly and make udev
receive scsi uevents.
Bugs #114972, #114130.
</div>