OpenVZ Source code
  1. OpenVZ Source code

vzkernel

Public

Commits

AuthorCommitMessageCommit DateIssues
Konstantin KhorenkoKonstantin Khorenko
c9ce4a93147OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.21Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Vasily AverinVasily Averin
109f7fa5d20ploop kaio: successfull alloc should adjust alloc_headPatch fixes data corruptiopn after online resize of empty ploop image located on vstorage. Online ploop grow for on vstorage does not update ploop_io->alloc_head therefore following write requests incorrectly recognizes location of first data block, and can write data into metadata section of image. https://pmc.acronis.com/browse/VSTOR-15471 Signed-off-by: Vasily Averin <vvs@virtuozzo.com> R...VSTOR-15471
Kirill TkhaiKirill Tkhai
b740513c132OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.20Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Pavel ButsykinPavel Butsykin
40cdedb0688ploop: fix negative discard size in preprocess_discard_req()Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Acked-by: Denis V. Lunev <den@openvz.org>
Pavel ButsykinPavel Butsykin
05a8897ff92ploop: change default of discard granularity and alignment attrs to PAGE_SIZEIn ploop the discard_alignment and discard_granularity are used only for asynchronous REQ_DISCARD, but support of such request in the form of IOCB_CMD_UNMAP_ITER is implemented only in FUSE which always requires alignment of offset and size on PAGE_SIZE. Let's set this value by default. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Kirill TkhaiKirill Tkhai
bbfe26f9ba2OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.19Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Denis V. LunevDenis V. Lunev
16194610e0fploop: add separate tree for existing discard requestsRight now ploop code use own code for requests merging. This code uses separate rb trees for READ and WRITE requests. There are also, unfortunately, DISCARD requests. They are submited with a WRITE flag set. Thus there is a possibility that they will be merged with writes and this leads to fatal consequences. If the WRITE is ahead the DISCARD, we get EINVAL from FUSE. If DISCARD is ahead the W...VSTOR-16344
Denis V. LunevDenis V. Lunev
83a9f335d57ploop: create helper to access ploop_device->entry_treeWe are going to add one more request type in the next patch. https://pmc.acronis.com/browse/VSTOR-16344 Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>VSTOR-16344
Konstantin KhorenkoKonstantin Khorenko
5eb89d30580OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.18Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Konstantin KhorenkoKonstantin Khorenko
45ef4970ec5OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.17Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Michal HockoMichal Hocko
809a364c10ams/vmscan: memcg: always use swappiness of the reclaimed memcgMemory reclaim always uses swappiness of the reclaim target memcg (origin of the memory pressure) or vm_swappiness for global memory reclaim. This behavior was consistent (except for difference between global and hard limit reclaim) because swappiness was enforced to be consistent within each memcg hierarchy. After "mm: memcontrol: remove hierarchy restrictions for swappiness and oom_control"...PSBM-89726
Konstantin KhorenkoKonstantin Khorenko
c503db7fc48OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.16Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Alexey KuznetsovAlexey Kuznetsov
6225b28dad5fs/fuse kio_pcs: cleanup in truncate (backport)It was not a bug, the behaviour stays the same, but code looked really strange. Noticed by dmonakhov@ Signed-off-by: Alexey Kuznetsov <kuznet@virtuozzo.com> Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Pavel ButsykinPavel Butsykin
9139fc01801fs/fuse kio_pcs: NULL pointer dereference in map_submit()->MAP_ARGS()MAP_ARGS() contains reference to m->mapping, which can be NULL in case of map dead. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> ===================== Patchset description: FUSE KIO: Mapping truncate fixes https://jira.sw.ru/browse/PSBM-89539PSBM-89539
Pavel ButsykinPavel Butsykin
6fe1acd868dfs/fuse kio_pcs: NULL pointer dereference on access m->mapping->chunk_size_bitsInside map_chunk_start()/map_chunk_end() there is dereference m->mapping, which can be NULL in case of map dead. But in fact it's impossible in this place, because maps are dropped only on shrink which is protected from simultaneous execution with other IO. But anyway let's fix dereference m->mapping of a dead map and add WARN_ON_ONCE() to facilitate catching this race in case it occurs. Sign...PSBM-89539
Pavel ButsykinPavel Butsykin
46b140d8e70fs/fuse kio_pcs: fix map leaks in process_ireq_truncate()In addition to finding maps, pcs_find_get_map() increases reference to map which returns. So after using the map we need to call pcs_map_put() at the end. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> ===================== Patchset description: FUSE KIO: Mapping truncate fixes https://jira.sw.ru/browse/PSBM-89539PSBM-89539
Pavel ButsykinPavel Butsykin
51fbe7348c8fs/fuse kio_pcs: simplify pcs_mapping_truncate()This cosmetic patch is aimed to simplify the code in pcs_mapping_truncate(). Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> ===================== Patchset description: FUSE KIO: Mapping truncate fixes https://jira.sw.ru/browse/PSBM-89539PSBM-89539
Pavel ButsykinPavel Butsykin
384e1aef830fs/fuse kio_pcs: fix map leak in pcs_mapping_truncate()Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> ===================== Patchset description: FUSE KIO: Mapping truncate fixes https://jira.sw.ru/browse/PSBM-89539PSBM-89539
Pavel ButsykinPavel Butsykin
f528febb7adfs/fuse kio_pcs: protect valid_for_truncate() by m->lock'sAccess to m->state can be carried out only under m->lock. This patch protects valid_for_truncate() by m->lock's and thereby fixes unlocked access to m->state in process_ireq_truncate(). Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> ===================== Patchset description: FUSE KIO: Mapping truncate fixes https://jira.sw.ru/brows...PSBM-89539
Pavel ButsykinPavel Butsykin
4f718bee3cafs/fuse kio_pcs: fix condition for map resolving in pcs_mapping_truncate()We need to resolve map if it's valid, and not otherwise. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> ===================== Patchset description: FUSE KIO: Mapping truncate fixes https://jira.sw.ru/browse/PSBM-89539PSBM-89539
Pavel ButsykinPavel Butsykin
173869b1af6fs/fuse kio_pcs: forgotten setting of the next phaseIt was also lost when valid_for_truncate() ported to kernel. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> ===================== Patchset description: FUSE KIO: Mapping truncate fixes https://jira.sw.ru/browse/PSBM-89539PSBM-89539
Pavel ButsykinPavel Butsykin
0f4af7f650ffs/fuse kio_pcs: make map_truncate_tail() working as the original from libpcs_clientThe offset from the argument usually belong to chunk that will still be used, we can't drop map describing this chunk. But we can drop all subsequent maps. In the original, map_truncate_tail() works exactly this way, but when code was transferred to the kernel it suddenly changed the logic. Let's fix it. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai...PSBM-89539
Kirill TkhaiKirill Tkhai
34657e6f1bdfuse: Switch unused engines off in KconfigWe do not test and do not use these engines. They were needed on initial stage of development, but now their time is over. It's not safe to distribute untested (and never used) debug modules in production, so this patch disables them by default. Some time later, if there is no at least a single using of them in any purpose, we'll completely drop them. https://pmc.acronis.com/browse/VSTOR-1632...VSTOR-16325
Kirill TkhaiKirill Tkhai
9d2ed0cdcbafuse: Prohibit kio engine from containersCurrently we have several BUG_ON() ported from userspace, and they may fire in case of it's used malicious daemon instead of original vstorage-mount. So, just prohibit mounting with kio from inside container. https://pmc.acronis.com/browse/VSTOR-16325 Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Reviewed-by: Pavel Butsykin <pbutsykin@virtuozzo.com>VSTOR-16325
Kirill TkhaiKirill Tkhai
d26da18e8e6fuse: Fix parse_fuse_opt() return values wrong interpretationThis function returns not 0 in case of success, and 0 in case of failure. So, error values like -EPERM are interpreted as success, which is wrong. Fix that. Note, that fuse has generic EINVAL return value for all types of unacceptable parameters. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Reviewed-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Vasily AverinVasily Averin
f492b8d0248ext4 resise: extra brelse in setup_new_flex_group_blocks()currently bh is set to NULL only during first iteration of for cycle, then this pointer is not cleared after end of using. Therefore rollback after errors can lead to extra brelse(bh) call, decrements bh counter and later trigger an unexpected warning in __brelse() Patch moves brelse() calls in body of cycle to exclude requirement of brelse() call in rollback. Fixes 33afdcc5402d ("ext4: add a...PSBM-89583
Theodore Ts'oTheodore Ts'o
b8934960efbms/ext4: fix online resize's handling of a too-small final block groupcommit f0a459dec5495a3580f8d784555e6f8f3bf7f263 Author: Theodore Ts'o <tytso@mit.edu> Date: Mon Sep 3 22:19:43 2018 -0400 ext4: fix online resize's handling of a too-small final block group Avoid growing the file system to an extent so that the last block group is too small to hold all of the metadata that must be stored in the block group. This problem can be triggered...PSBM-89583
Josh PoimboeufJosh Poimboeuf
b73eb4482d3ms/x86/unwind: Disable KASAN checks for non-current tasksThere are a handful of callers to save_stack_trace_tsk() and show_stack() which try to unwind the stack of a task other than current. In such cases, it's remotely possible that the task is running on one CPU while the unwinder is reading its stack from another CPU, causing the unwinder to see stack corruption. These cases seem to be mostly harmless. The unwinder has checks which prevent it fr...HCI-171
Brian GerstBrian Gerst
d21e78475d0ms/sched/x86: Add 'struct inactive_task_frame' to better document the sleeping task stack frameAdd 'struct inactive_task_frame', which defines the layout of the stack for a sleeping process. For now, the only defined field is the BP register (frame pointer). Signed-off-by: Brian Gerst <brgerst@gmail.com> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <...HCI-171
Dmitry VyukovDmitry Vyukov
d04012cdb3ams/kprobes: Unpoison stack in jprobe_return() for KASANI observed false KSAN positives in the sctp code, when sctp uses jprobe_return() in jsctp_sf_eat_sack(). The stray 0xf4 in shadow memory are stack redzones: [ ] ================================================================== [ ] BUG: KASAN: stack-out-of-bounds in memcmp+0xe9/0x150 at addr ffff88005e48f480 [ ] Read of size 1 by task syz-executor/18535 [ ] page:ffffea00017923...VSTOR-16798
Mark RutlandMark Rutland
5b5f7d64b35ms/kasan: add functions to clear stack poisonFunctions which the compiler has instrumented for ASAN place poison on the stack shadow upon entry and remove this poison prior to returning. In some cases (e.g. hotplug and idle), CPUs may exit the kernel a number of levels deep in C code. If there are any instrumented functions on this critical path, these will leave portions of the idle thread stack shadow poisoned. If a CPU returns to th...VSTOR-16798
Dmitry VyukovDmitry Vyukov
7e056537040ms/kprobes: Avoid false KASAN reports during stack copyKprobes save and restore raw stack chunks with memcpy(). With KASAN these chunks can contain poisoned stack redzones, as the result memcpy() interceptor produces false stack out-of-bounds reports. Use __memcpy() instead of memcpy() for stack copying. __memcpy() is not instrumented by KASAN and does not lead to the false reports. Currently there is a spew of KASAN reports during boot if CONFIG...VSTOR-16798
Konstantin KhorenkoKonstantin Khorenko
fb95a832e90OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.15Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Pavel TikhomirovPavel Tikhomirov
8f1ecc2d7c4ploop: fix int overflow when calculating used_posIf io->alloc_head is e.g. 0x11ff, then we get used_pos equal to: crash> p (((int)0x11ff)-1)<<20 $3 = 534773760 instead of: crash> p (((long long)0x11ff)-1)<<20 $5 = 4829741056 https://jira.sw.ru/browse/PSBM-89565 Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Reviewed-by: Konstantin Khorenko <khorenko@virtuozzo.com>PSBM-89565
Andrey RyabininAndrey Ryabinin
c57f0c47f12mm/tcache,tswap: Don't try to shrink if tswap/tcache disabledshrink_tcrutches() calls tcache/tswap_shrink_scan() regardless of wether tcache/tswap enabled or have any pages. If tcache was disabled at via tcache.enabled=0 boot parameter, it will crash: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: [<ffffffffbe03794b>] tcache_lru_isolate+0x2b/0x1e0 Call Trace: tcache_shrink_scan+0x46/0x130 shrink_tcrutches+0xe8/0x15...HCI-168
Eric DumazetEric Dumazet
a5525b0f6d9ms/net/packet: fix a race in packet_bind() and packet_notifier()Commit 15fe076edea787807a7cdc168df832544b58eba6 in the mainline kernel. syzbot reported crashes [1] and provided a C repro easing bug hunting. When/if packet_do_bind() calls __unregister_prot_hook() and releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This calls register_prot_hook() and hooks again the socket right before first thread is able t...2 JIRA Issues
Kirill TkhaiKirill Tkhai
9a6bedb42fdfuse kio: Unexport pcs_ioconn_close() and pcs_ioconn_unregister()They are used only in the file they are declared. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Reviewed-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Pavel ButsykinPavel Butsykin
dfeff3324b9fs/fuse kio_pcs: fix NULL pointer dereference in pcs_mapping_truncate()Looks like a logical mistake. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Konstantin KhorenkoKonstantin Khorenko
e521e848997OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.14Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Eric BiggersEric Biggers
85f55043567ms/ipc/shm: fix use-after-free of shm file via remap_file_pages()syzbot reported a use-after-free of shm_file_data(file)->file->f_op in shm_get_unmapped_area(), called via sys_remap_file_pages(). Unfortunately it couldn't generate a reproducer, but I found a bug which I think caused it. When remap_file_pages() is passed a full System V shared memory segment, the memory is first unmapped, then a new map is created using the ->vm_file. Between these steps, ...2 JIRA Issues
Konstantin KhorenkoKonstantin Khorenko
bf4a2324e60OpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.13Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Andrey RyabininAndrey Ryabinin
fe87c15bf3amm/vmscan: shrink tcache, tswap upfront everything elseWe don't want to evict page cache or anon to swap while there are a lot of reclaimable pages in tcache/tswap. Reclaim them first, and only after that go to traditional reclaim Notes: 1) we keep tcache and tswap generic shrinkers so if new tcache/tswap are generated heavily, background kswapd thread does not forget to shrink tcache/tswap 2) in shrink_tcrutches() we don't break for_each_nod...PSBM-89403
Konstantin KhorenkoKonstantin Khorenko
309634e86fcOpenVZ kernel rh7-3.10.0-862.14.4.vz7.72.12Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Vasily AverinVasily Averin
a31646a53bdnet: fix netns accounting on error handlingFixes: d0139b975f03 ("ve/netns: limit number of network namespaces per container") Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Vasily AverinVasily Averin
1f18342799acbt: selfdeadlock in __blk_cbt_set()__blk_cbt_set() can be interrupted by IPI __cbt_flush_cpu_cache() that will be cycled forever in spin_lock_page() because page was already locked by interrupted process. #5 [ffff880071e89f50] nmi at ffffffff81569781 [exception RIP: __blk_cbt_set+133] RIP: ffffffff812b1a35 RSP: ffff880071e83ef8 RFLAGS: 00000087 RAX: 0000000000000001 RBX: 00000000004a0020 RCX: 00000000ffffffff ...PSBM-89323
Vasily AverinVasily Averin
0a074588bfbcbt: bitmap corruption caused by ipiIPI generated by cbt_flush_cache() can interrupt blk_cbt_add() in "bad" places and lead to bitmap corruption. CPU A CPU B blk_cbt_add() ... cbt_flush_cache() old = *ex; submit IPI ex->start = start; interrupt __cbt_flush_cpu_cache if (ex->len) <<< found non-changed len __blk_cbt_set(cbt, ex->start, ex->len, 0, 1); ...PSBM-89323
Andrey RyabininAndrey Ryabinin
c322a6f3894mm/tcache: rebalance tree if isolation failedtcache_lru_isolate() doesn't rebalance reclaim tree if isolation failed. If the first pool in tree is empty, without rebalancing it may stay first indefinitely long preventing reclaim. https://jira.sw.ru/browse/PSBM-89403 Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Acked-by: Kirill Tkhai <ktkhai@virtuozzo.com>PSBM-89403
Andrey RyabininAndrey Ryabinin
f1d2d2dc308mm/tcache: don't insert empty reclaim nodeIf tcache_lru_del() deletes last page from node we don't need to insert reclaim node into tree. https://jira.sw.ru/browse/PSBM-89403 Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Acked-by: Kirill Tkhai <ktkhai@virtuozzo.com>PSBM-89403
Kirill TkhaiKirill Tkhai
e95c5e36d1dfuse kio: Fix deadlock at pcs_fuse_submit() error pathrequest_end() takes fc->lock, so we in case of error we bump into deadlock: Call Trace: [<ffffffffb3bb63f5>] _raw_spin_lock+0x75/0xc0 [<ffffffffc170871b>] spin_lock+0x18/0x1b [fuse] [<ffffffffc170ba63>] request_end+0x265/0x72b [fuse] [<ffffffffc18a1b8d>] pcs_fuse_submit+0x9fb/0xaa3 [fuse_kio_pcs] [<ffffffffc18a35c4>] kpcs_req_send+0x793/0xa60 [fuse_kio_pcs] [<ffffffffc170b6ca>] flu...VSTOR-16246
Pavel ButsykinPavel Butsykin
99b1e7df9c8fs/fuse kio_pcs: flush rpc work inside pcs_rpc_destroy()This flush is necessary to done pending messages and to execute queued work before we free rpc memory. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> ===================== Patchset description: Order rpc destroy with rpc_queue_work() Prevents use-after-free from work function. https://pmc.acronis.com/browse/VSTOR-16236 Kirill Tkh...VSTOR-16236