Author | Commit | Message | Commit date | Issues | |
---|---|---|---|---|---|
OpenVZ team | ef98da39d22 | linux-2.6.16-026test017 released | |||
OpenVZ team | 0c73a02f80fM | Merged 2.6.16.27 from /linux/kernel/git/stable/linux-2.6.16.y | |||
Pavel Emelianov | a423458d23a | Fix CPT module compilation (misprint) | |||
Pavel Emelianov | a2299f4db84 | Fix for nr_files acct in UB0.Do not just limit nr_files in UB0 only, but also account. | |||
Alexey Kuznetsov | 8c1a6485ac5 | [CPT] support checkpointing of bind mounts | |||
Alexey Kuznetsov | c691647ba91 | [CPT] timers cleanup, ve suspend cleanupTimers are totally messed in 2.6.16. This fixes bug with randomly stuck sleeps etc. Also, the same patch fixes two another critical bugs: 1. vzctl chkpnt N --suspend; vzctl chkpnt N --resume sometimes kills some applications (f.e. strace bash). 2. when GFP_KERNEL allocation fails (oom killer), checkpoint can fail and leave some processes frozen. | |||
Alexey Kuznetsov | ac91a5ad384 | VE start time cleanup* start_time is signed value. After migration it can be negative. Respect this. * It is possible some processes started before ve->start_time. (f.e. migrated VE processes from viewpoint of VE0 or processes forked before VE creation and entering it later). The only sane solution is to show in /proc zero times. * Set ve->start_time to sane value, so that init does not have negative sta... | |||
Alexey Kuznetsov | 37d34c49708 | VE suspend cleanupSoftware suspend breaks some processes, when it fails. The problem is capital. Core assumes that as soon as signal_pending() is set, the only place where the condition is cleared is signal delivery path. Otherwise, processes can occasionally get bare -ERESTART* and die. The only solution is to avoid clearing TIG_FREEZE ever, leaving this function to refrigrator(). This requires adding a globa... | |||
Alexey Kuznetsov | 525342689a8 | [CPT] Image versioningBoost image version. | |||
Dmitry Mishin | e0ffc563afa | xt_mac iptables match virtualizationhttp://forum.openvz.org/index.php?t=tree&th=902&mid=4883&&rev=&reveal= | |||
Kirill Korotaev | 58d0cc7c116 | nr_files should not limit VEsWe have UBC numfile limit, so skip global check for VE. Long-term solution is to virtualize nr_files variable. | |||
Vasily Tarasov | 3b7d61b2e5a | [PATCH 3/3] Fixes compilation with CONFIG_USER_RESOURCE offVecalls-related fixes. | |||
Vasily Tarasov | 30bd0296926 | [PATCH 2/3] [CPT] Fixes compilation with CONFIG_USER_RESOURCE offCheckpointing-related fixes. | |||
Vasily Tarasov | 7d5016867af | [PATCH 1/3] Fixes compilation with CONFIG_USER_RESOURCE offA misprint in ub_misc.h. | |||
Kir Kolyshkin | aec8735d900 | [x86_64] Compilation fix for net/socket.cOn an x86_64 arch, if CONFIG_NETFILTER is not set, linux/in6.h is not included into net/socket.c and it fails to compile: net/socket.c: In function 'vz_security_proto_check': net/socket.c:1106: error: 'IPPROTO_ICMPV6' undeclared (first use in this function) The fix is to include linux/in6.h explicitly. http://buzgilla.openvz.org/206 | |||
Pavel Emelianov | d21eb89c8bd | SysRq debugger.This patch adds small debugger which works via SysRq. With it one can dump memory, resolve kernel symbols and write to memory. /proc/sysrq-trigger is patched to read more than one character from user, so that debugger works with commands like echo -n -e 'gd0xc0400000\rq' > /proc/sysrq-trigger | |||
Vasily Tarasov | 124df2e5b84 | Iptables bug in ipt_flush_tableOne cannot set private->size = 0 in ipt_flush_table() 'cause this value is used in xt_free_table_info() later. http://bugzilla.openvz.org/show_bug.cgi?id=191 | |||
Greg Kroah-Hartman | 659eadfc207 | Linux 2.6.16.27 | |||
Ian Abbott | b6c9e34e0ac | [PATCH] USB serial ftdi_sio: Prevent userspace DoS (CVE-2006-2936)This patch limits the amount of outstanding 'write' data that can be queued up for the ftdi_sio driver, to prevent userspace DoS attacks (or simple accidents) that use up all the system memory by writing lots of data to the serial port. Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | CVE-2006 | ||
YOSHIFUJI Hideaki | 8ac7545d688 | [PATCH] IPV6 ADDRCONF: Fix default source address selection without CONFIG_IPV6_PRIVACYWe need to update hiscore.rule even if we don't enable CONFIG_IPV6_PRIVACY, because we have more less significant rule; longest match. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |||
$,1 aukasz Stelmach | 1d3688b6133 | [PATCH] IPV6: Fix source address selection.Two additional labels (RFC 3484, sec. 10.3) for IPv6 addreses are defined to make a distinction between global unicast addresses and Unique Local Addresses (fc00::/7, RFC 4193) and Teredo (2001::/32, RFC 4380). It is necessary to avoid attempts of connection that would either fail (eg. fec0:: to 2001:feed::) or be sub-optimal (2001:0:: to 2001:feed::). Signed-off-by: $,1 aukasz Stelmach <stlm... | |||
Greg Kroah-Hartman | e7291d7695d | Linux 2.6.16.25 | |||
Linus Torvalds | 17fe0b2d314 | [PATCH] Relax /proc fix a bitRelax /proc fix a bit Clearign all of i_mode was a bit draconian. We only really care about S_ISUID/ISGID, after all. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |||
Greg Kroah-Hartman | f7a3975e687 | Linux 2.6.16.25 | |||
Linus Torvalds | d8a2707576c | [PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)Fix nasty /proc vulnerability We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | CVE-2006 | ||
Pavel Emelianov | 0def177f606 | [VZDQ] Fix __vzquota_sync_list() list manipulationsAfter schedule() on need_resched() need to check for list_empty() again. (#65333) | |||
OpenVZ team | 8f11223651c | linux-2.6.16-026test016 released | |||
OpenVZ team | 9a23ec204b8M | Merged 2.6.16.24 from /linux/kernel/git/stable/linux-2.6.16.y | |||
Pavel Emelianov | 3dd25e7233d | Call notifiers on netdeive moving.When device moves from ve to ve0 or vice-versa NETDEV_UNREGISTER/NETDEV_REGISTER events must be sent. This at least clears dst entries from device. (#64925) | |||
Alexey Kuznetsov | 3802ead24e6 | [PATCH] fdset's leakageWhen found, it is obvious. nfds calculated when allocating fdsets is rewritten by calculation of size of fdtable, and when we are unlucky, we try to free fdsets of wrong size. There is a little problem there, the bug is triggered only under certain combination of initial values for max_fdset and max_fds. They were changed recently, so that bug may be invisible in current mainstream (well, it w... | |||
Alexey Kuznetsov | abf8447e2ba | Memory leak in fs/namei.c2.6.16 leaks like hell. While testing, I found massive leakage in: *filp *size-4096 And 1 object leaks in *size-32 *size-64 *size-128 (#63420) | |||
Pavel Emelianov | 1ce551c5108 | Compilation fix for CONFIG_FAIRSCHED=n and CONFIG_SCHED_VCPU=y.This is the first (and the easiest) part of OpenVZ BUG http://bugzilla.openvz.org/show_bug.cgi?id=173 | |||
Pavel Emelianov | 4ed1d8c0b18 | [CPT] fget() call rerurns NULL on errorcpt code expected ERR_PTR values and thus could oops (#64758) | |||
Dmitry Mishin | 8971ade1d10 | Fixed vzmond cycling due to wrong conntracks cleanup context(#64713) | |||
Kirill Korotaev | 11d518fec9b | Fix of UBC headers.config.h should not be included from user space. | |||
Pavel Emelianov | ebbe7895912 | Check for inet_bin_bucket owner in inet(6)_hash_connect.Noticed by Andrey Savochkin. | |||
Greg Kroah-Hartman | 407972755b4 | Linux 2.6.16.24 | |||
Greg Kroah-Hartman | 9e4e45f19bd | fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)Based on a patch from Ernie Petrides During security research, Red Hat discovered a behavioral flaw in core dump handling. A local user could create a program that would cause a core file to be dumped into a directory they would not normally have permissions to write to. This could lead to a denial of service (disk consumption), or allow the local user to gain root privileges. Signed-off-by: ... | CVE-2006 | ||
Pavel Emelianov | 5d9aab961c1 | Print warning if some initcall returned error.Stop booting the kernel is not correct, but sometimes it's necessary to know that some initcall failed. | |||
OpenVZ team | 316d3db6bd5 | linux-2.6.16-026test015 released | |||
OpenVZ team | 7031cc767b5M | Merged 2.6.16.23 from /linux/kernel/git/stable/linux-2.6.16.y | |||
Pavel Emelianov | b401d3c2397 | Compilation fix for ipv6 netfilter initialization. | |||
Pavel Emelianov | 69fde7e335f | Fix creation of tcp/udp proc entries.When we didn't have ipv6 virtualized ipv6-related entries we created locally to ve0. Now we have ipv6 virtualized, so the entries in question must be visible in VEs. | |||
Greg Kroah-Hartman | 2bd44a13c95 | Linux 2.6.16.23 | |||
Chris Wright | 92224802335 | [PATCH] revert PARPORT_SERIAL should depend on SERIAL_8250_PCI patchShould have not been applied to 2.6.16 Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |||
Patrick McHardy | 70a00d8615e | [PATCH] NETFILTER: SCTP conntrack: fix crash triggered by packet without chunks [CVE-2006-2934]When a packet without any chunks is received, the newconntrack variable in sctp_packet contains an out of bounds value that is used to look up an pointer from the array of timeouts, which is then dereferenced, resulting in a crash. Make sure at least a single chunk is present. Problem noticed by George A. Theall <theall@tenablesecurity.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Sig... | CVE-2006 | ||
Kirill Korotaev | 858613dcfc6 | Fix of conntracs' sysctl initializationConntracks initialization code allocates sysctl array for 15 elements, while requires 21 (#64594) | |||
Alexey Kuznetsov | cc1684118c7 | [PATCH] verbose "vzctl start" kills console | |||
Vasily Tarasov | ed73f7b3d02 | Fix missing memory charging in pipe.c | |||
Pavel Emelianov | fd4ac130a1f | Fix of signal_struct->curr_target value after __exit_signal(). When task calls __exit_signal() it moves curr_target pointer on the next thread. If task isn'\''t changed - this pointer must be set to NULL. Otherwise race:sys_execve() sys_kill() ... ... de_thread() switch_exec_pids() /* at this point thread and leader * have shared signal_struct but splitted * (empty) pids lists */ release_task() sig->curr_target = next_thread(tsk); /* at this point curr_target is set to * tsk since it'\''s PID_TYPE_TGID list is * empty */ ...... |
Commits
Author | Commit | Commit date | Issues | |
---|---|---|---|---|
OpenVZ team | ef98da39d22 | |||
OpenVZ team | 0c73a02f80fM | |||
Pavel Emelianov | a423458d23a | |||
Pavel Emelianov | a2299f4db84 | |||
Alexey Kuznetsov | 8c1a6485ac5 | |||
Alexey Kuznetsov | c691647ba91 | |||
Alexey Kuznetsov | ac91a5ad384 | |||
Alexey Kuznetsov | 37d34c49708 | |||
Alexey Kuznetsov | 525342689a8 | |||
Dmitry Mishin | e0ffc563afa | |||
Kirill Korotaev | 58d0cc7c116 | |||
Vasily Tarasov | 3b7d61b2e5a | |||
Vasily Tarasov | 30bd0296926 | |||
Vasily Tarasov | 7d5016867af | |||
Kir Kolyshkin | aec8735d900 | |||
Pavel Emelianov | d21eb89c8bd | |||
Vasily Tarasov | 124df2e5b84 | |||
Greg Kroah-Hartman | 659eadfc207 | |||
Ian Abbott | b6c9e34e0ac | CVE-2006 | ||
YOSHIFUJI Hideaki | 8ac7545d688 | |||
$,1 aukasz Stelmach | 1d3688b6133 | |||
Greg Kroah-Hartman | e7291d7695d | |||
Linus Torvalds | 17fe0b2d314 | |||
Greg Kroah-Hartman | f7a3975e687 | |||
Linus Torvalds | d8a2707576c | CVE-2006 | ||
Pavel Emelianov | 0def177f606 | |||
OpenVZ team | 8f11223651c | |||
OpenVZ team | 9a23ec204b8M | |||
Pavel Emelianov | 3dd25e7233d | |||
Alexey Kuznetsov | 3802ead24e6 | |||
Alexey Kuznetsov | abf8447e2ba | |||
Pavel Emelianov | 1ce551c5108 | |||
Pavel Emelianov | 4ed1d8c0b18 | |||
Dmitry Mishin | 8971ade1d10 | |||
Kirill Korotaev | 11d518fec9b | |||
Pavel Emelianov | ebbe7895912 | |||
Greg Kroah-Hartman | 407972755b4 | |||
Greg Kroah-Hartman | 9e4e45f19bd | CVE-2006 | ||
Pavel Emelianov | 5d9aab961c1 | |||
OpenVZ team | 316d3db6bd5 | |||
OpenVZ team | 7031cc767b5M | |||
Pavel Emelianov | b401d3c2397 | |||
Pavel Emelianov | 69fde7e335f | |||
Greg Kroah-Hartman | 2bd44a13c95 | |||
Chris Wright | 92224802335 | |||
Patrick McHardy | 70a00d8615e | CVE-2006 | ||
Kirill Korotaev | 858613dcfc6 | |||
Alexey Kuznetsov | cc1684118c7 | |||
Vasily Tarasov | ed73f7b3d02 | |||
Pavel Emelianov | fd4ac130a1f |