OpenVZ-legacy
  1. OpenVZ-legacy

linux-2.6.18-openvz

Public
AuthorCommitMessageCommit dateIssues
OpenVZ teamOpenVZ team
ffc643a868flinux-2.6.18-028stab039 released
Pavel EmelianovPavel Emelianov
b52576cdab2[PATCH] BC: fix several issues in /proc/bcfind /proc/bc doesn't work with several errors reported. Reasons: 1. getdents() sometimes returns EOVERFLOW due to sign expansion in generated entries' inode numbers; 2. bc and subbc have equal generated inode numbers; 3. /proc/bc has broken (from find's POV) nlink count. Fix it all.
Denis V. LunevDenis V. Lunev
8cae4b4d212[PATCH] initialize ve0.op_sem earlier ve0->op_sem has been initialized on vecalls modules loading, but nowdays can be used before vzmon during NFS initialization...Bug #86869
Vitaliy GusevVitaliy Gusev
3540a4fb139[PATCH] CBQ: fix unfairness when gettimeofday clock source is used sch_cbq with gettimeofday clock source has limit 2000000 usec for the idle (undertime) time. Therefore when we try to set bandwidth less than 10000 bits/s then sch_cbq doesn't work (idle time want to become about 4000000 usec).Triggered by RHEL5 which switched from jiffies clocksource to gettimeofday() BTW, why? According to ANK this should work poorly, since gettimeofday can take as much as 100 microseconds... Bug #86375
Vitaliy GusevVitaliy Gusev
db70b1e448d[PATCH] venet: compilation warning fixlabel "out" is not used anymore. Fix the warning.
Vitaliy GusevVitaliy Gusev
f1e47798d31[PATCH] net: allow ethtool ops inside VEThis patch allows ethtool operations into VE with CAP_VE_NET_ADMIN capability.
OpenVZ teamOpenVZ team
50ea50abbd0linux-2.6.18-028stab038 released
Kirill KorotaevKirill Korotaev
0464370ef6a[PATCH] Add exports for IPv6 compilation with new security checksAdd exports for IPv6 compilation with new security checks introduced in Evgeniy Kravtsunov patch diff-ve-net-protocols-check-20070705
Pavel EmelianovPavel Emelianov
fecd9e8bbb1[PATCH] IPC: fix potential user leak When user locks an ipc shmem segmant with SHM_LOCK ctl and the segment is already locked the shmem_lock() function returns 0. After this the subsequent code leaks the existing user struct:== ipc/shm.c: sys_shmctl() == ... err = shmem_lock(shp->shm_file, 1, user); if (!err) { shp->shm_perm.mode |= SHM_LOCKED; shp->mlock_user = user; } ... == Other results of this are: 1. the new shp->mlock_user is not get-ed and will point to freed memory when the task dies. 2. the RLIMIT_MEMLOCK is screwed on both user structs. The exploit looks like thi...
Vasily AverinVasily Averin
ba0280aa64aRHEL5 forget to apply last of our megaraid_mbox fixes: http://forum.openvz.org/index.php?t=msg&goto=14975From: Andrey Mirkin <amirkin@sw.ru> Date: Mon, 16 Oct 2006 08:08:43 +0000 (+0400) Subject: [PATCH] scsi: megaraid_{mm,mbox}: 64-bit DMA capability fix X-Git-Tag: v2.6.19-rc3~208 X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=8741ca71a3f626a56595b88200ebf952ce77ceef [PATCH] scsi: megaraid_{mm,mbox}: 64-bit DMA capability fix It is known...
Denis V. LunevDenis V. Lunev
6b7dce37e94[PATCH] allow kthreads by default in VE (for NFS)This patch allows kernel threads by default inside VE.
Vitaliy GusevVitaliy Gusev
4f4e3df351a[PATCH] net: excessive UDP lost on VE send path When tring to send big UDP packets from VE then other side receive about 60% of all IP fragmentated packets and about 10% of all UDP packets that was sent from VE. Fragmentated IP-packets are dropped on an ethernet interface because an interface's queue is full.The ethernet interface's queue get full as venet/veth device passes fragmentated IP-packet with calling a sk_buff's destructor (by skb_orphan), socket's buffer become free, although it IP-packet isn't passed through the ethernet device. Therefore bulk IP-packets are sent through venet/veth interface that is much more than the real ethernet interface can transfer. Decision: venet/veth interface...
Alexandr AndreevAlexandr Andreev
2560eef765c[PATCH]: small fix to compile kernel without VCPU support
David MooreDavid Moore
30eceb302c4[PATCH] swiotlb: add missing phys_to_virt() callAdds missing call to phys_to_virt() in the lib/swiotlb.c:swiotlb_sync_sg() function. Without this change, a kernel panic will always occur whenever a SWIOTLB bounce buffer from a scatter-gather list gets synced. Affected are especially Intel x86_64 machines with more than about 3 GB RAM. Signed-off-by: David Moore <dcm@acm.org> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed...
Evgeny KravtsunovEvgeny Kravtsunov
7016a8463caWhen creating socket within VE the following ones are allowed:----------------------------------------------------------------------------------- family | type | protocol --------------------------------------------------------------------------------- PF_UNIX | | PF_LOCAL | | PF_PACKET | Any existing* | Any ex...
Dmitriy MonakhovDmitriy Monakhov
ad146c228a5[PATCH] BC: aidband - uncharge UB pages before charging to PB By design we assume that page may be accounted only in UB or only in PB counter.Unfortunately this is not always true, and ATI driver does some strange things like mmaping pages with PTEs to user space (maybe it is even a security hole in ATI driver, who knows?) So ATI driver exports pages via mmap(2) to userspace which was already accounted in UB (pte pages are charged to kmemsize). In this case accounting conflict happens and BUG_ON(head->pb_magic != PB_MAGIC) is trigge...
Dmitriy MonakhovDmitriy Monakhov
6c1d090d6a0[PATCH] BC: recharge vma if vm_flags changed after ->mmap() callSeveral device drivers (sigh... ATI) can change vm_flags in their f_op->mmap method. Because of this mm->locked_vm changed after f_op->mmap was called. If ->vm_flags has been changed we have to recharge ub memory.
Matt MackallMatt Mackall
0e1125753fd[PATCH] PaX: wakeup threshold limits If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes.(Bug reported by the PaX Team <pageexec@freemail.hu>) Cc: Theodore Tso <tytso@mit.edu> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> drivers/char/random.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-)
Jing Min ZhaoJing Min Zhao
e92f79f9b3f[NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index valuesChoices' index values may be out of range while still encoded in the fixed length bit-field. This bug may cause access to undefined types (NULL pointers) and thus crashes (Reported by Zhongling Wen). This patch also adds checking of decode flag when decoding SEQUENCEs. Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
Kirill KorotaevKirill Korotaev
91dbb635ea2[PATCH] VE: sys_getpgid/sid should depend on context sys_getpgid/sid() should return global pid of VE task if info is requisted from VE0 task. Actually, not critical, but still. let's fix it.Bug #85662
Denis V. LunevDenis V. Lunev
d17ce516113This patch ensures that VE is up and running during RPC connect. Thisstaff can be run as a schedule_work when all tasks has been dead. http://bugzilla.openvz.org/show_bug.cgi?id=513
OpenVZ teamOpenVZ team
12a67cd1783linux-2.6.18-028stab037 released
Kirill KorotaevKirill Korotaev
0fca96218bf[PATCH] CPT: remove killing of external processes External processes can't be easily detected. Even if process has a virtual pid, it doesn't mean it has no any connectiions to VE0 like opened files/libraries etc.So remove this feature at all and return back as it was - external processes should prevent from CPT. Revert of the patches: diff-cpt-kill-external-process-20070125 diff-cpt-kill-external-processes-b-20070515
Vasily TarasovVasily Tarasov
0b38c5b7cff[PATCH] IPv6 routing headers issueFrom: Thomas Graf <tgraf@redhat.com> Backport of the fix to disallow RH0 by default. The original upstream patch introduces a configuration option which breaks kABI as it extends a struct which is embeded into another public structure and is thus not acceptable as-is. Therefore the decision has been made to disallow routing header type 0 in gernal for now, a configuration option to enable cert...CVE-2007
Vasily TarasovVasily Tarasov
efb2059f0ba[PATCH] ipv6: ipv6_fl_socklist is inadvertently sharedFrom: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp> The ipv6_fl_socklist from listening socket is inadvertently shared with new socket created for connection. This leads to a variety of interesting, but fatal, bugs. For example, removing one of the sockets may lead to the other socket's encountering a page fault when the now freed list is referenced. The fix is to not share the flow label ...CVE-2007
Vasily TarasovVasily Tarasov
540a52a6916[PATCH] netfilter: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHEDFrom: Patrick McHardy <kaber@trash.net> The individual fragments of a packet reassembled by conntrack have the conntrack reference from the reassembled packet attached, but nfctinfo is not copied. This leaves it initialized to 0, which unfortunately is the value of IP_CT_ESTABLISHED. The result is that all IPv6 fragments are tracked as ESTABLISHED, allowing them to bypass a usual ruleset whic...CVE-2007
Vasily TarasovVasily Tarasov
d8a968675ac[PATCH] netfilter: nfnetlink_log: fix NULL pointer dereferenceFrom: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Fix the nasty NULL dereference on multiple packets per netlink message. BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004 printing eip: f8a4b3bf *pde = 00000000 Oops: 0002 [#1] SMP Modules linked in: nfnetlink_log ipt_ttl ipt_REDIRECT xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 xt_state ipt_ipp2p xt_NFLOG xt_h...CVE-2007
Vasily TarasovVasily Tarasov
9b5a6eeff2b[PATCH] netfilter: nfnetlink_log: fix possible NULL pointer dereferenceFrom: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Eliminate possible NULL pointer dereference in nfulnl_recv_config(). Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd16704eba171b32ef0cded3a4f562b33b911066 C...CVE-2007
Vasily TarasovVasily Tarasov
3285f160077[PATCH] netfilter: nfnetlink_log: fix crash on bridged packetFrom: Patrick McHardy <kaber@trash.net> physoutdev is only set on purely bridged packet, when nfnetlink_log is used in the OUTPUT/FORWARD/POSTROUTING hooks on packets forwarded from or to a bridge it crashes when trying to dereference skb->nf_bridge->physoutdev. Reported by Holger Eitzenberger <heitzenberger@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S....CVE-2007
RomanRoman
a3aabeb9bdb[PATCH] autofs4: compat layer for x8664 autofs4 uses platform dependant protocol which has 'long' data types inside data structures which are passed to/from user-space via pipe (sic!)...Thanks to this 32bit autofs tools do not work with 64 bit kernel. Bug #82040
Jan KaraJan Kara
b061b4b5c7b[PATCH] jbd: remove_transaction fixWe have to check that also the second checkpoint list is non-empty before dropping the transaction. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> http://bugzilla.openvz.org/show_bug.cgi?id=605 X-Git-Tag: v2.6.16-rc2~350 X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=...
Andrey MirkinAndrey Mirkin
cef0d1083de[PATCH] CPT: ignore user signals in kernel threadsUnder ptrace signals are not handled immediately and we have non-zero shared_pending mask on current task, so fork() returns -ERESTARTNOINTR and wait4() returns -ERESTARTSYS. We need to block signals SIGCHLD, SIGWINCH, SIGCONT and SIGURG to be sure that this signals will be ignored while kernel thread creation. Bug #84412
Alexey DobriyanAlexey Dobriyan
6d6917723f2[PATCH] proc: remove pathetic ->deleted WARN_ONWARN_ON(de && de->deleted); is sooo unreliable. Why? proc_lookup remove_proc_entry =========== ================= lock_kernel(); spin_lock(&proc_subdir_lock); [find proc entry] spin_unlock(&proc_subdir_lock); spin_lock(&proc_subdir_lock); [find proc entry] proc_get_inode ============== WARN_ON(de && de->deleted); ... if (!atomic_read(&de->count)) free_proc_entry(d...
Vasily TarasovVasily Tarasov
572aa0a43fa[PATCH] netfilter: wrong debug assertion in nat codeSimple compilation fix if NETFILTER_DEBUG is on
Vasily TarasovVasily Tarasov
4201e9bf26f[PATCH] netfilter: skb struct doesn't have nf_debug anymorenf_debug field is missing in modern kernels, but in some places we still refer to it. http://bugzilla.openvz.org/show_bug.cgi?id=627
Kirill KorotaevKirill Korotaev
3ba4ba4e5f5[PATCH] reiserfs: fix key decrementingThis patch fixes a bug in function decrementing a key of stat data item. Offset of reiserfs keys are compared as signed values. To set key offset to maximal possible value maximal signed value has to be used. This bug is responsible for severe reiserfs filesystem corruption which shows itself as warning vs-13060. reiserfsck fixes this corruption by filesystem tree rebuilding. Signed-off-by...
Vasily TarasovVasily Tarasov
b8f357c77e0[PATCH] venet: lots of spaces in /proc/vz/veinfo outputAfter introducing IPv6 support for venet device, field width for IP addresses in /proc/vz/veinfo was increased from 15 to 39: http://git.openvz.org/?p=linux-2.6.16-openvz;a=commitdiff;h=ddb2b95ff38b528f5def1bd4ae87108bf3fa6b7a The output seems a bit ridiculous, when VE owns only IPv4 addresses: to much strange spaces. This patch corrects it and fixes the bug: http://bugzilla.openvz.org/show_b...
Konstantin KhorenkoKonstantin Khorenko
0c95c9c9555[BRIDGE]: adding new device to bridge should enable if upPort of mainsteram patch: [BRIDGE]: adding new device to bridge should enable if up Aji Srinivas [Thu, 8 Mar 2007 00:10:53 +0000 (16:10 -0800)] One change introduced by the workqueue removal patch is that adding an interface that is up to a bridge which is also up does not ever call br_stp_enable_port(), leaving the port in DISABLED state until we do ifconfig down and up or link events occur. ...
Konstantin KhorenkoKonstantin Khorenko
f19a049b49e[PATCH] bridge: race between br_del_if() and port_carrier_check() This patch eliminates a race between br_del_if() and port_carrier_check() which leads to the oops in the latter function. This patch is a port of 2 mainstream patches:[BRIDGE] br_if: Fix oops in port_carrier_check Signed-off-by: Jarek Poplawski <jarkao2@o2.pl> Acked-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net> commit a10d567c89dfba90dde2e0515e25760fd74cde06 and [BRIDGE]: eliminate workqueue for carrier check Having a work queue for checking carrier leads to lots of race issues. Simpler to ju...
Andrey MirkinAndrey Mirkin
03a9f52c84e[PATCH] CPT: check ctx->file for NULLWe need to be sure that dumpfile pointer (ctx->file) is not NULL, because we can't start dump without it. Also we need to return error like EINTR instead of ERESTART*, because we just can't simply restart dump ioctl. The reason is that dumpfile is already closed and we need to reopen it before calling dump ioctl second time. These bugs can be easily triggered on RH5 if we will run strace -f v...
OpenVZ teamOpenVZ team
70635a8ee1alinux-2.6.18-028stab036 released
Evgeny KravtsunovEvgeny Kravtsunov
5e9f9cb0886[PATCH] ebtables: ebtables_among fails on check() on x86-64ebtables module calls the checker ebt_among_check() that compares the correct size of user supplied data. Userspace size is calculated in the following way (ebtables-2.0.8-1): EBT_ALIGN(sizeof(struct ebt_among_info)) + X While kernel calculates size as: EBT_ALIGN(sizeof(struct ebt_among_info) + X) On x86_64 EBT_ALIGN does alignment on 8 bytes, so the problem arises. http://bugzilla.open...
Pavel EmelianovPavel Emelianov
33aba624cf6[PATCH] mmap returns EINVAL if len==0 mmap returns EINVAL when len==0, while old kernel behaviour is to return addr in this case.Though POSIX requires EINVAL in this case and it was fixed in mainstream around ~2.6.16, we still have to keep compatibility for some time with old stupid apps like rpm which did exactly this and expected success :/ Bug #83938, #74964
Andrey MirkinAndrey Mirkin
1fb2927cb86[PATCH] CPT: remove redundant kfree() Remove redundant kfree() call from open_deleted() function. Now ii is static structure and kfree on it leads to oops :/Bug #84173
OpenVZ teamOpenVZ team
b0dfaf1c671linux-2.6.18-028stab035 released
Kirill KorotaevKirill Korotaev
25f460a439a[PATCH] VE: fix another mispint. in NAT iptables bits split Fix another misprint in patch: [PATCH] Unalias VE_IP_NAT for ip_nat and iptable_nat modules (diff-ve-ip-nat-aliasing-20070605) God summer makes people inattentive :/i
OpenVZ teamOpenVZ team
a3d51c7f58clinux-2.6.18-028stab034.2 released
Alexandr AndreevAlexandr Andreev
ddd44fba2eb[PATCH] VE: ve0 processes intialization VE0 processes were initialized twice: - in copy_process() - in prepare_ve0_process() from init_ve_system()This is redundant and unneeded. Leading to wrong ve0.pcounter
OpenVZ teamOpenVZ team
2f0ccdc8bbflinux-2.6.18-028stab034 released
Kirill KorotaevKirill Korotaev
e62eca07ac9[PATCH] NFS: fix misprint in Den patch for lockdepFix misprint in Den patch for lockdep: [PATCH] nfs: AB-BA deadlock on rpc_sched_lock/queue->lock locks (diff-ms-nfs-schedlock-20070530)