[PATCH] BC: fix several issues in /proc/bcfind /proc/bc doesn't work with several errors reported.
Reasons:
1. getdents() sometimes returns EOVERFLOW due to sign expansion in
generated entries' inode numbers;
2. bc and subbc have equal generated inode numbers;
3. /proc/bc has broken (from find's POV) nlink count.
Fix it all.
[PATCH] initialize ve0.op_sem earlier ve0->op_sem has been initialized on vecalls modules loading, but nowdays can be used before vzmon during NFS initialization...Bug #86869
[PATCH] CBQ: fix unfairness when gettimeofday clock source is used sch_cbq with gettimeofday clock source has limit 2000000 usec for the idle (undertime) time. Therefore when we try to set bandwidth less than 10000 bits/s then sch_cbq doesn't work (idle time want to become about 4000000 usec).Triggered by RHEL5 which switched from jiffies clocksource to gettimeofday()
BTW, why? According to ANK this should work poorly, since
gettimeofday can take as much as 100 microseconds...
Bug #86375
[PATCH] Add exports for IPv6 compilation with new security checksAdd exports for IPv6 compilation with new security checks
introduced in Evgeniy Kravtsunov patch diff-ve-net-protocols-check-20070705
[PATCH] IPC: fix potential user leak When user locks an ipc shmem segmant with SHM_LOCK ctl and the segment is already locked the shmem_lock() function returns 0. After this the subsequent code leaks the existing user struct:== ipc/shm.c: sys_shmctl() ==
...
err = shmem_lock(shp->shm_file, 1, user);
if (!err) {
shp->shm_perm.mode |= SHM_LOCKED;
shp->mlock_user = user;
}
...
==
Other results of this are:
1. the new shp->mlock_user is not get-ed and will point to freed
memory when the task dies.
2. the RLIMIT_MEMLOCK is screwed on both user structs.
The exploit looks like thi...
[PATCH] net: excessive UDP lost on VE send path When tring to send big UDP packets from VE then other side receive about 60% of all IP fragmentated packets and about 10% of all UDP packets that was sent from VE. Fragmentated IP-packets are dropped on an ethernet interface because an interface's queue is full.The ethernet interface's queue get full as venet/veth device passes
fragmentated IP-packet with calling a sk_buff's destructor (by skb_orphan),
socket's buffer become free, although it
IP-packet isn't passed through the ethernet device.
Therefore bulk IP-packets are sent through venet/veth interface
that is much more than the real ethernet interface can transfer.
Decision:
venet/veth interface...
[PATCH] swiotlb: add missing phys_to_virt() callAdds missing call to phys_to_virt() in the
lib/swiotlb.c:swiotlb_sync_sg() function. Without this change, a kernel
panic will always occur whenever a SWIOTLB bounce buffer from a
scatter-gather list gets synced. Affected are especially Intel x86_64
machines with more than about 3 GB RAM.
Signed-off-by: David Moore <dcm@acm.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed...
When creating socket within VE the following ones are allowed:-----------------------------------------------------------------------------------
family | type | protocol
---------------------------------------------------------------------------------
PF_UNIX | |
PF_LOCAL | |
PF_PACKET | Any existing* | Any ex...
[PATCH] BC: aidband - uncharge UB pages before charging to PB By design we assume that page may be accounted only in UB or only in PB counter.Unfortunately this is not always true, and ATI driver does
some strange things like mmaping pages with PTEs to user space
(maybe it is even a security hole in ATI driver, who knows?)
So ATI driver exports pages via mmap(2) to userspace
which was already accounted in UB (pte pages are charged to kmemsize).
In this case accounting conflict happens and
BUG_ON(head->pb_magic != PB_MAGIC) is trigge...
[PATCH] BC: recharge vma if vm_flags changed after ->mmap() callSeveral device drivers (sigh... ATI) can change vm_flags
in their f_op->mmap method. Because of this mm->locked_vm
changed after f_op->mmap was called.
If ->vm_flags has been changed we have to recharge ub memory.
[PATCH] PaX: wakeup threshold limits If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes.(Bug reported by the PaX Team <pageexec@freemail.hu>)
Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
drivers/char/random.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
[NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index valuesChoices' index values may be out of range while still encoded in the fixed
length bit-field. This bug may cause access to undefined types (NULL
pointers) and thus crashes (Reported by Zhongling Wen).
This patch also adds checking of decode flag when decoding SEQUENCEs.
Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
[PATCH] VE: sys_getpgid/sid should depend on context sys_getpgid/sid() should return global pid of VE task if info is requisted from VE0 task. Actually, not critical, but still. let's fix it.Bug #85662
This patch ensures that VE is up and running during RPC connect. Thisstaff can be run as a schedule_work when all tasks has been dead.
http://bugzilla.openvz.org/show_bug.cgi?id=513
[PATCH] CPT: remove killing of external processes External processes can't be easily detected. Even if process has a virtual pid, it doesn't mean it has no any connectiions to VE0 like opened files/libraries etc.So remove this feature at all and return back as
it was - external processes should prevent from CPT.
Revert of the patches:
diff-cpt-kill-external-process-20070125
diff-cpt-kill-external-processes-b-20070515
[PATCH] IPv6 routing headers issueFrom: Thomas Graf <tgraf@redhat.com>
Backport of the fix to disallow RH0 by default. The original
upstream patch introduces a configuration option which breaks
kABI as it extends a struct which is embeded into another
public structure and is thus not acceptable as-is. Therefore
the decision has been made to disallow routing header type 0
in gernal for now, a configuration option to enable cert...
[PATCH] ipv6: ipv6_fl_socklist is inadvertently sharedFrom: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
The ipv6_fl_socklist from listening socket is inadvertently shared
with new socket created for connection. This leads to a variety of
interesting, but fatal, bugs. For example, removing one of the
sockets may lead to the other socket's encountering a page fault
when the now freed list is referenced.
The fix is to not share the flow label ...
[PATCH] netfilter: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHEDFrom: Patrick McHardy <kaber@trash.net>
The individual fragments of a packet reassembled by conntrack have the
conntrack reference from the reassembled packet attached, but nfctinfo
is not copied. This leaves it initialized to 0, which unfortunately is
the value of IP_CT_ESTABLISHED.
The result is that all IPv6 fragments are tracked as ESTABLISHED,
allowing them to bypass a usual ruleset whic...
[PATCH] netfilter: nfnetlink_log: fix possible NULL pointer dereferenceFrom: Michal Miroslaw <mirq-linux@rere.qmqm.pl>
Eliminate possible NULL pointer dereference in nfulnl_recv_config().
Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd16704eba171b32ef0cded3a4f562b33b911066
C...
[PATCH] netfilter: nfnetlink_log: fix crash on bridged packetFrom: Patrick McHardy <kaber@trash.net>
physoutdev is only set on purely bridged packet, when nfnetlink_log is
used in the OUTPUT/FORWARD/POSTROUTING hooks on packets forwarded from or to
a bridge it crashes when trying to dereference skb->nf_bridge->physoutdev.
Reported by Holger Eitzenberger <heitzenberger@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S....
[PATCH] autofs4: compat layer for x8664 autofs4 uses platform dependant protocol which has 'long' data types inside data structures which are passed to/from user-space via pipe (sic!)...Thanks to this 32bit autofs tools do not work with 64 bit kernel.
Bug #82040
[PATCH] jbd: remove_transaction fixWe have to check that also the second checkpoint list is non-empty before
dropping the transaction.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
http://bugzilla.openvz.org/show_bug.cgi?id=605
X-Git-Tag: v2.6.16-rc2~350
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=...
[PATCH] CPT: ignore user signals in kernel threadsUnder ptrace signals are not handled immediately and we have non-zero
shared_pending mask on current task, so fork() returns -ERESTARTNOINTR and
wait4() returns -ERESTARTSYS.
We need to block signals SIGCHLD, SIGWINCH, SIGCONT and SIGURG to be sure that
this signals will be ignored while kernel thread creation.
Bug #84412
[PATCH] netfilter: skb struct doesn't have nf_debug anymorenf_debug field is missing in modern kernels,
but in some places we still refer to it.
http://bugzilla.openvz.org/show_bug.cgi?id=627
[PATCH] reiserfs: fix key decrementingThis patch fixes a bug in function decrementing a key of stat data item.
Offset of reiserfs keys are compared as signed values. To set key offset
to maximal possible value maximal signed value has to be used.
This bug is responsible for severe reiserfs filesystem corruption which
shows itself as warning vs-13060. reiserfsck fixes this corruption by
filesystem tree rebuilding.
Signed-off-by...
[PATCH] venet: lots of spaces in /proc/vz/veinfo outputAfter introducing IPv6 support for venet device, field width for IP
addresses in /proc/vz/veinfo was increased from 15 to 39:
http://git.openvz.org/?p=linux-2.6.16-openvz;a=commitdiff;h=ddb2b95ff38b528f5def1bd4ae87108bf3fa6b7a
The output seems a bit ridiculous, when VE owns only IPv4 addresses: to
much strange spaces.
This patch corrects it and fixes the bug:
http://bugzilla.openvz.org/show_b...
[BRIDGE]: adding new device to bridge should enable if upPort of mainsteram patch:
[BRIDGE]: adding new device to bridge should enable if up
Aji Srinivas [Thu, 8 Mar 2007 00:10:53 +0000 (16:10 -0800)]
One change introduced by the workqueue removal patch is that adding an
interface that is up to a bridge which is also up does not ever call
br_stp_enable_port(), leaving the port in DISABLED state until we do
ifconfig down and up or link events occur.
...
[PATCH] bridge: race between br_del_if() and port_carrier_check() This patch eliminates a race between br_del_if() and port_carrier_check() which leads to the oops in the latter function. This patch is a port of 2 mainstream patches:[BRIDGE] br_if: Fix oops in port_carrier_check
Signed-off-by: Jarek Poplawski <jarkao2@o2.pl>
Acked-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit a10d567c89dfba90dde2e0515e25760fd74cde06
and
[BRIDGE]: eliminate workqueue for carrier check
Having a work queue for checking carrier leads to lots of race issues.
Simpler to ju...
[PATCH] CPT: check ctx->file for NULLWe need to be sure that dumpfile pointer (ctx->file) is not NULL, because we
can't start dump without it.
Also we need to return error like EINTR instead of ERESTART*, because we just
can't simply restart dump ioctl. The reason is that dumpfile is already
closed and we need to reopen it before calling dump ioctl second time.
These bugs can be easily triggered on RH5 if we will run
strace -f v...
[PATCH] ebtables: ebtables_among fails on check() on x86-64ebtables module calls the checker ebt_among_check()
that compares the correct size of user supplied data.
Userspace size is calculated in the following way (ebtables-2.0.8-1):
EBT_ALIGN(sizeof(struct ebt_among_info)) + X
While kernel calculates size as:
EBT_ALIGN(sizeof(struct ebt_among_info) + X)
On x86_64 EBT_ALIGN does alignment on 8 bytes, so the problem arises.
http://bugzilla.open...
[PATCH] mmap returns EINVAL if len==0 mmap returns EINVAL when len==0, while old kernel behaviour is to return addr in this case.Though POSIX requires EINVAL in this case and it was
fixed in mainstream around ~2.6.16, we still
have to keep compatibility for some time with old stupid
apps like rpm which did exactly this and expected success :/
Bug #83938, #74964
[PATCH] CPT: remove redundant kfree() Remove redundant kfree() call from open_deleted() function. Now ii is static structure and kfree on it leads to oops :/Bug #84173
[PATCH] VE: fix another mispint. in NAT iptables bits split Fix another misprint in patch: [PATCH] Unalias VE_IP_NAT for ip_nat and iptable_nat modules (diff-ve-ip-nat-aliasing-20070605) God summer makes people inattentive :/i
[PATCH] VE: ve0 processes intialization VE0 processes were initialized twice: - in copy_process() - in prepare_ve0_process() from init_ve_system()This is redundant and unneeded. Leading to wrong ve0.pcounter
[PATCH] NFS: fix misprint in Den patch for lockdepFix misprint in Den patch for lockdep:
[PATCH] nfs: AB-BA deadlock on rpc_sched_lock/queue->lock locks
(diff-ms-nfs-schedlock-20070530)
OpenVZ team
