Author | Commit | Message | Commit date | Issues | |
---|---|---|---|---|---|
OpenVZ team | ffc643a868f | linux-2.6.18-028stab039 released | |||
Pavel Emelianov | b52576cdab2 | [PATCH] BC: fix several issues in /proc/bcfind /proc/bc doesn't work with several errors reported. Reasons: 1. getdents() sometimes returns EOVERFLOW due to sign expansion in generated entries' inode numbers; 2. bc and subbc have equal generated inode numbers; 3. /proc/bc has broken (from find's POV) nlink count. Fix it all. | |||
Den Lunev | 8cae4b4d212 | [PATCH] initialize ve0.op_sem earlier ve0->op_sem has been initialized on vecalls modules loading, but nowdays can be used before vzmon during NFS initialization...Bug #86869 | |||
Vitaliy Gusev | 3540a4fb139 | [PATCH] CBQ: fix unfairness when gettimeofday clock source is used sch_cbq with gettimeofday clock source has limit 2000000 usec for the idle (undertime) time. Therefore when we try to set bandwidth less than 10000 bits/s then sch_cbq doesn't work (idle time want to become about 4000000 usec).Triggered by RHEL5 which switched from jiffies clocksource to gettimeofday() BTW, why? According to ANK this should work poorly, since gettimeofday can take as much as 100 microseconds... Bug #86375 | |||
Vitaliy Gusev | db70b1e448d | [PATCH] venet: compilation warning fixlabel "out" is not used anymore. Fix the warning. | |||
Vitaliy Gusev | f1e47798d31 | [PATCH] net: allow ethtool ops inside VEThis patch allows ethtool operations into VE with CAP_VE_NET_ADMIN capability. | |||
OpenVZ team | 50ea50abbd0 | linux-2.6.18-028stab038 released | |||
Kirill Korotaev | 0464370ef6a | [PATCH] Add exports for IPv6 compilation with new security checksAdd exports for IPv6 compilation with new security checks introduced in Evgeniy Kravtsunov patch diff-ve-net-protocols-check-20070705 | |||
Pavel Emelianov | fecd9e8bbb1 | [PATCH] IPC: fix potential user leak When user locks an ipc shmem segmant with SHM_LOCK ctl and the segment is already locked the shmem_lock() function returns 0. After this the subsequent code leaks the existing user struct:== ipc/shm.c: sys_shmctl() == ... err = shmem_lock(shp->shm_file, 1, user); if (!err) { shp->shm_perm.mode |= SHM_LOCKED; shp->mlock_user = user; } ... == Other results of this are: 1. the new shp->mlock_user is not get-ed and will point to freed memory when the task dies. 2. the RLIMIT_MEMLOCK is screwed on both user structs. The exploit looks like thi... | |||
Vasily Averin | ba0280aa64a | RHEL5 forget to apply last of our megaraid_mbox fixes: http://forum.openvz.org/index.php?t=msg&goto=14975From: Andrey Mirkin <amirkin@sw.ru> Date: Mon, 16 Oct 2006 08:08:43 +0000 (+0400) Subject: [PATCH] scsi: megaraid_{mm,mbox}: 64-bit DMA capability fix X-Git-Tag: v2.6.19-rc3~208 X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=8741ca71a3f626a56595b88200ebf952ce77ceef [PATCH] scsi: megaraid_{mm,mbox}: 64-bit DMA capability fix It is known... | |||
Den Lunev | 6b7dce37e94 | [PATCH] allow kthreads by default in VE (for NFS)This patch allows kernel threads by default inside VE. | |||
Vitaliy Gusev | 4f4e3df351a | [PATCH] net: excessive UDP lost on VE send path When tring to send big UDP packets from VE then other side receive about 60% of all IP fragmentated packets and about 10% of all UDP packets that was sent from VE. Fragmentated IP-packets are dropped on an ethernet interface because an interface's queue is full.The ethernet interface's queue get full as venet/veth device passes fragmentated IP-packet with calling a sk_buff's destructor (by skb_orphan), socket's buffer become free, although it IP-packet isn't passed through the ethernet device. Therefore bulk IP-packets are sent through venet/veth interface that is much more than the real ethernet interface can transfer. Decision: venet/veth interface... | |||
Alexandr Andreev | 2560eef765c | [PATCH]: small fix to compile kernel without VCPU support | |||
David Moore | 30eceb302c4 | [PATCH] swiotlb: add missing phys_to_virt() callAdds missing call to phys_to_virt() in the lib/swiotlb.c:swiotlb_sync_sg() function. Without this change, a kernel panic will always occur whenever a SWIOTLB bounce buffer from a scatter-gather list gets synced. Affected are especially Intel x86_64 machines with more than about 3 GB RAM. Signed-off-by: David Moore <dcm@acm.org> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed... | |||
Evgeny Kravtsunov | 7016a8463ca | When creating socket within VE the following ones are allowed:----------------------------------------------------------------------------------- family | type | protocol --------------------------------------------------------------------------------- PF_UNIX | | PF_LOCAL | | PF_PACKET | Any existing* | Any ex... | |||
Dmitriy Monakhov | ad146c228a5 | [PATCH] BC: aidband - uncharge UB pages before charging to PB By design we assume that page may be accounted only in UB or only in PB counter.Unfortunately this is not always true, and ATI driver does some strange things like mmaping pages with PTEs to user space (maybe it is even a security hole in ATI driver, who knows?) So ATI driver exports pages via mmap(2) to userspace which was already accounted in UB (pte pages are charged to kmemsize). In this case accounting conflict happens and BUG_ON(head->pb_magic != PB_MAGIC) is trigge... | |||
Dmitriy Monakhov | 6c1d090d6a0 | [PATCH] BC: recharge vma if vm_flags changed after ->mmap() callSeveral device drivers (sigh... ATI) can change vm_flags in their f_op->mmap method. Because of this mm->locked_vm changed after f_op->mmap was called. If ->vm_flags has been changed we have to recharge ub memory. | |||
Matt Mackall | 0e1125753fd | [PATCH] PaX: wakeup threshold limits If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes.(Bug reported by the PaX Team <pageexec@freemail.hu>) Cc: Theodore Tso <tytso@mit.edu> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> drivers/char/random.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) | |||
Jing Min Zhao | e92f79f9b3f | [NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index valuesChoices' index values may be out of range while still encoded in the fixed length bit-field. This bug may cause access to undefined types (NULL pointers) and thus crashes (Reported by Zhongling Wen). This patch also adds checking of decode flag when decoding SEQUENCEs. Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com> Signed-off-by: Patrick McHardy <kaber@trash.net> | |||
Kirill Korotaev | 91dbb635ea2 | [PATCH] VE: sys_getpgid/sid should depend on context sys_getpgid/sid() should return global pid of VE task if info is requisted from VE0 task. Actually, not critical, but still. let's fix it.Bug #85662 | |||
Den Lunev | d17ce516113 | This patch ensures that VE is up and running during RPC connect. Thisstaff can be run as a schedule_work when all tasks has been dead. http://bugzilla.openvz.org/show_bug.cgi?id=513 | |||
OpenVZ team | 12a67cd1783 | linux-2.6.18-028stab037 released | |||
Kirill Korotaev | 0fca96218bf | [PATCH] CPT: remove killing of external processes External processes can't be easily detected. Even if process has a virtual pid, it doesn't mean it has no any connectiions to VE0 like opened files/libraries etc.So remove this feature at all and return back as it was - external processes should prevent from CPT. Revert of the patches: diff-cpt-kill-external-process-20070125 diff-cpt-kill-external-processes-b-20070515 | |||
Vasily Tarasov | 0b38c5b7cff | [PATCH] IPv6 routing headers issueFrom: Thomas Graf <tgraf@redhat.com> Backport of the fix to disallow RH0 by default. The original upstream patch introduces a configuration option which breaks kABI as it extends a struct which is embeded into another public structure and is thus not acceptable as-is. Therefore the decision has been made to disallow routing header type 0 in gernal for now, a configuration option to enable cert... | CVE-2007 | ||
Vasily Tarasov | efb2059f0ba | [PATCH] ipv6: ipv6_fl_socklist is inadvertently sharedFrom: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp> The ipv6_fl_socklist from listening socket is inadvertently shared with new socket created for connection. This leads to a variety of interesting, but fatal, bugs. For example, removing one of the sockets may lead to the other socket's encountering a page fault when the now freed list is referenced. The fix is to not share the flow label ... | CVE-2007 | ||
Vasily Tarasov | 540a52a6916 | [PATCH] netfilter: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHEDFrom: Patrick McHardy <kaber@trash.net> The individual fragments of a packet reassembled by conntrack have the conntrack reference from the reassembled packet attached, but nfctinfo is not copied. This leaves it initialized to 0, which unfortunately is the value of IP_CT_ESTABLISHED. The result is that all IPv6 fragments are tracked as ESTABLISHED, allowing them to bypass a usual ruleset whic... | CVE-2007 | ||
Vasily Tarasov | d8a968675ac | [PATCH] netfilter: nfnetlink_log: fix NULL pointer dereferenceFrom: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Fix the nasty NULL dereference on multiple packets per netlink message. BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004 printing eip: f8a4b3bf *pde = 00000000 Oops: 0002 [#1] SMP Modules linked in: nfnetlink_log ipt_ttl ipt_REDIRECT xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 xt_state ipt_ipp2p xt_NFLOG xt_h... | CVE-2007 | ||
Vasily Tarasov | 9b5a6eeff2b | [PATCH] netfilter: nfnetlink_log: fix possible NULL pointer dereferenceFrom: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Eliminate possible NULL pointer dereference in nfulnl_recv_config(). Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd16704eba171b32ef0cded3a4f562b33b911066 C... | CVE-2007 | ||
Vasily Tarasov | 3285f160077 | [PATCH] netfilter: nfnetlink_log: fix crash on bridged packetFrom: Patrick McHardy <kaber@trash.net> physoutdev is only set on purely bridged packet, when nfnetlink_log is used in the OUTPUT/FORWARD/POSTROUTING hooks on packets forwarded from or to a bridge it crashes when trying to dereference skb->nf_bridge->physoutdev. Reported by Holger Eitzenberger <heitzenberger@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S.... | CVE-2007 | ||
Roman | a3aabeb9bdb | [PATCH] autofs4: compat layer for x8664 autofs4 uses platform dependant protocol which has 'long' data types inside data structures which are passed to/from user-space via pipe (sic!)...Thanks to this 32bit autofs tools do not work with 64 bit kernel. Bug #82040 | |||
Jan Kara | b061b4b5c7b | [PATCH] jbd: remove_transaction fixWe have to check that also the second checkpoint list is non-empty before dropping the transaction. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> http://bugzilla.openvz.org/show_bug.cgi?id=605 X-Git-Tag: v2.6.16-rc2~350 X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=... | |||
Andrey Mirkin | cef0d1083de | [PATCH] CPT: ignore user signals in kernel threadsUnder ptrace signals are not handled immediately and we have non-zero shared_pending mask on current task, so fork() returns -ERESTARTNOINTR and wait4() returns -ERESTARTSYS. We need to block signals SIGCHLD, SIGWINCH, SIGCONT and SIGURG to be sure that this signals will be ignored while kernel thread creation. Bug #84412 | |||
Alexey Dobriyan | 6d6917723f2 | [PATCH] proc: remove pathetic ->deleted WARN_ONWARN_ON(de && de->deleted); is sooo unreliable. Why? proc_lookup remove_proc_entry =========== ================= lock_kernel(); spin_lock(&proc_subdir_lock); [find proc entry] spin_unlock(&proc_subdir_lock); spin_lock(&proc_subdir_lock); [find proc entry] proc_get_inode ============== WARN_ON(de && de->deleted); ... if (!atomic_read(&de->count)) free_proc_entry(d... | |||
Vasily Tarasov | 572aa0a43fa | [PATCH] netfilter: wrong debug assertion in nat codeSimple compilation fix if NETFILTER_DEBUG is on | |||
Vasily Tarasov | 4201e9bf26f | [PATCH] netfilter: skb struct doesn't have nf_debug anymorenf_debug field is missing in modern kernels, but in some places we still refer to it. http://bugzilla.openvz.org/show_bug.cgi?id=627 | |||
Kirill Korotaev | 3ba4ba4e5f5 | [PATCH] reiserfs: fix key decrementingThis patch fixes a bug in function decrementing a key of stat data item. Offset of reiserfs keys are compared as signed values. To set key offset to maximal possible value maximal signed value has to be used. This bug is responsible for severe reiserfs filesystem corruption which shows itself as warning vs-13060. reiserfsck fixes this corruption by filesystem tree rebuilding. Signed-off-by... | |||
Vasily Tarasov | b8f357c77e0 | [PATCH] venet: lots of spaces in /proc/vz/veinfo outputAfter introducing IPv6 support for venet device, field width for IP addresses in /proc/vz/veinfo was increased from 15 to 39: http://git.openvz.org/?p=linux-2.6.16-openvz;a=commitdiff;h=ddb2b95ff38b528f5def1bd4ae87108bf3fa6b7a The output seems a bit ridiculous, when VE owns only IPv4 addresses: to much strange spaces. This patch corrects it and fixes the bug: http://bugzilla.openvz.org/show_b... | |||
Konstantin Khorenko | 0c95c9c9555 | [BRIDGE]: adding new device to bridge should enable if upPort of mainsteram patch: [BRIDGE]: adding new device to bridge should enable if up Aji Srinivas [Thu, 8 Mar 2007 00:10:53 +0000 (16:10 -0800)] One change introduced by the workqueue removal patch is that adding an interface that is up to a bridge which is also up does not ever call br_stp_enable_port(), leaving the port in DISABLED state until we do ifconfig down and up or link events occur. ... | |||
Konstantin Khorenko | f19a049b49e | [PATCH] bridge: race between br_del_if() and port_carrier_check() This patch eliminates a race between br_del_if() and port_carrier_check() which leads to the oops in the latter function. This patch is a port of 2 mainstream patches:[BRIDGE] br_if: Fix oops in port_carrier_check Signed-off-by: Jarek Poplawski <jarkao2@o2.pl> Acked-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net> commit a10d567c89dfba90dde2e0515e25760fd74cde06 and [BRIDGE]: eliminate workqueue for carrier check Having a work queue for checking carrier leads to lots of race issues. Simpler to ju... | |||
Andrey Mirkin | 03a9f52c84e | [PATCH] CPT: check ctx->file for NULLWe need to be sure that dumpfile pointer (ctx->file) is not NULL, because we can't start dump without it. Also we need to return error like EINTR instead of ERESTART*, because we just can't simply restart dump ioctl. The reason is that dumpfile is already closed and we need to reopen it before calling dump ioctl second time. These bugs can be easily triggered on RH5 if we will run strace -f v... | |||
OpenVZ team | 70635a8ee1a | linux-2.6.18-028stab036 released | |||
Evgeny Kravtsunov | 5e9f9cb0886 | [PATCH] ebtables: ebtables_among fails on check() on x86-64ebtables module calls the checker ebt_among_check() that compares the correct size of user supplied data. Userspace size is calculated in the following way (ebtables-2.0.8-1): EBT_ALIGN(sizeof(struct ebt_among_info)) + X While kernel calculates size as: EBT_ALIGN(sizeof(struct ebt_among_info) + X) On x86_64 EBT_ALIGN does alignment on 8 bytes, so the problem arises. http://bugzilla.open... | |||
Pavel Emelianov | 33aba624cf6 | [PATCH] mmap returns EINVAL if len==0 mmap returns EINVAL when len==0, while old kernel behaviour is to return addr in this case.Though POSIX requires EINVAL in this case and it was fixed in mainstream around ~2.6.16, we still have to keep compatibility for some time with old stupid apps like rpm which did exactly this and expected success :/ Bug #83938, #74964 | |||
Andrey Mirkin | 1fb2927cb86 | [PATCH] CPT: remove redundant kfree() Remove redundant kfree() call from open_deleted() function. Now ii is static structure and kfree on it leads to oops :/Bug #84173 | |||
OpenVZ team | b0dfaf1c671 | linux-2.6.18-028stab035 released | |||
Kirill Korotaev | 25f460a439a | [PATCH] VE: fix another mispint. in NAT iptables bits split Fix another misprint in patch: [PATCH] Unalias VE_IP_NAT for ip_nat and iptable_nat modules (diff-ve-ip-nat-aliasing-20070605) God summer makes people inattentive :/i | |||
OpenVZ team | a3d51c7f58c | linux-2.6.18-028stab034.2 released | |||
Alexandr Andreev | ddd44fba2eb | [PATCH] VE: ve0 processes intialization VE0 processes were initialized twice: - in copy_process() - in prepare_ve0_process() from init_ve_system()This is redundant and unneeded. Leading to wrong ve0.pcounter | |||
OpenVZ team | 2f0ccdc8bbf | linux-2.6.18-028stab034 released | |||
Kirill Korotaev | e62eca07ac9 | [PATCH] NFS: fix misprint in Den patch for lockdepFix misprint in Den patch for lockdep: [PATCH] nfs: AB-BA deadlock on rpc_sched_lock/queue->lock locks (diff-ms-nfs-schedlock-20070530) |
Commits
Author | Commit | Commit date | Issues | |
---|---|---|---|---|
OpenVZ team | ffc643a868f | |||
Pavel Emelianov | b52576cdab2 | |||
Den Lunev | 8cae4b4d212 | |||
Vitaliy Gusev | 3540a4fb139 | |||
Vitaliy Gusev | db70b1e448d | |||
Vitaliy Gusev | f1e47798d31 | |||
OpenVZ team | 50ea50abbd0 | |||
Kirill Korotaev | 0464370ef6a | |||
Pavel Emelianov | fecd9e8bbb1 | |||
Vasily Averin | ba0280aa64a | |||
Den Lunev | 6b7dce37e94 | |||
Vitaliy Gusev | 4f4e3df351a | |||
Alexandr Andreev | 2560eef765c | |||
David Moore | 30eceb302c4 | |||
Evgeny Kravtsunov | 7016a8463ca | |||
Dmitriy Monakhov | ad146c228a5 | |||
Dmitriy Monakhov | 6c1d090d6a0 | |||
Matt Mackall | 0e1125753fd | |||
Jing Min Zhao | e92f79f9b3f | |||
Kirill Korotaev | 91dbb635ea2 | |||
Den Lunev | d17ce516113 | |||
OpenVZ team | 12a67cd1783 | |||
Kirill Korotaev | 0fca96218bf | |||
Vasily Tarasov | 0b38c5b7cff | CVE-2007 | ||
Vasily Tarasov | efb2059f0ba | CVE-2007 | ||
Vasily Tarasov | 540a52a6916 | CVE-2007 | ||
Vasily Tarasov | d8a968675ac | CVE-2007 | ||
Vasily Tarasov | 9b5a6eeff2b | CVE-2007 | ||
Vasily Tarasov | 3285f160077 | CVE-2007 | ||
Roman | a3aabeb9bdb | |||
Jan Kara | b061b4b5c7b | |||
Andrey Mirkin | cef0d1083de | |||
Alexey Dobriyan | 6d6917723f2 | |||
Vasily Tarasov | 572aa0a43fa | |||
Vasily Tarasov | 4201e9bf26f | |||
Kirill Korotaev | 3ba4ba4e5f5 | |||
Vasily Tarasov | b8f357c77e0 | |||
Konstantin Khorenko | 0c95c9c9555 | |||
Konstantin Khorenko | f19a049b49e | |||
Andrey Mirkin | 03a9f52c84e | |||
OpenVZ team | 70635a8ee1a | |||
Evgeny Kravtsunov | 5e9f9cb0886 | |||
Pavel Emelianov | 33aba624cf6 | |||
Andrey Mirkin | 1fb2927cb86 | |||
OpenVZ team | b0dfaf1c671 | |||
Kirill Korotaev | 25f460a439a | |||
OpenVZ team | a3d51c7f58c | |||
Alexandr Andreev | ddd44fba2eb | |||
OpenVZ team | 2f0ccdc8bbf | |||
Kirill Korotaev | e62eca07ac9 |