[PATCH] netfilter: add ipt_hashlimit 32bit compat ipt_hashlimit doesn't have the compat function while its entry structure (ipt_hashlimit_info) requires it.The patch introduces compat function and fixes an oops
while trying to use ipt_hashlimit module from inside 32bit VE
on a 64bit host HN.
http://bugzilla.openvz.org/show_bug.cgi?id=707
[PATCH] netfilter: add xt_conntrack 32bit compatxt_conntrack doesn't have the compat function
while its entry structure (xt_conntrack_info) requires it.
[PATCH] netfilter: add xt_connmark 32bit compat ipt_connmark doesn't have the compat function while its entry structure (xt_connmark_info) requires it.Bug #93543
[PATCH] netfilter: add xt_CONNMARK 32bit compat xt_CONNMARK doesn't have the compat function while its entry structure (xt_connmark_target_info) requires it.Bug #93689
[PATCH] netfilter: add xt_MARK 32bit compatxt_MARK doesn't have the compat function while its entry
structure (xt_mark_target_info_v1) requires it.
Note: ipv6 correctness is not tested. TODO
Note 1:
/* Version 0 */
struct xt_mark_target_info {
unsigned long mark;
};
So the struct size differs for 32bit/64bit nodes, but mainstream does not have a compat for it.
ipv6 variant uses xt_mark_target_info (v0) so the testing will sho...
[NETFILTER]: ip_tables: fix compat related crash check_compat_entry_size_and_hooks iterates over the matches and calls
compat_check_calc_match, which loads the match and calculates the
compat offsets, but unlike the non-compat version, doesn't call
->checkentry yet. On error however it calls cleanup_matches, which in
turn calls ->destroy, which can result in crashes if the destroy
function (validly) expects to only get called after the ...
[PATCH] VE: virtualize ipt_recent Patch virtualizes ipt_recent module in the following way:1) Introduced struct ve_ipt_recent and corresponding _ipt_recent entry in
ve_struct. ve_ipt_recent contains global variables from ipt_recent module.
2) Functions init_ipt_recent, fini_ipt_recent implemented.
Current functions designed to be called from ipt_recent_init/fini and
ipt_recent_checkentry/destroy in purpose to alloc ve_ipt_recent
structure and initialize/cleanup _ipt_recent entry in...
[PATCH] CPT: TUN/TAP support in checkpointingNow live migration of VE with openvpn inside is supported.
1) tun/tap driver updated:
- Field void *bind_file added to tun_struct. Field is used for storing pointer
to open /dev/net/tun file. This pointer is to be written to dumpfile: on
restore it is necessary to carry out binding of created tun_struct to open
file /dev/net/tun.
2) dump:
- Introduced struct cpt_tuntap_image for storing...
[PATCH] CPT: fix compilation in case CONFIG_VE_IPTABLES=n With CONFIG_VE_IPTABLES off the following compilation error takes place:CONFIG_VE=y
CONFIG_VE_CALLS=m
CONFIG_VZ_GENCALLS=y
CONFIG_VE_NETDEV=m
CONFIG_VE_ETHDEV=m
CONFIG_VZ_DEV=m
CONFIG_VZ_WDOG=m
CONFIG_VZ_CHECKPOINT=m
......
CC [M] kernel/cpt/cpt_net.o
kernel/cpt/cpt_net.c: In function �cpt_dump_iptables�:
kernel/cpt/cpt_net.c:365: error: �struct ve_struct� has no member named
�_iptables_modules�
make[2]: *** [kernel/cpt/cpt_net.o] Error 1
make[1]: *** [kernel/cp...
[PATCH] fix oops in dump_trace() in NMI This patch fixes OOPS of dump_trace in NMI. If one is running 32 bit task and NMI tries to dump_stack() OOPS happens, since user space stack is tried to be dumped. Backport of patch from mainstream.Bug #93558
[PATCH] VE: mark venet as vlan-incapable Many places in vlan code assume ethernet underlying device, which is not working for venet. So mark vene as vlan-incapable.http://bugzilla.openvz.org/show_bug.cgi?id=703
[PATCH] x86-64: Fix ENOSYS in system call tracing This patch:- out of range system calls failing to return -ENOSYS under
system call tracing
[AK: split out from another patch by Jan as separate bugfix]
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andi Kleen <ak@suse.de>
cc7d479fe56133e79840beffe9cb4fd193af93aa
[PATCH] VE: introduce OVZ version in oops output and in /proc/vz/versionIntroduce OVZ-specific build version in /proc/vz/version file and print it in
oops messages. This should help OVZ developers to identify OVZ patch version in
different distros like Debian/ALTLinux.
[PATCH] VE: restore back find_task_by_pid() for ATI video driver find_task_by_pid_all() and macro find_task_by_pid() are returned back, since ATI binary driver is using it (what for???). Print a big warning when this function is used still.http://bugzilla.openvz.org/show_bug.cgi?id=634
[PATCH] grsecurity: fix compilation with GRSEC, but w/o GRSEC_TPEfix compilation with GRSEC, but w/o GRSEC_TPE config option.
http://bugzilla.openvz.org/show_bug.cgi?id=718
[PATCH] Fix boot code head.S warningWhen compiling a 64-bit kernel on an Ubuntu 6.06 32bit system (whose GCC is also
a cross-compiler for x86_64) I've seen that head.o is compiled as a 64-bit file
(while it should not) and ld complaining about this during linking:
[AK: it happens on all systems with new binutils]
ld: warning: i386:x86-64 architecture of input file
`arch/x86_64/boot/compressed/head.o' is incompatible with i386 ou...
[PATCH] fix NFS compilation when NFS_FS=n and NFSD=yWhen CONFIG_NFS_FS is disabled and CONFIG_NFSD is enabled in .config
the following compilation error occurs:
.....
CC [M] fs/lockd/host.o
fs/lockd/host.c: In function �nlm_bind_host�:
fs/lockd/host.c:204: error: �struct ve_struct� has no member named
�_nlmsvc_timeout�
make[2]: *** [fs/lockd/host.o] Error 1
make[1]: *** [fs/lockd] Error 2
make: *** [fs] Error 2
[PATCH] Fix compilation issues in vpid code Patch fixes compilation issue in kernel/pid.c: ... kernel/pid.c: In function 'free_pid': kernel/pid.c:197: error: dereferencing pointer to incomplete type kernel/pid.c: In function 'alloc_pid': kernel/pid.c:233: error: dereferencing pointer to incomplete type make[2]: *** [kernel/pid.o] Error 1 make[1]: *** [kernel] Error 2If linux/kmem_cache is not included kmem_cache type is undefined.
http://bugzilla.openvz.org/show_bug.cgi?id=689
[PATCH] ia64: fix kernel thread exit codeCPT during restore creates kernel thread to start iptables-restore.
On ia64 start_kernel_thread is used for kernel thread creation.
GLOBAL_ENTRY(start_kernel_thread)
.prologue
.save rp, r0 // this is the end of the
call-chain
.body
alloc r2 = ar.pfs, 0, 0, 2, 0
mov out0 = r9
mov out1 = r11;;
br.call.sptk.many rp...
[PATCH] Exit from OOMed process ASAP rather then dig in try_to_free_pages(). it can spend really lots of time in try_to_free_pages() (up to minutes), while process selected for OOM should die ASAP.Bug #79344
[PATCH] grsecurity: TPE feature This patch is a part of big grsecure-2.1.10 patch.This patch doesn't contain virtualization support,
and source code looks like original grsecure source as much as possible.
V2 - added TPE check in mmap()/mprotect()
V3 - removed exec_file; added grsec_lock feature
[PATCH] fix bust_spinlocks() race when doing Alt-SysRq-P via NMI IPI Fix bust_spinlocks() race when doing Alt-SysRq-P via NMI IPI smp_show_regs() function calls bust_spinlocks() which is not protected by any lock. Just call bust_spinlocks() under smp_show_regs lock.Bug #92669
[PATCH] hide global /proc/asound entry from VEcreate_proc_entry() in sound/core/info.c is called with
gobal parent == &proc_root, thus /proc/asound is global.
Make it VE0 local.
Bug #92723
[PATCH] mangle devname in /proc/mounts only for OVZ specific simfs We used to hide devname in /proc/mounts to prevent leaking HN-node information to the VE. Actually only VZ specifics should be hidden, i.e. simfs root. All other information can be shown as is.And the fix is actually required for NFS. its umount scripts
goes crazy when can't read real NFS server mount information.
Bug #87637
[CPT] changes to core required to checkpoint sysv msg queues1. "Standard" set, like SHM and SEM: sysvipc_walk_msg, sysvipc_setup_msg,
additional arqument to newque() to pass ipc id.
2. Two new exports: sysv_msg_store, sysv_msg_load.
The structure is enough weird to deal with it inside CPT.
[PATCH] virtualization of sysv msg queues was incomplete Two variables visible from userspace were global, let's make them per-namespace.Signed-Off-By: Alexey Kuznetsov <alexey@openvz.org>
Signed-Off-By: Kirill Korotaev <dev@openvz.org>
[PATCH] don't mmap zero pages for /dev/zero in advance In current implementation mmap_zero() immedeately mmaps zero page to the whole /dev/zero vma and thus allocates/pollutes all pte's. This is actually not required and can be dangerous if vma is very big.For CPT we do not need such "optimization",
as we can set vm_ops on this vma and return zero page on demand.
Bug #91769
[PATCH] fix dump_trace() when called from NMI For x86_64 architecture NMI interrupt handler (do_NMI) uses exception stack. When show_regs() is called from NMI handler then pt_regs is in the bottom of exception stack (unlike to do_IRQ). show_regs() passes pointer of the traced stack to the show_trace() function which points to the bottom of the exception stack. Therefore problem occurs when try...This patch adjusts pointer of the traced stack so as it doesn't point to the
bottom of the exception stack.
Bugs #91201
[PATCH] CPT: fix restore of process start timeDue to stupid misprint processes start_time were restored incorrectly.
When we restore start_time of process we should sum up value from image with
VE start time. During checkpoint we save to the image relative process
start_time (process start_time - VE start_time).