Author | Commit | Message | Commit date | Issues | |
---|---|---|---|---|---|
OpenVZ team | cb83d0360de | linux-2.6.18-028test018 released | |||
Evgeny Kravtsunov | b9bff58fc99 | Missed ve context switch in NFS RPC code.pipefs switches the context to ve0 and never returns to ve context. Such a situation takes place in __rpc_execute (net/sunrpc/sched.c) and svc_recvfrom (net/sunrpc/svcsock.c) functions. This causes oops on starting ve in case when ve private area is placed on nfs partition. | |||
Vasiliy Averin | 156048b79ad | ext3 error behavior was broken in linux kernels since 2.5.x versions by the following patch:2002/10/31 02:15:26-05:00 tytso@snap.thunk.org Default mount options from superblock for ext2/3 filesystems http://linux.bkbits.net:8080/linux-2.6/gnupatch@3dc0d88eKbV9ivV4ptRNM8fBuA3JBQ In case ext3 file system is mounted with errors=continue (EXT3_ERRORS_CONTINUE) errors should be ignored when possible. However at present in case of any error kernel aborts journal and remounts filesystem to ... | |||
Vasily Tarasov | 67e1668cb46 | task puts UBC before the task becomes invisible for all (e.g. /proc),thus a task can be found on the list without exec_env/owner_env which should not happen. Introduced by diff-ubc-dont-uncharge-in-RCU-20070212 | RCU-20070212 | ||
Dmitry Mishin | 06d911fb785 | EXT3_ERRORS_CONTINUE should be taken from the superblock as default value for error behaviour.Signed-off-by: Dmitry Mishin <dim@openvz.org> Acked-by: Vasily Averin <vvs@sw.ru> Acked-by: Kirill Korotaev <dev@openvz.org> | |||
Vasily Averin | 5b12b303de2 | EXT2_ERRORS_CONTINUE should be read from the sb as default error behaviour. parse_option() should clean the alternative options and should not change default value taken from the superblock.Signed-off-by: Vasily Averin <vvs@sw.ru> Acked-by: Kirill Korotaev <dev@openvz.org> | |||
Kirill Korotaev | d7d8cf0c663 | Revert diff-ms-ext3-retries-20061109 until all the issues are resolved. | |||
Kir Kolyshkin | b3b2f114059 | Patch from mainstream: [SPARC64]: Fix Tomatillo/Schizo IRQ handling.The code in schizo_irq_trans_init() should set irq_data->sync_reg to the location of the SYNC register if this is Tomatillo, and set it to zero otherwise. But that is not what it is doing. As a result, non-Tomatillo systems were trying to access a non-existent register resulting in bus errors at the first PCI interrupt. Thanks to Roland Stigge for the bug report. Signed-off-by: David S. Mil... | |||
Alexey Dobriyan | 6bcea8c4c35 | Same story as with p4-clockmod. Driver does set_cpus_allowed(cpu), then checks for smp_processor_id() being equal to "cpu".http://bugzilla.openvz.org/show_bug.cgi?id=467 | |||
OpenVZ team | 6d6cd5dd70fM | Merge git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.18.y | |||
Greg Kroah-Hartman | 299a2479bca | Linux 2.6.18.8 | |||
Hugh Dickins | b3008f65500 | fix umask when noACL kernel meets extN tuned for ACLsFix insecure default behaviour reported by Tigran Aivazian: if an ext2 or ext3 filesystem is tuned to mount with "acl", but mounted by a kernel built without ACL support, then umask was ignored when creating inodes - though root or user has umask 022, touch creates files as 0666, and mkdir creates directories as 0777. This appears to have worked right until 2.6.11, when a fix to the default mo... | |||
Badari Pulavarty | 4f1e627105e | Fix for shmem_truncate_range() BUG_ON()Ran into BUG() while doing madvise(REMOVE) testing. If we are punching a hole into shared memory segment using madvise(REMOVE) and the entire hole is below the indirect blocks, we hit following assert. BUG_ON(limit <= SHMEM_NR_DIRECT); Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: ... | |||
Hugh Dickins | f102c840f7f | make ppc64 current preempt-safeRepeated -j20 kernel builds on a G5 Quad running an SMP PREEMPT kernel would often collapse within a day, some exec failing with "Bad address". In each case examined, load_elf_binary was doing a kernel_read, but generic_file_aio_read's access_ok saw current->thread.fs.seg as USER_DS instead of KERNEL_DS. objdump of filemap.o shows gcc 4.1.0 emitting "mr r5,r13 ... ld r9,416(r5)" here for get_p... | |||
Hugh Dickins | 700019f9fea | fix msync error on unmapped areaFix the 2.6.18 sys_msync to report -ENOMEM correctly when an unmapped area falls within its range, and not to overshoot: to satisfy LSB 3.1 tests and to fix Debian Bug#394392. Took the 2.6.19 sys_msync as starting point (including its cleanup of repeated "current->mm"s), reintroducing the msync_interval and balance_dirty_pages_ratelimited_nr needed in 2.6.18. The misbehaviour fixed here may n... | |||
Hugh Dickins | dbee2bf2f31 | read_zero_pagealigned() locking fixRamiro Voicu hits the BUG_ON(!pte_none(*pte)) in zeromap_pte_range: kernel bugzilla 7645. Right: read_zero_pagealigned uses down_read of mmap_sem, but another thread's racing read of /dev/zero, or a normal fault, can easily set that pte again, in between zap_page_range and zeromap_page_range getting there. It's been wrong ever since 2.4.3. The simple fix is to use down_write instead, but tha... | |||
Linus Torvalds | d84ad2cb50b | Fix incorrect user space access locking in mincore() (CVE-2006-4814)Doug Chapman noticed that mincore() will doa "copy_to_user()" of the result while holding the mmap semaphore for reading, which is a big no-no. While a recursive read-lock on a semaphore in the case of a page fault happens to work, we don't actually allow them due to deadlock schenarios with writers due to fairness issues. Doug and Marcel sent in a patch to fix it, but I decided to just rewri... | CVE-2006 | ||
Paolo 'Blaisorblade' Giarrusso | 45cbffd7b28 | x86_64: fix 2.6.18 regression - PTRACE_OLDSETOPTIONS should be acceptedAlso PTRACE_OLDSETOPTIONS should be accepted, as done by kernel/ptrace.c and forced by binary compatibility. UML/32bit breaks because of this - since it is wise enough to use PTRACE_OLDSETOPTIONS to be binary compatible with 2.4 host kernels. Until 2.6.17 (commit f0f2d6536e3515b5b1b7ae97dc8f176860c8c2ce) we had: default: return sys_ptrace(request, pid, addr, data); Ins... | |||
Oleg Nesterov | 6a6a0294c14 | V4L: buf_qbuf: fix videobuf_queue->stream corruption and lockupWe are doing ->buf_prepare(buf) before adding buf to q->stream list. This means that videobuf_qbuf() should not try to re-add a STATE_PREPARED buffer. (cherry picked from commit 419dd8378dfa32985672ab7927b4bc827f33b332) Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: ... | |||
Michael Krufky | 0761fceaf46 | V4L: tveeprom: autodetect LG TAPC G701D as tuner type 37Autodetect LG TAPC G701D as tuner type 37, fixing mis-detected tuners in some Hauppauge tv tuner cards. Thanks to Adonis Papas, for pointing this out. (cherry picked from commit 1323fbda1343f50f198bc8bd6d1d59c8b7fc45bf) Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |||
Martin Samuelsson | bd732136cab | V4L: fix ks0127 status flagsOr status flags together in DECODER_GET_STATUS instead of and-zapping them. (cherry picked from commit 55d5440d4587454628a850ce26703639885af678) Signed-off-by: Martin Samuelsson <sam@home.se> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Greg Kroah-Hartman <gregkh@sus... | |||
Grant Likely | d828fc9efb2 | V4L: Fix quickcam communicator driver for big endian architecturesHost endianess does not affect the order that pixel rgb data comes in from the quickcam (the values are bytes, not words or longs). The driver is erroniously swapping the order of rgb values for big endian machines. This patch is needed get the Quickcam communicator working on big endian machines (tested on powerpc) (cherry picked from commit c6d704c8c4453f05717ba88792f70f8babf95268) Signed... | |||
Jean Delvare | 7be1d0e5a34 | v4l: cx88: Fix leadtek_eeprom taggingreference to .init.text: from .text between 'cx88_card_setup' (at offset 0x68c) and 'cx88_risc_field' Caused by leadtek_eeprom() being declared __devinit and called from a non-devinit context. (cherry picked from commit 69f7e75a9d45e5eaca16917a8d0dedf76149f13f) Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Ch... | |||
Hans Verkuil | bdc752eef3a | v4l: cx2341x audio_properties is an u16, not u8This bug broke the MPEG audio mode controls. (cherry picked from commit cb2c7b4927c8f376b7ba9557978d8c59ed472664) Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |||
Ang Way Chuang | b030914a398 | dvb-core: fix bug in CRC-32 checking on 64-bit systemsCRC-32 checking during ULE decapsulation always failed on x86_64 systems due to the size of a variable used to store CRC. This bug was discovered on Fedora Core 6 with kernel-2.6.18-1.2849. The i386 counterpart has no such problem. This patch has been tested on 64-bit system as well as 32-bit system. (cherry picked from commit dedcefb085fe98a1feaf63590fe2fc7e0ecb1987) Signed-off-by: Ang Way C... | CRC-32 | ||
Roland Dreier | a385297dc19 | IB/mad: Fix race between cancel and receive completionWhen ib_cancel_mad() is called, it puts the canceled send on a list and schedules a "flushed" callback from process context. However, this leaves a window where a receive completion could be processed before the send is fully flushed. This is fine, except that ib_find_send_mad() will find the MAD and return it to the receive processing, which results in the sender getting both a successful re... | |||
Eric Sandeen | 78b8ebb89af | hfs_fill_super returns success even if no root inode (CVE-2006-6056)http://kernelfun.blogspot.com/2006/11/mokb-14-11-2006-linux-26x-selinux.html mount that image... fs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only. hfs: get root inode failed. BUG: unable to handle kernel NULL pointer dereference at virtual address 00000018 printing eip ... EIP is at superblock_doinit+0x21/0x767 ... [] selinux_sb_kern_mount+0xc/0x... | CVE-2006 | ||
Andrew Morton | 0fc7b9055c2 | grow_buffers() infinite loop fix (CVE-2006-5757, CVE-2006-6060)If grow_buffers() is for some reason passed a block number which wants to lie outside the maximum-addressable pagecache range (PAGE_SIZE * 4G bytes) then it will accidentally truncate `index' and will then instnatiate a page at the wrong pagecache offset. This causes __getblk_slow() to go into an infinite loop. This can happen with corrupted disks, or with software errors elsewhere. Detect t... | CVE-2006 | ||
Dirk Eibach | 6ce115c0d88 | i2c: fix broken ds1337 initializationOn a custom board with ds1337 RTC I found that upgrade from 2.6.15 to 2.6.18 broke RTC support. The main problem are changes to ds1337_init_client(). When a ds1337 recognizes a problem (e.g. power or clock failure) bit 7 in status register is set. This has to be reset by writing 0 to status register. But since there are only 16 byte written to the chip and the first byte is interpreted as an a... | |||
Roland Dreier | e7aaff7bdaa | IB/srp: Fix FMR mapping for 32-bit kernels and addresses above 4Gstruct srp_device.fmr_page_mask was unsigned long, which means that the top part of addresses above 4G was being chopped off on 32-bit architectures. Of course nothing good happens when data from SRP targets is DMAed to the wrong place. Fix this by changing fmr_page_mask to u64, to match the addresses actually used by IB devices. Thanks to Brian Cain <Brian.Cain@ge.com> and David McMillen <d... | |||
Tejun Heo | d797d17f156 | SCSI: add missing cdb clearing in scsi_execute()Clear-garbage-after-CDB patch missed scsi_execute() and it causes some ODDs (HL-DT-ST DVD-RAM GSA-H30N) choke during SCSI scan. Note that this patch is only for -stable. There is another more reliable fix for this problem proposed for devel tree. http://thread.gmane.org/gmane.linux.ide/14605/focus=14605 Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Jens Axboe <jens.axboe@oracle.com> Cc: D... | |||
Andi Kleen | ff6e642fe5f | Don't leak NT bit into next taskSYSENTER can cause a NT to be set which might cause crashes on the IRET in the next task. Following similar i386 patch from Linus. Signed-off-by: Andi Kleen <ak@suse.de> [backport from Chuck Ebbert] Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |||
Michael Buesch | abf95418101 | bcm43xx: Fix for oops on ampdu statusIf bcm43xx were to process an afterburner (ampdu) status response, Linux would oops. The ampdu and intermediate status bits are properly named. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |||
Larry Finger | 0ae4320544a | bcm43xx: Fix for oops on resumeThere is a kernel oops on bcm43xx when resuming due to an overly tight timeout loop. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |||
Greg Kroah-Hartman | c6918c40326 | Linux 2.6.18.7 | |||
Greg Banks | 48f51fc2631 | [PATCH] Fix a free-wrong-pointer bug in nfs/acl server (CVE-2007-0772)Due to type confusion, when an nfsacl verison 2 'ACCESS' request finishes and tries to clean up, it calls fh_put on entiredly the wrong thing and this can cause an oops. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | CVE-2007 | ||
Alexandr Andreev | 5b35caf70e3 | Over uncharged privvmpages in 32bit VE on x86_64do_mremap: wrong type for len variable is used. | |||
Vasily Tarasov | 93ced4150f6 | Replace wrong rcu_lock by rcu_unlock028test015 preemptive OpenVZ kernels doesn't work properly. The symptoms are the following: 1) vzctl enter <veid> entered into VE <veid> exited from VE <veid> 2) "note: bash[13467] exited with preempt_count 2" in dmesg 3) bash in VE is killed by SIGSEGV. Bug is introduced by http://git.openvz.org/?p=linux-2.6.18-openvz;a=commitdiff;h=7ee2d8bf6a7098ed92e37b71a9b7a8a2af3be7fa http://bugzilla... | |||
OpenVZ team | c36845d0d52 | linux-2.6.18-028test017 released | |||
Den Lunev | e8fcc6e12da | Change default for per/UB TW buckets limitationshttp://bugzilla.openvz.org/show_bug.cgi?id=460 | |||
Pavel Emelianov | 62d05b98ed3 | [BC] Don't uncharge resources in RCU callbacksFiles and tasks can be uncharged in RCU in 2.6.18 kernel. Though we've fixed all the problems we had with it it's bad to keep doing this as resource may be freed with uncertain delay. Kmem objects are still uncharged with RCU but there's nothing that can be done about it. | |||
Pavel Emelianov | e029fb83c8d | [BC] Fix uncharging of privvmpages on error pathWhen loading ia32 binaries on x86_64 wrong value was used to roll back arg pages charging - fixed | |||
Pavel Emelianov | 595781f1ed6 | [BC] Fix compilation warning in ub_proc.c... kernel/ub/ub_proc.c: In function 'bc_entry_open': kernel/ub/ub_proc.c:249: warning: cast from pointer to integer of different size We store 32bit bcid in void * member. This is ok but we mast take some actions to make gcc happy. | |||
Evgeny Kravtsunov | 63d81e9bafd | Bad inode -EIO screwup. CVE-2006-5753 ported from mainstream.Original comments (by Eric Sandeen): The problem here is that the void cast causes return types to not be promoted, and for ops such as listxattr which expect more than 32 bits of return value, the 32-bit -EIO is interpreted as a large positive 64-bit number, i.e. 0x00000000fffffffa instead of 0xfffffffa. This goes particularly badly when the return value is taken as a number of bytes to ... | CVE-2006 | ||
Alexey Dobriyan | 9d000ed181f | [CPT] use BUILD_BUG_ON() where appropriateBUILD_BUG_ON() will break compilation if condition in question is triggered and, OTOH, expands to zero runtime code. | |||
Pavel Emelianov | 64ff3996c4a | [BC] Return ENOMEM if pty charge failsIt turned out that if glibc's openpty() call can't open /dev/ptmx file due to ENOENT or ENODEV error it starts thinking that ptmx is not present in the system at all and doesn't even try to open it in the future. This creates a local DoS: when VE hits UB_NUMPTY limit no /dev/ptmx will be opened ever after even if all ptys will be closed. Fix this be returning ENOMEM instead. | |||
Evgeny Kravtsunov | 63f1ecae912 | [SIMFS] get lower vfsmount on simfs mountThis prevents lower FS from being umounted while simfs is mounted. http://bugzilla.openvz.org/show_bug.cgi?id=451 | |||
Alexey Dobriyan | dfa746a12b2 | Introduce and use for_each_ve()Simple iterator hiding VE list head name (ve_list_head) and struct member name (ve_list). | |||
Andrey Mirkin | 3efd1ee3297 | Unresolved symbols should abort build. | |||
Pavel Emelianov | 2854e70a478 | IPC walking symbols are VE-related, not CPT. |
Commits
Author | Commit | Commit date | Issues | |
---|---|---|---|---|
OpenVZ team | cb83d0360de | |||
Evgeny Kravtsunov | b9bff58fc99 | |||
Vasiliy Averin | 156048b79ad | |||
Vasily Tarasov | 67e1668cb46 | RCU-20070212 | ||
Dmitry Mishin | 06d911fb785 | |||
Vasily Averin | 5b12b303de2 | |||
Kirill Korotaev | d7d8cf0c663 | |||
Kir Kolyshkin | b3b2f114059 | |||
Alexey Dobriyan | 6bcea8c4c35 | |||
OpenVZ team | 6d6cd5dd70fM | |||
Greg Kroah-Hartman | 299a2479bca | |||
Hugh Dickins | b3008f65500 | |||
Badari Pulavarty | 4f1e627105e | |||
Hugh Dickins | f102c840f7f | |||
Hugh Dickins | 700019f9fea | |||
Hugh Dickins | dbee2bf2f31 | |||
Linus Torvalds | d84ad2cb50b | CVE-2006 | ||
Paolo 'Blaisorblade' Giarrusso | 45cbffd7b28 | |||
Oleg Nesterov | 6a6a0294c14 | |||
Michael Krufky | 0761fceaf46 | |||
Martin Samuelsson | bd732136cab | |||
Grant Likely | d828fc9efb2 | |||
Jean Delvare | 7be1d0e5a34 | |||
Hans Verkuil | bdc752eef3a | |||
Ang Way Chuang | b030914a398 | CRC-32 | ||
Roland Dreier | a385297dc19 | |||
Eric Sandeen | 78b8ebb89af | CVE-2006 | ||
Andrew Morton | 0fc7b9055c2 | CVE-2006 | ||
Dirk Eibach | 6ce115c0d88 | |||
Roland Dreier | e7aaff7bdaa | |||
Tejun Heo | d797d17f156 | |||
Andi Kleen | ff6e642fe5f | |||
Michael Buesch | abf95418101 | |||
Larry Finger | 0ae4320544a | |||
Greg Kroah-Hartman | c6918c40326 | |||
Greg Banks | 48f51fc2631 | CVE-2007 | ||
Alexandr Andreev | 5b35caf70e3 | |||
Vasily Tarasov | 93ced4150f6 | |||
OpenVZ team | c36845d0d52 | |||
Den Lunev | e8fcc6e12da | |||
Pavel Emelianov | 62d05b98ed3 | |||
Pavel Emelianov | e029fb83c8d | |||
Pavel Emelianov | 595781f1ed6 | |||
Evgeny Kravtsunov | 63d81e9bafd | CVE-2006 | ||
Alexey Dobriyan | 9d000ed181f | |||
Pavel Emelianov | 64ff3996c4a | |||
Evgeny Kravtsunov | 63f1ecae912 | |||
Alexey Dobriyan | dfa746a12b2 | |||
Andrey Mirkin | 3efd1ee3297 | |||
Pavel Emelianov | 2854e70a478 |