OpenVZ-legacy
  1. OpenVZ-legacy

linux-2.6.24-openvz

Public
AuthorCommitMessageCommit dateIssues
OpenVZ teamPavel EmelyanovOpenVZ team
a393083829clinux-2.6.24-ovz007 released
Konstantin KhlebnikovPavel EmelyanovKonstantin Khlebnikov
93bfe3d113ave: sanitize capability checks for namespaces creationThe existing hard checking for namespaces mask is too bad. The intention was to ban namespaces creation for containers, but there aready exists a proper security mechanism to govern this question. Switch to existing capability-driven policy, thus allowing for namespaces creation from the HN. http://bugzilla.openvz.org/show_bug.cgi?id=1113 Signed-off-by: Konstantin Khlebnikov <khlebnikov@open...
Denis V. LunevPavel EmelyanovDenis V. Lunev
0c0e68ceffeNFS: NFS super blocks in different VEs should be differentNFS: NFS super blocks in different VEs should be different Teach nfs_compare_super to this #265926 Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Konstantin KhlebnikovPavel EmelyanovKonstantin Khlebnikov
39f57fe7c81net: init init_net ve owner (to ve0)http://bugzilla.openvz.org/show_bug.cgi?id=1128 Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Denis V. LunevPavel EmelyanovDenis V. Lunev
8caa941fe7bnetns: enable cross-ve Unix socketsSigned-off-by: Denis V. Lunev <den@openvz.org>
Pavel EmelyanovPavel Emelyanov
3d1a1f11068netlink: Fix oops in netlink conntrack moduleIf we load conntrack modules after ve start one pointer on ve_struct is NULL and accessing it causes an oops. This is handled in most of the places, but the netlink interface. Fix this one as well. http://bugzilla.openvz.org/show_bug.cgi?id=788 Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Vitaliy GusevPavel EmelyanovVitaliy Gusev
daddc1f5de4net: set ve context when init/exit method is calledBoth pernet init and exit methods are called: - from VE context when VE is created; - from VE0 context if module registers pernet operations This difference in approches leads to many nasty things, since the init callback can be actually called with wrong exec_env. Unify both approaches. Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Vitaliy GusevPavel EmelyanovVitaliy Gusev
1d6bf20f29fСPT: Use sock_create instead sock_create_kernsock_create_kern() uses init_net as default net namespace. Therefore sockets and net devices are belonged to init_net, though must belong to current net namespace. Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Miklos SzerediPavel EmelyanovMiklos Szeredi
5565cf57adanet: unix: fix inflight counting bug in garbage collectorPreviously I assumed that the receive queues of candidates don't change during the GC. This is only half true, nothing can be received from the queues (see comment in unix_gc()), but buffers could be added through the other half of the socket pair, which may still have file descriptors referring to it. This can result in inc_inflight_move_tail() erronously increasing the "inflight" counter fo...
David MillerPavel EmelyanovDavid Miller
bb8837f4c1dnet: Fix recursive descent in __scm_destroy().__scm_destroy() walks the list of file descriptors in the scm_fp_list pointed to by the scm_cookie argument. Those, in turn, can close sockets and invoke __scm_destroy() again. There is nothing which limits how deeply this can occur. The idea for how to fix this is from Linus. Basically, we do all of the fput()s at the top level by collecting all of the scm_fp_list objects hit by an fput()....
Konstantin KhlebnikovPavel EmelyanovKonstantin Khlebnikov
d54ea2a06c5Fix wrong size of ub0_percpuThe struct percpu_data dynamically allocated and have array only for 1 cpu, so static usage of it does not work. Plus rework macros for static percpu variables declaration and initialization. http://bugzilla.openvz.org/show_bug.cgi?id=1039 Singed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Konstantin KhlebnikovPavel EmelyanovKonstantin Khlebnikov
750be8457d8sunrpc: fix lost set_exec_env-back and unlock the op_semAny NFS connect over TCP-IPv4 from VE block VE stop process. This patch add missed unlock op_sem and set_exec_env. http://bugzilla.openvz.org/show_bug.cgi?id=1007 (picked from openvz ubuntu branch patch 0145-VE-add-missed-semaphore-up-and-set-exec-env.patch 2.6.18 not affected, 2.6.26+ already fixed by den@)
OpenVZ teamPavel EmelyanovOpenVZ team
9534606693flinux-2.6.24-ovz006 released
David S. MillerKonstantin KhlebnikovDavid S. Miller
ef84a771e3b[NET]: sk_release_kernel needs to be exported to modulesFixes: ERROR: "sk_release_kernel" [net/ipv6/ipv6.ko] undefined! Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 45af1754bc09926b5e062bda24f789d7b320939f)
Denis V. LunevKonstantin KhlebnikovDenis V. Lunev
9c9b8a79d90[NET]: Make netlink_kernel_release publically available as sk_release_kernel.This staff will be needed for non-netlink kernel sockets, which should also not pin a namespace like tcp_socket and icmp_socket. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit edf0208702007ec1f6a36756fdd005f771a4cf17)
Denis V. LunevKonstantin KhlebnikovDenis V. Lunev
99dfe5490d4[NETLINK]: No need for a separate __netlink_release call.Merge it to netlink_kernel_release. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 9dfbec1fb2bedff6b118504055cd9f0485edba45)
Pavel EmelyanovKonstantin KhlebnikovPavel Emelyanov
19b9fdf565d[NETNS]: Fix race between put_net() and netlink_kernel_create().The comment about "race free view of the set of network namespaces" was a bit hasty. Look (there even can be only one CPU, as discovered by Alexey Dobriyan and Denis Lunev): put_net() if (atomic_dec_and_test(&net->refcnt)) /* true */ __put_net(net); queue_work(...); /* * note: the net now has refcnt 0, but still in * the global list of net namespaces */ == re-schedule ...
Denis V. LunevKonstantin KhlebnikovDenis V. Lunev
04fd8abede6[NETNS]: Namespace stop vs 'ip r l' race.backport mainline commit 775516bfa2bd7993620c9039191a0c30b8d8a496 During network namespace stop process kernel side netlink sockets belonging to a namespace should be closed. They should not prevent namespace to stop, so they do not increment namespace usage counter. Though this counter will be put during last sock_put. The raplacement of the correct netns for init_ns solves the problem only ...
Denis V. LunevKonstantin KhlebnikovDenis V. Lunev
c7b6f3ae6d0[NETNS]: Consolidate kernel netlink socket destruction.backport mainline commit b7c6ba6eb1234e35a74fb8ba8123232a7b1ba9e4 Create a specific helper for netlink kernel socket disposal. This just let the code look better and provides a ground for proper disposal inside a namespace. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. LunevKonstantin KhlebnikovDenis V. Lunev
23455248263[NETNS]: Double free in netlink_release.Netlink protocol table is global for all namespaces. Some netlink protocols have been virtualized, i.e. they have per/namespace netlink socket. This difference can easily lead to double free if more than 1 namespace is started. Count the number of kernel netlink sockets to track that this table is not used any more. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <ado...
Denis V. LunevPavel EmelyanovDenis V. Lunev
4d92a24aa85[UBC]: Double free for UDP socket akaThe socket resided in UB space waiting queue could be released. In this case ub_snd_wakeup running on the another CPU could hold/release that socket effectively hitting 0 refcounter second time. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Denis V. LunevPavel EmelyanovDenis V. Lunev
07dc3386215ubc: uncharging too much for TCPSNDBUFubc: uncharging too much for TCPSNDBUF It is not allowed to go to the label wait_for_memory with chargesize != 0 when this space is already placed to the skb. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Denis V. LunevPavel EmelyanovDenis V. Lunev
be11b25694aEndless loop in __sk_stream_wait_memory.[UBC]: Endless loop in __sk_stream_wait_memory. The loop in __sk_stream_wait_memory when tcp_sendmsg asks to wait for TCPSNDBUF space is endless when the timeout is not specified. The only way out is to queue a signal for that process. Lets return a status flag from ub_sock_snd_queue_add that UB space is available. This is enough to make a correct decision to leave the cycle. Signed-off-by: ...
Vitaliy GusevPavel EmelyanovVitaliy Gusev
2e5bd16d930Allow envID fields in /proc/self/status in VE. Also allow get VPid, PNState, StopState, etc.OpenVZ Bug #936 http://bugzilla.openvz.org/show_bug.cgi?id=936 Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Thomas GleixnerPavel EmelyanovThomas Gleixner
cade99e1743futexes: fix fault handling in futex_lock_pifutexes: fix fault handling in futex_lock_pi commit 1b7558e457ed0de61023cfc913d2c342c7c3d9f2 upstream This patch addresses a very sporadic pi-futex related failure in highly threaded java apps on large SMP systems. David Holmes reported that the pi_state consistency check in lookup_pi_state triggered with his test application. This means that the kernel internal pi_state and the user space f...
Andrey MirkinAlexey DobriyanAndrey Mirkin
3042d780e8dCPT: fix restore of inotify on symlinkInside VE file /etc/mtab is a symlink to /proc/mounts. FreeNX server with KDE creates inotify on /etc/mtab file. To restore such inotify we need to obtain dentry with path_lookup() and restore inotify on it. Bug #96464
Alexey DobriyanAlexey Dobriyan
ed01627a83eNETFILTER: destroy nf_conntrack_cache correctly
Alexey DobriyanAlexey Dobriyan
fce5e05ba80CPT: fix EXIT_DEAD/TASK_DEAD checksFor one thing EXIT_DEAD was moved to ->exit_state only. For another, this task state is called TASK_DEAD now and lives in ->state;
Alexey DobriyanAlexey Dobriyan
da8a02e8fc4CPT: assign ->net_ns of restored tun/tap deviceotherwise init_net is used and device becomes invisible in CT.
Alexey DobriyanAlexey Dobriyan
b63b0d6884fVE: let ->ve_netns live a bit more1. netns shutdown is done asynchronously 2. nsproxy free is done synchronously which means we can't use "get_exec_env()->ve_ns->net_ns" construct anywhere in netns teardown codepath. ->ve_ns will be NULL (fixable) or will point to freed memory (hardly fixable). The solution it to pin netns one more time, and use get_exec_env()->ve_netns . get_exec_env() is always valid. It's ->ve_netns will al...
Alexey DobriyanAlexey Dobriyan
45a08554c7cVE: introduce ->ve_netnsPreparations for fixing "NULL ->ve_ns" oops in inet6_rt_notify().
Konstantin KhlebnikovAlexey DobriyanKonstantin Khlebnikov
64d5598cc99CPT: fix compilation with CONFIG_SYSVIPC=nhttp://bugzilla.openvz.org/show_bug.cgi?id=851
Denis V. LunevAlexey DobriyanDenis V. Lunev
389336a5a20Memory leak on network namespace stop.mainline commit 4f84d82f7a623f8641af2574425c329431ff158f Network namespace allocates 2 kernel netlink sockets, fibnl & rtnl. These sockets should be disposed properly, i.e. by sock_release. Plain sock_put is not enough. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Alexey DobriyanAlexey Dobriyan
3c7e408cc14Backport "[NET]: Make rtnetlink infrastructure network namespace aware (v3)"mainline commit 97c53cacf00d1f5aa04adabfebcc806ca8b22b10 + tweaks to get netns from either netdevice ot something else. http://bugzilla.openvz.org/show_bug.cgi?id=905 [NET]: Make rtnetlink infrastructure network namespace aware (v3) After this patch none of the netlink callback support anything except the initial network namespace but the rtnetlink infrastructure now handles multiple network...
Alexey DobriyanAlexey Dobriyan
43bc20d9874IPv6: give owner_ve to fib_table and fib6_local_tableotherwise eventually fib6_clean_all will execute code in NULL context which is no-no.
Alexey DobriyanAlexey Dobriyan
57a39eeffdenetlink: fix lookup checknetlink_unicast() is done in init_net context because a) rtnl socket is bound to init_net, b) kernel-space socket is successfully looked up by any VE, c) rtnl is kernel-spase socket. which is b-r-o-k-e-n, because e.g. just about any manipulation with netdevices via netlink will be projected onto VE0. Fix (after per-netns rtnl socket patches) http://bugzilla.openvz.org/show_bug.cgi?id=905
Alexey DobriyanAlexey Dobriyan
72746db0ffbproc: fix proc_cwd_linkIf d_root_check() in there fails, we shouldn't pretend everything is OK and leave mnt unitialized or NULL (in case /proc/*/cwd). http://bugzilla.openvz.org/show_bug.cgi?id=900
Alexey DobriyanAlexey Dobriyan
a628e361137IPv6: get frag's owner VE from inet_frag_queueIPv6 specific frag queue doesn't need owner_ve, because it's already in core data structure (struct inet_frag_queue). And it's in fact NULL, which is the cause of http://bugzilla.openvz.org/show_bug.cgi?id=899
Alexey DobriyanAlexey Dobriyan
24e7cd454bbRemove spurious warnings in kernel/time.cE.g. code in clock_t_to_jiffies() divides ~0UL thus assuming that all "unsigned long" range is valid. Ditto for other functions. Alexey said these warnings are old debugging stuff. http://bugzilla.openvz.org/show_bug.cgi?id=898
Alexey DobriyanAlexey Dobriyan
5f318dd06beUBC: drop cpuset lock from OOM handlingcpuset_lock dances around OOM killing are gone in main code, so no need to account for them. Mainline commit 3ff566963ce804809af9e32331b287eedeeff501 Bug 112959 ===================================== [ BUG: bad unlock balance detected! ] ------------------------------------- tstspoof/29391 is trying to release lock (callback_mutex) at: [<c04488d2>] ub_oom_lock+0x9a/0xd6 but there are no more l...
Alexey DobriyanAlexey Dobriyan
734939adb27[PATCH] Stick back to mainline behaviour of zero length mmap(2)http://bugzilla.openvz.org/show_bug.cgi?id=893
Alexey DobriyanAlexey Dobriyan
beee05115efVLAN: fix rmmod 8021q with vlan interface setup
Alexey DobriyanAlexey Dobriyan
96919bc61eaNETFILTER: make ip_conntrack_disable_ve0 option do something
Alexey DobriyanAlexey Dobriyan
a926aabfcdfNETFILTER: changes for conntrack CPT
Vasily AverinAlexey DobriyanVasily Averin
24dba265d24[PATCH] kernel.cap-bound sysctl cleanup - proc entry is global and therefore it is ReadOnly-accessible from inside VEhttp://bugzilla.openvz.org/show_bug.cgi?id=524
Dmitriy MonakhovAlexey DobriyanDmitriy Monakhov
efcdd6480b5Add /proc/sys/fs/lsyscall_enableSysctl instoduced mostly for testing purposes.
Alexandr AndreevAlexey DobriyanAlexandr Andreev
c3378806fd8Allow to change SysRq in Alt+SysRq+* comboYou can get scancodes of your keyboard with programs like showkey or evtest. The default Alt+SysRq combination still works after redifinition.
Alexey KuznetsovAlexey DobriyanAlexey Kuznetsov
0bc6aca1873CPT: SMP race in detecting state of ptraced processesWhen suspending VE, we test state of processes while they are still running. It is not a bug: we have to verify for invalid state before checkpointing, real state is saved after processes are scheduled out. The impact is that we can see process in a bad state, f.e. stopped without any reasons. It is also not a bug, but this rersults in random failures of checkpointing. The only way to fix this...
Vasily TarasovAlexey DobriyanVasily Tarasov
94040c96657VZDQ: correct size on /proc/vz/aquota/*/aquota.*Bug #59920 Signed-off-by: Vasily Tarasov <vtaras@openvz.org> Signed-off-by: Denis Lunev <den@openvz.org>
Vitaliy GusevAlexey DobriyanVitaliy Gusev
ecc35d16d0eBRIDGE: correct checking for input packetsWhen via_phys_dev flag is set then bridge doesn't have any ip address. Therefore ip-traffic HW->VE passes only if brigge has the same MAC-address as real ethernet interface. Bug #92737