OpenVZ-legacy
  1. OpenVZ-legacy

linux-2.6.24-openvz

Public

Commits

AuthorCommitMessageCommit Date
Pavel EmelyanovPavel Emelyanov
92a5db8b8falinux-2.6.24-ovz008 released
Denis LunevDenis Lunev
a1a1303bf95fib: virtualize fib rules- this patch virtualizes IPv6 routing rules - fixes IPv4 routing rules implementation - adds UBC accounting to kmemsize for fibrules 90085 http://bugzilla.openvz.org/show_bug.cgi?id=1168 Signed-off-by: Denis Lunev <den@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Konstantin KhlebnikovKonstantin Khlebnikov
20bd90762d4simfs: don't work with buggy inputSome (buggy) filesystems (aufs for example) pass NULL as mnt to getatts and hope for the better... Let's not confuse the user with the oops at least. http://bugzilla.openvz.org/show_bug.cgi?id=1054 Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Pavel EmelyanovPavel Emelyanov
b485138c7d3Replace swsoft mentions with parallelsReplaces COPYRIGHT statements, COPYING.SWsoft references and the file itself and module authors if any. Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Pavel EmelyanovPavel Emelyanov
9d7b88f0fcdbridge: don't leak master device on brctl addifIf we add a second ethernet device to bridge the former one leaks. http://bugzilla.openvz.org/show_bug.cgi?id=1145 Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Denis V. LunevDenis V. Lunev
8fbbde15379net: NETIF_F_VIRTUAL intersects with NETIF_F_LROFortunately, this is not a part of user/kernel interface [xemul picked 2.6.27's 4826fea3] Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
OpenVZ teamOpenVZ team
a393083829clinux-2.6.24-ovz007 released
Konstantin KhlebnikovKonstantin Khlebnikov
93bfe3d113ave: sanitize capability checks for namespaces creationThe existing hard checking for namespaces mask is too bad. The intention was to ban namespaces creation for containers, but there aready exists a proper security mechanism to govern this question. Switch to existing capability-driven policy, thus allowing for namespaces creation from the HN. http://bugzilla.openvz.org/show_bug.cgi?id=1113 Signed-off-by: Konstantin Khlebnikov <khlebnikov@open...
Denis LunevDenis Lunev
0c0e68ceffeNFS: NFS super blocks in different VEs should be differentNFS: NFS super blocks in different VEs should be different Teach nfs_compare_super to this #265926 Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Konstantin KhlebnikovKonstantin Khlebnikov
39f57fe7c81net: init init_net ve owner (to ve0)http://bugzilla.openvz.org/show_bug.cgi?id=1128 Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Denis V. LunevDenis V. Lunev
8caa941fe7bnetns: enable cross-ve Unix socketsSigned-off-by: Denis V. Lunev <den@openvz.org>
Pavel EmelyanovPavel Emelyanov
3d1a1f11068netlink: Fix oops in netlink conntrack moduleIf we load conntrack modules after ve start one pointer on ve_struct is NULL and accessing it causes an oops. This is handled in most of the places, but the netlink interface. Fix this one as well. http://bugzilla.openvz.org/show_bug.cgi?id=788 Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Vitaliy GusevVitaliy Gusev
daddc1f5de4net: set ve context when init/exit method is calledBoth pernet init and exit methods are called: - from VE context when VE is created; - from VE0 context if module registers pernet operations This difference in approches leads to many nasty things, since the init callback can be actually called with wrong exec_env. Unify both approaches. Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Vitaliy GusevVitaliy Gusev
1d6bf20f29fСPT: Use sock_create instead sock_create_kernsock_create_kern() uses init_net as default net namespace. Therefore sockets and net devices are belonged to init_net, though must belong to current net namespace. Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Miklos SzerediMiklos Szeredi
5565cf57adanet: unix: fix inflight counting bug in garbage collectorPreviously I assumed that the receive queues of candidates don't change during the GC. This is only half true, nothing can be received from the queues (see comment in unix_gc()), but buffers could be added through the other half of the socket pair, which may still have file descriptors referring to it. This can result in inc_inflight_move_tail() erronously increasing the "inflight" counter fo...
David MillerDavid Miller
bb8837f4c1dnet: Fix recursive descent in __scm_destroy().__scm_destroy() walks the list of file descriptors in the scm_fp_list pointed to by the scm_cookie argument. Those, in turn, can close sockets and invoke __scm_destroy() again. There is nothing which limits how deeply this can occur. The idea for how to fix this is from Linus. Basically, we do all of the fput()s at the top level by collecting all of the scm_fp_list objects hit by an fput()....
Konstantin KhlebnikovKonstantin Khlebnikov
d54ea2a06c5Fix wrong size of ub0_percpuThe struct percpu_data dynamically allocated and have array only for 1 cpu, so static usage of it does not work. Plus rework macros for static percpu variables declaration and initialization. http://bugzilla.openvz.org/show_bug.cgi?id=1039 Singed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Konstantin KhlebnikovKonstantin Khlebnikov
750be8457d8sunrpc: fix lost set_exec_env-back and unlock the op_semAny NFS connect over TCP-IPv4 from VE block VE stop process. This patch add missed unlock op_sem and set_exec_env. http://bugzilla.openvz.org/show_bug.cgi?id=1007 (picked from openvz ubuntu branch patch 0145-VE-add-missed-semaphore-up-and-set-exec-env.patch 2.6.18 not affected, 2.6.26+ already fixed by den@)
OpenVZ teamOpenVZ team
9534606693flinux-2.6.24-ovz006 released
David S. MillerDavid S. Miller
ef84a771e3b[NET]: sk_release_kernel needs to be exported to modulesFixes: ERROR: "sk_release_kernel" [net/ipv6/ipv6.ko] undefined! Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 45af1754bc09926b5e062bda24f789d7b320939f)
Denis V. LunevDenis V. Lunev
9c9b8a79d90[NET]: Make netlink_kernel_release publically available as sk_release_kernel.This staff will be needed for non-netlink kernel sockets, which should also not pin a namespace like tcp_socket and icmp_socket. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit edf0208702007ec1f6a36756fdd005f771a4cf17)
Denis V. LunevDenis V. Lunev
99dfe5490d4[NETLINK]: No need for a separate __netlink_release call.Merge it to netlink_kernel_release. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 9dfbec1fb2bedff6b118504055cd9f0485edba45)
Pavel EmelyanovPavel Emelyanov
19b9fdf565d[NETNS]: Fix race between put_net() and netlink_kernel_create().The comment about "race free view of the set of network namespaces" was a bit hasty. Look (there even can be only one CPU, as discovered by Alexey Dobriyan and Denis Lunev): put_net() if (atomic_dec_and_test(&net->refcnt)) /* true */ __put_net(net); queue_work(...); /* * note: the net now has refcnt 0, but still in * the global list of net namespaces */ == re-schedule ...
Denis V. LunevDenis V. Lunev
04fd8abede6[NETNS]: Namespace stop vs 'ip r l' race.backport mainline commit 775516bfa2bd7993620c9039191a0c30b8d8a496 During network namespace stop process kernel side netlink sockets belonging to a namespace should be closed. They should not prevent namespace to stop, so they do not increment namespace usage counter. Though this counter will be put during last sock_put. The raplacement of the correct netns for init_ns solves the problem only ...
Denis V. LunevDenis V. Lunev
c7b6f3ae6d0[NETNS]: Consolidate kernel netlink socket destruction.backport mainline commit b7c6ba6eb1234e35a74fb8ba8123232a7b1ba9e4 Create a specific helper for netlink kernel socket disposal. This just let the code look better and provides a ground for proper disposal inside a namespace. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. LunevDenis V. Lunev
23455248263[NETNS]: Double free in netlink_release.Netlink protocol table is global for all namespaces. Some netlink protocols have been virtualized, i.e. they have per/namespace netlink socket. This difference can easily lead to double free if more than 1 namespace is started. Count the number of kernel netlink sockets to track that this table is not used any more. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <ado...
Denis LunevDenis Lunev
4d92a24aa85[UBC]: Double free for UDP socket akaThe socket resided in UB space waiting queue could be released. In this case ub_snd_wakeup running on the another CPU could hold/release that socket effectively hitting 0 refcounter second time. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Denis V. LunevDenis V. Lunev
07dc3386215ubc: uncharging too much for TCPSNDBUFubc: uncharging too much for TCPSNDBUF It is not allowed to go to the label wait_for_memory with chargesize != 0 when this space is already placed to the skb. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Denis V. LunevDenis V. Lunev
be11b25694aEndless loop in __sk_stream_wait_memory.[UBC]: Endless loop in __sk_stream_wait_memory. The loop in __sk_stream_wait_memory when tcp_sendmsg asks to wait for TCPSNDBUF space is endless when the timeout is not specified. The only way out is to queue a signal for that process. Lets return a status flag from ub_sock_snd_queue_add that UB space is available. This is enough to make a correct decision to leave the cycle. Signed-off-by: ...
Vitaliy GusevVitaliy Gusev
2e5bd16d930Allow envID fields in /proc/self/status in VE. Also allow get VPid, PNState, StopState, etc.OpenVZ Bug #936 http://bugzilla.openvz.org/show_bug.cgi?id=936 Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Thomas GleixnerThomas Gleixner
cade99e1743futexes: fix fault handling in futex_lock_pifutexes: fix fault handling in futex_lock_pi commit 1b7558e457ed0de61023cfc913d2c342c7c3d9f2 upstream This patch addresses a very sporadic pi-futex related failure in highly threaded java apps on large SMP systems. David Holmes reported that the pi_state consistency check in lookup_pi_state triggered with his test application. This means that the kernel internal pi_state and the user space f...
Andrey MirkinAndrey Mirkin
3042d780e8dCPT: fix restore of inotify on symlinkInside VE file /etc/mtab is a symlink to /proc/mounts. FreeNX server with KDE creates inotify on /etc/mtab file. To restore such inotify we need to obtain dentry with path_lookup() and restore inotify on it. Bug #96464
Alexey DobriyanAlexey Dobriyan
ed01627a83eNETFILTER: destroy nf_conntrack_cache correctly
Alexey DobriyanAlexey Dobriyan
fce5e05ba80CPT: fix EXIT_DEAD/TASK_DEAD checksFor one thing EXIT_DEAD was moved to ->exit_state only. For another, this task state is called TASK_DEAD now and lives in ->state;
Alexey DobriyanAlexey Dobriyan
da8a02e8fc4CPT: assign ->net_ns of restored tun/tap deviceotherwise init_net is used and device becomes invisible in CT.
Alexey DobriyanAlexey Dobriyan
b63b0d6884fVE: let ->ve_netns live a bit more1. netns shutdown is done asynchronously 2. nsproxy free is done synchronously which means we can't use "get_exec_env()->ve_ns->net_ns" construct anywhere in netns teardown codepath. ->ve_ns will be NULL (fixable) or will point to freed memory (hardly fixable). The solution it to pin netns one more time, and use get_exec_env()->ve_netns . get_exec_env() is always valid. It's ->ve_netns will al...
Alexey DobriyanAlexey Dobriyan
45a08554c7cVE: introduce ->ve_netnsPreparations for fixing "NULL ->ve_ns" oops in inet6_rt_notify().
Konstantin KhlebnikovKonstantin Khlebnikov
64d5598cc99CPT: fix compilation with CONFIG_SYSVIPC=nhttp://bugzilla.openvz.org/show_bug.cgi?id=851
Denis V. LunevDenis V. Lunev
389336a5a20Memory leak on network namespace stop.mainline commit 4f84d82f7a623f8641af2574425c329431ff158f Network namespace allocates 2 kernel netlink sockets, fibnl & rtnl. These sockets should be disposed properly, i.e. by sock_release. Plain sock_put is not enough. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Alexey DobriyanAlexey Dobriyan
3c7e408cc14Backport "[NET]: Make rtnetlink infrastructure network namespace aware (v3)"mainline commit 97c53cacf00d1f5aa04adabfebcc806ca8b22b10 + tweaks to get netns from either netdevice ot something else. http://bugzilla.openvz.org/show_bug.cgi?id=905 [NET]: Make rtnetlink infrastructure network namespace aware (v3) After this patch none of the netlink callback support anything except the initial network namespace but the rtnetlink infrastructure now handles multiple network...
Alexey DobriyanAlexey Dobriyan
43bc20d9874IPv6: give owner_ve to fib_table and fib6_local_tableotherwise eventually fib6_clean_all will execute code in NULL context which is no-no.
Alexey DobriyanAlexey Dobriyan
57a39eeffdenetlink: fix lookup checknetlink_unicast() is done in init_net context because a) rtnl socket is bound to init_net, b) kernel-space socket is successfully looked up by any VE, c) rtnl is kernel-spase socket. which is b-r-o-k-e-n, because e.g. just about any manipulation with netdevices via netlink will be projected onto VE0. Fix (after per-netns rtnl socket patches) http://bugzilla.openvz.org/show_bug.cgi?id=905
Alexey DobriyanAlexey Dobriyan
72746db0ffbproc: fix proc_cwd_linkIf d_root_check() in there fails, we shouldn't pretend everything is OK and leave mnt unitialized or NULL (in case /proc/*/cwd). http://bugzilla.openvz.org/show_bug.cgi?id=900
Alexey DobriyanAlexey Dobriyan
a628e361137IPv6: get frag's owner VE from inet_frag_queueIPv6 specific frag queue doesn't need owner_ve, because it's already in core data structure (struct inet_frag_queue). And it's in fact NULL, which is the cause of http://bugzilla.openvz.org/show_bug.cgi?id=899
Alexey DobriyanAlexey Dobriyan
24e7cd454bbRemove spurious warnings in kernel/time.cE.g. code in clock_t_to_jiffies() divides ~0UL thus assuming that all "unsigned long" range is valid. Ditto for other functions. Alexey said these warnings are old debugging stuff. http://bugzilla.openvz.org/show_bug.cgi?id=898
Alexey DobriyanAlexey Dobriyan
5f318dd06beUBC: drop cpuset lock from OOM handlingcpuset_lock dances around OOM killing are gone in main code, so no need to account for them. Mainline commit 3ff566963ce804809af9e32331b287eedeeff501 Bug 112959 ===================================== [ BUG: bad unlock balance detected! ] ------------------------------------- tstspoof/29391 is trying to release lock (callback_mutex) at: [<c04488d2>] ub_oom_lock+0x9a/0xd6 but there are no more l...
Alexey DobriyanAlexey Dobriyan
734939adb27[PATCH] Stick back to mainline behaviour of zero length mmap(2)http://bugzilla.openvz.org/show_bug.cgi?id=893
Alexey DobriyanAlexey Dobriyan
beee05115efVLAN: fix rmmod 8021q with vlan interface setup
Alexey DobriyanAlexey Dobriyan
96919bc61eaNETFILTER: make ip_conntrack_disable_ve0 option do something
Alexey DobriyanAlexey Dobriyan
a926aabfcdfNETFILTER: changes for conntrack CPT