nfs: use kthread_run_ve to start lockdLockd is virtualized, so must be created in VE context.
The reason it worked before (in 2.6.18 kernel for example) is that lockd is
rewritten to use new kthread API, which was not capable for creating threads
in containers.
Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Add kthread_create_ve() and kthread_run_ve() functions #2These functions are like kthread_create() and kthread_run()
but create threads in VE context.
Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Add do_ve_enter_hookWe will call this hook to enter to VE.
Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
ve: sanitize capability checks for namespaces creationThe existing hard checking for namespaces mask is too bad. The
intention was to ban namespaces creation for containers, but
there aready exists a proper security mechanism to govern this
question.
Switch to existing capability-driven policy, thus allowing for
namespaces creation from the HN.
http://bugzilla.openvz.org/show_bug.cgi?id=1113
Signed-off-by: Konstantin Khlebnikov <khlebnikov@open...
netlink: Fix oops in netlink conntrack moduleIf we load conntrack modules after ve start one pointer on ve_struct
is NULL and accessing it causes an oops.
This is handled in most of the places, but the netlink interface.
Fix this one as well.
http://bugzilla.openvz.org/show_bug.cgi?id=788
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
ms: fix inotify umountOn umount two event will be dispatched to watcher:
1: inotify_dev_queue_event(.., IN_UNMOUNT,..)
2: remove_watch(watch, dev)
->inotify_dev_queue_event(.., IN_IGNORED, ..)
But if watcher has IN_ONESHOT bit set then the watcher will be released
inside first event. Which result in accessing invalid object later.
IMHO it is not pure regression. This bug wasn't triggered while initial
inotify in...
NFS: NFS super blocks in different VEs should be differentNFS: NFS super blocks in different VEs should be different
Teach nfs_compare_super to this
Bug #265926
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
nfs: Fix access to freed memoryrpc_shutdown_client() frees xprt, so we can't use this xprt.
So move put_ve() to xprt::destroy level.
Bug https://bugzilla.sw.ru/show_bug.cgi?id=265628
Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
cpt: Make the proper check for sigmaskinvalid check of TS_RESTORE_SIGMASK (always false!)
original code ..rhel5..2.6.24 code from diff-cpt-sigsuspend-lockup-20070131
if (!signal_pending(current) &&
!test_thread_flag(TIF_RESTORE_SIGMASK)) {
TIF_RESTORE_SIGMASK replaced with TS_RESTORE_SIGMASK and
after commit 7648d96 setting TS_RESTORE_SIGMASK always set TIF_SIGPENDING.
so, second check is not needed.
http://bugzilla.openvz.org/...
netfilter: Add check to the nat hooksPass skb if VE wasn't granded to have nat table.
Related to bug #1051
http://bugzilla.openvz.org/show_bug.cgi?id=1051
Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
netfilter: Fix NULL dereference in nf_nat_setup_infoIf conntrack is allowed in VE but iptable_nat is not allowed and loaded
then Oops occurs:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffffa0123df6>] :nf_nat:nf_nat_setup_info+0x343/0x489
Oops: 0000 [1] SMP DEBUG_PAGEALLOC
CPU: 1
[<ffffffff8028c277>] ? poison_obj+0x27/0x32
[<ffffffffa012a084>] :iptable_nat:alloc_null_binding+0x44/0x46
[<ffffffffa01...
Correct per-process capabilities bounding set in CTOtherwise tasks in container may have unlimited capabilities...
(#127136)
Singed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
netfilter: restore lost ifdef guarding defrag exceptionnetfilter: restore lost #ifdef guarding defrag exception
Upstream commit 38f7ac3eb:
Nir Tzachar <nir.tzachar@gmail.com> reported a warning when sending
fragments over loopback with NAT:
[ 6658.338121] WARNING: at net/ipv4/netfilter/nf_nat_standalone.c:89 nf_nat_fn+0x33/0x155()
The reason is that defragmentation is skipped for already tracked connections.
This is wrong in combination with NA...
netfilter: snmp nat leaks memory in case of failurenetfilter: snmp nat leaks memory in case of failure
Upstream commit 311670f3e:
Signed-off-by: Ilpo Jarvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ACPI: dock: avoid check _STA methodcommit 8b59560a3baf2e7c24e0fb92ea5d09eca92805db upstream.
ACPI: dock: avoid check _STA method
In some BIOSes, every _STA method call will send a notification again,
this cause freeze. And in some BIOSes, it appears _STA should be called
after _DCK. This tries to avoid calls _STA, and still keep the device
present check.
http://bugzilla.kernel.org/show_bug.cgi?id=10431
Signed-off-by: Shaohua...
ACPI: video: fix brightness allocationupstream commit 469778c1740fcf3113498b6fdf4559bdec25c58f
Thanks to Arjan for spotting this
http://www.kerneloops.org/search.php?search=acpi_video_switch_brightness
and suggesting it for .stable
Fix use of uninitialized device->brightness.
Signed-off-by: Julia Jomantaite <julia.jomantaite@gmail.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Acked-by: Zhang Rui <rui.zhang@intel.com>
Sign...
sparc64: Fix race in arch/sparc64/kernel/trampoline.S[ Upstream commit e0037df3852b4b60edbe01f70f4968e4a9fdb272 ]
Make arch/sparc64/kernel/trampoline.S in 2.6.27.1 lock prom_entry_lock
when calling the PROM. This prevents a race condition that I observed
causing a hang on startup on a 12-CPU E4500.
I am not subscribed to this list, so please CC me on replies.
Signed-off-by: Andrea Shepard <andrea@persephoneslair.org>
Signed-off-by: David S. M...
math-emu: Fix signalling of underflow and inexact while packing result.[ Upstream commit 930cc144a043ff95e56b6888fa51c618b33f89e7 ]
I'm trying to move the powerpc math-emu code to use the include/math-emu bits.
In doing so I've been using TestFloat to see how good or bad we are
doing. For the most part the current math-emu code that PPC uses has
a number of issues that the code in include/math-emu seems to solve
(plus bugs we've had for ever that no one every r...
tcpv6: fix option space offsets with md5[ Upstream commit 53b125779fb0b29e5b316bf3dc7d199e6dcea567 ]
More breakage :-), part of timestamps just were previously
overwritten.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
net: Fix netdev_run_todo dead-lock[ Upstream commit 58ec3b4db9eb5a28e3aec5f407a54e28f7039c19 ]
Benjamin Thery tracked down a bug that explains many instances
of the error
unregister_netdevice: waiting for %s to become free. Usage count = %d
It turns out that netdev_run_todo can dead-lock with itself if
a second instance of it is run in a thread that will then free
a reference to the device waited on by the first instance.
T...
scx200_i2c: Add missing class parametercommit 4a029abee0f1d69cb0445657d6fa5a38597bd17d upstream
The scx200_i2c driver is missing the .class parameter, which means no
i2c drivers are willing to probe for devices on the bus and attach to
them.
Signed-off-by: Len Sorensen <lsorense@csclub.uwaterloo.ca>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
DVB: s5h1411: Power down s5h1411 when not in usecommit 11fc9a4a440112b5afc1a99d86ba92d70205a688 upstream.
DVB: s5h1411: Power down s5h1411 when not in use
Power down the s5h1411 demodulator when not in use
(on the Pinnacle 801e, this brings idle power from
123ma down to 84ma).
Signed-off-by: Devin Heitmueller <devin.heitmueller@gmail.com>
Acked-by: Steven Toth <stoth@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
S...
DVB: s5h1411: Perform s5h1411 soft reset after tuningcommit f0d041e50bc6c8a677922d72b010f80af9b23b18 upstream.
DVB: s5h1411: Perform s5h1411 soft reset after tuning
If you instruct the tuner to change frequencies, it can take up to 2500ms to
get a demod lock. By performing a soft reset after the tuning call (which
is consistent with how the Pinnacle 801e Windows driver behaves), you get
a demod lock inside of 300ms
Signed-off-by: Devin Heitmu...
DVB: s5h1411: bugfix: Setting serial or parallel mode could destroy bitscommit 1af46b450fa49c57d73764d66f267335ccd807e2 upstream.
DVB: s5h1411: bugfix: Setting serial or parallel mode could destroy bits
Adding a serialmode function to read/and/or/write the register for safety.
Signed-off-by: Steven Toth <stoth@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartm...
V4L: pvrusb2: Keep MPEG PTSs from drifting awaycommit 3f93d1adca658201c64251c43a147cc79d468c3f upstream.
V4L: pvrusb2: Keep MPEG PTSs from drifting away
This change was empirically figured out by Boris Dores after
empirically comparing against behavior in the Windows driver.
Signed-off-by: Mike Isely <isely@pobox.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-...
ACPI: Always report a sync event after a lid state changeupstream commit df316e939100e789b3c5d4d102619ccf5834bd00
Currently not always an EV_SYN event is reported to userland
after the EV_SW SW_LID event has been sent. This is easy to verify
by using “input-events” from input-utils and just closing and opening
the lid.
Signed-off-by: Guillem Jover <guillem.jover@nokia.com>
Acked-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Len Brown <len.brown...
ALSA: use correct lock in snd_ctl_dev_disconnect()commit d8009882e9f5e1a76986c741f071edd2ad760c97 upstream
The lock used in snd_ctl_dev_disconnect() should be card->ctl_files_rwlock
for protection of card->ctl_files entries, instead of card->controls_rwsem.
Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Cc: Chris Wedgwood <cw@f00f.org>
Signed-of...
file caps: always start with clear bprm->caps_*commit 3318a386e4ca68c76e0294363d29bdc46fcad670 upstream
While Linux doesn't honor setuid on scripts. However, it mistakenly
behaves differently for file capabilities.
This patch fixes that behavior by making sure that get_file_caps()
begins with empty bprm->caps_*. That way when a script is loaded,
its bprm->caps_* may be filled when binfmt_misc calls prepare_binprm(),
but they will be cle...
libertas: fix buffer overruncommit 48735d8d8bd701b1e0cd3d49c21e5e385ddcb077 upstream
If somebody sends an invalid beacon/probe response, that can trash the
whole BSS descriptor. The descriptor is, luckily, large enough so that
it cannot scribble past the end of it; it's well above 400 bytes long.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-...
net: Fix recursive descent in __scm_destroy().commit f8d570a4745835f2238a33b537218a1bb03fc671 and
3b53fbf4314594fa04544b02b2fc6e607912da18 upstream (because once wasn't
good enough...)
__scm_destroy() walks the list of file descriptors in the scm_fp_list
pointed to by the scm_cookie argument.
Those, in turn, can close sockets and invoke __scm_destroy() again.
There is nothing which limits how deeply this can occur.
The idea for how to ...
SCSI: qla2xxx: Skip FDMI registration on ISP21xx/22xx parts.commit 031e134e5f95233d80fb1b62fdaf5e1be587597c upstream
Firmware does not have the facilities to issue management server
IOCBs.
Signed-off-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Ferenc Wagner <wferi@niif.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
edac cell: fix incorrect edac_modecommit 3b274f44d2ca05f719fe39947b6a5293a2dbd8fd upstream
The cell_edac driver is setting the edac_mode field of the csrow's to an
incorrect value, causing the sysfs show routine for that field to go out
of an array bound and Oopsing the kernel when used.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Doug Thompson <dougthompson@xmission.com>
Signed-off-by: And...
ext[234]: Avoid printk floods in the face of directory corruption (CVE-2008-3528)This is a trivial backport of the following upstream commits:
- bd39597cbd42a784105a04010100e27267481c67 (ext2)
- cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
- 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
This addresses CVE-2008-3528
ext[234]: Avoid printk floods in the face of directory corruption
Note: some people thinks this represents a security bug, since it
might make the syste...
gpiolib: fix oops in gpio_get_value_cansleep()commit 978ccaa8ea5d8c7bf6b676209f2fc126eae6355b upstream
We can get the following oops from gpio_get_value_cansleep() when a GPIO
controller doesn't provide a get() callback:
Unable to handle kernel paging request for instruction fetch
Faulting instruction address: 0x00000000
Oops: Kernel access of bad area, sig: 11 [#1]
[...]
NIP [00000000] 0x0
LR [c0182fb0] gpio_get_value_cansleep+0x4...
vzwdog: walk through the block devices list properlyCopied check from the show_partitions...
http://bugzilla.openvz.org/show_bug.cgi?id=1064
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
net: set ve context when init/exit method is calledBoth pernet init and exit methods are called:
- from VE context when VE is created;
- from VE0 context if module registers pernet operations
This difference in approches leads to many nasty things, since the
init callback can be actually called with wrong exec_env.
Unify both approaches.
Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
security: avoid calling a NULL function pointer in drivers/video/tvaudio.ccommit 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 upstream
NULL function pointers are very bad security wise. This one got caught by
kerneloops.org quite a few times, so it's happening in the field....
Fix is simple, check the function pointer for NULL, like 6 other places
in the same function are already doing.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Linus Torva...
DVB: au0828: add support for another USB id for Hauppauge HVR950Q(cherry picked from commit a636da6bab3307fc8c6e6a22a63b0b25ba0687be)
DVB: au0828: add support for another USB id for Hauppauge HVR950Q
Add autodetection support for a new revision of the Hauppauge HVR950Q (2040:721e)
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831)commit 4b40893918203ee1a1f6a114316c2a19c072e9bd upstream
Olaf Kirch noticed that the i915_set_status_page() function of the i915
kernel driver calls ioremap with an address offset that is supplied by
userspace via ioctl. The function zeroes the mapped memory via memset
and tells the hardware about the address. Turns out that access to that
ioctl is not restricted to root so users could probabl...
ACPI: Ignore _BQC object when registering backlight deviceupstream commmit: c2c789057f075022658b38b498755c29c1ba8055
According to acpi spec , the objectes of _BCL and _BCM are required if
integrated LCD is present and supports brightness level and the _BQC is
the optional object. So the _BQC object will be ignored when the backlight
device is registered.
At the same time when there is no _BQC object, the current brightness will be
set to the maximum...
hwmon: (it87) Prevent power-off on Shuttle SN68PTbased on commit 98dd22c3e086d76058083432d4d8fb85f04bab90 upstream
On the Shuttle SN68PT, FAN_CTL2 is apparently not connected to a fan,
but to something else. One user has reported instant system power-off
when changing the PWM2 duty cycle, so we disable it.
I use the board name string as the trigger in case the same board is
ever used in other systems.
This closes lm-sensors ticket #2349:
p...
Check mapped ranges on sysfs resource filescommit b5ff7df3df9efab511244d5a299fce706c71af48 upstream
Check mapped ranges on sysfs resource files
This is loosely based on a patch by Jesse Barnes to check the user-space
PCI mappings though the sysfs interfaces. Quoting Jesse's original
explanation:
It's fairly common for applications to map PCI resources through sysfs.
However, with the current implementation, it's possible for an ...
Pavel Emelyanov
Greg Kroah-Hartman
