[kernel] r13189 - in dists/lenny/linux-2.6/debian: . patches/features/all/openvz patches/series
Maximilian Attems
maks at alioth.debian.org
Fri Mar 20 21:54:10 UTC 2009
Author: maks
Date: Fri Mar 20 21:54:09 2009
New Revision: 13189
Log:
openvz add several stable proposed patches
this second serie are selected non-ABI breaker from 0040-0059
Reported-by: Kir Kolyshkin <kir at openvz.org>
Tested-by: Ola Lundqvist <ola at inguza.com>
Added:
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0042-iptables-setup-init-iptables-mask-before-net-initia.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0045-Correct-per-process-capabilities-bounding-set-in-CT.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0049-cpt-Make-the-proper-check-for-sigmask.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0052-ms-fix-inotify-umount.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0059-Don-t-dereference-NULL-tsk-mm-in-ve_move_task.patch
Modified:
dists/lenny/linux-2.6/debian/changelog
dists/lenny/linux-2.6/debian/patches/series/14-extra
Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog (original)
+++ dists/lenny/linux-2.6/debian/changelog Fri Mar 20 21:54:09 2009
@@ -67,6 +67,12 @@
* [openvz] 3cb8bc3 netfilter: NAT: assign nf_nat_seq_adjust_hook from VE0
context only
* [openvz] 4909102 netfilter: call nf_register_hooks from VE0 context only.
+ * [openvz] ce67d5b iptables: setup init iptables mask before net
+ initialization
+ * [openvz] 134416f Correct per-process capabilities bounding set in CT
+ * [openvz] 029cecb cpt: Make the proper check for sigmask
+ * [openvz] 86d7416 ms: fix inotify umount
+ * [openvz] c5c1032 Don't dereference NULL tsk->mm in ve_move_task
-- dann frazier <dannf at debian.org> Fri, 20 Mar 2009 13:12:12 -0600
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0042-iptables-setup-init-iptables-mask-before-net-initia.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0042-iptables-setup-init-iptables-mask-before-net-initia.patch Fri Mar 20 21:54:09 2009
@@ -0,0 +1,90 @@
+From ce67d5b4cc85fa0c6a6d226d436276ab307ae041 Mon Sep 17 00:00:00 2001
+From: Vitaliy Gusev <vgusev at openvz.org>
+Date: Mon, 20 Oct 2008 15:38:43 +0400
+Subject: [PATCH] iptables: setup init iptables mask before net initialization
+
+Net initialization uses iptables init mask and checks
+VE_IP_IPTABLES6, VE_IP_FILTER6, VE_IP_MANGLE6.
+Thus without setup before net init, VE's ipv6 iptables
+will not be initialized.
+
+Signed-off-by: Vitaliy Gusev <vgusev at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ kernel/ve/vecalls.c | 45 +++++++++++++++++++++++++--------------------
+ 1 files changed, 25 insertions(+), 20 deletions(-)
+
+diff --git a/kernel/ve/vecalls.c b/kernel/ve/vecalls.c
+index b04c19f..55d8b7b 100644
+--- a/kernel/ve/vecalls.c
++++ b/kernel/ve/vecalls.c
+@@ -939,27 +939,8 @@ EXPORT_SYMBOL(ve_move_task);
+ static int do_ve_iptables(struct ve_struct *ve, __u64 init_mask,
+ int init_or_cleanup)
+ {
+- int err;
++ int err = 0;
+
+- /* Remove when userspace will start supplying IPv6-related bits. */
+- init_mask &= ~VE_IP_IPTABLES6;
+- init_mask &= ~VE_IP_FILTER6;
+- init_mask &= ~VE_IP_MANGLE6;
+- init_mask &= ~VE_IP_IPTABLE_NAT_MOD;
+- init_mask &= ~VE_NF_CONNTRACK_MOD;
+- if ((init_mask & VE_IP_IPTABLES) == VE_IP_IPTABLES)
+- init_mask |= VE_IP_IPTABLES6;
+- if ((init_mask & VE_IP_FILTER) == VE_IP_FILTER)
+- init_mask |= VE_IP_FILTER6;
+- if ((init_mask & VE_IP_MANGLE) == VE_IP_MANGLE)
+- init_mask |= VE_IP_MANGLE6;
+- if ((init_mask & VE_IP_NAT) == VE_IP_NAT)
+- init_mask |= VE_IP_IPTABLE_NAT;
+-
+- if ((init_mask & VE_IP_CONNTRACK) == VE_IP_CONNTRACK)
+- init_mask |= VE_NF_CONNTRACK;
+-
+- err = 0;
+ if (!init_or_cleanup)
+ goto cleanup;
+
+@@ -1026,6 +1007,29 @@ static inline void fini_ve_iptables(struct ve_struct *ve, __u64 init_mask)
+ (void)do_ve_iptables(ve, init_mask, 0);
+ }
+
++static __u64 setup_iptables_mask(__u64 init_mask)
++{
++ /* Remove when userspace will start supplying IPv6-related bits. */
++ init_mask &= ~VE_IP_IPTABLES6;
++ init_mask &= ~VE_IP_FILTER6;
++ init_mask &= ~VE_IP_MANGLE6;
++ init_mask &= ~VE_IP_IPTABLE_NAT_MOD;
++ init_mask &= ~VE_NF_CONNTRACK_MOD;
++ if ((init_mask & VE_IP_IPTABLES) == VE_IP_IPTABLES)
++ init_mask |= VE_IP_IPTABLES6;
++ if ((init_mask & VE_IP_FILTER) == VE_IP_FILTER)
++ init_mask |= VE_IP_FILTER6;
++ if ((init_mask & VE_IP_MANGLE) == VE_IP_MANGLE)
++ init_mask |= VE_IP_MANGLE6;
++ if ((init_mask & VE_IP_NAT) == VE_IP_NAT)
++ init_mask |= VE_IP_IPTABLE_NAT;
++
++ if ((init_mask & VE_IP_CONNTRACK) == VE_IP_CONNTRACK)
++ init_mask |= VE_NF_CONNTRACK;
++
++ return init_mask;
++}
++
+ #else
+ #define init_ve_iptables(x, y) (0)
+ #define fini_ve_iptables(x, y) do { } while (0)
+@@ -1162,6 +1166,7 @@ static int do_env_create(envid_t veid, unsigned int flags, u32 class_id,
+ /* Set up ipt_mask as it will be used during
+ * net namespace initialization
+ */
++ init_mask = setup_iptables_mask(init_mask);
+ ve->ipt_mask = init_mask;
+ #endif
+
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0045-Correct-per-process-capabilities-bounding-set-in-CT.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0045-Correct-per-process-capabilities-bounding-set-in-CT.patch Fri Mar 20 21:54:09 2009
@@ -0,0 +1,30 @@
+From 134416f49ad04db56afd7eb2a41ddef4f157ea6f Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <khlebnikov at openvz.org>
+Date: Fri, 14 Nov 2008 19:19:40 +0300
+Subject: [PATCH] Correct per-process capabilities bounding set in CT
+
+Otherwise tasks in container may have unlimited capabilities...
+
+(#127136)
+
+Singed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ kernel/ve/vecalls.c | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/kernel/ve/vecalls.c b/kernel/ve/vecalls.c
+index 55d8b7b..4a4a24b 100644
+--- a/kernel/ve/vecalls.c
++++ b/kernel/ve/vecalls.c
+@@ -869,6 +869,7 @@ static void set_task_ve_caps(struct task_struct *tsk, struct ve_struct *ve)
+ tsk->cap_effective = cap_intersect(tsk->cap_effective, bset);
+ tsk->cap_inheritable = cap_intersect(tsk->cap_inheritable, bset);
+ tsk->cap_permitted = cap_intersect(tsk->cap_permitted, bset);
++ tsk->cap_bset = cap_intersect(tsk->cap_bset, bset);
+ spin_unlock(&task_capability_lock);
+ }
+
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0049-cpt-Make-the-proper-check-for-sigmask.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0049-cpt-Make-the-proper-check-for-sigmask.patch Fri Mar 20 21:54:09 2009
@@ -0,0 +1,41 @@
+From 029cecb45ceb652b0add04388fcaabe822e83660 Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <khlebnikov at openvz.org>
+Date: Mon, 29 Dec 2008 19:37:47 +0300
+Subject: [PATCH] cpt: Make the proper check for sigmask
+
+invalid check of TS_RESTORE_SIGMASK (always false!)
+
+original code ..rhel5..2.6.24 code from diff-cpt-sigsuspend-lockup-20070131
+if (!signal_pending(current) &&
+!test_thread_flag(TIF_RESTORE_SIGMASK)) {
+
+TIF_RESTORE_SIGMASK replaced with TS_RESTORE_SIGMASK and
+after commit 7648d96 setting TS_RESTORE_SIGMASK always set TIF_SIGPENDING.
+
+so, second check is not needed.
+
+http://bugzilla.openvz.org/show_bug.cgi?id=1122
+
+Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ kernel/cpt/rst_process.c | 3 +--
+ 1 files changed, 1 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/cpt/rst_process.c b/kernel/cpt/rst_process.c
+index f3f383c..a05390e 100644
+--- a/kernel/cpt/rst_process.c
++++ b/kernel/cpt/rst_process.c
+@@ -814,8 +814,7 @@ static void rst_restart_sys(void)
+ }
+ }
+
+- if (!signal_pending(current) &&
+- !current_thread_info()->status & TS_RESTORE_SIGMASK) {
++ if (!signal_pending(current)) {
+ if (SYSCALL_ERRNO(regs) == ERESTARTSYS ||
+ SYSCALL_ERRNO(regs) == ERESTARTNOINTR ||
+ SYSCALL_ERRNO(regs) == ERESTARTNOHAND) {
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0052-ms-fix-inotify-umount.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0052-ms-fix-inotify-umount.patch Fri Mar 20 21:54:09 2009
@@ -0,0 +1,133 @@
+From 86d74166a99f5ece5bcd46b85cba4ebd54126685 Mon Sep 17 00:00:00 2001
+From: Dmitri Monakhov <dmonakhov at openvz.org>
+Date: Wed, 26 Nov 2008 15:29:09 +0300
+Subject: [PATCH] ms: fix inotify umount
+
+On umount two event will be dispatched to watcher:
+1: inotify_dev_queue_event(.., IN_UNMOUNT,..)
+2: remove_watch(watch, dev)
+ ->inotify_dev_queue_event(.., IN_IGNORED, ..)
+But if watcher has IN_ONESHOT bit set then the watcher will be released
+inside first event. Which result in accessing invalid object later.
+IMHO it is not pure regression. This bug wasn't triggered while initial
+inotify interface testing phase because of another bug in IN_ONESHOT
+handling logic :)
+ commit ac74c00e499ed276a965e5b5600667d5dc04a84a
+ Author: Ulisses Furquim <ulissesf at gmail.com>
+ Date: Fri Feb 8 04:18:16 2008 -0800
+ inotify: fix check for one-shot watches before destroying them
+ As the IN_ONESHOT bit is never set when an event is sent we must check it
+ in the watch's mask and not in the event's mask.
+
+TESTCASE:
+#Seems rkagan@ was the only one who try this since feb 2008 :)
+mkdir mnt
+mount -ttmpfs none mnt
+mkdir mnt/d
+/inotify mnt/d&
+umount mnt ## << lockup or crash here
+
+TESTSOURCE:
+/* gcc -oinotify inotify.c */
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/inotify.h>
+
+int main(int argc, char **argv)
+{
+ char buf[1024];
+ struct inotify_event *ie;
+ char *p;
+ int i;
+ ssize_t l;
+
+ p = argv[1];
+ i = inotify_init();
+ inotify_add_watch(i, p, ~0);
+
+ l = read(i, buf, sizeof(buf));
+ printf("read %d bytes\n", l);
+ ie = (struct inotify_event *) buf;
+ printf("event mask: %d\n", ie->mask);
+ return 0;
+}
+
+From: Dmitri Monakhov <dmonakhov at openvz.org>
+Date: Wed, 26 Nov 2008 15:18:24 +0300
+Subject: [PATCH] Fix incorrect refcount while dispatching unmount event
+
+On umount two event will be dispatched to watcher:
+1: inotify_dev_queue_event(.., IN_UNMOUNT,..)
+2: remove_watch(watch, dev)
+ ->inotify_dev_queue_event(.., IN_IGNORED, ..)
+But if watcher has IN_ONESHOT bit set then the watcher will be released
+inside first event. Which result in accessing invalid object later.
+IMHO it is not pure regression. This bug wasn't triggered while initial
+inotify interface testing phase because of another bug in IN_ONESHOT
+handling logic :)
+ commit ac74c00e499ed276a965e5b5600667d5dc04a84a
+ Author: Ulisses Furquim <ulissesf at gmail.com>
+ Date: Fri Feb 8 04:18:16 2008 -0800
+ inotify: fix check for one-shot watches before destroying them
+ As the IN_ONESHOT bit is never set when an event is sent we must check it
+ in the watch's mask and not in the event's mask.
+
+TESTCASE:
+mkdir mnt
+mount -ttmpfs none mnt
+mkdir mnt/d
+/inotify mnt/d&
+umount mnt ## << lockup or crash here
+
+TESTSOURCE:
+/* gcc -oinotify inotify.c */
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/inotify.h>
+
+int main(int argc, char **argv)
+{
+ char buf[1024];
+ struct inotify_event *ie;
+ char *p;
+ int i;
+ ssize_t l;
+
+ p = argv[1];
+ i = inotify_init();
+ inotify_add_watch(i, p, ~0);
+
+ l = read(i, buf, sizeof(buf));
+ printf("read %d bytes\n", l);
+ ie = (struct inotify_event *) buf;
+ printf("event mask: %d\n", ie->mask);
+ return 0;
+}
+
+Signed-off-by: Dmitri Monakhov <dmonakhov at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ fs/inotify.c | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/fs/inotify.c b/fs/inotify.c
+index 01ddb06..b2671b6 100644
+--- a/fs/inotify.c
++++ b/fs/inotify.c
+@@ -398,11 +398,13 @@ void inotify_unmount_inodes(struct list_head *list)
+ watches = &inode->inotify_watches;
+ list_for_each_entry_safe(watch, next_w, watches, i_list) {
+ struct inotify_handle *ih= watch->ih;
++ get_inotify_watch(watch);
+ mutex_lock(&ih->mutex);
+ ih->in_ops->handle_event(watch, watch->wd, IN_UNMOUNT, 0,
+ NULL, NULL);
+ inotify_remove_watch_locked(ih, watch);
+ mutex_unlock(&ih->mutex);
++ put_inotify_watch(watch);
+ }
+ mutex_unlock(&inode->inotify_mutex);
+ iput(inode);
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0059-Don-t-dereference-NULL-tsk-mm-in-ve_move_task.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0059-Don-t-dereference-NULL-tsk-mm-in-ve_move_task.patch Fri Mar 20 21:54:09 2009
@@ -0,0 +1,30 @@
+From c5c1032d4b6519d1e3a37853c5c0fd7fbd1f8798 Mon Sep 17 00:00:00 2001
+From: Vitaliy Gusev <vgusev at openvz.org>
+Date: Tue, 13 Jan 2009 18:23:55 +0300
+Subject: [PATCH] Don't dereference NULL tsk->mm in ve_move_task
+
+Kthreads are mmless...
+
+Signed-off-by: Vitaliy Gusev <vgusev at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ kernel/ve/vecalls.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/kernel/ve/vecalls.c b/kernel/ve/vecalls.c
+index 376bbfb..34bcbcd 100644
+--- a/kernel/ve/vecalls.c
++++ b/kernel/ve/vecalls.c
+@@ -883,7 +883,8 @@ void ve_move_task(struct task_struct *tsk, struct ve_struct *new)
+ BUG_ON(!(thread_group_leader(tsk) && thread_group_empty(tsk)));
+
+ /* this probihibts ptracing of task entered to VE from host system */
+- tsk->mm->vps_dumpable = 0;
++ if (tsk->mm)
++ tsk->mm->vps_dumpable = 0;
+ /* setup capabilities before enter */
+ set_task_ve_caps(tsk, new);
+
+--
+1.6.0.6
+
Modified: dists/lenny/linux-2.6/debian/patches/series/14-extra
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/14-extra (original)
+++ dists/lenny/linux-2.6/debian/patches/series/14-extra Fri Mar 20 21:54:09 2009
@@ -11,3 +11,8 @@
+ features/all/openvz/0033-netfilter-NAT-assign-nf_nat_seq_adjust_hook-from-V.patch featureset=openvz
+ features/all/openvz/0034-netfilter-call-nf_register_hooks-from-VE0-context-o.patch featureset=openvz
+ features/all/openvz/simfs-getatts-fix-oops-on-NULL-mnt.patch featureset=openvz
++ features/all/openvz/0042-iptables-setup-init-iptables-mask-before-net-initia.patch featureset=openvz
++ features/all/openvz/0045-Correct-per-process-capabilities-bounding-set-in-CT.patch featureset=openvz
++ features/all/openvz/0049-cpt-Make-the-proper-check-for-sigmask.patch featureset=openvz
++ features/all/openvz/0052-ms-fix-inotify-umount.patch featureset=openvz
++ features/all/openvz/0059-Don-t-dereference-NULL-tsk-mm-in-ve_move_task.patch featureset=openvz
More information about the Kernel-svn-changes
mailing list