[kernel] r13200 - in dists/lenny/linux-2.6/debian: . patches/features/all/openvz patches/series
Maximilian Attems
maks at alioth.debian.org
Sun Mar 22 21:12:59 UTC 2009
Author: maks
Date: Sun Mar 22 21:12:55 2009
New Revision: 13200
Log:
openvz add several stable proposed patches
this fourth serie are selected ABI breaker from 0030-0049
Reported-by: Kir Kolyshkin <kir at openvz.org>
Tested-by: Ola Lundqvist <ola at inguza.com>
Added:
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0031-Add-VE-features-for-sit-and-ipip-devices.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0040-Simplify-call-__dev_change_net_namespace-by-remove.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0041-Adjust-VE-before-call-netdev_unregister_kobject-netd.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0042-netns-fix-net_generic-array-leak.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0043-net-set-ve-context-when-init-exit-method-is-called.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0044-vzwdog-walk-through-the-block-devices-list-properly.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0046-netns-enable-cross-ve-Unix-sockets.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0047-netfilter-Fix-NULL-dereference-in-nf_nat_setup_info.patch
dists/lenny/linux-2.6/debian/patches/features/all/openvz/0048-netfilter-Add-check-to-the-nat-hooks.patch
Modified:
dists/lenny/linux-2.6/debian/changelog
dists/lenny/linux-2.6/debian/patches/series/14-extra
Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog (original)
+++ dists/lenny/linux-2.6/debian/changelog Sun Mar 22 21:12:55 2009
@@ -92,6 +92,18 @@
* [openvz] 2c1b2f7 conntrack: Allocate/free ve_nf_conntrack_l3proto_ipv6.
* [openvz] e29a555 ct: Move _nf_conntrack_l3proto_ipv6 to net namespace.
* [openvz] 4355344 conntrack: fix oops in nf_ct_frag6_gather.
+ * [openvz] bd5e806 Add "VE features" for sit and ipip devices.
+ * [openvz] 9baf6095 Simplify call __dev_change_net_namespace() by remove
+ parameters.
+ * [openvz] 35f41f11 Adjust VE before call
+ netdev_unregister_kobject/netdev_register_kobject.
+ * [openvz] 83ea78e netns: fix net_generic array leak.
+ * [openvz] ce67d5b iptables: setup init iptables mask before net
+ initialization.
+ * [openvz] 6b9fe02 vzwdog: walk through the block devices list properly.
+ * [openvz] 6b9fe02 netns: enable cross-ve Unix sockets.
+ * [openvz] 1acba85 netfilter: Fix NULL dereference in nf_nat_setup_info.
+ * [openvz] b405aed netfilter: Add check to the nat hooks.
-- dann frazier <dannf at debian.org> Sun, 22 Mar 2009 14:09:23 -0600
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0031-Add-VE-features-for-sit-and-ipip-devices.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0031-Add-VE-features-for-sit-and-ipip-devices.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,143 @@
+From bd5e8068db8448a24b87f096622a5f4dac93b31a Mon Sep 17 00:00:00 2001
+From: Pavel Emelyanov <xemul at openvz.org>
+Date: Tue, 30 Sep 2008 19:03:04 +0400
+Subject: [PATCH] Add "VE features" for sit and ipip devices.
+
+Currently these devices are created unconditionally in *each*
+ve after ipip or sit module load. This is bad for many reasons.
+
+I add two features, just like it's done for 2.6.18-rh5 kernel.
+The migration support will become available a bit later - I
+don't want to push the existing implementation till we settle
+with the new netdeives migration scheme (in rh5 of course).
+
+http://bugzilla.openvz.org/show_bug.cgi?id=874
+
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ include/linux/vzcalluser.h | 2 ++
+ kernel/ve/ve.c | 2 ++
+ net/ipv4/ipip.c | 10 ++++++++++
+ net/ipv6/sit.c | 10 ++++++++++
+ 4 files changed, 24 insertions(+), 0 deletions(-)
+
+diff --git a/include/linux/vzcalluser.h b/include/linux/vzcalluser.h
+index a62b84c..46c04e6 100644
+--- a/include/linux/vzcalluser.h
++++ b/include/linux/vzcalluser.h
+@@ -104,6 +104,8 @@ struct env_create_param3 {
+ #define VE_FEATURE_SYSFS (1ULL << 0)
+ #define VE_FEATURE_NFS (1ULL << 1)
+ #define VE_FEATURE_DEF_PERMS (1ULL << 2)
++#define VE_FEATURE_SIT (1ULL << 3)
++#define VE_FEATURE_IPIP (1ULL << 4)
+
+ #define VE_FEATURES_OLD (VE_FEATURE_SYSFS)
+ #define VE_FEATURES_DEF (VE_FEATURE_SYSFS | \
+diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
+index d4ba7b3..7322e50 100644
+--- a/kernel/ve/ve.c
++++ b/kernel/ve/ve.c
+@@ -36,6 +36,7 @@
+ #include <linux/devpts_fs.h>
+
+ #include <linux/nfcalls.h>
++#include <linux/vzcalluser.h>
+
+ unsigned long vz_rstamp = 0x37e0f59d;
+
+@@ -105,6 +106,7 @@ struct ve_struct ve0 = {
+ #ifdef CONFIG_VE_IPTABLES
+ .ipt_mask = ~0ULL,
+ #endif
++ .features = VE_FEATURE_SIT | VE_FEATURE_IPIP,
+ };
+
+ EXPORT_SYMBOL(ve0);
+diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
+index af5cb53..67f3736 100644
+--- a/net/ipv4/ipip.c
++++ b/net/ipv4/ipip.c
+@@ -108,6 +108,7 @@
+ #include <linux/init.h>
+ #include <linux/netfilter_ipv4.h>
+ #include <linux/if_ether.h>
++#include <linux/vzcalluser.h>
+
+ #include <net/sock.h>
+ #include <net/ip.h>
+@@ -146,6 +147,9 @@ static struct ip_tunnel * ipip_tunnel_lookup(struct net *net,
+ struct ip_tunnel *t;
+ struct ipip_net *ipn = net_generic(net, ipip_net_id);
+
++ if (ipn == NULL)
++ return NULL;
++
+ for (t = ipn->tunnels_r_l[h0^h1]; t; t = t->next) {
+ if (local == t->parms.iph.saddr &&
+ remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
+@@ -779,6 +783,9 @@ static int ipip_init_net(struct net *net)
+ int err;
+ struct ipip_net *ipn;
+
++ if (!(get_exec_env()->features & VE_FEATURE_IPIP))
++ return 0;
++
+ err = -ENOMEM;
+ ipn = kzalloc(sizeof(struct ipip_net), GFP_KERNEL);
+ if (ipn == NULL)
+@@ -824,6 +831,9 @@ static void ipip_exit_net(struct net *net)
+ struct ipip_net *ipn;
+
+ ipn = net_generic(net, ipip_net_id);
++ if (ipn == NULL) /* no VE_FEATURE_IPIP */
++ return;
++
+ rtnl_lock();
+ ipip_destroy_tunnels(ipn);
+ unregister_netdevice(ipn->fb_tunnel_dev);
+diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
+index 32e871a..f8b0bdc 100644
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -34,6 +34,7 @@
+ #include <linux/init.h>
+ #include <linux/netfilter_ipv4.h>
+ #include <linux/if_ether.h>
++#include <linux/vzcalluser.h>
+
+ #include <net/sock.h>
+ #include <net/snmp.h>
+@@ -89,6 +90,9 @@ static struct ip_tunnel * ipip6_tunnel_lookup(struct net *net,
+ struct ip_tunnel *t;
+ struct sit_net *sitn = net_generic(net, sit_net_id);
+
++ if (sitn == NULL)
++ return NULL;
++
+ for (t = sitn->tunnels_r_l[h0^h1]; t; t = t->next) {
+ if (local == t->parms.iph.saddr &&
+ remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
+@@ -1013,6 +1017,9 @@ static int sit_init_net(struct net *net)
+ int err;
+ struct sit_net *sitn;
+
++ if (!(get_exec_env()->features & VE_FEATURE_SIT))
++ return 0;
++
+ err = -ENOMEM;
+ sitn = kzalloc(sizeof(struct sit_net), GFP_KERNEL);
+ if (sitn == NULL)
+@@ -1057,6 +1064,9 @@ static void sit_exit_net(struct net *net)
+ struct sit_net *sitn;
+
+ sitn = net_generic(net, sit_net_id);
++ if (sitn == NULL) /* no VE_FEATURE_SIT */
++ return;
++
+ rtnl_lock();
+ sit_destroy_tunnels(sitn);
+ unregister_netdevice(sitn->fb_tunnel_dev);
+--
+1.6.2
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0040-Simplify-call-__dev_change_net_namespace-by-remove.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0040-Simplify-call-__dev_change_net_namespace-by-remove.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,114 @@
+From 9baf6095c98f930e02769b09addbd4b5f18772d5 Mon Sep 17 00:00:00 2001
+From: Vitaliy Gusev <vgusev at openvz.org>
+Date: Tue, 14 Oct 2008 19:18:57 +0400
+Subject: [PATCH] Simplify call __dev_change_net_namespace() by remove parameters.
+
+1. Source VE and destination VE doesn't need to pass to the
+__dev_change_net_namespace() as src VE can be obtained from
+dev->owner_env and dst VE from net->owner_ve.
+
+2. Destination VE that is passed to __dev_change_net_namespace()
+was wrong, so this patch also fixes it.
+
+Related to the bug http://bugzilla.openvz.org/show_bug.cgi?id=1044
+
+Signed-off-by: Vitaliy Gusev <vgusev at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ include/linux/netdevice.h | 1 -
+ kernel/ve/vecalls.c | 5 ++---
+ net/core/dev.c | 14 ++++++++------
+ 3 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
+index bacc0a0..2e2acdb 100644
+--- a/include/linux/netdevice.h
++++ b/include/linux/netdevice.h
+@@ -1175,7 +1175,6 @@ extern unsigned dev_get_flags(const struct net_device *);
+ extern int dev_change_flags(struct net_device *, unsigned);
+ extern int dev_change_name(struct net_device *, char *);
+ int __dev_change_net_namespace(struct net_device *, struct net *, const char *,
+- struct ve_struct *src_ve, struct ve_struct *dst_ve,
+ struct user_beancounter *exec_ub);
+ extern int dev_change_net_namespace(struct net_device *,
+ struct net *, const char *);
+diff --git a/kernel/ve/vecalls.c b/kernel/ve/vecalls.c
+index 5aab66c..b04c19f 100644
+--- a/kernel/ve/vecalls.c
++++ b/kernel/ve/vecalls.c
+@@ -1805,8 +1805,7 @@ static int ve_dev_add(envid_t veid, char *dev_name)
+ if (dev == NULL)
+ goto out_unlock;
+
+- err = __dev_change_net_namespace(dev, dst_net, dev_name,
+- get_ve0(), dst_ve, get_exec_ub());
++ err = __dev_change_net_namespace(dev, dst_net, dev_name, get_exec_ub());
+ out_unlock:
+ rtnl_unlock();
+ real_put_ve(dst_ve);
+@@ -1840,7 +1839,7 @@ static int ve_dev_del(envid_t veid, char *dev_name)
+ goto out_unlock;
+
+ err = __dev_change_net_namespace(dev, &init_net, dev_name,
+- src_ve, get_ve0(), netdev_bc(dev)->owner_ub);
++ netdev_bc(dev)->owner_ub);
+ out_unlock:
+ rtnl_unlock();
+ real_put_ve(src_ve);
+diff --git a/net/core/dev.c b/net/core/dev.c
+index 26b529f..ce7e730 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -4207,14 +4207,17 @@ EXPORT_SYMBOL(unregister_netdev);
+ */
+
+ int __dev_change_net_namespace(struct net_device *dev, struct net *net, const char *pat,
+- struct ve_struct *src_ve, struct ve_struct *dst_ve,
+ struct user_beancounter *exec_ub)
+ {
+ char buf[IFNAMSIZ];
+ const char *destname;
+ int err;
+- struct ve_struct *cur_ve;
+ struct user_beancounter *tmp_ub;
++#ifdef CONFIG_VE
++ struct ve_struct *cur_ve = get_exec_env();
++ struct ve_struct *src_ve = dev->owner_env;
++ struct ve_struct *dst_ve = net->owner_ve;
++#endif
+
+ ASSERT_RTNL();
+
+@@ -4278,7 +4281,7 @@ int __dev_change_net_namespace(struct net_device *dev, struct net *net, const ch
+ /* Notify protocols, that we are about to destroy
+ this device. They should clean all the things.
+ */
+- cur_ve = set_exec_env(src_ve);
++ set_exec_env(src_ve);
+ call_netdevice_notifiers(NETDEV_UNREGISTER, dev);
+ (void)set_exec_env(cur_ve);
+
+@@ -4311,7 +4314,7 @@ int __dev_change_net_namespace(struct net_device *dev, struct net *net, const ch
+ list_netdevice(dev);
+
+ /* Notify protocols, that a new device appeared. */
+- cur_ve = set_exec_env(dst_ve);
++ set_exec_env(dst_ve);
+ call_netdevice_notifiers(NETDEV_REGISTER, dev);
+ (void)set_exec_env(cur_ve);
+
+@@ -4323,10 +4326,9 @@ out:
+
+ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char *pat)
+ {
+- struct ve_struct *ve = get_exec_env();
+ struct user_beancounter *ub = get_exec_ub();
+
+- return __dev_change_net_namespace(dev, net, pat, ve, ve, ub);
++ return __dev_change_net_namespace(dev, net, pat, ub);
+ }
+
+ static int dev_cpu_callback(struct notifier_block *nfb,
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0041-Adjust-VE-before-call-netdev_unregister_kobject-netd.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0041-Adjust-VE-before-call-netdev_unregister_kobject-netd.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,34 @@
+From 35f41f111afc1a9f024153ac43d8d829a894fb2b Mon Sep 17 00:00:00 2001
+From: Vitaliy Gusev <vgusev at openvz.org>
+Date: Tue, 14 Oct 2008 19:20:33 +0400
+Subject: [PATCH] Adjust VE before call netdev_unregister_kobject/netdev_register_kobject
+
+These function use visible_net_class.
+
+http://bugzilla.openvz.org/show_bug.cgi?id=1044
+
+Signed-off-by: Vitaliy Gusev <vgusev at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ net/core/dev.c | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/net/core/dev.c b/net/core/dev.c
+index ce7e730..246deda 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -4306,8 +4306,11 @@ int __dev_change_net_namespace(struct net_device *dev, struct net *net, const ch
+ }
+
+ /* Fixup kobjects */
++ set_exec_env(src_ve);
+ netdev_unregister_kobject(dev);
++ set_exec_env(dst_ve);
+ err = netdev_register_kobject(dev);
++ set_exec_env(cur_ve);
+ WARN_ON(err);
+
+ /* Add the device back in the hashes */
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0042-netns-fix-net_generic-array-leak.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0042-netns-fix-net_generic-array-leak.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,27 @@
+From 83ea78e92c2ef11d0b67cc5f2563f68679446886 Mon Sep 17 00:00:00 2001
+From: Alexey Dobriyan <adobriyan at gmail.com>
+Date: Wed, 15 Oct 2008 08:15:22 +0400
+Subject: [PATCH] netns: fix net_generic array leak
+
+Signed-off-by: Alexey Dobriyan <adobriyan at gmail.com>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ net/core/net_namespace.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
+index e1aeb0e..4ccdf17 100644
+--- a/net/core/net_namespace.c
++++ b/net/core/net_namespace.c
+@@ -102,7 +102,7 @@ static void net_free(struct net *net)
+ return;
+ }
+ #endif
+-
++ kfree(net->gen);
+ sysfs_completion = net->sysfs_completion;
+ kmem_cache_free(net_cachep, net);
+ if (sysfs_completion)
+--
+1.6.2
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0043-net-set-ve-context-when-init-exit-method-is-called.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0043-net-set-ve-context-when-init-exit-method-is-called.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,78 @@
+From fffc6ffba65ec0b12aeb89f2e4a448785298aa75 Mon Sep 17 00:00:00 2001
+From: Vitaliy Gusev <vgusev at openvz.org>
+Date: Fri, 31 Oct 2008 16:48:47 +0300
+Subject: [PATCH] net: set ve context when init/exit method is called
+
+Both pernet init and exit methods are called:
+ - from VE context when VE is created;
+ - from VE0 context if module registers pernet operations
+
+This difference in approches leads to many nasty things, since the
+init callback can be actually called with wrong exec_env.
+
+Unify both approaches.
+
+Signed-off-by: Vitaliy Gusev <vgusev at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ net/core/net_namespace.c | 20 +++++++++++++++++++-
+ 1 files changed, 19 insertions(+), 1 deletions(-)
+
+diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
+index 4ccdf17..523eba0 100644
+--- a/net/core/net_namespace.c
++++ b/net/core/net_namespace.c
+@@ -232,6 +232,16 @@ static int __init net_ns_init(void)
+ pure_initcall(net_ns_init);
+
+ #ifdef CONFIG_NET_NS
++
++#include <linux/netdevice.h>
++
++static inline void set_net_context(struct net *net)
++{
++ set_exec_env(net->owner_ve);
++ if (net->loopback_dev)
++ set_exec_ub(netdev_bc(net->loopback_dev)->exec_ub);
++}
++
+ static int register_pernet_operations(struct list_head *list,
+ struct pernet_operations *ops)
+ {
+@@ -241,7 +251,9 @@ static int register_pernet_operations(struct list_head *list,
+ list_add_tail(&ops->list, list);
+ if (ops->init) {
+ for_each_net(net) {
++ set_net_context(net);
+ error = ops->init(net);
++ set_net_context(&init_net);
+ if (error)
+ goto out_undo;
+ }
+@@ -255,7 +267,10 @@ out_undo:
+ for_each_net(undo_net) {
+ if (undo_net == net)
+ goto undone;
++
++ set_net_context(undo_net);
+ ops->exit(undo_net);
++ set_net_context(&init_net);
+ }
+ }
+ undone:
+@@ -268,8 +283,11 @@ static void unregister_pernet_operations(struct pernet_operations *ops)
+
+ list_del(&ops->list);
+ if (ops->exit)
+- for_each_net(net)
++ for_each_net(net) {
++ set_net_context(net);
+ ops->exit(net);
++ set_net_context(&init_net);
++ }
+ }
+
+ #else
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0044-vzwdog-walk-through-the-block-devices-list-properly.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0044-vzwdog-walk-through-the-block-devices-list-properly.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,72 @@
+From 6b9fe0296b1aa5b2e70e9ba9790e4bd9af5908c6 Mon Sep 17 00:00:00 2001
+From: Pavel Emelyanov <xemul at openvz.org>
+Date: Wed, 5 Nov 2008 11:53:48 +0300
+Subject: [PATCH] vzwdog: walk through the block devices list properly
+
+Copied check from the show_partitions...
+
+http://bugzilla.openvz.org/show_bug.cgi?id=1064
+
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ block/genhd.c | 5 +++--
+ include/linux/genhd.h | 1 +
+ kernel/ve/vzwdog.c | 6 +++++-
+ 3 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/block/genhd.c b/block/genhd.c
+index 901cf04..93ffcfb 100644
+--- a/block/genhd.c
++++ b/block/genhd.c
+@@ -24,7 +24,8 @@ static DEFINE_MUTEX(block_class_lock);
+ struct kobject *block_depr;
+ #endif
+
+-static struct device_type disk_type;
++struct device_type disk_type;
++EXPORT_SYMBOL(disk_type);
+
+ /*
+ * Can be deleted altogether. Later.
+@@ -515,7 +516,7 @@ struct class block_class = {
+ };
+ EXPORT_SYMBOL(block_class);
+
+-static struct device_type disk_type = {
++struct device_type disk_type = {
+ .name = "disk",
+ .groups = disk_attr_groups,
+ .release = disk_release,
+diff --git a/include/linux/genhd.h b/include/linux/genhd.h
+index ae7aec3..8f28767 100644
+--- a/include/linux/genhd.h
++++ b/include/linux/genhd.h
+@@ -21,6 +21,7 @@
+ extern struct device_type part_type;
+ extern struct kobject *block_depr;
+ extern struct class block_class;
++extern struct device_type disk_type;
+
+ extern const struct seq_operations partitions_op;
+ extern const struct seq_operations diskstats_op;
+diff --git a/kernel/ve/vzwdog.c b/kernel/ve/vzwdog.c
+index 7117365..4510f5d 100644
+--- a/kernel/ve/vzwdog.c
++++ b/kernel/ve/vzwdog.c
+@@ -184,8 +184,12 @@ static void show_diskio(void)
+
+ list_for_each_entry(dev, &block_class.devices, node) {
+ char *name;
+- struct gendisk *gd = dev_to_disk(dev);
++ struct gendisk *gd;
++
++ if (dev->type != &disk_type)
++ continue;
+
++ gd = dev_to_disk(dev);
+ name = disk_name(gd, 0, buf);
+ if ((strlen(name) > 4) && (strncmp(name, "loop", 4) == 0) &&
+ isdigit(name[4]))
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0046-netns-enable-cross-ve-Unix-sockets.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0046-netns-enable-cross-ve-Unix-sockets.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,27 @@
+From 89451f9b7cf93d3c71cdb201c624244eb49f1223 Mon Sep 17 00:00:00 2001
+From: Denis V. Lunev <den at openvz.org>
+Date: Wed, 24 Sep 2008 14:35:09 +0400
+Subject: [PATCH] netns: enable cross-ve Unix sockets
+
+Signed-off-by: Denis V. Lunev <den at openvz.org>
+---
+ net/unix/af_unix.c | 3 ---
+ 1 files changed, 0 insertions(+), 3 deletions(-)
+
+diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
+index 39d2173..0e1eccd 100644
+--- a/net/unix/af_unix.c
++++ b/net/unix/af_unix.c
+@@ -297,9 +297,6 @@ static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i)
+ &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
+ struct dentry *dentry = unix_sk(s)->dentry;
+
+- if (!net_eq(sock_net(s), net))
+- continue;
+-
+ if(dentry && dentry->d_inode == i)
+ {
+ sock_hold(s);
+--
+1.6.2
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0047-netfilter-Fix-NULL-dereference-in-nf_nat_setup_info.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0047-netfilter-Fix-NULL-dereference-in-nf_nat_setup_info.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,164 @@
+From 1acba8533b788e95c52f827d06d9629d672c80fc Mon Sep 17 00:00:00 2001
+From: Vitaliy Gusev <vgusev at openvz.org>
+Date: Wed, 19 Nov 2008 20:50:25 +0300
+Subject: [PATCH] netfilter: Fix NULL dereference in nf_nat_setup_info
+
+If conntrack is allowed in VE but iptable_nat is not allowed and loaded
+then Oops occurs:
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
+ IP: [<ffffffffa0123df6>] :nf_nat:nf_nat_setup_info+0x343/0x489
+ Oops: 0000 [1] SMP DEBUG_PAGEALLOC
+ CPU: 1
+ [<ffffffff8028c277>] ? poison_obj+0x27/0x32
+ [<ffffffffa012a084>] :iptable_nat:alloc_null_binding+0x44/0x46
+ [<ffffffffa012a1f7>] :iptable_nat:nf_nat_rule_find+0x62/0x6b
+ [<ffffffffa012a4e5>] :iptable_nat:nf_nat_fn+0x11d/0x149
+ [<ffffffffa012a551>] :iptable_nat:nf_nat_local_fn+0x40/0xbf
+ [<ffffffff80476ad5>] nf_iterate+0x43/0x80
+ [<ffffffff8047efa0>] ? dst_output+0x0/0xd
+ [<ffffffff80476de9>] nf_hook_slow+0x5e/0xc1
+ [<ffffffff8047efa0>] ? dst_output+0x0/0xd
+ [<ffffffff80480314>] __ip_local_out+0x9f/0xa1
+ [<ffffffff80480327>] ip_local_out+0x11/0x24
+ [<ffffffff80480600>] ip_push_pending_frames+0x2c6/0x345
+ [<ffffffff8049b668>] raw_sendmsg+0x6a9/0x739
+ [<ffffffff804a3750>] inet_sendmsg+0x46/0x53
+ [<ffffffff80455ffa>] sock_sendmsg+0xdf/0xf8
+ RIP [<ffffffffa0123df6>] :nf_nat:nf_nat_setup_info+0x343/0x489
+
+So create/use iptable_nat to check was nat table initialized in VE or not.
+
+Bug #1051
+http://bugzilla.openvz.org/show_bug.cgi?id=1051
+
+Signed-off-by: Vitaliy Gusev <vgusev at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ include/linux/netfilter.h | 15 +++++++++++++++
+ include/linux/ve.h | 1 -
+ include/net/netns/ipv4.h | 1 +
+ net/ipv4/netfilter/nf_nat_rule.c | 25 +++++++++++--------------
+ 4 files changed, 27 insertions(+), 15 deletions(-)
+
+diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
+index 8d41ea4..63c92ad 100644
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -394,6 +394,21 @@ static inline struct net *nf_post_routing_net(const struct net_device *in,
+ #endif
+ }
+
++static inline struct net *nf_net(unsigned hook,
++ const struct net_device *in,
++ const struct net_device *out)
++{
++ switch (hook) {
++ case NF_INET_PRE_ROUTING:
++ case NF_INET_LOCAL_IN:
++ case NF_INET_FORWARD:
++ return dev_net(in);
++ case NF_INET_POST_ROUTING:
++ case NF_INET_LOCAL_OUT:
++ return dev_net(out);
++ }
++}
++
+ #ifdef CONFIG_VE_IPTABLES
+ #include <linux/vziptable_defs.h>
+
+diff --git a/include/linux/ve.h b/include/linux/ve.h
+index 2180c1f..f55f43e 100644
+--- a/include/linux/ve.h
++++ b/include/linux/ve.h
+@@ -56,7 +56,6 @@ struct ve_nf_conntrack {
+ struct hlist_head *_bysource;
+ struct nf_nat_protocol **_nf_nat_protos;
+ int _nf_nat_vmalloced;
+- struct xt_table *_nf_nat_table;
+ struct nf_conntrack_l3proto *_nf_nat_l3proto;
+ atomic_t _nf_conntrack_count;
+ int _nf_conntrack_max;
+diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
+index d8588d5..31add33 100644
+--- a/include/net/netns/ipv4.h
++++ b/include/net/netns/ipv4.h
+@@ -34,6 +34,7 @@ struct netns_ipv4 {
+ struct netns_frags frags;
+ #ifdef CONFIG_NETFILTER
+ struct xt_table *iptable_filter;
++ struct xt_table *iptable_nat;
+ struct xt_table *iptable_mangle;
+ struct xt_table *iptable_raw;
+ struct xt_table *arptable_filter;
+diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
+index f301178..505c1cd 100644
+--- a/net/ipv4/netfilter/nf_nat_rule.c
++++ b/net/ipv4/netfilter/nf_nat_rule.c
+@@ -66,12 +66,6 @@ static struct xt_table __nat_table = {
+ .me = THIS_MODULE,
+ .af = AF_INET,
+ };
+-#ifdef CONFIG_VE_IPTABLES
+-#define nat_table \
+- (get_exec_env()->_nf_conntrack->_nf_nat_table)
+-#else
+-static struct xt_table *nat_table;
+-#endif
+
+ /* Source NAT */
+ static unsigned int ipt_snat_target(struct sk_buff *skb,
+@@ -202,7 +196,8 @@ int nf_nat_rule_find(struct sk_buff *skb,
+ {
+ int ret;
+
+- ret = ipt_do_table(skb, hooknum, in, out, nat_table);
++ ret = ipt_do_table(skb, hooknum, in, out,
++ nf_net(hooknum, in, out)->ipv4.iptable_nat);
+
+ if (ret == NF_ACCEPT) {
+ if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum)))
+@@ -237,10 +232,10 @@ int nf_nat_rule_init(void)
+ int ret;
+ struct net *net = get_exec_env()->ve_netns;
+
+- nat_table = ipt_register_table(net, &__nat_table,
++ net->ipv4.iptable_nat = ipt_register_table(net, &__nat_table,
+ &nat_initial_table.repl);
+- if (IS_ERR(nat_table))
+- return PTR_ERR(nat_table);
++ if (IS_ERR(net->ipv4.iptable_nat))
++ return PTR_ERR(net->ipv4.iptable_nat);
+
+ ret = 0;
+ if (!ve_is_super(get_exec_env()))
+@@ -260,20 +255,22 @@ done:
+ unregister_snat:
+ xt_unregister_target(&ipt_snat_reg);
+ unregister_table:
+- ipt_unregister_table(nat_table);
+- nat_table = NULL;
++ ipt_unregister_table(net->ipv4.iptable_nat);
++ net->ipv4.iptable_nat = NULL;
+
+ return ret;
+ }
+
+ void nf_nat_rule_cleanup(void)
+ {
++ struct net *net = get_exec_env()->ve_netns;
++
+ if (!ve_is_super(get_exec_env()))
+ goto skip;
+
+ xt_unregister_target(&ipt_dnat_reg);
+ xt_unregister_target(&ipt_snat_reg);
+ skip:
+- ipt_unregister_table(nat_table);
+- nat_table = NULL;
++ ipt_unregister_table(net->ipv4.iptable_nat);
++ net->ipv4.iptable_nat = NULL;
+ }
+--
+1.6.0.6
+
Added: dists/lenny/linux-2.6/debian/patches/features/all/openvz/0048-netfilter-Add-check-to-the-nat-hooks.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/0048-netfilter-Add-check-to-the-nat-hooks.patch Sun Mar 22 21:12:55 2009
@@ -0,0 +1,82 @@
+From b405aed753ac48a46e66cccfd0a37006fd11feb8 Mon Sep 17 00:00:00 2001
+From: Vitaliy Gusev <vgusev at openvz.org>
+Date: Wed, 19 Nov 2008 20:39:51 +0300
+Subject: [PATCH] netfilter: Add check to the nat hooks
+
+Pass skb if VE wasn't granded to have nat table.
+
+Related to bug #1051
+http://bugzilla.openvz.org/show_bug.cgi?id=1051
+
+Signed-off-by: Vitaliy Gusev <vgusev at openvz.org>
+Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+---
+ net/ipv4/netfilter/nf_nat_standalone.c | 24 +++++++++++++++++++++++-
+ 1 files changed, 23 insertions(+), 1 deletions(-)
+
+diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
+index 72f45db..17d7527 100644
+--- a/net/ipv4/netfilter/nf_nat_standalone.c
++++ b/net/ipv4/netfilter/nf_nat_standalone.c
+@@ -157,6 +157,19 @@ nf_nat_fn(unsigned int hooknum,
+ }
+
+ static unsigned int
++nf_nat_local_in(unsigned int hooknum,
++ struct sk_buff *skb,
++ const struct net_device *in,
++ const struct net_device *out,
++ int (*okfn)(struct sk_buff *))
++{
++ if (!dev_net(in)->ipv4.iptable_nat)
++ return NF_ACCEPT;
++
++ return nf_nat_fn(hooknum, skb, in, out, okfn);
++}
++
++static unsigned int
+ nf_nat_in(unsigned int hooknum,
+ struct sk_buff *skb,
+ const struct net_device *in,
+@@ -166,6 +179,9 @@ nf_nat_in(unsigned int hooknum,
+ unsigned int ret;
+ __be32 daddr = ip_hdr(skb)->daddr;
+
++ if (!dev_net(in)->ipv4.iptable_nat)
++ return NF_ACCEPT;
++
+ ret = nf_nat_fn(hooknum, skb, in, out, okfn);
+ if (ret != NF_DROP && ret != NF_STOLEN &&
+ daddr != ip_hdr(skb)->daddr) {
+@@ -188,6 +204,9 @@ nf_nat_out(unsigned int hooknum,
+ #endif
+ unsigned int ret;
+
++ if (!dev_net(out)->ipv4.iptable_nat)
++ return NF_ACCEPT;
++
+ /* root is playing with raw sockets. */
+ if (skb->len < sizeof(struct iphdr) ||
+ ip_hdrlen(skb) < sizeof(struct iphdr))
+@@ -221,6 +240,9 @@ nf_nat_local_fn(unsigned int hooknum,
+ enum ip_conntrack_info ctinfo;
+ unsigned int ret;
+
++ if (!dev_net(out)->ipv4.iptable_nat)
++ return NF_ACCEPT;
++
+ /* root is playing with raw sockets. */
+ if (skb->len < sizeof(struct iphdr) ||
+ ip_hdrlen(skb) < sizeof(struct iphdr))
+@@ -275,7 +297,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = {
+ },
+ /* After packet filtering, change source */
+ {
+- .hook = nf_nat_fn,
++ .hook = nf_nat_local_in,
+ .owner = THIS_MODULE,
+ .pf = PF_INET,
+ .hooknum = NF_INET_LOCAL_IN,
+--
+1.6.0.6
+
Modified: dists/lenny/linux-2.6/debian/patches/series/14-extra
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/14-extra (original)
+++ dists/lenny/linux-2.6/debian/patches/series/14-extra Sun Mar 22 21:12:55 2009
@@ -29,3 +29,12 @@
+ features/all/openvz/0025-conntrack-Allocate-free-ve_nf_conntrack_l3proto_ipv.patch featureset=openvz
+ features/all/openvz/0026-ct-Move-_nf_conntrack_l3proto_ipv6-to-net-namespace.patch featureset=openvz
+ features/all/openvz/0028-conntrack-fix-oops-in-nf_ct_frag6_gather.patch featureset=openvz
++ features/all/openvz/0031-Add-VE-features-for-sit-and-ipip-devices.patch featureset=openvz
++ features/all/openvz/0040-Simplify-call-__dev_change_net_namespace-by-remove.patch featureset=openvz
++ features/all/openvz/0041-Adjust-VE-before-call-netdev_unregister_kobject-netd.patch featureset=openvz
++ features/all/openvz/0042-netns-fix-net_generic-array-leak.patch featureset=openvz
++ features/all/openvz/0043-net-set-ve-context-when-init-exit-method-is-called.patch featureset=openvz
++ features/all/openvz/0044-vzwdog-walk-through-the-block-devices-list-properly.patch featureset=openvz
++ features/all/openvz/0046-netns-enable-cross-ve-Unix-sockets.patch featureset=openvz
++ features/all/openvz/0047-netfilter-Fix-NULL-dereference-in-nf_nat_setup_info.patch featureset=openvz
++ features/all/openvz/0048-netfilter-Add-check-to-the-nat-hooks.patch featureset=openvz
More information about the Kernel-svn-changes
mailing list