update openvz patch
svn path=/dists/sid/linux-2.6/; revision=15476
This commit is contained in:
parent
eeb3370529
commit
4d9347646c
|
@ -26,7 +26,7 @@ linux-2.6 (2.6.32-11) UNRELEASED; urgency=low
|
||||||
[ maximilian attems]
|
[ maximilian attems]
|
||||||
* [alpha, hppa] Disable oprofile as tracing code is unsupported here.
|
* [alpha, hppa] Disable oprofile as tracing code is unsupported here.
|
||||||
(closes: #574368)
|
(closes: #574368)
|
||||||
* Update openvz patch to 796e80e5b2ed. (closes: #574598, #575189)
|
* Update openvz patch to 14a9729fab67. (closes: #574598, #575189)
|
||||||
* [x86]: Disable FB_INTEL. (closes: #447575, #503766, #574401)
|
* [x86]: Disable FB_INTEL. (closes: #447575, #503766, #574401)
|
||||||
* ssb: do not read SPROM if it does not exist.
|
* ssb: do not read SPROM if it does not exist.
|
||||||
* ssb: Avoid null pointer dereference by aboves.
|
* ssb: Avoid null pointer dereference by aboves.
|
||||||
|
|
|
@ -1,3 +1,51 @@
|
||||||
|
commit 14a9729fab679c9c9f15e2ff44070806247b62c5
|
||||||
|
Author: Pavel Emelyanov <xemul@openvz.org>
|
||||||
|
Date: Fri Apr 2 23:00:10 2010 +0400
|
||||||
|
|
||||||
|
inotify: Return lost mntputs for inotify mnts
|
||||||
|
|
||||||
|
Otherwise we leak the mountpoint and sometimes much more.
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
|
||||||
|
|
||||||
|
commit 0b1c1e340b9008360e0a0d4083702ec8546ec1bd
|
||||||
|
Author: Pavel Emelyanov <xemul@openvz.org>
|
||||||
|
Date: Fri Apr 2 22:59:12 2010 +0400
|
||||||
|
|
||||||
|
cpt: Fix 32bit version of cpt kernel thread creation
|
||||||
|
|
||||||
|
http://bugzilla.openvz.org/show_bug.cgi?id=1482
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
|
||||||
|
|
||||||
|
commit 760a36fb468201cb4964c7a542172bda941fe755
|
||||||
|
Author: Pavel Emelyanov <xemul@openvz.org>
|
||||||
|
Date: Fri Apr 2 16:21:41 2010 +0400
|
||||||
|
|
||||||
|
devcg: Check for device permissions for DEV_ALL rules
|
||||||
|
|
||||||
|
Thanks to cd500819 commit :\
|
||||||
|
|
||||||
|
http://bugzilla.openvz.org/show_bug.cgi?id=1478
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
|
||||||
|
|
||||||
|
commit e6ad27ee6e87614512d44074d841df822453dda7
|
||||||
|
Author: Cyrill Gorcunov <gorcunov@openvz.org>
|
||||||
|
Date: Thu Mar 25 19:47:32 2010 +0300
|
||||||
|
|
||||||
|
iptables: Restore NAT functionality for node
|
||||||
|
|
||||||
|
During migration to new iptables management code
|
||||||
|
VE0 lost NAT table access. Restore it. Moreover
|
||||||
|
VE0 gets highest priviledge -- ie all iptables
|
||||||
|
functionality is not filtering.
|
||||||
|
|
||||||
|
http://bugzilla.openvz.org/show_bug.cgi?id=1473
|
||||||
|
|
||||||
|
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
|
||||||
|
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
|
||||||
|
|
||||||
commit 796e80e5b2edff524f40a608be511143b4c8c828
|
commit 796e80e5b2edff524f40a608be511143b4c8c828
|
||||||
Author: Pavel Emelyanov <xemul@openvz.org>
|
Author: Pavel Emelyanov <xemul@openvz.org>
|
||||||
Date: Fri Mar 19 11:17:45 2010 +0300
|
Date: Fri Mar 19 11:17:45 2010 +0300
|
||||||
|
@ -11512,7 +11560,7 @@ index f234f3a..21faa74 100644
|
||||||
|
|
||||||
extern void inotify_ignored_and_remove_idr(struct fsnotify_mark_entry *entry,
|
extern void inotify_ignored_and_remove_idr(struct fsnotify_mark_entry *entry,
|
||||||
diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c
|
diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c
|
||||||
index 1afb0a1..cc59c5c 100644
|
index 1afb0a1..9b31a34 100644
|
||||||
--- a/fs/notify/inotify/inotify_fsnotify.c
|
--- a/fs/notify/inotify/inotify_fsnotify.c
|
||||||
+++ b/fs/notify/inotify/inotify_fsnotify.c
|
+++ b/fs/notify/inotify/inotify_fsnotify.c
|
||||||
@@ -28,6 +28,8 @@
|
@@ -28,6 +28,8 @@
|
||||||
|
@ -11532,7 +11580,7 @@ index 1afb0a1..cc59c5c 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
void inotify_free_event_priv(struct fsnotify_event_private_data *fsn_event_priv)
|
void inotify_free_event_priv(struct fsnotify_event_private_data *fsn_event_priv)
|
||||||
@@ -159,10 +162,24 @@ void inotify_free_event_priv(struct fsnotify_event_private_data *fsn_event_priv)
|
@@ -159,10 +162,25 @@ void inotify_free_event_priv(struct fsnotify_event_private_data *fsn_event_priv)
|
||||||
kmem_cache_free(event_priv_cachep, event_priv);
|
kmem_cache_free(event_priv_cachep, event_priv);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -11545,6 +11593,7 @@ index 1afb0a1..cc59c5c 100644
|
||||||
+ dput(e->path.dentry);
|
+ dput(e->path.dentry);
|
||||||
+ e->path.dentry = NULL;
|
+ e->path.dentry = NULL;
|
||||||
+ mnt_unpin(e->path.mnt);
|
+ mnt_unpin(e->path.mnt);
|
||||||
|
+ mntput(e->path.mnt);
|
||||||
+ e->path.dentry = NULL;
|
+ e->path.dentry = NULL;
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
|
@ -11558,7 +11607,7 @@ index 1afb0a1..cc59c5c 100644
|
||||||
+ .detach_mnt = inotify_detach_mnt,
|
+ .detach_mnt = inotify_detach_mnt,
|
||||||
};
|
};
|
||||||
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
|
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
|
||||||
index ca44337..7dd3eb4 100644
|
index ca44337..745983d 100644
|
||||||
--- a/fs/notify/inotify/inotify_user.c
|
--- a/fs/notify/inotify/inotify_user.c
|
||||||
+++ b/fs/notify/inotify/inotify_user.c
|
+++ b/fs/notify/inotify/inotify_user.c
|
||||||
@@ -40,6 +40,7 @@
|
@@ -40,6 +40,7 @@
|
||||||
|
@ -11586,19 +11635,20 @@ index ca44337..7dd3eb4 100644
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -461,6 +463,11 @@ static void inotify_free_mark(struct fsnotify_mark_entry *entry)
|
@@ -461,6 +463,12 @@ static void inotify_free_mark(struct fsnotify_mark_entry *entry)
|
||||||
{
|
{
|
||||||
struct inotify_inode_mark_entry *ientry = (struct inotify_inode_mark_entry *)entry;
|
struct inotify_inode_mark_entry *ientry = (struct inotify_inode_mark_entry *)entry;
|
||||||
|
|
||||||
+ if (ientry->path.dentry) {
|
+ if (ientry->path.dentry) {
|
||||||
+ dput(ientry->path.dentry);
|
+ dput(ientry->path.dentry);
|
||||||
+ mnt_unpin(ientry->path.mnt);
|
+ mnt_unpin(ientry->path.mnt);
|
||||||
|
+ mntput(ientry->path.mnt);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
kmem_cache_free(inotify_inode_mark_cachep, ientry);
|
kmem_cache_free(inotify_inode_mark_cachep, ientry);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -527,16 +534,13 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
|
@@ -527,16 +535,13 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -11618,7 +11668,7 @@ index ca44337..7dd3eb4 100644
|
||||||
if (unlikely(!mask))
|
if (unlikely(!mask))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
@@ -547,6 +551,8 @@ static int inotify_new_watch(struct fsnotify_group *group,
|
@@ -547,6 +552,8 @@ static int inotify_new_watch(struct fsnotify_group *group,
|
||||||
fsnotify_init_mark(&tmp_ientry->fsn_entry, inotify_free_mark);
|
fsnotify_init_mark(&tmp_ientry->fsn_entry, inotify_free_mark);
|
||||||
tmp_ientry->fsn_entry.mask = mask;
|
tmp_ientry->fsn_entry.mask = mask;
|
||||||
tmp_ientry->wd = -1;
|
tmp_ientry->wd = -1;
|
||||||
|
@ -11627,7 +11677,7 @@ index ca44337..7dd3eb4 100644
|
||||||
|
|
||||||
ret = -ENOSPC;
|
ret = -ENOSPC;
|
||||||
if (atomic_read(&group->inotify_data.user->inotify_watches) >= inotify_max_user_watches)
|
if (atomic_read(&group->inotify_data.user->inotify_watches) >= inotify_max_user_watches)
|
||||||
@@ -556,10 +562,14 @@ retry:
|
@@ -556,10 +563,14 @@ retry:
|
||||||
if (unlikely(!idr_pre_get(&group->inotify_data.idr, GFP_KERNEL)))
|
if (unlikely(!idr_pre_get(&group->inotify_data.idr, GFP_KERNEL)))
|
||||||
goto out_err;
|
goto out_err;
|
||||||
|
|
||||||
|
@ -11644,7 +11694,7 @@ index ca44337..7dd3eb4 100644
|
||||||
spin_unlock(&group->inotify_data.idr_lock);
|
spin_unlock(&group->inotify_data.idr_lock);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
/* idr was out of memory allocate and try again */
|
/* idr was out of memory allocate and try again */
|
||||||
@@ -568,11 +578,17 @@ retry:
|
@@ -568,11 +579,17 @@ retry:
|
||||||
goto out_err;
|
goto out_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -11663,7 +11713,7 @@ index ca44337..7dd3eb4 100644
|
||||||
if (ret) {
|
if (ret) {
|
||||||
/* we failed to get on the inode, get off the idr */
|
/* we failed to get on the inode, get off the idr */
|
||||||
inotify_remove_from_idr(group, tmp_ientry);
|
inotify_remove_from_idr(group, tmp_ientry);
|
||||||
@@ -585,6 +601,12 @@ retry:
|
@@ -585,6 +602,12 @@ retry:
|
||||||
/* increment the number of watches the user has */
|
/* increment the number of watches the user has */
|
||||||
atomic_inc(&group->inotify_data.user->inotify_watches);
|
atomic_inc(&group->inotify_data.user->inotify_watches);
|
||||||
|
|
||||||
|
@ -11676,7 +11726,7 @@ index ca44337..7dd3eb4 100644
|
||||||
/* return the watch descriptor for this new entry */
|
/* return the watch descriptor for this new entry */
|
||||||
ret = tmp_ientry->wd;
|
ret = tmp_ientry->wd;
|
||||||
|
|
||||||
@@ -601,17 +623,24 @@ out_err:
|
@@ -601,17 +624,24 @@ out_err:
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -11704,7 +11754,7 @@ index ca44337..7dd3eb4 100644
|
||||||
/*
|
/*
|
||||||
* inotify_new_watch could race with another thread which did an
|
* inotify_new_watch could race with another thread which did an
|
||||||
* inotify_new_watch between the update_existing and the add watch
|
* inotify_new_watch between the update_existing and the add watch
|
||||||
@@ -711,12 +740,12 @@ SYSCALL_DEFINE0(inotify_init)
|
@@ -711,12 +741,12 @@ SYSCALL_DEFINE0(inotify_init)
|
||||||
{
|
{
|
||||||
return sys_inotify_init1(0);
|
return sys_inotify_init1(0);
|
||||||
}
|
}
|
||||||
|
@ -11718,7 +11768,7 @@ index ca44337..7dd3eb4 100644
|
||||||
struct path path;
|
struct path path;
|
||||||
struct file *filp;
|
struct file *filp;
|
||||||
int ret, fput_needed;
|
int ret, fput_needed;
|
||||||
@@ -741,12 +770,10 @@ SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname,
|
@@ -741,12 +771,10 @@ SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname,
|
||||||
if (ret)
|
if (ret)
|
||||||
goto fput_and_out;
|
goto fput_and_out;
|
||||||
|
|
||||||
|
@ -42370,10 +42420,10 @@ index 0000000..87f6bfd
|
||||||
+}
|
+}
|
||||||
diff --git a/kernel/cpt/cpt_kernel.c b/kernel/cpt/cpt_kernel.c
|
diff --git a/kernel/cpt/cpt_kernel.c b/kernel/cpt/cpt_kernel.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..5eb7f1c
|
index 0000000..3272d81
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/kernel/cpt/cpt_kernel.c
|
+++ b/kernel/cpt/cpt_kernel.c
|
||||||
@@ -0,0 +1,177 @@
|
@@ -0,0 +1,178 @@
|
||||||
+/*
|
+/*
|
||||||
+ *
|
+ *
|
||||||
+ * kernel/cpt/cpt_kernel.c
|
+ * kernel/cpt/cpt_kernel.c
|
||||||
|
@ -42420,6 +42470,7 @@ index 0000000..5eb7f1c
|
||||||
+ regs.ds = __USER_DS;
|
+ regs.ds = __USER_DS;
|
||||||
+ regs.es = __USER_DS;
|
+ regs.es = __USER_DS;
|
||||||
+ regs.fs = __KERNEL_PERCPU;
|
+ regs.fs = __KERNEL_PERCPU;
|
||||||
|
+ regs.gs = __KERNEL_STACK_CANARY;
|
||||||
+ regs.orig_ax = -1;
|
+ regs.orig_ax = -1;
|
||||||
+ regs.ip = (unsigned long) kernel_thread_helper;
|
+ regs.ip = (unsigned long) kernel_thread_helper;
|
||||||
+ regs.cs = __KERNEL_CS | get_kernel_rpl();
|
+ regs.cs = __KERNEL_CS | get_kernel_rpl();
|
||||||
|
@ -63674,10 +63725,10 @@ index 0000000..1b82c35
|
||||||
+
|
+
|
||||||
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
|
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..7da3e04
|
index 0000000..8b59ff7
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/kernel/ve/ve.c
|
+++ b/kernel/ve/ve.c
|
||||||
@@ -0,0 +1,118 @@
|
@@ -0,0 +1,119 @@
|
||||||
+/*
|
+/*
|
||||||
+ * linux/kernel/ve/ve.c
|
+ * linux/kernel/ve/ve.c
|
||||||
+ *
|
+ *
|
||||||
|
@ -63757,6 +63808,7 @@ index 0000000..7da3e04
|
||||||
+ .op_sem = __RWSEM_INITIALIZER(ve0.op_sem),
|
+ .op_sem = __RWSEM_INITIALIZER(ve0.op_sem),
|
||||||
+#ifdef CONFIG_VE_IPTABLES
|
+#ifdef CONFIG_VE_IPTABLES
|
||||||
+ .ipt_mask = VE_IP_ALL,
|
+ .ipt_mask = VE_IP_ALL,
|
||||||
|
+ ._iptables_modules = VE_IP_ALL,
|
||||||
+#endif
|
+#endif
|
||||||
+ .features = VE_FEATURE_SIT | VE_FEATURE_IPIP |
|
+ .features = VE_FEATURE_SIT | VE_FEATURE_IPIP |
|
||||||
+ VE_FEATURE_PPP,
|
+ VE_FEATURE_PPP,
|
||||||
|
@ -79048,7 +79100,7 @@ index fe30751..6110691 100644
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
|
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
|
||||||
index 6cf8fd2..2d34b00 100644
|
index 6cf8fd2..02aeae6 100644
|
||||||
--- a/security/device_cgroup.c
|
--- a/security/device_cgroup.c
|
||||||
+++ b/security/device_cgroup.c
|
+++ b/security/device_cgroup.c
|
||||||
@@ -12,11 +12,23 @@
|
@@ -12,11 +12,23 @@
|
||||||
|
@ -79148,7 +79200,7 @@ index 6cf8fd2..2d34b00 100644
|
||||||
}
|
}
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
|
|
||||||
@@ -474,37 +527,35 @@ struct cgroup_subsys devices_subsys = {
|
@@ -474,38 +527,35 @@ struct cgroup_subsys devices_subsys = {
|
||||||
.subsys_id = devices_subsys_id,
|
.subsys_id = devices_subsys_id,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -79183,17 +79235,19 @@ index 6cf8fd2..2d34b00 100644
|
||||||
- if (wh->minor != ~0 && wh->minor != iminor(inode))
|
- if (wh->minor != ~0 && wh->minor != iminor(inode))
|
||||||
+ if (wh->minor != ~0 && wh->minor != MINOR(device))
|
+ if (wh->minor != ~0 && wh->minor != MINOR(device))
|
||||||
continue;
|
continue;
|
||||||
|
-
|
||||||
|
+found:
|
||||||
if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
|
if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
|
||||||
continue;
|
continue;
|
||||||
if ((mask & MAY_READ) && !(wh->access & ACC_READ))
|
if ((mask & MAY_READ) && !(wh->access & ACC_READ))
|
||||||
continue;
|
continue;
|
||||||
|
-found:
|
||||||
+ if ((mask & MAY_QUOTACTL) && !(wh->access & ACC_QUOTA))
|
+ if ((mask & MAY_QUOTACTL) && !(wh->access & ACC_QUOTA))
|
||||||
+ continue;
|
+ continue;
|
||||||
found:
|
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
return 0;
|
return 0;
|
||||||
@@ -515,6 +566,15 @@ found:
|
}
|
||||||
|
@@ -515,6 +565,15 @@ found:
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(devcgroup_inode_permission);
|
EXPORT_SYMBOL_GPL(devcgroup_inode_permission);
|
||||||
|
|
||||||
|
@ -79209,7 +79263,19 @@ index 6cf8fd2..2d34b00 100644
|
||||||
int devcgroup_inode_mknod(int mode, dev_t dev)
|
int devcgroup_inode_mknod(int mode, dev_t dev)
|
||||||
{
|
{
|
||||||
struct dev_cgroup *dev_cgroup;
|
struct dev_cgroup *dev_cgroup;
|
||||||
@@ -550,3 +610,75 @@ found:
|
@@ -538,10 +597,9 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
|
||||||
|
continue;
|
||||||
|
if (wh->minor != ~0 && wh->minor != MINOR(dev))
|
||||||
|
continue;
|
||||||
|
-
|
||||||
|
+found:
|
||||||
|
if (!(wh->access & ACC_MKNOD))
|
||||||
|
continue;
|
||||||
|
-found:
|
||||||
|
rcu_read_unlock();
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -550,3 +608,75 @@ found:
|
||||||
|
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue