Bug#613170: linux-image-2.6.32-5-openvz-amd64: OpenVZ-specific NFS implementation error
Pavel, Please port these things to 2.6.32 if possible. -- sent from mobile Ola Lundqvist o...@debian.org wrote: Hi Kir Do you know if those patches will appear in the openvz git soon? // Ola On Sun, Feb 13, 2011 at 05:27:54PM +, maximilian attems wrote: On Sun, Feb 13, 2011 at 03:41:40PM +0300, Stanislav Klinkov wrote: See OpenVZ bugzilla for details: http://bugzilla.openvz.org/show_bug.cgi?id=1626 Patch #1: http://1626.bugzilla.openvz.org/attachment.cgi?id=1376 Patch #2: http://1626.bugzilla.openvz.org/attachment.cgi?id=1377 Please, include these packages into further OpenVZ-modificated kernel releases. I had been currently waiting for them to appear in the openvz git. thank you for reporting. -- maks -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213172754.gk5...@vostochny.stro.at -- - Ola Lundqvist --- / o...@debian.org Annebergsslingan 37 \ | o...@inguza.com 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/0u13tpukqkf6bcxdv2is6thx.1297891466...@email.android.com
Re: [Debian] CONFIG_LEGACY_PTYS and Squeeze
That makes total sense from my perspective, so I second the request. -- sent from mobile Mark Lehrer m...@knm.org wrote: Many OpenVZ containers are still likely to require the legacy pty option in the kernel in order for vzctl enter or ssh to work. I can work around it for my environment, but a lot of people will have difficulty if the CONFIG_LEGACY_PTYS option isn't set in the default kernel. Would it be possible for you to add it to the -openvz flavors of the Squeeze kernels as a default? Thanks, Mark ___ Debian mailing list deb...@openvz.org https://openvz.org/mailman/listinfo/debian
Re: [Debian] CONFIG_LEGACY_PTYS and Squeeze
On 02/04/2011 01:44 PM, Bastian Blank wrote: On Fri, Feb 04, 2011 at 11:06:38AM +0300, Kir Kolyshkin wrote: Many OpenVZ containers are still likely to require the legacy pty option in the kernel in order for vzctl enter or ssh to work. Please explain why. ssh always use openpty, which works fine with devpts. Given the assumptions that containers run different distros, including some older ones, this option is needed. Another thing is, legacy PTYs is a fallback for the case when /dev/pts is not mounted. Still, my opinion is the feature is from good to have department rather than from absolutely required. I can work around it for my environment, but a lot of people will have difficulty if the CONFIG_LEGACY_PTYS option isn't set in the default kernel. Would it be possible for you to add it to the -openvz flavors of the Squeeze kernels as a default? No, it is too late. Also this request should be made through the openvz userspace maintainer. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d4be28d.1080...@openvz.org
Bug#587905: nodelalloc
Ext4 does not work with delayed allocation in this kernel, this is known mainstream bug. Can you please try to reproduce it with 'nodelalloc' mount option set in /etc/fstab? If you will able to reproduce the bug with 'nodelalloc' turned on, please report the kernel oops to OpenVZ bug #1510. Upstream bug references: http://bugzilla.openvz.org/show_bug.cgi?id=1509 http://bugzilla.openvz.org/show_bug.cgi?id=1510 -- Thanks, Kir. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ce24960.5050...@openvz.org
Re: pb kernel : kernel 2.6.26-2-openvz-amd64
On 09/16/2010 09:05 AM, Ola Lundqvist wrote: Hi Bertrand I'm now forwarding your email to the openvz project so they can answer on that question. Best regards, // Ola On Tue, Sep 07, 2010 at 06:20:10PM +0100, Ben Hutchings wrote: On Tue, Sep 07, 2010 at 04:15:55PM +0200, bertrand wrote: Dear Mister or Madam, I am contacting you today because my company uses servers with a kernel kernel 2.6.26-2-openvz-amd64. We would like to know if this version is stable or not. OpenVZ position on this -- we do not support our 2.6.26 anymore, but since we support the Debian version of it in a maintenance mode. That means that no new features are going in, but in case there's a serious bug we'll try to get it fixed. In other words, our policy is about the same as Ben Hutchings state below. It was announced by OpenVZ in April: http://openvz.org/pipermail/announce/2010-April/000126.html Having said that, I'd recommend you switching to Debian 6.0 / OpenVZ kernel 2.6.32. That kernel is part of the current Debian stable release (5.0, codename lenny). This does not necessarily mean that the kernel is stable in the sense of not crashing; it means that we make minimal changes to it to fix important bugs and to add support for new hardware. However, we hope that this approach means there are few bugs in the kernel that can cause it to crash. The official website http://wiki.openvz.org/Download/kernel; indicates that this version is not supported yet. Do you confirm this information ? That may be the position of the OpenVZ project. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c91bb5f.9000...@openvz.org
vmlinux?
Hi folks, Our OpenVZ kernel guys complained to be that Debian kernel packages do not contain vmlinux file (which is usually required to debug some problem), and there is no way to get one for a given kernel. I guess they are wrong, but can't prove that. Could you please help me with that and point out to a location where we can get vmlinux'es for the official debian kernels? Many thanks, Kir. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c8785b5.9000...@openvz.org
Re: [Debian] vmlinux?
That helps a lot, thanks, Thorsten! On 09/08/2010 06:15 PM, Support sys3 wrote: ...in the folders: /usr/lib/debug/boot/ Bye, Thorsten On Wed, 08 Sep 2010 16:14:07 +0200, Thorsten Schifferdecker t...@debian.systs.org wrote: Hi Kir, @ll, since the testing branch aka squeeze the vmlinux-... are storged in the dbg of the limux-image packages only. linux-image-2.6.32-5-openvz-686 \ linux-image-2.6.32-5-openvz-686-dbg [i386] linux-image-2.6.32-5-openvz-amd64 \ linux-image-2.6.32-5-openvz-amd64-dbg [amd64] Bye, Thorsten On Wed, 08 Sep 2010 16:46:45 +0400, Kir Kolyshkink...@openvz.org wrote: Hi folks, Our OpenVZ kernel guys complained to be that Debian kernel packages do not contain vmlinux file (which is usually required to debug some problem), and there is no way to get one for a given kernel. I guess they are wrong, but can't prove that. Could you please help me with that and point out to a location where we can get vmlinux'es for the official debian kernels? Many thanks, Kir. ___ Debian mailing list deb...@openvz.org https://openvz.org/mailman/listinfo/debian -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c87a0bb.4060...@openvz.org
please suck in 2.6.32-dobrovolskiy.1
Hi guys, Could you please get the latest 2.6.32-dobrovolskiy.1 kernel from git.kernel.org? It is based on latest -stable (i.e. 2.6.32.21) and, among the other things, includes a feature that should help fixing Debian bug #576227. Thanks, Kir. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c84a9ab.6010...@openvz.org
Fwd: [Users] vzcpt kernel module crash while trying to dump with vzctl chkpnt
Hi debian-kernel, An OpenVZ user Benjamin Henrion (cced) reported a bug (see below, also [1], [2]) which is already fixed in our latest kernel 2.6.32-budarin.1 (by commit 7e99ed1bc34b60ed42eb2008edbb4f98684edb0a). Can you please bring the Debian OpenVZ kernel up-to-date, which will fix this bug as well as a few same-critical others? Best regards, Kir. [1] http://bugzilla.openvz.org/1573 [2] http://bugzilla.openvz.org/1543 Original Message Subject: [Users] vzcpt kernel module crash while trying to dump with vzctl chkpnt Date: Mon, 5 Jul 2010 19:13:03 +0400 From: Benjamin Henrion b...@udev.org Reply-To: us...@openvz.org us...@openvz.org To: us...@openvz.org us...@openvz.org Hi, I am running a Debian Lenny kernel, and I am trying to simply dump a container, and the kernel module named vzcpt crash: # cat /proc/version Linux version 2.6.32-5-openvz-686 (Debian 2.6.32-15) (b...@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-1) ) #1 SMP Tue Jun 1 06:52:26 UTC 2010 # vzctl chkpnt 103 --dump --dumpfile /var/lib/vz/dump/Dump.103 Setting up checkpoint... join context.. (and then it hangs the shell) I have submitted a bug here: http://bugzilla.openvz.org/show_bug.cgi?id=1573 Does anybody has ever experienced this? Best, == [25342.211353] BUG: unable to handle kernel paging request at 0a7e1000 [25342.211362] IP: [f88031c7] cpt_dump_snmp_stat+0x63/0x119 [vzcpt] [25342.211374] *pdpt = 174f8001 *pde = [25342.211379] Oops: [#1] SMP [25342.211384] last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq [25342.211388] Modules linked in: binfmt_misc ppdev vzethdev vznetdev simfs vzrst vzcpt vzdquota vzmon vzdev xt_tcpudp xt_length xt_hl xt_tcpmss xt_TCPMSS iptable_mangle xt_multiport xt_limit xt_dscp ipt_REJECT i8k acpi_cpufreq cpufreq_conservative cpufreq_userspace cpufreq_powersave cpufreq_stats snd_hda_codec_intelhdmi snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm arc4 snd_seq_midi ecb snd_rawmidi snd_seq_midi_event snd_seq iptable_filter iwlagn zaurus sdhci_pci iwlcore ip_tables sdhci cdc_ether snd_timer x_tables snd_seq_device mmc_core mac80211 tpm_tis usbnet joydev tpm led_class ricoh_mmc mii cdc_wdm cdc_acm snd tpm_bios battery cfg80211 wmi dell_laptop ac psmouse soundcore dcdbas serio_raw evdev snd_page_alloc rfkill processor lp parport ext4 mbcache jbd2 crc16 fan fuse dm_mirror dm_region_hash dm_log dm_mod i915 sg drm_kms_helper sd_mod crc_t10dif drm i2c_algo_bit i2c_core video button e1000e thermal ata_generic ahci libata scsi_mod uhci_hcd ehci_hcd thermal_sys output usbcore nls_base [25342.211505] [25342.211510] Pid: 17647, comm: vzctl Not tainted (2.6.32-5-openvz-686 #1) belyayev Latitude E4200 ) [25342.211516] EIP: 0060:[f88031c7] EFLAGS: 00010206 CPU: 0 [25342.211522] EIP is at cpt_dump_snmp_stat+0x63/0x119 [vzcpt] [25342.211526] EAX: EBX: ECX: 0a7e1000 EDX: [25342.211530] ESI: EDI: c1b57000 EBP: ESP: d74ffdd4 [25342.211534] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [25342.211539] Process vzctl (pid: 17647, veid: 0, ti=d74fe000 task=f02b1810 task.ti=d74fe000) [25342.211543] Stack: [25342.211546] 001f f660da84 dcf97000 1007 00020010 [25342.211554]0 ef298000 f660d800 c1b57000 f88044cf fe38 [25342.211563]0 0008 d7459000 c000 e0902180 e09021a4 0843 [25342.211572] Call Trace: [25342.211580] [f88044cf] ? cpt_dump_ifinfo+0xa92/0xb0b [vzcpt] [25342.211588] [f87f7453] ? cpt_dump+0x297/0x578 [vzcpt] [25342.211595] [f87f4983] ? cpt_ioctl+0x59f/0xc80 [vzcpt] [25342.211603] [c10f32ef] ? proc_reg_unlocked_ioctl+0x8a/0xa3 [25342.211610] [f87f43e4] ? cpt_ioctl+0x0/0xc80 [vzcpt] [25342.211615] [c10f3265] ? proc_reg_unlocked_ioctl+0x0/0xa3 [25342.211621] [c10c97c4] ? vfs_ioctl+0x1c/0x5f [25342.211626] [c10c9d47] ? do_vfs_ioctl+0x499/0x4e5 [25342.211632] [c10beb12] ? fsnotify_modify+0x5a/0x61 [25342.211638] [c10bed06] ? do_sync_write+0x0/0x107 [25342.211643] [c10bf787] ? vfs_write+0x9e/0xd6 [25342.211648] [c10c9dbf] ? sys_ioctl+0x2c/0x42 [25342.211654] [c1008120] ? syscall_call+0x7/0xb [25342.211657] Code: ab 89 fa e8 1b 50 ff ff c7 44 24 08 00 00 00 00 eb 49 83 cb ff 31 f6 eb 18 8b 4c 24 04 8b 01 8b 51 04 89 e9 03 0c 9d 38 59 3c c103 34 08 03 34 0a a1 60 ab 27 c1 8d 4b 01 ba 20 00 00 00 e8 d5 [25342.211701] EIP: [f88031c7] cpt_dump_snmp_stat+0x63/0x119 [vzcpt] SS:ESP 0068:d74ffdd4 [25342.211710] CR2: 0a7e1000 [25342.211714] ---[ end trace 459d6cec44e9f66c ]--- [25345.975609] BUG: unable to handle kernel paging request at 0a7e1000 [25345.975616] IP: [f88031c7] cpt_dump_snmp_stat+0x63/0x119 [vzcpt] [25345.975627] *pdpt = 174ae001 *pde = [25345.975633] Oops: [#2] SMP [25345.975637] last sysfs
Re: Fwd: [Users] vzcpt kernel module crash while trying to dump with vzctl chkpnt
On 07/06/2010 08:31 PM, maximilian attems wrote: On Tue, 06 Jul 2010, Kir Kolyshkin wrote: An OpenVZ user Benjamin Henrion (cced) reported a bug (see below, also [1], [2]) which is already fixed in our latest kernel 2.6.32-budarin.1 (by commit 7e99ed1bc34b60ed42eb2008edbb4f98684edb0a). Can you please bring the Debian OpenVZ kernel up-to-date, which will fix this bug as well as a few same-critical others? 2.6.32-16 has been uploaded ~6 hours ago, we were waiting for 2.6.32.16 ;) it contains openvz image with patch including up to 5fd638726a69 with a fix to not break ABI on commit 7e99ed1bc34b60ed42eb2008edbb4f98684edb0a. Can you please elaborate on this one? -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c335be2.8050...@openvz.org
Re: 2.6.32.14 stable
On 05/27/2010 03:03 AM, maximilian attems wrote: could you please merge 2.6.32.14? Done -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4bfe7a09.6060...@openvz.org
Re: [Debian] openvz updated
On 04/07/2010 02:43 AM, maximilian attems wrote: forgot to post due to several ongoing stuff, 2.6.32-11 upload to debian unstable has: * Update openvz patch to 14a9729fab67. (closes: #574598, #575189) also fixes #576130 and #576131. we expect 2.6.32-12 soon with pending libata HPA fixes. may update openvz soonish to the 2 new fixes since 14a9729fab67. Max, Thanks a lot for your work! Could you please clarify (1) does 2.6.32-11 and -12 means 2.6.32.11 and 2.6.32.12 (i.e. -stable releases from greg k-h et al)? (2) If the answer to (1) is yes does it mean you merged in 2.6.32.11 and haven't seen any conflicts between it and our patchset? (3) do you need us to update our tree to 2.6.32.11 and then .12 (when it will be released). We will do it anyway but can do it faster if you need. Regards, Kir. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4bbc8920.6010...@sacred.ru
Re: updating openvz kernel for debian squeeze
On 03/22/2010 06:59 PM, Pavel Emelyanov wrote: On 03/17/2010 12:42 AM, maximilian attems wrote: enabling openvz flavour for next upload. please test out, latest f492a5013944b559cd linux-images build, Hi, guys! We have updated our kernel and it includes a couple of serious fixes (like oopses ;)). Please, pull them. To clarify -- please pull up to commit 796e80e5b. Another question -- how do we handle that in the future? Do we just notify debian-kernel@ list whenever we have a new important fix in our tree? Any other way you'd prefer? Regards, Kir. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ba7966c.4070...@openvz.org
Re: openvz kernel for debian squeeze
On 03/09/2010 10:58 PM, maximilian attems wrote: On Tue, Mar 09, 2010 at 09:29:50PM +0300, Kir Kolyshkin wrote: We now have the tree which is more or less working (with some known and unknown bugs). It is available as git: git://git.openvz.org/pub/linux-2.6.32-openvz http://git.openvz.org/pub/linux-2.6.32-openvz gitweb: http://git.openvz.org/?p=linux-2.6.32-openvz;a=summary thanks saw it. get a bunch of fails on 2.6.32.9 base, could you merge in 2.6.32 stable release or rebase on top of 2.6.32.9 on the run currently had no time to check the failures (patch need to apply with zero fuzz) Yup, we gonna rebase today, will let you know when done. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4b977897.8060...@openvz.org
Re: openvz kernel for debian squeeze
On 02/16/2010 07:55 PM, maximilian attems wrote: hello Kir, nice to see your message. on unrelated note: ~/src/linux-2.6.26-openvz$ git pull git.openvz.org[0: 64.131.90.162]: errno=Connection refused fatal: unable to connect a socket (Connection refused) online I see no change since, so doesn't matter that much. On Thu, 11 Feb 2010, Kir Kolyshkin wrote: Thanks for the info. We have discussed this at length and the resolution is we are all for it. This means we will try hard to do a rebase as soon as possible, and I hope we will succeed. If (or whenever you will) know the exact deadline date (or any close approximation), please let us know, this is important. the freeze was scheduled for March, but is delayed. The sooner you have a tree I could clone from and have a patch from the better. We now have the tree which is more or less working (with some known and unknown bugs). It is available as git: git://git.openvz.org/pub/linux-2.6.32-openvz http://git.openvz.org/pub/linux-2.6.32-openvz gitweb: http://git.openvz.org/?p=linux-2.6.32-openvz;a=summary Also, can you please point us to the location of the git repository of what will become the linux kernel for the next debian release? I checked git.debian.org but where there are too many kernels to look at. If it is not in git then when it is? It is due to legacy reasons (bitkeeper was in usage back then) in svn and also out of legacy reasons has all patches in debian/patches. if you want a git copy from current git svn clone I can easily tar it up. Has anything changed since then? Do we get the Debian kernel from svn? Another question -- in what form do you like to see our work -- i.e. git tree, set of patches applicable to your kernel, anything else? git usage is planed post squeeze to settle with procedures. amicalement maks -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4b96939e.4050...@openvz.org
openvz kernel for debian squeeze
Hi Ola, guys, Thanks for the info. We have discussed this at length and the resolution is we are all for it. This means we will try hard to do a rebase as soon as possible, and I hope we will succeed. If (or whenever you will) know the exact deadline date (or any close approximation), please let us know, this is important. Also, can you please point us to the location of the git repository of what will become the linux kernel for the next debian release? I checked git.debian.org but where there are too many kernels to look at. If it is not in git then when it is? Regards, Kir. On 02/09/2010 10:31 AM, Ola Lundqvist wrote: Hi Kir and other Openvz people We are closing in to the freeze period. This means that we have about a month to include openvz enabled kernels in Debian. Best regards, // Ola - Forwarded message from Marc Brockschmidth...@debian.org - Envelope-to: o...@inguza.com Delivery-date: Mon, 08 Feb 2010 20:51:21 +0100 Old-Return-Path:m...@marcbrockschmidt.de X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on liszt.debian.org X-Spam-Level: X-Spam-Status: No, score=-11.4 required=4.0 tests=ALL_TRUSTED,LDO_WHITELIST, PGPSIGNATURE autolearn=failed version=3.2.5 X-Virus-Scanned: at lists.debian.org with policy bank moderated X-Amavis-Spam-Status: No, score=-11.8 tagged_above=-1 required=5.3 tests=[ALL_TRUSTED=-1.8, LDO_WHITELIST=-5, PGPSIGNATURE=-5] autolearn=ham X-Greylist: delayed 2161 seconds by postgrey-1.31 at liszt; Mon, 08 Feb 2010 19:50:05 UTC From: Marc Brockschmidth...@debian.org To: debian-devel-annou...@lists.debian.org Subject: Bits from the release team: Release schedule; the RT needs YOU X-Debian-Message: Signature check passed for Debian member Mail-Followup-To: debian-de...@lists.debian.org X-Rc-Spam: 2008-11-04_01 Resent-Message-ID:u_k1m-ng9gg.a.ahf.9rg...@liszt Resent-From: debian-devel-annou...@lists.debian.org X-Mailing-List:debian-devel-annou...@lists.debian.org archive/latest/1209 List-Id:debian-devel-announce.lists.debian.org List-Post:mailto:debian-devel-annou...@lists.debian.org List-Help:mailto:debian-devel-announce-requ...@lists.debian.org?subject=help List-Subscribe:mailto:debian-devel-announce-requ...@lists.debian.org?subject=subscribe List-Unsubscribe:mailto:debian-devel-announce-requ...@lists.debian.org?subject=unsubscribe Resent-Sender: debian-devel-announce-requ...@lists.debian.org Resent-Date: Mon, 8 Feb 2010 19:50:21 + (UTC) X-Spam-Score: -1.0 (-) X-Spamcheck-provider: Checked for spam by inguza.net, postmas...@inguza.net Heya, As you may have noticed, updates from the release team have been scarce in the past few months. We are trying to perform better in the future, but would be glad to get help. Release schedule We hoped to freeze in March, but the current number of RC bugs makes this highly unlikely. From our experiences with previous release cycles, we wish to freeze only after the number of these bugs has dropped below the mark of 300. As you can see on the usual overview pages [RC-Bugs], we are currently far away from this goal. Work towards fixing these bugs is greatly appreciated. We will use our release superpowers to aggressively remove leaf packages from testing (in fact, another round of removals happened on the weekend). Please check if packages you maintain or use are removal candidates, for example by running ``rc-alert'' (from the devscripts package). There are still some ongoing transitions, but we are confident of finishing them as part of our usual day-to-day business. Some smaller transitions are still in the queue, but should be finished fast as soon as they get the green light. Request for help As you may have noticed, the release team has been notably less active in the last six months. If you want to invest more time into making Squeeze the best Debian release ever, feel free to send a mail or contact us in IRC. We need more manpower to coordinate transitions and bug fixes, so please consider lending a helping hand. Cheers, Marc Footnotes: [RC-Bugs] http://bugs.debian.org/release-critical/ http://bts.turmzimmer.net/ -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: lenny updates (netfilter)
Ola Lundqvist wrote: Hi Kir Thanks for the list. I have now made some work to apply this. Below are some comments. On Tue, Mar 10, 2009 at 02:00:39AM +0300, Kir Kolyshkin wrote: Kir Kolyshkin wrote: I am currently checking all the ~80 patches that are not in openvz lenny kernel. Looks like most are really needed. Let me suggest some in a few emails I will send as a reply to this one. Here is a set of netfilter patches, quite a few. Some are very critical (read security-related) since they fix various container/host isolation issues, others are to prevent kernel oopses... http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=8562975430153848dd817a050133b53adda96910 nf: fix use after free Fix use after free error, found by internal testing. Not an ABI breaker. Attached as 0010* Already in the debian openvz patch. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=fa7ac0b2423dc741cd7016565545abb8e36c4af4 nf: fix call to kmem_cache_destroy from VEs Found by internal testing. Not an ABI breaker. Attached as 0011* And this one as well. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=17b09e1de42db77743ea9ae3dfd3a910ac57ee71 conntrack: prevent double allocate/free of protos Found by internal testing. Not an ABI breaker. Attached as 0022* The double alloc should not be too much of a problem (or?), but the double free, I assume, can result in real problems, right? Right. Tables are leaked. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=7d3f10fc5d8e268f7572cfdd2287c049bce3af7c conntrack: prevent call register_pernet_subsys() from VE context Found by internal audit. Not an ABI breaker. Attached as 0023* Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=482dd20be37f61b2f94e6b3f3de1c1b9b4f9e6f1 conntrack: prevent call nf_register_hooks() from VE context Found by internal audit. Not an ABI breaker. Attached as 0024* Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=5fff3eb60f78acaadcae8562de5d3e6504f4d4f9 conntrack: adjust context during freeing Found by internal audit. Not an ABI breaker. Attached as 0029* Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=3cb8bc3781889ade74c02840b2eb8ddafb6d39c5 netfilter: NAT: assign nf_nat_seq_adjust_hook from VE0 context only Found by internal audit. Not an ABI breaker. Attached as 0033* Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=490910232ebe61f65e5e5c03b7286f11291b6092 netfilter: call nf_register_hooks from VE0 context only Found by internal audit. Not an ABI breaker. Attached as 0034* Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=1acba8533b788e95c52f827d06d9629d672c80fc netfilter: Fix NULL dereference in nf_nat_setup_info. OpenVZ Bug #1051 (http://bugzilla.openvz.org/1051). Might be an ABI breaker. Attached as 0047* Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=b405aed753ac48a46e66cccfd0a37006fd11feb8 netfilter: Add check to the nat hooks OpenVZ Bug #1051 (http://bugzilla.openvz.org/1051). Might be an ABI breaker. Attached as 0048* Is it this part that you are worried about for the ABI breakage? /* After packet filtering, change source */ { - .hook = nf_nat_fn, + .hook = nf_nat_local_in, .owner = THIS_MODULE, .pf = PF_INET, .hooknum= NF_INET_LOCAL_IN, I'm not sure why I wrote that. It doesn't look like an ABI breaker. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: lenny updates
Ola Lundqvist wrote: Hi Kir Result from the import. Some comments and questions. Building right now. Results will be available soon. On Tue, Mar 10, 2009 at 03:17:47AM +0300, Kir Kolyshkin wrote: Kir Kolyshkin wrote: I am currently checking all the ~80 patches that are not in openvz lenny kernel. Looks like most are really needed. Let me suggest some in a few emails I will send as a reply to this one. Misc patches that do not fall into one of the above categories. I am only including important stuff. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=5d70bbc8780b474371b555cd6eeaaafdea82efe9 binfmt_misc: fix false -ENOEXEC when coupled with other binary handlers A backport from mainstream patch. Attached as 0014* This was already in the Debian sources. No patch needed. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=4c9010eff11d97bf013f53601a76990b017e45b7 autofs4: pidns friendly oz_mode Fix oz_mode detect to prevent autofs daemon hang inside CT. Fix for OpenVZ bug #959 (http://bugzilla.openvz.org/959) Attached as 0020* Denial of service problem I assume. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=7ebcbe3c7ad977f1a9bfb03a6d7f7dca9f883b83 autofs: fix default pgrp vnr Attached as 0021* Security related, right? Correct http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ff3483aef4dbbddf6ee5ca483555c0ef8f8a047f Fix erratum that causes memory corruption Attached as 0027*. Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=6b9fe0296b1aa5b2e70e9ba9790e4bd9af5908c6 vzwdog: walk through the block devices list properly A fix for kernel oops, OpenVZ bug #1064 (http://bugzilla.openvz.org/1064) Attached as 0044* Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=134416f49ad04db56afd7eb2a41ddef4f157ea6f Correct per-process capabilities bounding set in CT Important security fix. Attached as 0045* Important security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=86d74166a99f5ece5bcd46b85cba4ebd54126685 ms: fix inotify umount A fix for inotify vs. umount, backported from mainstream. Attached as 0052* Regression problem (even though it did not fully work before), right? http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=14131d2abbd2554276fe4488e3403d4c0a747cdf ve: sanitize capability checks for namespaces creation Fix for OpenVZ bug #1113 (http://bugzilla.openvz.org/1113) Attached as 0054* Is this one important? Yes, this is a prerequisite for the next fixes. I see that the same problem exists in all other versions in Debian. However it should not hurt that much to include it, right? http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=c5c1032d4b6519d1e3a37853c5c0fd7fbd1f8798 Don't dereference NULL tsk-mm in ve_move_task Attached as 0059* Security issue, right? Right. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=8aa704481f80e55dce430c0c01d276e8ca13018e Fix broken permissions for Unix98 pty. Attached as 0065* Security issue! http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=397500cb89baf75c8035060585c0886b3012708a autofs4: fix ia32 compat mode Attached as 0067* Fix for amd64 environment. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=a65ea96551f370afb7174472dcd4c43b8165710c simfs: don't work with buggy input Attached as 0069* Is this one important? Could be a security issue in some cases I assume, but how many filesystems are buggy in that way? However it was an exasy fix so we should probably fix that. At least aufs and unionfs. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=0328e3d32c6915650b14dd40fcd7598a420b1364 OpenVZ bug #1160 (http://bugzilla.openvz.org/1160) Attached as 0070* Kernel ops related to filesystem operation. That should be really important. Best regards, // Ola -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: lenny updates (networking)
Attached four patches fixes conntracks for IPv6. Ola Lundqvist wrote: Thanks for this clarification. Kir, please list the corrections that you can find. If they are more on improvement please mark that and we can discuss it further. Best regards, // Ola Quoting maximilian attems m...@stro.at: On Mon, Mar 16, 2009 at 02:19:39PM +0300, Kir Kolyshkin wrote: So we can either disable IPv6 in config or fix it. It's up to you/Dann to decide. I'd go with fixing. Speaking of IPv6, we also have a bunch of patches for ipv6 conntracks in containers which I haven't sent since it looks more like a new functionality rather than a bugfix. yes please fix it, we have explicit demand for ipv6 also ipv6 support is a release goal of lenny, so such updates should just go in. From 2c1b2f728e1ae136ec1713bfec9892cf7cd656b6 Mon Sep 17 00:00:00 2001 From: Vitaliy Gusev vgu...@openvz.org Date: Wed, 24 Sep 2008 14:51:32 +0400 Subject: [PATCH] conntrack: Allocate/free ve_nf_conntrack_l3proto_ipv6 Virtualize nf_ct_ipv6_sysctl_table and allocate/free ve_nf_conntrack_l3proto_ipv6. Per VE nf_ct_ipv6_sysctl_table sysctl registration looks like: nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto) nf_ct_l3proto_register_sysctl(proto); nf_ct_register_sysctl(l3proto-ctl_table_header, l3proto-ctl_table_path, l3proto-ctl_table, NULL); So ve_nf_conntrack_l3proto_ipv6 is allocated per VE as l3proto sysctl registration changes l3proto-ctl_table_header. Signed-off-by: Vitaliy Gusev vgu...@openvz.org Signed-off-by: Pavel Emelyanov xe...@openvz.org --- net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 34 +++- net/ipv6/netfilter/nf_conntrack_reasm.c| 25 +- 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 71b15ab..8623b7c 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c @@ -360,6 +360,33 @@ MODULE_ALIAS(nf_conntrack- __stringify(AF_INET6)); MODULE_LICENSE(GPL); MODULE_AUTHOR(Yasuyuki KOZAKAI @USAGI yasuyuki.koza...@toshiba.co.jp); +static int nf_ct_proto_ipv6_init_net(struct net *net) +{ + struct nf_conntrack_l3proto *ipv6; + + ipv6 = nf_conntrack_l3proto_ipv6; + if (net != init_net) { + ipv6 = kmemdup(ipv6, + sizeof(struct nf_conntrack_l3proto), GFP_KERNEL); + if (!ipv6) + return -ENOMEM; + } + + ve_nf_conntrack_l3proto_ipv6 = ipv6; + return 0; +} + +static void nf_ct_proto_ipv6_exit_net(struct net *net) +{ + if (net != init_net) + kfree(ve_nf_conntrack_l3proto_ipv6); +} + +static struct pernet_operations nf_ct_ipv6_ops = { + .init = nf_ct_proto_ipv6_init_net, + .exit = nf_ct_proto_ipv6_exit_net, +}; + int init_nf_ct_l3proto_ipv6(void) { int ret = -ENOMEM; @@ -435,10 +462,12 @@ static int __init nf_conntrack_l3proto_ipv6_init(void) need_conntrack(); + register_pernet_subsys(nf_ct_ipv6_ops); + ret = nf_ct_frag6_init(); if (ret 0) { printk(nf_conntrack_ipv6: can't initialize frag6.\n); - return ret; + goto unreg_subsys; } ret = init_nf_ct_l3proto_ipv6(); @@ -461,6 +490,8 @@ static int __init nf_conntrack_l3proto_ipv6_init(void) cleanup_frag6: nf_ct_frag6_cleanup(); +unreg_subsys: + unregister_pernet_subsys(nf_ct_ipv6_ops); return ret; } @@ -473,6 +504,7 @@ static void __exit nf_conntrack_l3proto_ipv6_fini(void) nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops)); fini_nf_ct_l3proto_ipv6(); nf_ct_frag6_cleanup(); + unregister_pernet_subsys(nf_ct_ipv6_ops); } module_init(nf_conntrack_l3proto_ipv6_init); diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 9faaa59..e8e4112 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -40,6 +40,7 @@ #include net/ndisc.h #include net/addrconf.h #include net/netfilter/ipv6/nf_conntrack_ipv6.h +#include net/netfilter/nf_conntrack_l3proto.h #include linux/sysctl.h #include linux/netfilter.h #include linux/netfilter_ipv6.h @@ -696,17 +697,39 @@ static int nf_ct_frag6_init_net(struct net *net) { struct netns_frags *frags = net-ipv6.ct_frags; +#ifdef CONFIG_SYSCTL + if (net != init_net) { + struct nf_conntrack_l3proto *ipv6 = + ve_nf_conntrack_l3proto_ipv6; + + ipv6-ctl_table = kmemdup(nf_ct_ipv6_sysctl_table, + sizeof(nf_ct_ipv6_sysctl_table
Re: [Debian] Re: lenny updates
Yet one more important fix while we're at it. This fixes udev in a container, OpenVZ bug #1195. Not a security fix but quite important functionality issue since many distros rely on udev by default nowdays. From 5dcfcf5defb9a1037de717f56a54f8cbb461e96d Mon Sep 17 00:00:00 2001 From: Konstantin Khlebnikov khlebni...@openvz.org Date: Tue, 10 Mar 2009 15:55:35 +0300 Subject: [PATCH] NETLINK: disable netns broadcast filtering There only one uevent_sock in init_net for all VE. Broadcasts allready filtered by exec_env compare, drop netns check. http://bugzilla.openvz.org/show_bug.cgi?id=1195 http://git.openvz.org/?p=linux-2.6.24-openvz;a=commit;h=0474535acfde6a Signed-off-by: Alexey Dobriyan adobri...@openvz.org Signed-off-by: Konstantin Khlebnikov khlebni...@openvz.org Signed-off-by: Pavel Emelyanov xe...@openvz.org --- net/netlink/af_netlink.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index d30766c..84e9f7c 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -971,8 +971,10 @@ static inline int do_one_broadcast(struct sock *sk, if (!ve_accessible_strict(get_exec_env(), sk-owner_env)) goto out; +#ifndef CONFIG_VE if (!net_eq(sock_net(sk), p-net)) goto out; +#endif if (p-failure) { netlink_overrun(sk); -- 1.6.0.6
Re: [Debian] Re: lenny updates
I hope that changelog will include something to uniquely identify the patches that were included. The best thing would be to have git commit IDs, but anything else that can be used to find out git commit id is fine, too. Note that commit ID can be shortened to say first 8 chars without a high risk of collisions. Ola Lundqvist wrote: Ok added as well. I'll make a new proposed patch soon. Best regards, // Ola On Mon, Mar 16, 2009 at 09:46:27PM +0300, Kir Kolyshkin wrote: Yet one more important fix while we're at it. This fixes udev in a container, OpenVZ bug #1195. Not a security fix but quite important functionality issue since many distros rely on udev by default nowdays. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: lenny updates (CPT patches)
Kir Kolyshkin wrote: Also, while I am at it... I am currently checking all the ~80 patches that are not in openvz lenny kernel. Looks like most are really needed. Let me suggest some in a few emails I will send as a reply to this one. Checkpointing-related patches. Needed if we want working checkpointing/restart. 1. High-priority patches http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=d588f384c7a326c049f27cf4d90b949a89c1fe94 CPT: Use sock_create instead sock_create_kern Puts sockets in correct net namespace. Pretty trivial, not an ABI breaker. Found by internal testing. Attached as 0001* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=15ce7ef10f52493f94f5438d22a60a60e6bffdb0 CPT: Fix memory corruption Found by internal testing. Exports one more function (needed since cpt/rst can be build as modules) so can be an ABI breaker. Attached as 0002* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=e744de05b10aeff8289c5d287ed92cbb0438426d CPT: Fixed checkpoint error due to skipped mm-exe_file dump Needed due to changes in 2.6.26 kernel.Found by internal testing. Exports one more function so can be an ABI breaker. Attached as 0006* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=6d18ba377cfa3e86ee830fe6a5fce52b8fd51039 CPT: revert check on sk_reuse1 This is fix for Debian bug #500645 (OpenVZ bug #1034). http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500645 Attached as 0038-CPT-revert-check-on-sk_reuse-1.patch http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=029cecb45ceb652b0add04388fcaabe822e83660 cpt: Make the proper check for sigmask Trivial fix, not an ABI breaker. Fixes OpenVZ bug #1122 http://bugzilla.openvz.org/show_bug.cgi?id=1122 2. Not sure those are needed patches. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ef2def76125ba8753042329df1ede57449de4609 cpt: Ban fib trie Pretty trivial. Not really needed if we make sure CONFIG_IP_FIB_TRIE is not set in openvz kernel .config, but shouldn't break anything. Attached as 0012* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=4fc3a18ab7c46e4bc375fa3ce59b7fb1b173f35b cpt: bump image version to VERSION_26 Needed to not confuse the user. Attached as 0017* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=c00febbae95a18b264fd8ca72b8eef09ef28ae2e cpt: Make it module by default CONFIG_VZ_CHECKPOINT was set to n by default in kernel config. Now since it's working we enable it. Doesn't make much sense for Debian if we set CONFIG_VZ_CHECKPOINT explicitly. Attached as 0019* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=281828bf90ea4e49bf5d8e777b1ec43972bf0949 cpt: replace BUG_ON-s checking for sizeof-s with BUILD_BUG_ON Those checks need to be done compile-time not runtime. Mostly needed for developers but won't hurt to include. Attached as 0032* From d588f384c7a326c049f27cf4d90b949a89c1fe94 Mon Sep 17 00:00:00 2001 From: Vitaliy Gusev vgu...@openvz.org Date: Mon, 18 Aug 2008 15:10:15 +0400 Subject: [PATCH] CPT: Use sock_create instead sock_create_kern MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit sock_create_kern() uses init_net as default net namespace. Therefore sockets and net devices are belonged to init_net, though must belong to current net namespace. Signed-off-by: Vitaliy Gusev vgu...@openvz.org Signed-off-by: Pavel Emelyanov xe...@openvz.org --- kernel/cpt/cpt_net.c|2 +- kernel/cpt/rst_net.c|2 +- kernel/cpt/rst_socket.c |8 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/kernel/cpt/cpt_net.c b/kernel/cpt/cpt_net.c index 373db60..78919d8 100644 --- a/kernel/cpt/cpt_net.c +++ b/kernel/cpt/cpt_net.c @@ -337,7 +337,7 @@ static int cpt_dump_route(struct cpt_context * ctx) mm_segment_t oldfs; char *pg; - err = sock_create_kern(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE, sock); + err = sock_create(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE, sock); if (err) return err; diff --git a/kernel/cpt/rst_net.c b/kernel/cpt/rst_net.c index b246ddb..c6be61a 100644 --- a/kernel/cpt/rst_net.c +++ b/kernel/cpt/rst_net.c @@ -202,7 +202,7 @@ int rst_restore_route(struct cpt_context *ctx) if (err 0) return err; - err = sock_create_kern(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE, sock); + err = sock_create(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE, sock); if (err) return err; diff --git a/kernel/cpt/rst_socket.c b/kernel/cpt/rst_socket.c index d90488e..4963f34 100644 --- a/kernel/cpt/rst_socket.c +++ b/kernel/cpt/rst_socket.c @@ -268,13 +268,13 @@ static int open_socket(cpt_object_t *obj, struct cpt_sock_image *si, cpt_object_t *fobj; cpt_object_t *pobj = NULL; - err = sock_create_kern(si-cpt_family, si-cpt_type, si-cpt_protocol, + err = sock_create(si-cpt_family, si-cpt_type, si-cpt_protocol
Re: lenny updates (CPT patches)
Looks like a few patches are already there, see below. Only 5 CPT patches are still left. If you need I can write a new email about CPT patches to avoid confusion. Kir Kolyshkin wrote: Kir Kolyshkin wrote: Also, while I am at it... I am currently checking all the ~80 patches that are not in openvz lenny kernel. Looks like most are really needed. Let me suggest some in a few emails I will send as a reply to this one. Checkpointing-related patches. Needed if we want working checkpointing/restart. 1. High-priority patches http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=d588f384c7a326c049f27cf4d90b949a89c1fe94 CPT: Use sock_create instead sock_create_kern Puts sockets in correct net namespace. Pretty trivial, not an ABI breaker. Found by internal testing. Attached as 0001* Sorry, this one is already included. Harder to track since the patch was just added to the end of openvz.patch instead of creating a separate file. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=15ce7ef10f52493f94f5438d22a60a60e6bffdb0 CPT: Fix memory corruption Found by internal testing. Exports one more function (needed since cpt/rst can be build as modules) so can be an ABI breaker. Attached as 0002* Ditto. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=e744de05b10aeff8289c5d287ed92cbb0438426d CPT: Fixed checkpoint error due to skipped mm-exe_file dump Needed due to changes in 2.6.26 kernel.Found by internal testing. Exports one more function so can be an ABI breaker. Attached as 0006* Ditto. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=6d18ba377cfa3e86ee830fe6a5fce52b8fd51039 CPT: revert check on sk_reuse1 This is fix for Debian bug #500645 (OpenVZ bug #1034). http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500645 Attached as 0038-CPT-revert-check-on-sk_reuse-1.patch http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=029cecb45ceb652b0add04388fcaabe822e83660 cpt: Make the proper check for sigmask Trivial fix, not an ABI breaker. Fixes OpenVZ bug #1122 http://bugzilla.openvz.org/show_bug.cgi?id=1122 2. Not sure those are needed patches. http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ef2def76125ba8753042329df1ede57449de4609 cpt: Ban fib trie Pretty trivial. Not really needed if we make sure CONFIG_IP_FIB_TRIE is not set in openvz kernel .config, but shouldn't break anything. Attached as 0012* Ditto http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=4fc3a18ab7c46e4bc375fa3ce59b7fb1b173f35b cpt: bump image version to VERSION_26 Needed to not confuse the user. Attached as 0017* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=c00febbae95a18b264fd8ca72b8eef09ef28ae2e cpt: Make it module by default CONFIG_VZ_CHECKPOINT was set to n by default in kernel config. Now since it's working we enable it. Doesn't make much sense for Debian if we set CONFIG_VZ_CHECKPOINT explicitly. Attached as 0019* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=281828bf90ea4e49bf5d8e777b1ec43972bf0949 cpt: replace BUG_ON-s checking for sizeof-s with BUILD_BUG_ON Those checks need to be done compile-time not runtime. Mostly needed for developers but won't hurt to include. Attached as 0032* -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: lenny updates (netfilter)
Kir Kolyshkin wrote: I am currently checking all the ~80 patches that are not in openvz lenny kernel. Looks like most are really needed. Let me suggest some in a few emails I will send as a reply to this one. Here is a set of netfilter patches, quite a few. Some are very critical (read security-related) since they fix various container/host isolation issues, others are to prevent kernel oopses... http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=8562975430153848dd817a050133b53adda96910 nf: fix use after free Fix use after free error, found by internal testing. Not an ABI breaker. Attached as 0010* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=fa7ac0b2423dc741cd7016565545abb8e36c4af4 nf: fix call to kmem_cache_destroy from VEs Found by internal testing. Not an ABI breaker. Attached as 0011* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=17b09e1de42db77743ea9ae3dfd3a910ac57ee71 conntrack: prevent double allocate/free of protos Found by internal testing. Not an ABI breaker. Attached as 0022* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=7d3f10fc5d8e268f7572cfdd2287c049bce3af7c conntrack: prevent call register_pernet_subsys() from VE context Found by internal audit. Not an ABI breaker. Attached as 0023* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=482dd20be37f61b2f94e6b3f3de1c1b9b4f9e6f1 conntrack: prevent call nf_register_hooks() from VE context Found by internal audit. Not an ABI breaker. Attached as 0024* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=5fff3eb60f78acaadcae8562de5d3e6504f4d4f9 conntrack: adjust context during freeing Found by internal audit. Not an ABI breaker. Attached as 0029* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=3cb8bc3781889ade74c02840b2eb8ddafb6d39c5 netfilter: NAT: assign nf_nat_seq_adjust_hook from VE0 context only Found by internal audit. Not an ABI breaker. Attached as 0033* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=490910232ebe61f65e5e5c03b7286f11291b6092 netfilter: call nf_register_hooks from VE0 context only Found by internal audit. Not an ABI breaker. Attached as 0034* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=1acba8533b788e95c52f827d06d9629d672c80fc netfilter: Fix NULL dereference in nf_nat_setup_info. OpenVZ Bug #1051 (http://bugzilla.openvz.org/1051). Might be an ABI breaker. Attached as 0047* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=b405aed753ac48a46e66cccfd0a37006fd11feb8 netfilter: Add check to the nat hooks OpenVZ Bug #1051 (http://bugzilla.openvz.org/1051). Might be an ABI breaker. Attached as 0048* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=b5e1f74cee5bc2c45bdca53a7218fb8de89215dd netlink: Fix oops in netlink conntrack module OpenVZ bug #788 (http://bugzilla.openvz.org/788) Attached as 0053* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=09686c184a2cb815cbd5af500fe468311887d746 Free skb-nf_bridge in veth_xmit() and venet_xmit() OpenVZ bug #1146 (http://bugzilla.openvz.org/1146) Attached as 0066* http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h= http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h= http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h= From 8562975430153848dd817a050133b53adda96910 Mon Sep 17 00:00:00 2001 From: Vitaliy Gusev vgu...@openvz.org Date: Wed, 27 Aug 2008 19:36:28 +0400 Subject: [PATCH] nf: fix use after free Fix use after free error: move freeing ve_nf_conntrack_l4proto_generic to nf_ct_proto_generic_sysctl_cleanup(). Signed-off-by: Vitaliy Gusev vgu...@openvz.org Signed-off-by: Pavel Emelyanov xe...@openvz.org --- net/netfilter/nf_conntrack_proto.c |4 net/netfilter/nf_conntrack_proto_generic.c |2 ++ 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index 49fc01f..67c53a7 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -358,8 +358,4 @@ void nf_conntrack_proto_fini(void) /* free l3proto protocol tables */ for (i = 0; i PF_MAX; i++) kfree(ve_nf_ct_protos[i]); -#ifdef CONFIG_VE_IPTABLES - if (!ve_is_super(get_exec_env())) - kfree(ve_nf_conntrack_l4proto_generic); -#endif } diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c index e65f9a7..24b0e29 100644 --- a/net/netfilter/nf_conntrack_proto_generic.c +++ b/net/netfilter/nf_conntrack_proto_generic.c @@ -163,6 +163,8 @@ void nf_ct_proto_generic_sysctl_cleanup(void) kfree(ve_nf_conntrack_l4proto_generic-ctl_compat_table); #endif kfree(ve_nf_conntrack_l4proto_generic-ctl_table); + + kfree(ve_nf_conntrack_l4proto_generic); } } EXPORT_SYMBOL(nf_ct_proto_generic_sysctl_cleanup); -- 1.6.0.6 From fa7ac0b2423dc741cd7016565545abb8e36c4af4 Mon Sep 17 00:00
Re: lenny updates
Since it's gonna be ABI++ anyway, we'd like to take a look at what we have in git and maybe recommend some other critical/important bugfixes. Ideally we'd like Debian to just pull from our git (i.e. merge all the patches we have there), but as I understand this is not how things are working here. So, will it be helpful / worth it if we come with such a list of highly recommended patches? dann frazier wrote: On Tue, Mar 03, 2009 at 09:44:04PM +0100, Ola Lundqvist wrote: Hi Dann You asked about the latest status and here it is. Please tell which ones you want me to fix for the next lenny release of the kernel. I'll prepare a patch and regression test that version for you. Wow Ola, thanks - great detail. I'll look this over and get back to you. #510787: Refers to an other bug report that was not openvz specific. Should it be forwarded to an non-openvz version of the kernel or kept here? In any case I have added latest information to the report and told where the problem has been forwarded. #511165: Patch exist for 2.6.24 and 2.6.26. Fix is available in http://git.openvz.org/?p=linux-2.6.26-openvz;a=commit;h=b5e1f74cee5bc2c45bdca53a7218fb8de89215dd Not sure if this is an ABI breaker. #500876: Fix available in: http://git.openvz.org/?p=linux-2.6.26-openvz;a=commit;h=777e8164ebf8a03e43511983cdec472f8691a8af Problem is about to be verified. Regression tested without problems seen. #503097: Reported as http://bugzilla.openvz.org/show_bug.cgi?id=930 Seems to be a duplicate of #500876 above. #505174: This is a request to go up to the latest version that includes fixes for all the ones in this mail that describe that there is a fix available. Unfortunatly there are ABI breakers... #508773: Patch available in http://bugzilla.openvz.org/show_bug.cgi?id=1054 Fix in http://git.openvz.org/?p=linux-2.6.24-openvz;a=commit;h=20bd90762d4df4a3c7c247b660c696bdd0a27709 Do not look like an ABI breaker to me. #500145: Forwarded to http://bugzilla.openvz.org/show_bug.cgi?id=1143 Marked as dupliate of http://bugzilla.openvz.org/show_bug.cgi?id=1067 Not solved yet. #501985: From: maximilian attems the upstream nfs fixes are abi breakers and thus can't be integrated at this point they will be for the first point release were abi breaking will be allowed again. #494445: There are a number of problems in this area. Fixes are available. However some of them are ABI breakers. #500645: Fix available in http://bugzilla.openvz.org/show_bug.cgi?id=1034 http://git.openvz.org/?p=linux-2.6.26-openvz;a=commit;h=6d18ba377cfa3e86ee830fe6a5fce52b8fd51039 I can not see that this is an ABI breaker, so it should be possibly to apply this one without problem. Best regards, // Ola On Mon, Feb 23, 2009 at 04:47:35PM -0700, dann frazier wrote: hey, The first lenny update is scheduled for early April, so I wanted to start coordinating the kernel update. Security The lenny-security branch is currently caught up on security issues, so I'd like to release a DSA later this week. I'd appreciate it if the individual arch maintainers could test builds from this branch ahead of time. The CVE-2009-0029 touch a lot of arch-specific code and though they applied pretty easily to the lenny kernel, it'd still be good to get some testing there. I noticed that the snapshot archive now has a lenny-security dist for some archs (thanks waldi) Stable -- There are several fixes queued up for a stable upload. I have a few more small fixes from jmm to review/commit as well, and it looks like tbm has an RTC regression fix pending. I've seen mentions of OpenVZ fixes from Ola/maks - what is the status of those? Are there any other changes people are working on? ABI changes --- The security fixes don't currently break the ABI. It sounds like the openvz fixes are ABI-breaking?. If it is going to be ready for this update and does break the ABI, I'd also like to get the hppa large-module fix in. And, of course, we'll need to notify the d-i team of this change. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Scheduling linux-2.6 2.6.26-5
maximilian attems wrote: On Tue, Sep 09, 2008 at 11:26:49PM +0300, Mert Dirik wrote: Do you plan to fix #497292 for this release? It would be good although I'm not sure if it can be done before release since it is not important. hmmm, CONFIG_VZ_CHECKPOINT defaults to n according to the openvz patchset. and the options where taken in accordance with openvz team. maybe kir or pavel have some input, but that be pretty hard to change now, as this may well be an abi breaker. Max, If it's still possible to change this option, please do it. Checkpointing is now working fine, it's totally our fault that we forgot to switch the relative option. So, please set CONFIG_VZ_CHECKPOINT=m. From the ABI point of view this adds two new ioctl()s for /dev/vzctl, nothing more. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Scheduling linux-2.6 2.6.26-5
maximilian attems wrote: On Wed, Sep 10, 2008 at 02:09:52PM +0400, Kir Kolyshkin wrote: If it's still possible to change this option, please do it. Checkpointing is now working fine, it's totally our fault that we forgot to switch the relative option. So, please set CONFIG_VZ_CHECKPOINT=m. From the ABI point of view this adds two new ioctl()s for /dev/vzctl, nothing more. thanks kir and pavel for input. did a build test and abicheck went positive like according your statements. so enabled it for 2.6.26-6. as 2.6.26-5 upload happened today can't say for sure when this will land. depends mostly on next upstream stable release. will see to get it into Lenny. Thanks a lot Max! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#494384: first debian openvz 2.6.26 bugs
Vitaliy Gusev wrote: Sorry, I didn't understand this notes: I upgraded from 2.6.25-2 to 2.6.26-1-openvz-686. After reboot, the nfsd module fails to load with this error message: nfsd loads without error if I boot the 2.6.26-1-686 kernel instead. That was loaded and then error occurs? IMHO what the bug reporter means is nfsd loads fine with non-openvz kernels (both 2.6.25 and 2.6.26), but fails to load with openvz 2.6.26 kernel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#392015: [Debian] Re: Bug#478208: linux-patch-openvz asks for kernel version 2.6.18 while default kernel on lenny is 2.6.24
As for mainstream integration, I can say OpenVZ is committed to merging containers functionality to mainstream. I have just checked the number of changesets submitted by OpenVZ and Linux-VServer guys, using up-to-date Linus' kernel git tree. For the last 365 days (i.e. a year) there were 818 changesets from OpenVZ guys and only 14 patches from VServer guys. These numbers could be wrong (maybe I'm missing someone) but not totally wrong. Also, IMHO the document http://wiki.debian.org/DebianKernelPatchAcceptanceGuidelines is not applicable to this case because it describes patches that are [not] welcome to standard Debian kernel, while OpenVZ, Linux-VServer, Xen etc. provide flavored kernels. In other words, these all are special kernels with special use cases. So, either this policy is not applicable, or linux-image-vserver and linux-image-xen are all not conforming to the policy. As for 2.6.26, OpenVZ team plans to start porting to that kernel as soon as 2.6.26-rc1 is released. http://wiki.debian.org/DebianKernelPatchAcceptanceGuidelines?action=fullsearchvalue=linkto%3A%22DebianKernelPatchAcceptanceGuidelines%22context=180 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#392015: supported arches
I'd like to add that OpenVZ kernel also supports ppc (powerpc64) and sparc64. Support for other arches is almost trivial to add, given the hardware to test the stuff. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]