cgroup_mark_ve_roots is not protected against cases when a container is
started in an invalid cgroup set configuration.
The official supported way of doing that from cgroups point of view is as
follows:
1. Create a child cgroup in "ve" cgroup hierarchy.
2. Along with "ve" create child cgroups in
Fixes: 1d668375f702847d11301882cb36ddc750226ed2
A follow up fix for a cherry-picked cset validation code that
runs at container start.
The validation code consists of 2 functions is_virtualized_cgroup
and css_has_host_cgroups. Both check that cgroup_mark_ve_roots
is safe to proceed. In case if
From: Jan Dakinevich
Move LBR information from `struct x86_pmu' to separate structure
`struct x86_pmu_lbr'.
LBR initialization is nailed to perf subsystem and to global
'boot_x86_pmu' structure. To reuse this code and keep these changes
readable the work splited into to parts.
From: Jan Dakinevich
This patch introduces globally visible intel_pmu_lbr_fill() routine,
which gathers information which LBR MSRs are support for specific CPU
family/model.
It is supposed that the routine would be used in KVM code, using guest
CPU information as an input. By this reason, it
This is the part of patchset from PSBM-75679 which is not present in
mainline or RHEL kernels.
I have adapted it to VZ8, added handling of new CPU models and simplified
the code a bit more.
Apart from that the patches have been renamed. The first two were named
"perf/x86/intel: make reusable LBR
From: Jan Dakinevich
Windows Server 2016 Essentials (for yet unknown reason) attempts to
access MSR_LBR_TOS and other LBR-related registers at startup. These
are not currently hadled by KVM so the guest gets #GP and crashes.
To prevent that, identify LBR-related MSRs pertinent to the CPU model
cgroup_mark_ve_roots is not protected against cases when a container is
started in an invalid cgroup set configuration.
The official supported way of doing that from cgroups point of view is
as follows:
1. Create a child cgroup in "ve" cgroup hierarchy.
2. Along with "ve" create child cgroups in
In cgroup_mark_ve_roots at error path one css_spin_lock is
not released. Fixed that.
Signed-off-by: Valeriy Vdovin
---
kernel/cgroup/cgroup.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 500da91..4bd2401 100644
---
Fixes: 1d668375f702847d11301882cb36ddc750226ed2
A follow up fix for a cherry-picked cset validation code that
runs at container start.
The validation code consists of 2 functions is_virtualized_cgroup
and css_has_host_cgroups. Both check that cgroup_mark_ve_roots
is safe to proceed. In case if
From: Alexander Popov
There are multiple similar bugs implicitly introduced by the
commit c0cfa2d8a788fcf4 ("vsock: add multi-transports support") and
commit 6a2c0962105ae8ce ("vsock: prevent transport modules unloading").
The bug pattern:
[1] vsock_sock.transport pointer is copied to a local
From: Stefano Garzarella
With multi-transport support, listener sockets are not bound to any
transport. So, calling virtio_transport_reset(), when an error
occurs, on a listener socket produces the following null-pointer
dereference:
BUG: kernel NULL pointer dereference, address:
From: Stefano Garzarella
Fix the following gcc-9.3 warning when building with 'make W=1':
net/vmw_vsock/vmci_transport.c:2058:6: warning: no previous prototype
for ‘vmci_vsock_transport_cb’ [-Wmissing-prototypes]
2058 | void vmci_vsock_transport_cb(bool is_host)
|
From: Stefano Garzarella
syzbot reported this issue where in the vsock_poll() we find the
socket state at TCP_ESTABLISHED, but 'transport' is null:
general protection fault, probably for non-canonical address
0xdc12: [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range
From: Mao Wenan
When using make C=2 drivers/misc/vmw_vmci/vmci_driver.o
to compile, below warning can be seen:
drivers/misc/vmw_vmci/vmci_driver.c:33:6: warning:
symbol 'vmci_vsock_cb_host_called' was not declared. Should it be static?
This patch make symbol vmci_vsock_cb_host_called static.
From: Alexander Popov
There are multiple similar bugs implicitly introduced by the
commit c0cfa2d8a788fcf4 ("vsock: add multi-transports support") and
commit 6a2c0962105ae8ce ("vsock: prevent transport modules unloading").
The bug pattern:
[1] vsock_sock.transport pointer is copied to a local
Just patches from mainstream which have "Fixes:" for
commits from previous patchset.
https://jira.sw.ru/browse/PSBM-128702
Alexander Popov (1):
ms/vsock: fix the race conditions in multi-transport support
Mao Wenan (1):
ms/vsock/vmci: make vmci_vsock_cb_host_called static
Stefano
From: Stefano Garzarella
If transport->init() fails, we can't assign the transport to the
socket, because it's not initialized correctly, and any future
calls to the transport callbacks would have an unexpected behavior.
Fixes: c0cfa2d8a788 ("vsock: add multi-transports support")
Patch enables memcg accounting for nft objects.
https://jira.sw.ru/browse/PSBM-128719
Signed-off-by: Vasily Averin
---
net/netfilter/nf_tables_api.c | 44 +++
1 file changed, 24 insertions(+), 20 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit de0317b9ac2e6428dcec89df057130ca3141ab2b
Author: Stefano Garzarella
Date: Wed Apr 21 17:51:48 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 97cc8e400b9afb36c50f79accfefa9c3495b0875
Author: Stefano Garzarella
Date: Wed Apr 21 17:52:04 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 7a2beee60d3479f5739fa07751492562c0af04f5
Author: Stefano Garzarella
Date: Wed Apr 21 17:52:12 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit ec84098f0acd63449b72b15c9dd3c19a29b4603a
Author: Stefano Garzarella
Date: Wed Apr 21 17:52:20 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit cdac685b79fb4c9dc0dd9ce9e998b1b904c2cff7
Author: Stefano Garzarella
Date: Wed Apr 21 17:53:17 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit a33e73b3ecff2b446e37b4f4c47084c0d6aed3ec
Author: Stefano Garzarella
Date: Wed Apr 21 17:52:30 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 518d9d25fd717218abb8d07a13f047de85ea
Author: Stefano Garzarella
Date: Wed Apr 21 17:52:54 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 7633fe38d3998526a3f49fe411c090e0df351dd1
Author: Stefano Garzarella
Date: Wed Apr 21 17:51:56 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 74fd8196cdd4f99a81b805bc4fe45f5051969c6b
Author: Stefano Garzarella
Date: Wed Apr 21 17:53:02 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 0674b8f918f86e4e5666aacc366c50e6afe386b9
Author: Stefano Garzarella
Date: Wed Apr 21 17:52:47 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 683b9c0e35d7f3fd3e1ed201d677443b9c1c16dd
Author: Stefano Garzarella
Date: Wed Apr 21 17:52:39 2021 +0300
Right now a Node (VM) cannot work as vsock server and client at once,
this leads in particular to the following situation:
if a VM (L1) uses vsock transport for communications with Host
it cannot start L2 VMs (nested) with vsock as a transport.
The following message appears on nested VM start
From: Stefano Garzarella
All transports call __vsock_create() with the same parameters,
most of them depending on the parent socket. In order to simplify
the VSOCK core APIs exposed to the transports, this patch adds
the vsock_create_connected() callable from transports to create
a new socket
From: Stefano Garzarella
vsock_insert_unbound() was called only when 'sock' parameter of
__vsock_create() was not null. This only happened when
__vsock_create() was called by vsock_create().
In order to simplify the multi-transports support, this patch
moves vsock_insert_unbound() at the end of
From: Stefano Garzarella
We are going to add 'struct vsock_sock *' parameter to
virtio_transport_get_ops().
In some cases, like in the virtio_transport_reset_no_sock(),
we don't have any socket assigned to the packet received,
so we can't use the virtio_transport_get_ops().
In order to allow
From: Stefano Garzarella
In a nested VM environment, we have to refuse to assign to a nested
guest the same CID assigned to our guest->host transport.
In this way, the user can use the local CID for loopback.
Signed-off-by: Stefano Garzarella
Signed-off-by: David S. Miller
From: Stefano Garzarella
vm_sockets_get_local_cid() is only used in virtio_transport_common.c.
We can replace it calling the virtio_transport_get_ops() and
using the get_local_cid() callback registered by the transport.
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Jorgen Hansen
Signed-off-by:
From: Stefano Garzarella
This patch adds the support of multiple transports in the
VSOCK core.
With the multi-transports support, we can use vsock with nested VMs
(using also different hypervisors) loading both guest->host and
host->guest transports at the same time.
Major changes:
- vsock
From: Stefano Garzarella
To allow other transports to be loaded with vmci_transport,
we register the vmci_transport as G2H or H2G only when a VMCI guest
or host is active.
To do that, this patch adds a callback registered in the vmci driver
that will be called when the host or guest becomes
From: Stefano Garzarella
When we are looking for a socket bound to a specific address,
we also have to take into account the CID.
This patch is useful with multi-transports support because it
allows the binding of the same port with different CID, and
it prevents a connection to a wrong socket
From: Stefano Garzarella
Remote peer is always the host, so we set VMADDR_CID_HOST as
remote CID instead of VMADDR_CID_ANY.
Reviewed-by: Dexuan Cui
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Stefano Garzarella
Signed-off-by: David S. Miller
https://jira.sw.ru/browse/PSBM-128702
(cherry
From: Stefano Garzarella
This header file now only includes the "uapi/linux/vm_sockets.h".
We can include directly it when needed.
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Jorgen Hansen
Signed-off-by: Stefano Garzarella
Signed-off-by: David S. Miller
https://jira.sw.ru/browse/PSBM-128702
From: Stefano Garzarella
virtio_transport and vmci_transport handle the buffer_size
sockopts in a very similar way.
In order to support multiple transports, this patch moves this
handling in the core to allow the user to change the options
also if the socket is not yet assigned to any
From: Stefano Garzarella
As a preparation to support multiple transports, this patch adds
the 'transport' member at the 'struct vsock_sock'.
This new field is initialized during the creation in the
__vsock_create() function.
This patch also renames the global 'transport' pointer to
From: Stefano Garzarella
The VSOCK_DEFAULT_CONNECT_TIMEOUT definition was introduced with
commit d021c344051af ("VSOCK: Introduce VM Sockets"), but it is
never used in the net/vmw_vsock/vmci_transport.c.
VSOCK_DEFAULT_CONNECT_TIMEOUT is used and defined in
net/vmw_vsock/af_vsock.c
Cc: Jorgen
From: Stefano Garzarella
Since now the 'struct vsock_sock' object contains a pointer to
the transport, this patch adds a parameter to the
vsock_core_get_transport() to return the right transport
assigned to the socket.
This patch modifies also the virtio_transport_get_ops(), that
uses the
From: Stefano Garzarella
This patch adds 'module' member in the 'struct vsock_transport'
in order to get/put the transport module. This prevents the
module unloading while sockets are assigned to it.
We increase the module refcnt when a socket is assigned to a
transport, and we decrease the
From: "Jorge E. Moreira"
Avoid a race in which static variables in net/vmw_vsock/af_vsock.c are
accessed (while handling interrupts) before they are initialized.
[4.201410] BUG: unable to handle kernel paging request at ffe8
[4.207829] IP: vsock_addr_equals_addr+0x3/0x20
[
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit f8f17862c30546e8c546d9fcacdcaac504bab188
Author: Jorge E. Moreira
Date: Wed Apr 21 17:53:11 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 890156c21d0152c6f501e958c86a42b35a1d02e4
Author: Stefano Garzarella
Date: Wed Apr 21 17:53:26 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 12b9bbdacb16f87bd6d6058b65e79f2ad409a388
Author: Stefano Garzarella
Date: Wed Apr 21 17:53:35 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit 375a76ec4f0e125bcbbacc404aea977d920d2a6f
Author: Stefano Garzarella
Date: Wed Apr 21 17:53:52 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.10
-->
commit e2507ebc2195b86cf42d1716b87e8e1050ce7675
Author: Stefano Garzarella
Date: Wed Apr 21 17:53:43 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.11
-->
commit 865f73c456e78394b0958e2e03d0444313fab810
Author: Stefano Garzarella
Date: Thu Apr 22 03:41:56 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.11
-->
commit e1a04db18f1a78bbf38c9fcbd5594200c644c08e
Author: Mao Wenan
Date: Thu Apr 22 03:41:42 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.11
-->
commit fe8c2a71097f70991772a5665c607036f0d772ed
Author: Alexander Popov
Date: Thu Apr 22 03:41:33 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.11
-->
commit 503ea46cdc7c2bffddf7fdc2e21d0d3ccd0bc831
Author: Stefano Garzarella
Date: Thu Apr 22 03:42:06 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.11
-->
commit 4f77adbbc1be1ec6b2ea9eff0b77a56e75eca986
Author: Stefano Garzarella
Date: Thu Apr 22 03:42:15 2021 +0300
The commit is pushed to "branch-rh7-3.10.0-1160.21.1.vz7.174.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.21.1.vz7.174.11
-->
commit c85d7d7c4097911c8a7660ed0e61033d1348edf5
Author: Stefano Garzarella
Date: Thu Apr 22 03:41:49 2021 +0300
57 matches
Mail list logo
