[pve-devel] r5272 - in pve-kernel-2.6.32/trunk: . iscsideb

svn-commits at proxmox.com svn-commits at proxmox.com
Fri Oct 15 09:31:51 CEST 2010 

Author: dietmar
Date: 2010-10-15 07:31:50 +0000 (Fri, 15 Oct 2010)
New Revision: 5272

Added:
   pve-kernel-2.6.32/trunk/use-init-task-credential.patch
Modified:
   pve-kernel-2.6.32/trunk/Makefile
   pve-kernel-2.6.32/trunk/changelog.Debian
   pve-kernel-2.6.32/trunk/iscsideb/changelog
   pve-kernel-2.6.32/trunk/iscsideb/postinst
Log:


Modified: pve-kernel-2.6.32/trunk/Makefile
===================================================================
--- pve-kernel-2.6.32/trunk/Makefile	2010-10-13 09:54:28 UTC (rev 5271)
+++ pve-kernel-2.6.32/trunk/Makefile	2010-10-15 07:31:50 UTC (rev 5272)
@@ -1,7 +1,7 @@
 RELEASE=1.6
 
 KERNEL_VER=2.6.32
-PKGREL=23
+PKGREL=24
 KREL=4
 
 KERNEL_DEB_REL=24
@@ -35,7 +35,7 @@
 SCSTDIR=scst
 SCSTSRC=scst-snap-21.12.09.tgz
 ISCSIDIR=iscsi-scst
-ISCSI_DEB=iscsi-scst_1.0.1.1-3_${ARCH}.deb
+ISCSI_DEB=iscsi-scst_1.0.1.1-4_${ARCH}.deb
 
 DST_DEB=${PACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
 HDR_DEB=${HDRPACKAGE}_${KERNEL_VER}-${PKGREL}_${ARCH}.deb
@@ -128,6 +128,7 @@
 	tar xf ${KERNEL_SRC_TAR}	
 	zcat ${KERNEL_DEB_DIFF}|patch -p1 -d ${KERNEL_SRC}
 	./applydebpatches.pl ${KERNEL_SRC} ${KERNEL_DEB_REL}
+	cd ${KERNEL_SRC}; patch -p1 <../use-init-task-credential.patch
 	cd ${KERNEL_SRC}; patch -p1 <../bootsplash-3.1.9-2.6.31.patch 
 	cd ${KERNEL_SRC}; patch -p1 <../bridge-patch.diff
 	cd ${KERNEL_SRC}; patch -p1 <../scst-src/scst/kernel/scst_exec_req_fifo-2.6.32.patch

Modified: pve-kernel-2.6.32/trunk/changelog.Debian
===================================================================
--- pve-kernel-2.6.32/trunk/changelog.Debian	2010-10-13 09:54:28 UTC (rev 5271)
+++ pve-kernel-2.6.32/trunk/changelog.Debian	2010-10-15 07:31:50 UTC (rev 5272)
@@ -1,3 +1,9 @@
+pve-kernel-2.6.32 (2.6.32-24) unstable; urgency=low
+
+  * include fix for OpenVZ bug #1603
+
+ -- Proxmox Support Team <support at proxmox.com>  Fri, 15 Oct 2010 09:30:30 +0200
+
 pve-kernel-2.6.32 (2.6.32-23) unstable; urgency=low
 
   * ixgbe driver update (3.0.12)

Modified: pve-kernel-2.6.32/trunk/iscsideb/changelog
===================================================================
--- pve-kernel-2.6.32/trunk/iscsideb/changelog	2010-10-13 09:54:28 UTC (rev 5271)
+++ pve-kernel-2.6.32/trunk/iscsideb/changelog	2010-10-15 07:31:50 UTC (rev 5272)
@@ -1,3 +1,9 @@
+iscsi-scst (1.0.1.1-4) unstable; urgency=low
+
+  * create /var/lib/scst/pr (required by the kerenl module)
+
+ -- Proxmox Support Team <support at proxmox.com>  Fri, 15 Oct 2010 09:27:27 +0200
+
 iscsi-scst (1.0.1.1-3) unstable; urgency=low
 
   * update to latest trunk

Modified: pve-kernel-2.6.32/trunk/iscsideb/postinst
===================================================================
--- pve-kernel-2.6.32/trunk/iscsideb/postinst	2010-10-13 09:54:28 UTC (rev 5271)
+++ pve-kernel-2.6.32/trunk/iscsideb/postinst	2010-10-15 07:31:50 UTC (rev 5272)
@@ -21,6 +21,9 @@
 case "$1" in
     configure)
 
+	# make sure we have the directory required by the kernel
+	module mkdir -p /var/lib/scst/pr
+
 	if [ ! -e /etc/iscsi-scstd.conf ]; then
 	    if [ -e /etc/iscsi/initiatorname.iscsi ]; then
 		echo "Target $(sed -n 's/InitiatorName=//p' /etc/iscsi/initiatorname.iscsi):storage" >/etc/iscsi-scstd.conf

Added: pve-kernel-2.6.32/trunk/use-init-task-credential.patch
===================================================================
--- pve-kernel-2.6.32/trunk/use-init-task-credential.patch	                        (rev 0)
+++ pve-kernel-2.6.32/trunk/use-init-task-credential.patch	2010-10-15 07:31:50 UTC (rev 5272)
@@ -0,0 +1,113 @@
+C/R: Use init_task credentials for file restoring procedure
+
+We need highest credentials for file restoring procedure otherwise
+we might hit the situation where credentials for restoring thread
+is not high enough (happens with programs changing their uids).
+
+[ bug: http://bugzilla.openvz.org/show_bug.cgi?id=1603 ]
+
+Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+---
+ kernel/cpt/rst_files.c |   42 +++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 37 insertions(+), 5 deletions(-)
+
+Index: linux-2.6-openvz/kernel/cpt/rst_files.c
+=====================================================================
+--- linux-2.6-openvz.orig/kernel/cpt/rst_files.c
++++ linux-2.6-openvz/kernel/cpt/rst_files.c
+@@ -616,12 +616,11 @@ out:
+ 	return err;
+ }
+ 
+-static int fixup_file_flags(struct file *file, struct cpt_file_image *fi,
++static int fixup_file_flags(struct file *file, const struct cred *cred,
++			    struct cpt_file_image *fi,
+ 			    int was_dentry_open, loff_t pos,
+ 			    cpt_context_t *ctx)
+ {
+-	const struct cred *cred = current_cred() /* should be valid already */;
+-
+ 	if (fi->cpt_pos != file->f_pos) {
+ 		int err = -ESPIPE;
+ 		if (file->f_op->llseek)
+@@ -824,6 +823,34 @@ static struct file *open_signalfd(struct
+ }
+ #endif
+ 
++/*
++ * It may happen that a process which created a file
++ * had changed its UID after that (keeping file opened/referenced
++ * with write permissions for 'own' only) as a result we might
++ * be unable to read it at restore time due to credentials
++ * mismatch, to break this tie we temporary take 'init_task' credentials
++ * and as only the file gets read into the memory we restore original
++ * credentials back
++ *
++ * Same time if between credentials rise/restore you need
++ * the former credentials (for fixups or whatever) --
++ * use rst_cred_origin for that
++ */
++static const struct cred *rst_cred_origin;
++
++void rst_creds_rise_current(void)
++{
++	struct task_struct *tsk = &init_task;
++	BUG_ON(rst_cred_origin);
++	rst_cred_origin = override_creds(tsk->cred);
++}
++
++void rst_creds_restore_current(void)
++{
++	revert_creds(rst_cred_origin);
++	rst_cred_origin = NULL;
++}
++
+ struct file *rst_file(loff_t pos, int fd, struct cpt_context *ctx)
+ {
+ 	int err;
+@@ -836,6 +863,8 @@ struct file *rst_file(loff_t pos, int fd
+ 	struct proc_dir_entry *proc_dead_file;
+ 	int flags;
+ 
++	rst_creds_rise_current();
++
+ 	obj = lookup_cpt_obj_bypos(CPT_OBJ_FILE, pos, ctx);
+ 	if (obj) {
+ 		file = obj->o_obj;
+@@ -844,9 +873,10 @@ struct file *rst_file(loff_t pos, int fd
+ 			err = rst_get_object(CPT_OBJ_FILE, pos, &fi, ctx);
+ 			if (err < 0)
+ 				goto err_out;
+-			fixup_file_flags(file, &fi, 0, pos, ctx);
++			fixup_file_flags(file, rst_cred_origin, &fi, 0, pos, ctx);
+ 		}
+ 		get_file(file);
++		rst_creds_restore_current();
+ 		return file;
+ 	}
+ 
+@@ -1006,7 +1036,7 @@ open_file:
+ 	}
+ map_file:
+ 	if (!IS_ERR(file)) {
+-		fixup_file_flags(file, &fi, was_dentry_open, pos, ctx);
++		fixup_file_flags(file, rst_cred_origin, &fi, was_dentry_open, pos, ctx);
+ 
+ 		if (S_ISFIFO(fi.cpt_i_mode) && !was_dentry_open) {
+ 			err = fixup_pipe_data(file, &fi, ctx);
+@@ -1059,6 +1089,7 @@ map_file:
+ out:
+ 	if (name)
+ 		rst_put_name(name, ctx);
++	rst_creds_restore_current();
+ 	return file;
+ 
+ err_put:
+@@ -1067,6 +1098,7 @@ err_put:
+ err_out:
+ 	if (name)
+ 		rst_put_name(name, ctx);
++	rst_creds_restore_current();
+ 	return ERR_PTR(err);
+ }
+

More information about the pve-devel mailing list