From: Aleksandr Mogylchenko Date: Thu, 20 Aug 2015 16:12:13 +0000 (+0300) Subject: Downgrade kernel version to 2.6.32-504.16.2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=refs%2Fheads%2F7.0;p=packages%2Fcentos6%2Fkernel.git Downgrade kernel version to 2.6.32-504.16.2 Due to bugs in cgroups: https://bugs.launchpad.net/fuel/+bug/1485954 https://github.com/docker/docker/issues/14181 it is possible to cause kernel panic just by restaring docker container. Since it was decided against updating to 2.6.32-573, we need older kernel with Dell R630 & Gen9 support. After a possible update to 6.7 native kernel will orverride this one. Closes-Bug: #1485954 Change-Id: I148d5067fd66dca8e017ce28f6bff3ae186c7982 --- diff --git a/config-generic b/config-generic index af34f3c..905953f 100644 --- a/config-generic +++ b/config-generic @@ -51,7 +51,6 @@ CONFIG_PID_NS=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y CONFIG_NET_NS=y -CONFIG_NET_IPGRE_DEMUX=m CONFIG_POSIX_MQUEUE=y # CONFIG_PREEMPT_NONE is not set diff --git a/config-generic-rhel b/config-generic-rhel index 235ccc4..8ab24bc 100644 --- a/config-generic-rhel +++ b/config-generic-rhel @@ -106,7 +106,7 @@ CONFIG_IPC_NS=y CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y -CONFIG_NET_IPGRE_DEMUX=m +CONFIG_NET_IPGRE_DEMUX=y CONFIG_IP_MROUTE_MULTIPLE_TABLES=y CONFIG_BRIDGE_IGMP_SNOOPING=y CONFIG_NETFILTER_XT_TARGET_AUDIT=m diff --git a/fix-do_tcp_sendpages.patch b/fix-do_tcp_sendpages.patch deleted file mode 100644 index 1203b4d..0000000 --- a/fix-do_tcp_sendpages.patch +++ /dev/null @@ -1,47 +0,0 @@ ---- a/net/ipv4/tcp.c 2014-10-31 14:27:58.000000000 +0200 -+++ b/net/ipv4/tcp.c 2015-05-19 15:34:22.078802741 +0300 -@@ -763,8 +763,8 @@ static int tcp_send_mss(struct sock *sk, - return mss_now; - } - --static ssize_t do_tcp_sendpages(struct sock *sk, struct page **pages, int poffset, -- size_t psize, int flags) -+static ssize_t do_tcp_sendpages(struct sock *sk, struct page *page, int offset, -+ size_t size, int flags) - { - struct tcp_sock *tp = tcp_sk(sk); - int mss_now, size_goal; -@@ -786,12 +786,9 @@ static ssize_t do_tcp_sendpages(struct s - if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) - goto out_err; - -- while (psize > 0) { -+ while (size > 0) { - struct sk_buff *skb = tcp_write_queue_tail(sk); -- struct page *page = pages[poffset / PAGE_SIZE]; - int copy, i, can_coalesce; -- int offset = poffset % PAGE_SIZE; -- int size = min_t(size_t, psize, PAGE_SIZE - offset); - - if (!tcp_send_head(sk) || (copy = size_goal - skb->len) <= 0) { - new_segment: -@@ -840,8 +837,8 @@ new_segment: - TCP_SKB_CB(skb)->flags &= ~TCPCB_FLAG_PSH; - - copied += copy; -- poffset += copy; -- if (!(psize -= copy)) -+ offset += copy; -+ if (!(size -= copy)) - goto out; - - if (skb->len < size_goal || (flags & MSG_OOB)) -@@ -890,7 +887,7 @@ ssize_t tcp_sendpage(struct socket *sock - - lock_sock(sk); - TCP_CHECK_TIMER(sk); -- res = do_tcp_sendpages(sk, &page, offset, size, flags); -+ res = do_tcp_sendpages(sk, page, offset, size, flags); - TCP_CHECK_TIMER(sk); - release_sock(sk); - return res; diff --git a/kernel.spec b/kernel.spec index 85cbf75..86331ed 100644 --- a/kernel.spec +++ b/kernel.spec @@ -15,9 +15,9 @@ Summary: The Linux kernel # that the kernel isn't the stock distribution kernel, for example, # by setting the define to ".local" or ".bz123456" # -%define buildid .mos64 +# % define buildid .local -%define distro_build 504.1.3 +%define distro_build 504.16.2 %define signmodules 1 # if patch fuzzy patch applying will be forbidden @@ -154,7 +154,7 @@ Summary: The Linux kernel %endif # The kernel tarball/base version -%define kversion 2.6.32-504.1.3.el6 +%define kversion 2.6.32-504.16.2.el6 %define make_target bzImage @@ -279,8 +279,6 @@ Summary: The Linux kernel %define all_arch_configs kernel-%{version}-i?86*.config %define image_install_path boot %define kernel_image arch/x86/boot/bzImage -%define with_perf 1 -%define with_firmware 1 %endif %ifarch x86_64 @@ -288,8 +286,6 @@ Summary: The Linux kernel %define all_arch_configs kernel-%{version}-x86_64*.config %define image_install_path boot %define kernel_image arch/x86/boot/bzImage -%define with_perf 1 -%define with_firmware 1 %endif %ifarch ppc64 @@ -501,7 +497,7 @@ BuildRequires: module-init-tools, patch >= 2.5.4, bash >= 2.03, sh-utils, tar BuildRequires: bzip2, findutils, gzip, m4, perl, make >= 3.78, diffutils, gawk BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config BuildRequires: net-tools, patchutils, rpm-build >= 4.8.0-7 -BuildRequires: xmlto, asciidoc, kernel-headers +BuildRequires: xmlto, asciidoc %if %{with_sparse} BuildRequires: sparse >= 0.4.1 %endif @@ -544,7 +540,7 @@ BuildConflicts: rhbuildsys(DiskFree) < 7Gb %define strip_cmd strip %endif -Source0: linux-2.6.32-504.1.3.el6.tar.bz2 +Source0: linux-2.6.32-504.16.2.el6.tar.bz2 Source1: Makefile.common @@ -614,8 +610,6 @@ Source84: config-s390x-generic-rhel Source85: config-powerpc64-debug-rhel Source86: config-s390x-debug-rhel -# Fix LP#1456605 -Patch1: fix-do_tcp_sendpages.patch # empty final patch file to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch @@ -739,7 +733,7 @@ AutoReqProv: no Obsoletes: kabi-whitelists Provides: kabi-whitelists %description -n kernel-abi-whitelists -The kABI package contains information pertaining to the CentOS +The kABI package contains information pertaining to the CentOS Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. @@ -938,7 +932,6 @@ cp %{SOURCE15} %{SOURCE1} %{SOURCE16} %{SOURCE17} %{SOURCE18} . # Dynamically generate kernel .config files from config-* files make -f %{SOURCE20} VERSION=%{version} configs -ApplyPatch fix-do_tcp_sendpages.patch ApplyOptionalPatch linux-kernel-test.patch # Any further pre-build tree manipulations happen here. @@ -1322,9 +1315,6 @@ mkdir -p $RPM_BUILD_ROOT/boot cd linux-%{KVERREL} -#HACK for obs to access rights for find-provides script -chmod +x %_sourcedir/find-provides - %if %{with_up} BuildKernel %make_target %kernel_image %endif @@ -1742,13 +1732,201 @@ fi %endif %changelog -* Tue Nov 11 2014 Johnny Hughes [2.6.32-504.1.3.el6] +* Tue Apr 21 2015 Johnny Hughes [2.6.32-504.16.2.el6] - Roll in CentOS Branding -* Fri Oct 31 2014 Radomir Vrbovsky [2.6.32-504.1.3.el6] +* Tue Mar 10 2015 Frantisek Hrbata [2.6.32-504.16.2.el6] +- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159} + +* Mon Mar 09 2015 Frantisek Hrbata [2.6.32-504.16.1.el6] +- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559] +- [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529} +- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421} +- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559] +- [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334] +- [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013] +- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395] +- [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395] +- [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314] +- [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115] +- [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690} +- [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584} +- [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763] +- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884} +- [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825} +- [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831] +- [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831] +- [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: make delayed tasks not hold up everything (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: Add a helper to restart the multicast task (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) [1187664 1187666 1184072 1159925] +- [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) [1187664 1187666 1184072 1159925] +- [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) [1192055 1116398] +- [s390] kernel: fix cpu target address of directed yield (Hendrik Brueckner) [1188339 1180061] +- [mm] memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [fs] buffer: move allocation failure loop into the allocator (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [mm] memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [mm] memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [mm] memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [mm] memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [x86] mm: finish user fault error path with fatal signal (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [mm] pass userspace fault flag to generic fault handler (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [powerpc] mm: invoke oom-killer from remaining unconverted page fault handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} +- [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215} +- [security] Add PR__NO_NEW_PRIVS to prevent execve from granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215} + +* Wed Mar 04 2015 Radomir Vrbovsky [2.6.32-504.15.1.el6] +- [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1196312 1156061] +- [pci] Make FLR and AF FLR reset warning messages different (Myron Stowe) [1192365 1184540] +- [pci] Fix unaligned access in AF transaction pending test (Myron Stowe) [1192365 1184540] +- [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540] +- [pci] Wrong register used to check pending traffic (Myron Stowe) [1192365 1184540] +- [pci] Add pci_wait_for_pending() -- refactor pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540] +- [pci] Use pci_wait_for_pending_transaction() instead of for loop (Myron Stowe) [1192365 1184540] +- [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540] +- [pci] Wait for pending transactions to complete before 82599 FLR (Myron Stowe) [1192365 1184540] +- [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) [1196532 1174168] + +* Wed Feb 18 2015 Radomir Vrbovsky [2.6.32-504.14.1.el6] +- [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1191916 1172137] +- [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream (Jerry Snitselaar) [1192105 1167059] +- [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) [1192105 1167059] +- [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) [1192105 1167059] +- [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1192107 1167405] +- [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1192107 1167405] + +* Sun Feb 08 2015 Radomir Vrbovsky [2.6.32-504.13.1.el6] +- [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505] +- [scsi] Revert "fix our current target reap infrastructure" (David Milburn) [1188941 1168072] +- [scsi] Revert "dual scan thread bug fix" (David Milburn) [1188941 1168072] +- [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) [1188838 1156289] +- [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) [1188838 1156289] +- [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander Duyck) [1188838 1156289] +- [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) [1188838 1156289] +- [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289] +- [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289] +- [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) [1188838 1156289] + +* Fri Jan 30 2015 Radomir Vrbovsky [2.6.32-504.12.1.el6] +- [fs] splice: perform generic write checks (Eric Sandeen) [1163798 1155900] {CVE-2014-7822} + +* Tue Jan 27 2015 Radomir Vrbovsky [2.6.32-504.11.1.el6] +- [virt] kvm: excessive pages un-pinning in kvm_iommu_map error path (Jacob Tanenbaum) [1156520 1156521] {CVE-2014-8369} +- [x86] crypto: Add support for 192 & 256 bit keys to AESNI RFC4106 (Jarod Wilson) [1184332 1176211] +- [block] nvme: Clear QUEUE_FLAG_STACKABLE (David Milburn) [1180555 1155715] +- [net] netfilter: conntrack: disable generic tracking for known protocols (Daniel Borkmann) [1182071 1114697] {CVE-2014-8160} +- [xen] pvhvm: Fix vcpu hotplugging hanging (Vitaly Kuznetsov) [1179343 1164278] +- [xen] pvhvm: Don't point per_cpu(xen_vpcu, 33 and larger) to shared_info (Vitaly Kuznetsov) [1179343 1164278] +- [xen] enable PVHVM VCPU placement when using more than 32 CPUs (Vitaly Kuznetsov) [1179343 1164278] +- [xen] support large numbers of CPUs with vcpu info placement (Vitaly Kuznetsov) [1179343 1164278] + +* Thu Jan 22 2015 Radomir Vrbovsky [2.6.32-504.10.1.el6] +- [netdrv] tg3: Change nvram command timeout value to 50ms (Ivan Vecera) [1182903 1176230] + +* Thu Jan 08 2015 Radomir Vrbovsky [2.6.32-504.9.1.el6] +- [net] ipv6: increase ip6_rt_max_size to 16384 (Hannes Frederic Sowa) [1177581 1112946] +- [net] ipv6: don't set DST_NOCOUNT for remotely added routes (Hannes Frederic Sowa) [1177581 1112946] +- [net] ipv6: don't count addrconf generated routes against gc limit (Hannes Frederic Sowa) [1177581 1112946] +- [net] ipv6: Don't put artificial limit on routing table size (Hannes Frederic Sowa) [1177581 1112946] +- [scsi] bnx2fc: fix tgt spinlock locking (Maurizio Lombardi) [1179098 1079656] + +* Fri Dec 19 2014 Radomir Vrbovsky [2.6.32-504.8.1.el6] +- [crypto] crc32c: Kill pointless CRYPTO_CRC32C_X86_64 option (Jarod Wilson) [1175509 1036212] +- [crypto] testmgr: add larger crc32c test vector to test FPU path in crc32c_intel (Jarod Wilson) [1175509 1036212] +- [crypto] tcrypt: Added speed test in tcrypt for crc32c (Jarod Wilson) [1175509 1036212] +- [crypto] crc32c: Optimize CRC32C calculation with PCLMULQDQ instruction (Jarod Wilson) [1175509 1036212] +- [crypto] crc32c: Rename crc32c-intel.c to crc32c-intel_glue.c (Jarod Wilson) [1175509 1036212] + +* Mon Dec 15 2014 Radomir Vrbovsky [2.6.32-504.7.1.el6] +- [kernel] ipc/sem: Fully initialize sem_array before making it visible (Rik van Riel) [1172029 1165277] +- [kernel] ipc/sem: synchronize semop and semctl with IPC_RMID (Rik van Riel) [1172029 1165277] +- [kernel] ipc/sem: update sem_otime for all operations (Larry Woodman) [1172025 1168588] +- [fs] fuse: prevent null nd panic on dentry revalidate (Brian Foster) [1172022 1162782] +- [net] netfilter: ipset: timeout values corrupted on set resize (Marcelo Leitner) [1172764 1152754] +- [net] netfilter: fix xt_TCPOPTSTRIP in forwarding path (Marcelo Leitner) [1172027 1135650] +- [usb] ehci: Fix panic on hotplug race condition (Don Zickus) [1172024 1107010] +- [usb] usb_wwan: replace release and disconnect with a port_remove hook (Stanislaw Gruszka) [1172030 1148615] +- [x86] traps: stop using IST for #SS (Petr Matousek) [1172810 1172811] {CVE-2014-9322} + +* Tue Dec 09 2014 Radomir Vrbovsky [2.6.32-504.6.1.el6] +- [fs] ext4: don't count external journal blocks as overhead (Eric Sandeen) [1168504 1163811] +- [net] sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [1163090 1153980] {CVE-2014-7841} +- [netdrv] e100: fix typo in MDI/MDI-X eeprom check in e100_phy_init (John Greene) [1165985 1156417] +- [powerpc] Add smp_mb()s to arch_spin_unlock_wait() (Gustavo Duarte) [1165986 1136224] +- [powerpc] Add smp_mb() to arch_spin_is_locked() (Gustavo Duarte) [1165986 1136224] +- [kernel] cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags (Aaron Tomlin) [1165002 1045310] +- [documentation] cpuset: Update the cpuset flag file (Aaron Tomlin) [1165002 1045310] +- [alsa] control: Make sure that id->index does not overflow (Jacob Tanenbaum) [1149140 1117312] {CVE-2014-4656} +- [alsa] control: Handle numid overflow (Jacob Tanenbaum) [1149140 1117312] {CVE-2014-4656} +- [s390] mm: fix SIGBUS handling (Hendrik Brueckner) [1169433 1145070] +- [fs] gfs2: fix bad inode i_goal values during block allocation (Abhijith Das) [1165001 1130684] +- [md] dm-thin: fix pool_io_hints to avoid looking at max_hw_sectors (Mike Snitzer) [1161420 1161421 1142773 1145230] + +* Tue Dec 02 2014 Radomir Vrbovsky [2.6.32-504.5.1.el6] +- [fs] nfsd: don't halt scanning the DRC LRU list when there's an RC_INPROG entry (J. Bruce Fields) [1168129 1150675] + +* Tue Nov 18 2014 Radomir Vrbovsky [2.6.32-504.4.1.el6] +- [fs] nfs: Make sure pre_change_attr is initialized correctly (Scott Mayhew) [1163214 1160042] +- [usb] ehci: Fix a regression in the ISO scheduler (Gustavo Duarte) [1162072 1145805] + +* Thu Nov 13 2014 Radomir Vrbovsky [2.6.32-504.3.1.el6] +- [s390] zcrypt: toleration of new crypto adapter hardware (Hendrik Brueckner) [1158311 1134984] +- [s390] zcrypt: support for extended number of ap domains (Hendrik Brueckner) [1158311 1134984] +- [md] dm-thin: fix potential for infinite loop in pool_io_hints (Mike Snitzer) [1161420 1161421 1142773 1145230] + +* Sun Nov 09 2014 Radomir Vrbovsky [2.6.32-504.2.1.el6] +- [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142319 1142320] {CVE-2014-6410} +- [fs] isofs: unbound recursion when processing relocated directories (Jacob Tanenbaum) [1142268 1142269] {CVE-2014-5472 CVE-2014-5471} +- [net] ipv6: delete expired route in ip6_pmtu_deliver (Hannes Frederic Sowa) [1161418 1156137] +- [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155746 1154676] {CVE-2014-3688} +- [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155733 1154676] {CVE-2014-3687} +- [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147857 1154676] {CVE-2014-3673} +- [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147857 1154676] +- [md] dm-thin: refactor requeue_io to eliminate spinlock bouncing (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: optimize retry_bios_on_resume (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: sort the deferred cells (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: direct dispatch when breaking sharing (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: remap the bios in a cell immediately (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: defer whole cells rather than individual bios (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: factor out remap_and_issue_overwrite (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: performance improvement to discard processing (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: grab a virtual cell before looking up the mapping (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: implement thin_merge (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm: improve documentation and code clarity in dm_merge_bvec (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: adjust max_sectors_kb based on thinp blocksize (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] block: fix alignment_offset math that assumes io_min is a power-of-2 (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: throttle incoming IO (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: prefetch missing metadata pages (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-transaction-manager: add support for prefetching blocks of metadata (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin-metadata: change dm_thin_find_block to allow blocking, but not issuing, IO (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-bio-prison: switch to using a red black tree (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-bufio: evict buffers that are past the max age but retain some buffers (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-bufio: switch from a huge hash table to an rbtree (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-bufio: update last_accessed when relinking a buffer (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-bufio: use kzalloc when allocating dm_bufio_client (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin-metadata: do not allow the data block size to change (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: cleanup noflush_work to use a proper completion (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [md] dm-thin: fix DMERR typo in pool_status error path (Mike Snitzer) [1161420 1161421 1142773 1145230] +- [fs] xfs: xlog_cil_force_lsn doesn't always wait correctly (Eric Sandeen) [1158325 1133304] +- [netdrv] ixgbe: allow TXDCTL.WRTHRESH to be 1 will small ITR values (John Greene) [1158326 1132267] +- [netdrv] ixgbe: Intel Change to allow itr changes without CONFIG_BQL support (John Greene) [1158326 1132267] +- [video] offb: Fix setting of the pseudo-palette for >8bpp (Gerd Hoffmann) [1158328 1142450] +- [video] offb: Add palette hack for qemu "standard vga" framebuffer (Gerd Hoffmann) [1158328 1142450] +- [video] offb: Fix bug in calculating requested vram size (Gerd Hoffmann) [1158328 1142450] +- [net] sock_queue_err_skb() dont mess with sk_forward_alloc (Jiri Benc) [1155427 1148257] +- [net] guard tcp_set_keepalive() to tcp sockets (Florian Westphal) [1141744 1141746] {CVE-2012-6657} - Revert: [net] revert "bridge: Set vlan_features to allow offloads on vlans" (Vlad Yasevich) [1144442 1121991] - -* Wed Oct 15 2014 Radomir Vrbovsky [2.6.32-504.1.2.el6] - [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611} - [x86] kvm: vmx: handle invept and invvpid vm exits gracefull (mguzik) [1144826 1144837 1144827 1144838] {CVE-2014-3646 CVE-2014-3645} diff --git a/linux-2.6.32-504.1.3.el6.tar.bz2 b/linux-2.6.32-504.16.2.el6.tar.bz2 similarity index 85% rename from linux-2.6.32-504.1.3.el6.tar.bz2 rename to linux-2.6.32-504.16.2.el6.tar.bz2 index 60a1246..204ed8d 100644 Binary files a/linux-2.6.32-504.1.3.el6.tar.bz2 and b/linux-2.6.32-504.16.2.el6.tar.bz2 differ