1. 22 Oct, 2003 10 commits
    • Andrew Morton's avatar
      [PATCH] tmpfs 4/7 getpage/truncate race fix · 686e9e72
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      Extend use of that SHMEM_PAGEIN flag to where shmem_getpage adds a page
      to the cache.  It couldn't have caused a BUG_ON(inode->i_blocks), but if
      i_size is reduced (from another cpu) the instant after shmem_swp_alloc
      checks it, shmem_getpage could insert a page into the cache just after
      truncate_inode_pages has passed through cleaning it, leaving stale data
      (which may mysteriously reappear if the file is later extended).
      
      Easily fixed for tmpfs, using the mechanism just added for swapoff; and
      probably more important there, since its read from swap can insert non-0
      data.  But is there not a similar issue, a tiny window, in filemap.c?
      if truncate_inode_pages comes in between checking i_size and adding new
      page to cache.  Not worth getting excited, but something to beware of.
      686e9e72
    • Andrew Morton's avatar
      [PATCH] tmpfs 3/7 swapoff/truncate race fix · eaec8c0c
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      On 23 July, Sergey S. Kostyliov <rathamahata@php4.ru> reported a tmpfs
      BUG_ON(inode->i_blocks) during swapoff: my last version of the fix to
      swapoff/truncate race was inadequate, since I_FREEING might get set or
      i_size be reduced (from another cpu) the instant after it's tested here.
      
      So revert to the previous version of the fix, shmem_truncate calling
      truncate_inode_pages again, if pages still left in cache; but avoid the
      recall in usual cases of partial truncation, by having a "pagein" flag
      to indicate when recall might be necessary.  (Since those flags already
      use VM_ACCOUNT and VM_LOCKED, must redefine another VM_flag for this.)
      Sergey and 2.4-aa have run fine with this for a couple of months.
      eaec8c0c
    • Andrew Morton's avatar
      [PATCH] tmpfs 2/7 LTP S_ISGID on directories fix · d19c7b9d
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      LTP tests the filesystem on /tmp: many failures when tmpfs because it missed
      the way directories hand down their gid.  Also fix ramfs and hugetlbfs.
      d19c7b9d
    • Andrew Morton's avatar
      [PATCH] tmpfs 1/7 LTP ENAMETOOLONG fix · 6b006415
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      LTP tests the filesystem on /tmp: there are many failures when using tmpfs
      because simple_lookup forgot to reject filenames longer than the NAME_MAX
      tmpfs declares in its statfs.  This also fixes ramfs and hugetlbfs.
      6b006415
    • Andrew Morton's avatar
      [PATCH] atp870u oops fix · 16715550
      Andrew Morton authored
      This driver is taking uinitialised stack gunk from the pdev[] array and
      feeding it into pci_read_config_byte() and crashing when modprobed with no
      hardware present.
      
      Fix it to not index past the initialised members of pdev[].
      
      We don't know if this driver works.
      16715550
    • Andrew Morton's avatar
      [PATCH] Time precision, adjtime(x) vs. gettimeofday · 6edc4f5f
      Andrew Morton authored
      From: Stephen Hemminger <shemminger@osdl.org>
      
      The following will prevent adjtime from causing time regression.  It delays
      starting the adjtime mechanism for one tick, and keeps gettimeofday inside
      the window.
      
      Only fixes i386, but changes to other arch would be similar.
      
      Running a simple clock test program and playing with adjtime demonstrates
      that this fixes the problem (and 2.6.0-test6 is broken).  But given the
      fragile nature of the timer code, it should go through some more testing
      before inclusion.
      6edc4f5f
    • Andrew Morton's avatar
      [PATCH] Fix unmap_vmas() compile warning · 83c87843
      Andrew Morton authored
      Silence a bogus "may be used uninitialised" warning.  It only affects
      architectures which use the tlb_finish_mmu() args.
      83c87843
    • Andrew Morton's avatar
      [PATCH] ia32 limit_regions update · 99cfd107
      Andrew Morton authored
      Sync this up with 2.4:
      
       ChangeSet@1.404.2.2  2002-05-06 21:30:10-03:00  hch@infradead.org
       [PATCH] memsetup fixes (again)
      
       The mem= fixes from Red Hat's tree had a small bug:
       if mem= was not actually used with the additional features, but
       int plain old way, is used the value as the size of memory it
       wants, not the upper limit.  The problem with this is that there
       is a small difference due to memory holes.
      
       I had one report of a person using mem= to reduce memory size for
       a broken i386 chipset thaty only supports 64MB cached and the rest
       as mtd/slram device for swap.  I got broken as the boundaries changed.
      99cfd107
    • Andrew Morton's avatar
      [PATCH] scsi: handle zero-length requests · defa3962
      Andrew Morton authored
      From: Jens Axboe <axboe@suse.de>
      
      The command 'eject /dev/scd0' sends a START_STOP command to the device with
      the data direction set to SCSI_DATA_WRITE but a transfer length of zero.
      This causes a problem for some code paths.
      defa3962
    • Andrew Morton's avatar
      [PATCH] fix split_vma vs. invalidate_mmap_range_list race · fd031e89
      Andrew Morton authored
      From: "V. Rajesh" <vrajesh@eecs.umich.edu>
      
      If a vma is already present in an i_mmap list of a mapping,
      then it is racy to update the vm_start, vm_end, and vm_pgoff
      members of the vma without holding the mapping's i_shared_sem. 
      This is because the updates can race with invalidate_mmap_range_list.
      
      I audited all the places that assign vm_start, vm_end, and vm_pgoff.
      AFAIK, the following is the list of questionable places:
      
      1) This patch fixes the racy split_vma. Kernel 2.4 does the
         right thing, but the following changesets introduced a race.
      
         http://linux.bkbits.net:8080/linux-2.5/patch@1.536.34.4
         http://linux.bkbits.net:8080/linux-2.5/patch@1.536.34.5
      
         You can use the patch and programs in the following URL to
         trigger the race.
      
        http://www-personal.engin.umich.edu/~vrajesh/linux/truncate-race/
      
      2) This patch also locks a small racy window in vma_merge.
      
      3) In few cases vma_merge and do_mremap expand a vma by adding 
         extra length to vm_end without holding i_shared_sem. I think
         that's fine.
      
      4) In arch/sparc64, vm_end is updated without holding i_shared_sem.
         Check make_hugetlb_page_present.  I hope that is fine, but
         I am not sure.
      fd031e89
  2. 21 Oct, 2003 12 commits
  3. 20 Oct, 2003 15 commits
  4. 19 Oct, 2003 2 commits
  5. 17 Oct, 2003 1 commit