1. 22 Oct, 2003 22 commits
    • Andrew Morton's avatar
      [PATCH] Fix JBD memory leak · 7ae0eef7
      Andrew Morton authored
      Plug the two-megabyte-per-day memory leak.
      7ae0eef7
    • Andrew Morton's avatar
      [PATCH] JBD kfree() fix · 9aa379e8
      Andrew Morton authored
      I happened to spot this kfree(of complete garbage) - it is on an
      oh-we-raced-retry path which is obviously exceedingly rare,
      9aa379e8
    • Andrew Morton's avatar
      [PATCH] fs/binfmt_elf.c:load_elf_binary() doesn't verify interpreter arch · 217363db
      Andrew Morton authored
      From: Peter Bergner <bergner@vnet.ibm.com>
      
      In fs/binfmt_elf.c:load_elf_binary() (both 2.6 and 2.4), there is some
      minimal checking whether the interpreter it's about to load/run is a valid
      ELF file, but it fails to check whether the interpreter is of the correct
      arch.  We ran into this when a borked powerpc64-linux toolchain set the
      interpreter on our 64-bit app to our 32-bit ld.so.  Executing the app
      caused the kernel to really chew up memory.  I'm assuming x86_64 and
      sparc64 might possibly see the same behavior.
      
      Note I'm not sure of the history behind INTERPRETER_AOUT, so I added the
      test for INTERPRETER_ELF so as not to change it's behavior in case someone
      still relies on it.
      
      As an aside, it seems the elf_check_arch() macros should really be checking
      for more than a valid e_machine value.  I'd think checking one or more of
      the e_ident[EI_CLASS], e_ident[EI_DATA] and e_ident[EI_OSABI] values would
      be required as well, no?
      217363db
    • Andrew Morton's avatar
      [PATCH] Fix mtd printk warnings · 2470c739
      Andrew Morton authored
      From: Jesper Juhl <juhl-lkml@dif.dk>
      2470c739
    • Andrew Morton's avatar
      [PATCH] fix microcode.c for older gcc's · 5731d0da
      Andrew Morton authored
      Fix a C99ism.
      5731d0da
    • Andrew Morton's avatar
      [PATCH] digi_acceleport.c has bogus "address of" operator · e4b0c50a
      Andrew Morton authored
      From: "Kurtis D. Rader" <kdrader@us.ibm.com>
      
      http://bugme.osdl.org/show_bug.cgi?id=1365
      
      The digi_acceleport.c USB serial driver has a bogus "address of" operator
      that results in BUGs.
      
      The problem is that digi_wakeup_write_lock() takes a pointer to a struct
      usb_serial_port.  However, what gets passed is a pointer to a pointer to a
      struct usb_serial_port.
      e4b0c50a
    • Andrew Morton's avatar
      [PATCH] Kill early might_sleep warnings · 49c69171
      Andrew Morton authored
      OK, I give up.  Kill all the might_sleep warnings from the early boot
      process.
      49c69171
    • Andrew Morton's avatar
      [PATCH] export system_running to other files · cb37891b
      Andrew Morton authored
      There seems to be no header file which declares system_running.
      cb37891b
    • Andrew Morton's avatar
      [PATCH] Quota deadlock fix · d012fa6e
      Andrew Morton authored
      From: Jan Kara <jack@ucw.cz>
      
      attached patch should fix a quota locking problem causing deadlock (when
      inode was being released from icache and it caused newly created quota
      structure to be written).
      d012fa6e
    • Andrew Morton's avatar
      [PATCH] tmpfs 7/7 write mark_page_accessed · dd394c2e
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      mm/filemap.c's generic_file_aio_write_nolock changed SetPageReferenced
      to mark_page_accessed in -test3: now follow that in shmem_file_write.
      dd394c2e
    • Andrew Morton's avatar
      [PATCH] tmpfs 6/7 write i_size_write · 1c779419
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      mm/shmem.c was converted to i_size_read in -test1, and the remaining
      references to a file's naked i_size are safely protected by i_sem;
      but surely shmem_file_write must use i_size_write to update i_size.
      1c779419
    • Andrew Morton's avatar
      [PATCH] tmpfs 5/7 writepage/truncate race fix · 6673fd3d
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      If it's possible for a tmpfs page beyond i_size to remain in cache until
      shmem_truncate repeats truncate_inode_pages, then shmem_writepage's
      BUG_ON(index >= info->next_index) cannot be completely safe.  But it's a
      useful check in a fragile area, so retain it when not in shmem_truncate.
      6673fd3d
    • Andrew Morton's avatar
      [PATCH] tmpfs 4/7 getpage/truncate race fix · 686e9e72
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      Extend use of that SHMEM_PAGEIN flag to where shmem_getpage adds a page
      to the cache.  It couldn't have caused a BUG_ON(inode->i_blocks), but if
      i_size is reduced (from another cpu) the instant after shmem_swp_alloc
      checks it, shmem_getpage could insert a page into the cache just after
      truncate_inode_pages has passed through cleaning it, leaving stale data
      (which may mysteriously reappear if the file is later extended).
      
      Easily fixed for tmpfs, using the mechanism just added for swapoff; and
      probably more important there, since its read from swap can insert non-0
      data.  But is there not a similar issue, a tiny window, in filemap.c?
      if truncate_inode_pages comes in between checking i_size and adding new
      page to cache.  Not worth getting excited, but something to beware of.
      686e9e72
    • Andrew Morton's avatar
      [PATCH] tmpfs 3/7 swapoff/truncate race fix · eaec8c0c
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      On 23 July, Sergey S. Kostyliov <rathamahata@php4.ru> reported a tmpfs
      BUG_ON(inode->i_blocks) during swapoff: my last version of the fix to
      swapoff/truncate race was inadequate, since I_FREEING might get set or
      i_size be reduced (from another cpu) the instant after it's tested here.
      
      So revert to the previous version of the fix, shmem_truncate calling
      truncate_inode_pages again, if pages still left in cache; but avoid the
      recall in usual cases of partial truncation, by having a "pagein" flag
      to indicate when recall might be necessary.  (Since those flags already
      use VM_ACCOUNT and VM_LOCKED, must redefine another VM_flag for this.)
      Sergey and 2.4-aa have run fine with this for a couple of months.
      eaec8c0c
    • Andrew Morton's avatar
      [PATCH] tmpfs 2/7 LTP S_ISGID on directories fix · d19c7b9d
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      LTP tests the filesystem on /tmp: many failures when tmpfs because it missed
      the way directories hand down their gid.  Also fix ramfs and hugetlbfs.
      d19c7b9d
    • Andrew Morton's avatar
      [PATCH] tmpfs 1/7 LTP ENAMETOOLONG fix · 6b006415
      Andrew Morton authored
      From: Hugh Dickins <hugh@veritas.com>
      
      LTP tests the filesystem on /tmp: there are many failures when using tmpfs
      because simple_lookup forgot to reject filenames longer than the NAME_MAX
      tmpfs declares in its statfs.  This also fixes ramfs and hugetlbfs.
      6b006415
    • Andrew Morton's avatar
      [PATCH] atp870u oops fix · 16715550
      Andrew Morton authored
      This driver is taking uinitialised stack gunk from the pdev[] array and
      feeding it into pci_read_config_byte() and crashing when modprobed with no
      hardware present.
      
      Fix it to not index past the initialised members of pdev[].
      
      We don't know if this driver works.
      16715550
    • Andrew Morton's avatar
      [PATCH] Time precision, adjtime(x) vs. gettimeofday · 6edc4f5f
      Andrew Morton authored
      From: Stephen Hemminger <shemminger@osdl.org>
      
      The following will prevent adjtime from causing time regression.  It delays
      starting the adjtime mechanism for one tick, and keeps gettimeofday inside
      the window.
      
      Only fixes i386, but changes to other arch would be similar.
      
      Running a simple clock test program and playing with adjtime demonstrates
      that this fixes the problem (and 2.6.0-test6 is broken).  But given the
      fragile nature of the timer code, it should go through some more testing
      before inclusion.
      6edc4f5f
    • Andrew Morton's avatar
      [PATCH] Fix unmap_vmas() compile warning · 83c87843
      Andrew Morton authored
      Silence a bogus "may be used uninitialised" warning.  It only affects
      architectures which use the tlb_finish_mmu() args.
      83c87843
    • Andrew Morton's avatar
      [PATCH] ia32 limit_regions update · 99cfd107
      Andrew Morton authored
      Sync this up with 2.4:
      
       ChangeSet@1.404.2.2  2002-05-06 21:30:10-03:00  hch@infradead.org
       [PATCH] memsetup fixes (again)
      
       The mem= fixes from Red Hat's tree had a small bug:
       if mem= was not actually used with the additional features, but
       int plain old way, is used the value as the size of memory it
       wants, not the upper limit.  The problem with this is that there
       is a small difference due to memory holes.
      
       I had one report of a person using mem= to reduce memory size for
       a broken i386 chipset thaty only supports 64MB cached and the rest
       as mtd/slram device for swap.  I got broken as the boundaries changed.
      99cfd107
    • Andrew Morton's avatar
      [PATCH] scsi: handle zero-length requests · defa3962
      Andrew Morton authored
      From: Jens Axboe <axboe@suse.de>
      
      The command 'eject /dev/scd0' sends a START_STOP command to the device with
      the data direction set to SCSI_DATA_WRITE but a transfer length of zero.
      This causes a problem for some code paths.
      defa3962
    • Andrew Morton's avatar
      [PATCH] fix split_vma vs. invalidate_mmap_range_list race · fd031e89
      Andrew Morton authored
      From: "V. Rajesh" <vrajesh@eecs.umich.edu>
      
      If a vma is already present in an i_mmap list of a mapping,
      then it is racy to update the vm_start, vm_end, and vm_pgoff
      members of the vma without holding the mapping's i_shared_sem. 
      This is because the updates can race with invalidate_mmap_range_list.
      
      I audited all the places that assign vm_start, vm_end, and vm_pgoff.
      AFAIK, the following is the list of questionable places:
      
      1) This patch fixes the racy split_vma. Kernel 2.4 does the
         right thing, but the following changesets introduced a race.
      
         http://linux.bkbits.net:8080/linux-2.5/patch@1.536.34.4
         http://linux.bkbits.net:8080/linux-2.5/patch@1.536.34.5
      
         You can use the patch and programs in the following URL to
         trigger the race.
      
        http://www-personal.engin.umich.edu/~vrajesh/linux/truncate-race/
      
      2) This patch also locks a small racy window in vma_merge.
      
      3) In few cases vma_merge and do_mremap expand a vma by adding 
         extra length to vm_end without holding i_shared_sem. I think
         that's fine.
      
      4) In arch/sparc64, vm_end is updated without holding i_shared_sem.
         Check make_hugetlb_page_present.  I hope that is fine, but
         I am not sure.
      fd031e89
  2. 21 Oct, 2003 12 commits
  3. 20 Oct, 2003 6 commits