1. 12 May, 2003 40 commits
    • Andrew Morton's avatar
      [PATCH] vmalloc race fix · 9bc3b5f1
      Andrew Morton authored
      From: William Lee Irwin III <wli@holomorphy.com>
      
      The new vmalloc() semantics from 2.5.32 had a race window.  As things stand,
      the presence of a vm_area in the vmlist protects from allocators other than
      the owner examining the ptes in that area.  This puts an ordering constraint
      on unmapping, so that allocators are required to unmap areas before removing
      them from the list or otherwise dropping the lock.
      
      Currently, unmap_vm_area() is done outside the lock and after the area is
      removed, which as we've seen from Felix von Leitner's test is oopsable.
      
      The following patch folds calls to unmap_vm_area() into remove_vm_area() to
      reinstate what are essentially the 2.4.x semantics of vfree().  This renders
      a number of unmap_vm_area() calls unnecessary (and in fact oopsable since
      they wipe ptes from later allocations).  It's an open question as to whether
      this is sufficiently performant, but it is the minimally invasive approach.
      The more performant alternative is to provide the right API hooks to wipe the
      vmalloc() area clean before removing them from the list, using the ownership
      of the area to eliminate holding the vmlist_lock for the duration of the
      unmapping.  If it proves to be necessary wli is on standby to implement it.
      9bc3b5f1
    • Andrew Morton's avatar
      [PATCH] de_thread memory corruption fix · 172edfcb
      Andrew Morton authored
      From: Manfred Spraul <manfred@colorfullife.com>
      
      de_thread calls list_del(&current->tasks), but current->tasks was never
      added to the task list. The structure contains stale values from the parent.
      
      switch_exec_pid() transforms a normal thread to a thread group leader.
      Thread group leaders are included in the init_task.tasks linked list,
      non-leaders are not in that list.  The patch adds the new thread group
      leader to the linked list, otherwise de_thread corrupts the task list.
      172edfcb
    • Andrew Morton's avatar
      [PATCH] copy_process return value fix · 7953a508
      Andrew Morton authored
      Rather than assuming that all the things which copy_process() calls want to
      return -ENOMEM, correctly propagate the return values.
      
      This turns out to be a no-op at present.
      7953a508
    • Andrew Morton's avatar
      [PATCH] provide user feedback for emergency sync and remount · 7a2a7655
      Andrew Morton authored
      People like to see when the emergency sync and emergency remount operations
      have completed.
      7a2a7655
    • Andrew Morton's avatar
      [PATCH] fix for clusterd io_apics · 41541461
      Andrew Morton authored
      From: Keith Mannthey <kmannth@us.ibm.com>
      
      The following is a patch to fix inconsistent use of the function
      set_ioapic_affinity.  In the current kernel it is unclear as to weather the
      value being passed to the function is a cpu mask or valid apic id.  In
      irq_affinity_write_proc the kernel passes on a cpu mask but the kirqd thread
      passes on logical apic ids.  In flat apic mode this is not an issue because a
      cpu mask represents the apic value.  However in clustered apic mode the cpu
      mask is very different from the logical apic id.
      
      This is an attempt to do the right thing for clustered apics.  I clarify that
      the value being passed to set_ioapic_affinity is a cpu mask not a apicid.
      Set_ioapic_affinity will do the conversion to logical apic ids.  Since many
      cpu masks don't map to valid apicids in clustered apic mode TARGET_CPUS is
      used as a default value when such a situation occurs.  I think this is a good
      step in making irq_affinity clustered apic safe.
      41541461
    • Andrew Morton's avatar
      [PATCH] visws: fix penguin with sgi logo · cab0e744
      Andrew Morton authored
      From: Andrey Panin <pazke@donpac.ru>
      
      attached patch fixes penguin with sgi framebuffer logo for
      visws subarch. It was broken in 2.5.68 IIRC.
      cab0e744
    • Andrew Morton's avatar
      [PATCH] semop race fix · 2ba0ef13
      Andrew Morton authored
      From: Mingming Cao <cmm@us.ibm.com>
      
      Basically, freeary() is called with the spinlock for that semaphore set
      hold.  But after the semaphore set is removed from the ID array by
      calling sem_rmid(), there is no lock to protect the waiting queue for
      that semaphore set.  So, if a waiter is woken up by a signal (not by the
      wakeup from freeary()), it will check the q->status and q->prev fields.
      At that moment, freeary() may not have a chance to update those fields
      yet.
      
      static void freeary (int id)
      {
      	.......
              sma = sem_rmid(id);
      
      	......
              /* Wake up all pending processes and let them fail with EIDRM.*/
              for (q = sma->sem_pending; q; q = q->next) {
                      q->status = -EIDRM;
                      q->prev = NULL;
                      wake_up_process(q->sleeper); /* doesn't sleep */
              }
              sem_unlock(sma);
      	......
      }
      
      So I propose move sem_rmid() after the loop of waking up every waiters.
      That could gurantee that when the waiters are woke up, the updates for
      q->status and q->prev have already done.  Similar thing in message queue
      case.  The patch is attached below. Comments are very welcomed.
      
      I have tested this patch on 2.5.68 kernel with LTP tests, seems fine to
      me. Paul, could you test this on DOTS test again? Thanks!
      2ba0ef13
    • Andrew Morton's avatar
      [PATCH] exit_mmap() TASK_SIZE fix · b5c38535
      Andrew Morton authored
      exit_mmap() currently assumes that the exitting task used virtual address
      span TASK_SIZE.
      
      But on some platforms, TASK_SIZE is variable, based on current->mm.
      
      But exit_mmap() can be called from (say) procfs's call to mmput.  In which
      case current->mm has nothing to do with the mm which is being put in
      mmput().
      
      So rather than assuming that the mm which is being put is current->mm, we
      need to calculate the virtual span of the mm.  Add a new per-arch macro
      MM_VM_SIZE() for that.
      
      Some platforms can currently go BUG over this (where?).  sparc64 is safe
      because our TASK_SIZE is constant.
      
      Platforms such as ia64 should stick the VM extent inside of mm_struct, I'd
      suggest adding it to mm_context_t.
      
      1) TASK_SIZE means what is valid for mmap()'s in the processes
         address space
      
      2) MM_VM_SIZE means where things might be mapped for a MM, including
         private implementation-specific areas created by the kernel
         which the user cannot access
      b5c38535
    • Andrew Morton's avatar
      [PATCH] Bump module ref during init. · db378f4d
      Andrew Morton authored
      From: Rusty Russell <rusty@rustcorp.com.au>
      
      __module_get is theoretically allowed on module inside init, since we
      already hold an implicit reference.  Currently this BUG()s: make the
      reference count explicit, which also simplifies delete path.  Also cleans
      up unload path, such that it only drops semaphore when it's actually
      sleeping for rmmod --wait.
      db378f4d
    • Andrew Morton's avatar
      [PATCH] dquot_transfer() fix · ed0994da
      Andrew Morton authored
      From: Jan Kara <jack@suse.cz>
      
      I'm sending a fix which fixes potential problems (dropping references which
      were not acquired) when dquot_transfer() fails.
      ed0994da
    • Andrew Morton's avatar
      [PATCH] Quota write transaction size fix · c47b7971
      Andrew Morton authored
      From: Jan Kara <jack@suse.cz>
      
      I'm sending a patch which changes numbers of blocks reserved for quota writes
      to more appropriate values (with current values ext3 asserts can be
      triggered).
      c47b7971
    • Andrew Morton's avatar
      [PATCH] export cpufreq_driver to fix oops in proc interface · 281df9b3
      Andrew Morton authored
      From: Zwane Mwaikambo <zwane@linuxpower.ca>
      
      The proc interface has no way of telling wether there is an active cpufreq
      driver or not. This means that if you don't have a cpufreq supported
      processor, this will oops in various possible places.
      281df9b3
    • Andrew Morton's avatar
      [PATCH] small cleanup for __rmqueue · ec2ecf30
      Andrew Morton authored
      From: Zwane Mwaikambo <zwane@linuxpower.ca>
      
      Removes an extra initialisation and general nitpicking.
      ec2ecf30
    • Andrew Morton's avatar
      [PATCH] Commented out printk causes change in program flow in · 9dd3c71c
      Andrew Morton authored
      From: Zwane Mwaikambo <zwane@linuxpower.ca>
      
      Commented out printk causes change in program flow in cpufreq/p4-clockmod.c
      9dd3c71c
    • Andrew Morton's avatar
      [PATCH] Fix for vma merging refcounting bug · bcf9d3da
      Andrew Morton authored
      From: "Stephen C. Tweedie" <sct@redhat.com>
      
      When a new vma can be merged simultaneously with its two immediate
      neighbours in both directions, vma_merge() extends the predecessor vma and
      deletes the successor.  However, if the vma maps a file, it fails to fput()
      when doing the delete, leaving the file's refcount inconsistent.
      bcf9d3da
    • Andrew Morton's avatar
      [PATCH] fat cluster search speedup · a3db5a33
      Andrew Morton authored
      From: Bjorn Stenberg <bjorn@haxx.se>
            OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
      
      This simple patch makes the linux fat filesystem driver use the
      next_cluster field in the fat_boot_fsinfo structure.  This field is a hint
      where to start looking for free clusters.
      
      Using this field makes a big difference for disks connected over slow links
      such as USB 1.1.  Finding the first free cluster on a 40gig fat-formatted
      usb disk can today take several minutes.  This patch cuts it down to a
      fraction of a second.
      
      Also, commit the next_cluster search hint toand from the superblock in
      write_super/fill_super.
      a3db5a33
    • Andrew Morton's avatar
      [PATCH] fix pnp_test_handler return · 7058e439
      Andrew Morton authored
      It looks like I guessed wrong on this one.
      7058e439
    • Andrew Morton's avatar
      [PATCH] remove devfs_register · fb7f7773
      Andrew Morton authored
      From: Christoph Hellwig <hch@lst.de>
      
      Whee! devfs_register isn't used anymore in the whole tree and with
      it some other devfs crap.  Kill it for good.
      fb7f7773
    • Andrew Morton's avatar
      [PATCH] implement module_arch_cleanup() in all architectures · b7df5197
      Andrew Morton authored
      From: Rusty Russell <rusty@rustcorp.com.au>, David Mosberger
      
      The patch below updates the other platforms with module_arch_cleanup().
      Also, I added more debug output to kernel/module.c since I found it useful
      to be able to see the final section layout.
      b7df5197
    • Andrew Morton's avatar
      [PATCH] hrtimers: fix timer_create(2) && SIGEV_NONE · f2248e8d
      Andrew Morton authored
      From: george anzinger <george@mvista.com>
      
      - Fix the sig_notify filtering code for the timer_create system call to
        properly check for the signal number being small enought, but only if
        SIG_NONE is not specified.
      
      - Eliminate useless test of sig_notify.
      f2248e8d
    • Andrew Morton's avatar
      [PATCH] Remove __verify_write leftovers · a7780700
      Andrew Morton authored
      From: Taral <taral@taral.net>
      
      Looks like the recent access_ok fixes broke building of i386.
      __verify_write is still referenced in a couple places.
      a7780700
    • Andrew Morton's avatar
      [PATCH] enable slab debugging for larger objects · 70a3d06e
      Andrew Morton authored
      Some of the fancier slab debugging options are disabled for caches whose
      objects are larger than PAGE_SIZE/8, for speed/fragmentation reasons.
      
      But this patch turns up bugs in the size-2048 slab, so it was a bad idea.
      Enable the debugging for slabs up to 4096 bytes.
      70a3d06e
    • Linus Torvalds's avatar
      Merge bk://kernel.bkbits.net/davem/net-2.5 · 8cf04c0a
      Linus Torvalds authored
      into home.transmeta.com:/home/torvalds/v2.5/linux
      8cf04c0a
    • Linus Torvalds's avatar
      Fix broken aic7xxx preprocessor conditional (that's not how · 9e589513
      Linus Torvalds authored
      C preprocessor expressions work, guys!)
      9e589513
    • Linus Torvalds's avatar
      Remove extraneous NO_MATCH · 20feeebb
      Linus Torvalds authored
      20feeebb
    • Steven Cole's avatar
      [PATCH] more potentially undefined preprocessor symbols · 9b87a519
      Steven Cole authored
      Here are three more fixes which I missed in the previous patch.
      9b87a519
    • Patrick McHardy's avatar
      [XFRM]: Fix typo in __xfrm4_find_acq. · 35d60f7f
      Patrick McHardy authored
      35d60f7f
    • Arnaldo Carvalho de Melo's avatar
    • Hideaki Yoshifuji's avatar
      [NET]: nonet.c needs module.h · e86747d2
      Hideaki Yoshifuji authored
      e86747d2
    • David S. Miller's avatar
      Merge bk://kernel.bkbits.net/acme/net-2.5 · 1d544493
      David S. Miller authored
      into nuts.ninka.net:/home/davem/src/BK/net-2.5
      1d544493
    • Arnaldo Carvalho de Melo's avatar
      7dd20cc4
    • Chris Wright's avatar
      eb481d7f
    • Steven Cole's avatar
      [PATCH] Use '#ifdef' to test for CONFIG_xxx variables · 1bdbda8c
      Steven Cole authored
      Don't depend on undefined preprocessor symbols evaluating to zero.
      1bdbda8c
    • Linus Torvalds's avatar
      Merge bk://kernel.bkbits.net/davem/sparc-2.5 · 3f26cc01
      Linus Torvalds authored
      into home.transmeta.com:/home/torvalds/v2.5/linux
      3f26cc01
    • Linus Torvalds's avatar
      Merge bk://kernel.bkbits.net/davem/net-2.5 · 037ed253
      Linus Torvalds authored
      into home.transmeta.com:/home/torvalds/v2.5/linux
      037ed253
    • Linus Torvalds's avatar
    • Linus Torvalds's avatar
      80d8187e
    • Linus Torvalds's avatar
      Fix do_utimes() user pointer annotations. · 215b5cf3
      Linus Torvalds authored
      215b5cf3
    • Linus Torvalds's avatar
      fc6d1790
    • David S. Miller's avatar
      Merge nuts.ninka.net:/home/davem/src/BK/network-2.5 · f5bda5bc
      David S. Miller authored
      into nuts.ninka.net:/home/davem/src/BK/net-2.5
      f5bda5bc