1. 06 Nov, 2006 25 commits
  2. 05 Nov, 2006 11 commits
  3. 04 Nov, 2006 4 commits
    • Linus Torvalds's avatar
      Make sure "user->sigpending" count is in sync · 10b1fbdb
      Linus Torvalds authored
      The previous commit (45c18b0b, aka "Fix
      unlikely (but possible) race condition on task->user access") fixed a
      potential oops due to __sigqueue_alloc() getting its "user" pointer out
      of sync with switch_user(), and accessing a user pointer that had been
      de-allocated on another CPU.
      
      It still left another (much less serious) problem, where a concurrent
      __sigqueue_alloc and swich_user could cause sigqueue_alloc to do signal
      pending reference counting for a _different_ user than the one it then
      actually ended up using.  No oops, but we'd end up with the wrong signal
      accounting.
      
      Another case of Oleg's eagle-eyes picking up the problem.
      
      This is trivially fixed by just making sure we load whichever "user"
      structure we decide to use (it doesn't matter _which_ one we pick, we
      just need to pick one) just once.
      Acked-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
      Cc: Andrew Morton <akpm@osdl.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      10b1fbdb
    • Linus Torvalds's avatar
      Fix unlikely (but possible) race condition on task->user access · 45c18b0b
      Linus Torvalds authored
      There's a possible race condition when doing a "switch_uid()" from one
      user to another, which could race with another thread doing a signal
      allocation and looking at the old thread ->user pointer as it is freed.
      
      This explains an oops reported by Lukasz Trabinski:
      	http://permalink.gmane.org/gmane.linux.kernel/462241
      
      We fix this by delaying the (reference-counted) freeing of the user
      structure until the thread signal handler lock has been released, so
      that we know that the signal allocation has either seen the new value or
      has properly incremented the reference count of the old one.
      
      Race identified by Oleg Nesterov.
      
      Cc: Lukasz Trabinski <lukasz@wsisiz.edu.pl>
      Cc: Oleg Nesterov <oleg@tv-sign.ru>
      Cc: Andrew Morton <akpm@osdl.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      45c18b0b
    • Linus Torvalds's avatar
      Revert unintentional "volatile" changes in ipc/msg.c · 80491eb9
      Linus Torvalds authored
      Commit 5a06a363 ("[PATCH] ipc/msg.c:
      clean up coding style") breaks fakeroot on Alpha (variously hangs or
      oopses), according to a report by Falk Hueffner.
      
      The fact that the code seems to rely on compiler access ordering through
      the use of "volatile" is a pretty certain sign that the code has locking
      problems, and we should fix those properly and then remove the whole
      "volatile" entirely.
      
      But in the meantime, the movement of "volatile" was unintentional, and
      should be reverted.
      
      Cc: Falk Hueffner <falk@debian.org>
      Cc: Andrew Morton <akpm@osdl.org>
      Acked-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      80491eb9
    • Jens Axboe's avatar
      [PATCH] splice: fix problem introduced with inode diet · ddac0d39
      Jens Axboe authored
      After the inode slimming patch that unionised i_pipe/i_bdev/i_cdev, it's
      no longer enough to check for existance of ->i_pipe to verify that this
      is a pipe.
      
      Original patch from Eric Dumazet <dada1@cosmosbay.com>
      Final solution suggested by Linus.
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      ddac0d39