- 06 Feb, 2003 40 commits
-
-
Christoph Hellwig authored
The Stanford checker disclose that vxfs_read_fshead was missing any unwinding in the error cases..
-
Andries E. Brouwer authored
-
Andries E. Brouwer authored
In struct char_dev the fields openers and sem are unused. The file char_dev.c claims that it is called differently.
-
Andrew Morton authored
hm. It seems that I sent this patch twice. After resyncing with your tree I go through and try to reapply all the sent patches, throwing out the ones which get a lot of rejects. Just to make sure that everything got through OK. But it appears that that particular patch happily applied on top of itself, so I assumed it was not applied...
-
Roland McGrath authored
I cleaned up sys_wait4; it was straightforward and I think a definite improvement. While at it, I noticed that one of the races I fixed in the TASK_STOPPED case actually can happen earlier. Between read_unlock and write_lock_irq, another thread could reap the process and make P invalid, so now I do get_task_struct before read_unlock and then the existing race checks catch all scenarios. Aside from the aforementioned race tweak, the code should be the same as in the previous patch (that Ingo and I have tested more thoroughly) modulo being moved into functions and some reformatting and comment changes. Oh, my old patch had one case where it failed to retake the read lock after a race bailout that I just noticed reading over it. That's fixed too. These exit fixes were something I noticed incidentally and spent less time on than the signals changes. Another few passes of eyeballs over them are certainly warranted. (In particular, there are code paths like that one that check for specific races that have probably never been seen in practice, so those code paths have never run once.)
-
Steven Cole authored
OK, here is the diff against 2.5.59-bk2, now up to 880 lines due to an additional misspelling which crept in the -bk2 snapshot. Fixes 'seperate' -> 'separate' and 'definate' -> 'definite'. Kernal codrs cna't spel.
-
Matthew Dobson authored
The CLEAR_BITMAP() macro in include/linux/types.h is broken and doesn't round the bitmap size to the proper 'long' boundary. This fixes it by creating a macro BITS_TO_LONGS that just rounds a number of bits up to the closest number of unsigned longs. This makes the DECLARE & CLEAR _BITMAP macros more readable and fixes the bug.
-
Mark Haverkamp authored
This moves access of the host element to device since host has been removed from struct scsi_cmnd.
-
Ingo Molnar authored
this is the current threading patchset, which accumulated up during the past two weeks. It consists of a biggest set of changes from Roland, to make threaded signals work. There were still tons of testcases and boundary conditions (mostly in the signal/exit/ptrace area) that we did not handle correctly. Roland's thread-signal semantics/behavior/ptrace fixes: - fix signal delivery race with do_exit() => signals are re-queued to the 'process' if do_exit() finds pending unhandled ones. This prevents signals getting lost upon thread-sys_exit(). - a non-main thread has died on one processor and gone to TASK_ZOMBIE, but before it's gotten to release_task a sys_wait4 on the other processor reaps it. It's only because it's ptraced that this gets through eligible_child. Somewhere in there the main thread is also dying so it reparents the child thread to hit that case. This means that there is a race where P might be totally invalid. - forget_original_parent is not doing the right thing when the group leader dies, i.e. reparenting threads to init when there is a zombie group leader. Perhaps it doesn't matter for any practical purpose without ptrace, though it makes for ppid=1 for each thread in core dumps, which looks funny. Incidentally, SIGCHLD here really should be p->exit_signal. - one of the gdb tests makes a questionable assumption about what kill will do when it has some threads stopped by ptrace and others running. exit races: 1. Processor A is in sys_wait4 case TASK_STOPPED considering task P. Processor B is about to resume P and then switch to it. While A is inside that case block, B starts running P and it clears P->exit_code, or takes a pending fatal signal and sets it to a new value. Depending on the interleaving, the possible failure modes are: a. A gets to its put_user after B has cleared P->exit_code => returns with WIFSTOPPED, WSTOPSIG==0 b. A gets to its put_user after B has set P->exit_code anew => returns with e.g. WIFSTOPPED, WSTOPSIG==SIGKILL A can spend an arbitrarily long time in that case block, because there's getrusage and put_user that can take page faults, and write_lock'ing of the tasklist_lock that can block. But even if it's short the race is there in principle. 2. This is new with NPTL, i.e. CLONE_THREAD. Two processors A and B are both in sys_wait4 case TASK_STOPPED considering task P. Both get through their tests and fetches of P->exit_code before either gets to P->exit_code = 0. => two threads return the same pid from waitpid. In other interleavings where one processor gets to its put_user after the other has cleared P->exit_code, it's like case 1(a). 3. SMP races with stop/cont signals First, take: kill(pid, SIGSTOP); kill(pid, SIGCONT); or: kill(pid, SIGSTOP); kill(pid, SIGKILL); It's possible for this to leave the process stopped with a pending SIGCONT/SIGKILL. That's a state that should never be possible. Moreover, kill(pid, SIGKILL) without any repetition should always be enough to kill a process. (Likewise SIGCONT when you know it's sequenced after the last stop signal, must be sufficient to resume a process.) 4. take: kill(pid, SIGKILL); // or any fatal signal kill(pid, SIGCONT); // or SIGKILL it's possible for this to cause pid to be reaped with status 0 instead of its true termination status. The equivalent scenario happens when the process being killed is in an _exit call or a trap-induced fatal signal before the kills. plus i've done stability fixes for bugs that popped up during beta-testing, and minor tidying of Roland's changes: - a rare tasklist corruption during exec, causing some very spurious and colorful crashes. - a copy_process()-related dereference of already freed thread structure if hit with a SIGKILL in the wrong moment. - SMP spinlock deadlocks in the signal code this patchset has been tested quite well in the 2.4 backport of the threading changes - and i've done some stresstesting on 2.5.59 SMP as well, and did an x86 UP testcompile + testboot as well.
-
David Jeffery authored
This small patch does 2 things. It reworks the firmware/driver versioning messages to make them more understandable, and it fixes one case where the 64bit addressing changes caused error/success to not be properly reported to the serveraid tools.
-
David Jeffery authored
This large patch adds support for using 64bit addressing. Special thanks goes to Mike Anderson who did the initial versions of this patch.
-
David Jeffery authored
This large patch reworks much of the adapter initialization code. It splits the scsi initialization code from the pci initialization. It adds support for working with some future cards. It also removes the use of multiple pci_driver registrations and instead does its own adapter ordering.
-
David Jeffery authored
This small patch fixes the length of the IPS_ENQ struct. It was too short which can cause the adapter to write beyond the the end of the struct during driver initialization and corrupt part of memory.
-
http://linux-scsi.bkbits.net/scsi-for-linus-2.5Linus Torvalds authored
into home.transmeta.com:/home/torvalds/v2.5/linux
-
James Bottomley authored
into raven.il.steeleye.com:/home/jejb/BK/scsi-for-linus-2.5
-
Christoph Hellwig authored
I just couldn't see the mess anymore.. Nuke the ifdefs and use sane variable names. Some more small nitpicks but no behaviour changes at all.
-
Rusty Russell authored
From: Steven Cole <elenstev@mesatop.com> Here are some help texts from 2.4.21-pre3 Configure.help which are needed in 2.5.59 drivers/scsi/Kconfig. Steven
-
Rusty Russell authored
From: Marcus Alanen <maalanen@ra.abo.fi> Remove check_region in favour of request_region. Free resources properly on error path. Horribly subtle ioremap/iounmap lurks here I think, in qla1280_pci_config(), which the below patch should take care of. I'm wondering if there couldn't / shouldn't be a better way to allocate resources. Obviously lots of drivers have broken error paths. Is this even necessary? Marcus # # create_patch: qla1280_release_on_error_path-2002-12-08-A.patch # Date: Sun Dec 8 22:32:33 EET 2002 #
-
Christoph Hellwig authored
It isn't used anywhere anymore
-
http://linux-acpi.bkbits.net/linux-acpiLinus Torvalds authored
into home.transmeta.com:/home/torvalds/v2.5/linux
-
Andy Grover authored
-
Randy Dunlap authored
The Stanford Checker found a memleak.
-
bk://kernel.bkbits.net/vojtech/x86-64Linus Torvalds authored
into home.transmeta.com:/home/torvalds/v2.5/linux
-
Vojtech Pavlik authored
-
Andrew Morton authored
Patch from "Stephen C. Tweedie" <sct@redhat.com> Fix "h_buffer_credits<0" assert failure during truncate. The bug occurs when the "i_blocks" count in the file's inode overflows past 2^31. That works fine most of the time, because i_blocks is an unsigned long, and should go up to 2^32; but there's a place in truncate where ext3 calculates the size of the next transaction chunk for the delete, and that mistakenly uses a signed long instead. Because the huge i_blocks gets cast to a negative value, ext3 does not reserve enough credits for the transaction and the above error results. This is usually only possible on filesystems corrupted for other reasons, but it is reproducible if you create a single, non-sparse file larger than 1TB on ext3 and then try to delete it.
-
Andrew Morton authored
Patch from Manfred Spraul. Fixes a bug which was exposed by Zwane's hotplug CPU work. The cache_cache.array pointer is initially given a temp bootstrap area, which is later converted over to the final value after the CPU is brought up. But if slab is enhanced to permit cancellation of a CPU bringup, this pointer ends up pointing at stale memory. So reinitialise it by hand when kmem_cache_init() is run.
-
Andrew Morton authored
Patch from Manfred Spraul <manfred@colorfullife.com> This enables spinlock debuggng on uniprocessor builds, under CONFIG_DEBUG_SPINLOCK. The reason I want this is that one day we'll need to pull out the debugging support from the timer code which detects uninitialised timers. And once that has gone, uniprocessor developers and testers have no way of detecting uninitialised timers - there will be mysterious deadlocks on SMP machines. And there will surely be more uninitialised timers The patch also removes the last pieces of the support for including <asm/spinlock.h> directly. Doesn't work since (IIRC) 2.3.x
-
Andrew Morton authored
- Not everyone uses 160-column xterms. - Coding style consistency
-
Andrew Morton authored
If you attempt to perform a relocating 4k-aligned mremap and the new address for the map lands on top of a hugepage VMA, do_mremap() will attempt to perform a 4k-aligned unmap inside the hugetlb VMA. The hugetlb layer goes BUG. Fix that by trapping the poorly-aligned unmap attempt in do_munmap(). do_remap() will then fall through without having done anything to the place where it tests for a hugetlb VMA. It would be neater to perform these checks on entry to do_mremap(), but that would incur another VMA lookup. Also, if you attempt to perform a 4k-aligned and/or sized munmap() inside a hugepage VMA the same BUG happens. This patch fixes that too. This all means that an mremap attempt against a hugetlb area will fail, but only after having unmapped the source pages. That's a bit messy, but supporting hugetlb mremap doesn't seem worth it, and completely disallowing it will add overhead to normal mremaps.
-
Andrew Morton authored
This function is quite wrong - has an "=" where it should have a "-" and confuses PAGE_SIZE and HPAGE_SIZE in its address and file offset arithmetic.
-
Andrew Morton authored
- whitespace - remove unneeded spinlocking no-op.
-
Andrew Morton authored
If the underlying mapping was truncated and someone references the now-unmapped memory the kernel will enter handle_mm_fault() and will start instantiating PAGE_SIZE pte's inside the hugepage VMA. Everything goes generally pear-shaped. So trap this in handle_mm_fault(). It adds no overhead to non-hugepage builds. Another possible fix would be to not unmap the huge pages at all in truncate - just anonymise them. But I think we want full ftruncate semantics for hugepages for management purposes.
-
Andrew Morton authored
If someone maps a hugetlbfs file, then truncates it, then references the part of the mapping outside the truncation point, they take a pagefault and we end up hitting hugetlb_nopage(). We want to prevent this from ever happening. This patch just makes sure that all architectures have a goes-BUG hugetlb_nopage() to trap it.
-
Andrew Morton authored
- Remove quota code. - Remove extraneous copy-n-paste code from truncate: that's only for physically-backed filesystems. - Whitespace changes.
-
Andrew Morton authored
We're expanding hugetlbfs i_size in the wrong place. If someone attempts to mmap more pages than are available, i_size is updated to reflect the attempted mapping size. So set i_size only when pages are successfully added to the mapping. i_size handling at truncate time is still a bit wrong - if the mapping has pages at (say) page offset 100-200 and the mappng is truncated to (say) page offset 50, i_size should be set to zero. But it is instead set to 50*HPAGE_SIZE. That's harmless.
-
Andrew Morton authored
- Opening a hugetlbfs file O_TRUNC calls the generic vmtruncate() functions and nukes the kernel. Give S_ISREG hugetlbfs files a inode_operations, and hence a setattr which know how to handle these files. - Don't permit the user to truncate hugetlbfs files to sizes which are not a multiple of HPAGE_SIZE. - We don't support expanding in ftruncate(), so remove that code.
-
Andrew Morton authored
Having to specify the mapping address is a pain. Give hugetlbfs files a file_operations.get_unmapped_area(). The implementation is in hugetlbfs rather than in arch code because it's probably common to several architectures. If the architecture has special needs it can define HAVE_ARCH_HUGETLB_UNMAPPED_AREA and go it alone. Just like HAVE_ARCH_UNMAPPED_AREA.
-
Andrew Morton authored
The odd thing about hugetlb is that it maintains its own freelist of pages. And it has to do that, else it would trivially run out of pages due to buddy fragmetation. So we we don't want callers of put_page() to be passing those pages to __free_pages_ok() on the final put(). So hugetlb installs a destructor in the compound pages to point at free_huge_page(), which knows how to put these pages back onto the free list. Also, don't mark hugepages as all PageReserved any more. That's preenting callers from doing proper refcounting. Any code which does a user pagetable walk and hits part of a hugepage will now handle it transparently.
-
Andrew Morton authored
We currently have a problem when things like ptrace, futexes and direct-io try to pin user pages. If the user's address is in a huge page we're elevting the refcount of a constituent 4k page, not the head page of the high-order allocation unit. To solve this, a generic way of handling higher-order pages has been implemented: - A higher-order page is called a "compound page". Chose this because "huge page", "large page", "super page", etc all seem to mean different things to different people. - The first (controlling) 4k page of a compound page is referred to as the "head" page. - The remaining pages are tail pages. All pages have PG_compound set. All pages have their lru.next pointing at the head page (even the head page has this). The head page's lru.prev, if non-zero, holds the address of the compound page's put_page() function. The order of the allocation is stored in the first tail page's lru.prev. This is only for debug at present. This usage means that zero-order pages may not be compound. The above relationships are established for _all_ higher-order pages in the page allocator. Which has some cost, but not much - another atomic op during fork(), mainly. This functionality is only enabled if CONFIG_HUGETLB_PAGE, although it could be turned on permanently. There's a little extra cost in get_page/put_page. These changes do not preclude adding compound pages to the LRU in the future - we can add a new page flag to the head page and then move all the additional data to the first tail page's lru.next, lru.prev, list.next, list.prev, index, private, etc.
-
Andrew Morton authored
Seems that nobody has tested direct IO into hugetlb pages yet. The VFS gets upset about running set_page_dirty() against a non-uptodate page. So give hugetlbfs inodes a private no-op ->set_page_dirty() to isolate them from all that.
-