1. 02 Feb, 2003 11 commits
    • Andrew Morton's avatar
      [PATCH] slab poison checking fix · 5a3446d8
      Andrew Morton authored
      Spotted by Andries Brouwer.  There's one place where slab is calling
      check_poison_obj() but not reporting on any detected failure.
      
      We used to go BUG() in there.  Convert it over to the kinder, gentler
      slab_error() regime.
      5a3446d8
    • Andrew Morton's avatar
      [PATCH] ext3: fix scheduling storm and lockups · cd9ab8c2
      Andrew Morton authored
      There have been sporadic sightings of ext3 causing little blips of 100,000
      context switches per second when under load.
      
      At the start of do_get_write_access() we have this logic:
      
      	repeat:
      		lock_buffer(jh->bh);
      		...
      		unlock_buffer(jh->bh);
      		...
      		if (jh->j_list == BJ_Shadow) {
      			sleep_on_buffer(jh->bh);
      			goto repeat;
      		}
      
      The problem is that the unlock_buffer() will wake up anyone who is sleeping
      in the sleep_on_buffer().
      
      So if task A is asleep in sleep_on_buffer() and task B now runs
      do_get_write_access(), task B will wake task A by accident.  Task B will then
      sleep on the buffer and task A will loop, will run unlock_buffer() and then
      wake task B.
      
      This state will continue until I/O completes against the buffer and kjournal
      changes jh->j_list.
      
      Unless task A and task B happen to both have realtime scheduling policy - if
      they do then kjournald will never run.  The state is never cleared and your
      box locks up.
      
      
      The fix is to not do the `goto repeat;' until the buffer has been taken of
      the shadow list.  So we don't go and wake up the other waiter(s) until they
      can actually proceed to use the buffer.
      
      The patch removes the exported sleep_on_buffer() function and simply exports
      an existing function which provides access to a buffer_head's waitqueue
      pointer.  Which is a better interface anyway, because it permits the use of
      wait_event().
      
      This bug was introduced introduced into 2.4.20-pre5 and was faithfully ported
      up.
      cd9ab8c2
    • Andrew Morton's avatar
      [PATCH] ext2_new_block cleanups and fixes · 2ef0192c
      Andrew Morton authored
      The general error logic handling in there is:
      
      	*errp = -EFOO;
      	<lots of code>
      	if (some_error)
      		goto out;
      
      this is fragile and unmaintainable, because the setting of the error code is
      "far away" from the site where the error was detected.
      
      And the code was actually wrong - we're returning ENOSPC in places where fs
      metadata inconsistency was detected.  We traditionally return -EIO in this
      case.
      
      So change it all to do, effectively:
      
      	if (some_error) {
      		*errp = -EFOO;
      		goto out;
      	}
      2ef0192c
    • Andrew Morton's avatar
      [PATCH] fix handling of ext2 allocation failures · 359ae811
      Andrew Morton authored
      Patch from: Hugh Dickins <hugh@veritas.com>
      
      For almost a year (since 2.5.4) ext2_new_block has tended to set err 0
      instead of -ENOSPC or -EIO.  This manifested variously (typically depends on
      what's stale in ext2_get_block's chain[4] array): sometimes __brelse free
      free buffer backtraces, sometimes release_pages oops, usually
      generic_make_request beyond end of device messages, followed by further ext2
      errors.
      
      [Insert lecture on dangers of using goto for unwind :-]
      359ae811
    • Andrew Morton's avatar
      [PATCH] properly handle too long pathnames in d_path · 28b6394d
      Andrew Morton authored
      Forward port of a 2.4 patch by Christoph Hellwig.
      
      See http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00384.html
      for the security implications.
      28b6394d
    • Andrew Morton's avatar
      [PATCH] remove lock_kernel() from exec of setuid apps · 3b149cc7
      Andrew Morton authored
      Patch from Manfred Spraul <manfred@colorfullife.com>
      
      exec of setuid apps and ptrace must be synchronized, to ensure that a normal
      user cannot ptrace a setuid app across exec.  ptrace_attach acquires the
      task_lock around the uid checks, compute_creds acquires the BLK.  The patch
      converts compute_creds to the task_lock.  Additionally, it removes the
      do_unlock variable: the task_lock is not heaviliy used, there is no need to
      avoid the spinlock by adding branches.
      
      The patch is a cleanup patch, not a fix for a security problem: AFAICS the
      sys_ptrace in every arch acquires the BKL before calling ptrace_attach.
      3b149cc7
    • Andrew Morton's avatar
      [PATCH] Compile fix in sound/oss/maestro.c · db54e742
      Andrew Morton authored
      Patch from "Ph. Marek" <philipp.marek@bmlv.gv.at>
      
      Compile fix in sound/oss/maestro.c
      db54e742
    • Andrew Morton's avatar
      [PATCH] vmlinux fix · 9c08eeff
      Andrew Morton authored
      Patch from: "H. J. Lu" <hjl@lucon.org>
      
      Fixes a commonly-reported insmod oops.
      
      Move the ksymtab labels definitions inside the liker section, so they get the
      right addresses.
      9c08eeff
    • Andrew Morton's avatar
      [PATCH] Fix inode size accounting race · 7619fd2b
      Andrew Morton authored
      Since Jan removed the lock_kernel()s in inode_add_bytes() and
      inode_sub_bytes(), these functions have been racy.
      
      One problematic workload has been discovered in which concurrent writepage
      and truncate on SMP quickly causes i_blocks to go negative.  writepage() does
      not take i_sem, and it seems that for ext2, there are no other locks in
      force when inode_add_bytes() is called.
      
      Putting the BKL back in there is not acceptable.  To fix this race I have
      added a new spinlock "i_lock" to the inode.
      
      That lock is presently used to protect i_bytes and i_blocks.  We could use it
      to protect i_size as well.
      
      The splitting of the used disk space into i_blocks and i_bytes is silly - we
      should nuke all that and just have a bare loff_t i_usedbytes.   Later.
      7619fd2b
    • Andrew Morton's avatar
      [PATCH] direct-IO: fix i_size handling on ENOSPC · 7c0f82da
      Andrew Morton authored
      When an appending O_DIRECT write hits ENOSPC we're returning a short write
      which is _too_ short.  The file ends up with an undersized i_size and fsck
      complains.
      
      So update the return value with the partial result before bailing out.
      7c0f82da
    • Andrew Morton's avatar
      [PATCH] Fix data loss problem due to sys_sync · 5f44f4a9
      Andrew Morton authored
      In 2.5.52 I broke sys_sync() for ext2 in subtle ways.
      
      sys_sync() will set mapping->dirtied_when non-zero against a clean inode.
      Later, in (say) __iget(), that inode gets moved over to inode_unused or
      inode_in_use.  But because it has non-zero ->dirtied_when,
      __mark_inode_dirty() thinks that the inode must still be on sb->s_dirty.
      
      But it isn't.  It's on inode_in_use.  It (and its pages) never get written
      out and the data gets thrown away on unmount.
      
      The patch ceases to use ->dirtied_when as an indicator of inode dirtiness.
      Not sure why I even did that :(
      5f44f4a9
  2. 16 Jan, 2003 29 commits