Commit Graph

171 Commits

Author SHA1 Message Date
Steve French
5893a65711 Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6.git 2005-06-13 13:25:38 -05:00
Steve French
d6e04ae64c [CIFS] CIFS writepage improvements - eliminate double copy
Signed-off-by: Steve French (sfrench@us.ibm.com)
2005-06-13 13:24:43 -05:00
Steve French
f5d9b97ee0 Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-06-09 14:44:56 -07:00
Steve French
3079ca621e [CIFS] Fix cifs update of page cache. Write at correct offset when out of memory
and add_to_page_cache fails.  

Thanks to Shaggy for pointing out the fix.

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Shaggy (shaggy@us.ibm.com)
2005-06-09 14:44:07 -07:00
Trond Myklebust
1d6757fbff [PATCH] NFS: Fix lookup intent handling
We should never apply a lookup intent to anything other than the last
path component in an open(), create() or access() call.

Introduce the helper nfs_lookup_check_intent() which always returns
zero if LOOKUP_CONTINUE or LOOKUP_PARENT are set, and returns the
intent flags if we're on the last component of the lookup.
By doing so, we fix a bug in open(O_EXCL), where we may end up
optimizing away a real lookup of the parent directory.

Problem noticed by Linda Dunaphant <linda.dunaphant@ccur.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-07 15:53:47 -07:00
Yoshinori Sato
8f5bb0438b [PATCH] binfmt_flat mmap flag fix
Make sure that binfmt_flat passes the correct flags into do_mmap().  nommu's
validate_mmap_request() will simple return -EINVAL if we try and pass it a
flags value of zero.

Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:57:51 -07:00
Al Viro
d671a1cbf7 [PATCH] namei fixes (19/19)
__do_follow_link() passes potentially worng vfsmount to touch_atime().  It
matters only in (currently impossible) case of symlink mounted on something,
but it's trivial to fix and that actually makes more sense.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:27 -07:00
Al Viro
634ee7017b [PATCH] namei fixes (18/19)
Cosmetical cleanups - __follow_mount() calls in __link_path_walk() absorbed
into do_lookup().

Obviously equivalent transformation.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:27 -07:00
Al Viro
58c465eba4 [PATCH] namei fixes (17/19)
follow_mount() made void, reordered dput()/mntput() in it.

follow_dotdot() switched from struct vfmount ** + struct dentry ** to
struct nameidata *; callers updated.

Equivalent transformation + fix for too-early-mntput() race.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:27 -07:00
Al Viro
39ca6d4975 [PATCH] namei fixes (16/19)
Conditional mntput() moved into __do_follow_link().  There it collapses with
unconditional mntget() on the same sucker, closing another too-early-mntput()
race.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:27 -07:00
Al Viro
d9d29a2966 [PATCH] namei fixes (15/19)
Getting rid of sloppy logics:

a) in do_follow_link() we have the wrong vfsmount dropped if our symlink
had been mounted on something.  Currently it worls only because we never
get such situation (modulo filesystem playing dirty tricks on us).  And
it obfuscates already convoluted logics...

b) same goes for open_namei().

c) in __link_path_walk() we have another "it should never happen" sloppiness -
out_dput: there does double-free on underlying vfsmount and leaks the covering
one if we hit it just after crossing a mountpoint.  Again, wrong vfsmount
getting dropped.

d) another too-early-mntput() race - in do_follow_mount() we need to postpone
conditional mntput(path->mnt) until after dput(path->dentry).  Again, this one
happens only in it-currently-never-happens-unless-some-fs-plays-dirty
scenario...

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:27 -07:00
Al Viro
4b7b9772e4 [PATCH] namei fixes (14/19)
shifted conditional mntput() into do_follow_link() - all callers were doing
the same thing.

Obviously equivalent transformation.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:26 -07:00
Al Viro
ba7a4c1a76 [PATCH] namei fixes (13/19)
In open_namei() exit_dput: we have mntput() done in the wrong order -
if nd->mnt != path.mnt we end up doing
	mntput(nd->mnt);
	nd->mnt = path.mnt;
	dput(nd->dentry);
	mntput(nd->mnt);
which drops nd->dentry too late.  Fixed by having path.mnt go first.
That allows to switch O_NOFOLLOW under if (__follow_mount(...)) back
to exit_dput, while we are at it.

Fix for early-mntput() race + equivalent transformation.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:26 -07:00
Al Viro
a15a3f6fc6 [PATCH] namei fixes (12/19)
In open_namei() we take mntput(nd->mnt);nd->mnt=path.mnt; out of the if
(__follow_mount(...)), making it conditional on nd->mnt != path.mnt instead.

Then we shift the result downstream.

Equivalent transformations.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:26 -07:00
Al Viro
2f12dbfbb6 [PATCH] namei fixes (11/19)
shifted conditional mntput() calls in __link_path_walk() downstream.

Obviously equivalent transformation.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:26 -07:00
Al Viro
e13b210f6f [PATCH] namei fixes (10/19)
In open_namei(), __follow_down() loop turned into __follow_mount().
Instead of
	if we are on a mountpoint dentry
		if O_NOFOLLOW checks fail
			drop path.dentry
			drop nd
			return
		do equivalent of follow_mount(&path.mnt, &path.dentry)
		nd->mnt = path.mnt
we do
	if __follow_mount(path) had, indeed, traversed mountpoint
		/* now both nd->mnt and path.mnt are pinned down */
		if O_NOFOLLOW checks fail
			drop path.dentry
			drop path.mnt
			drop nd
			return
		mntput(nd->mnt)
		nd->mnt = path.mnt

Now __follow_down() can be folded into follow_down() - no other callers left.
We need to reorder dput()/mntput() there - same problem as in follow_mount().

Equivalent transformation + fix for a bug in O_NOFOLLOW handling - we used to
get -ELOOP if we had the same fs mounted on /foo and /bar, had something bound
on /bar/baz and tried to open /foo/baz with O_NOFOLLOW.  And fix of
too-early-mntput() race in follow_down()

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:26 -07:00
Al Viro
463ffb2e9d [PATCH] namei fixes (9/19)
New helper: __follow_mount(struct path *path).  Same as follow_mount(), except
that we do *not* do mntput() after the first lookup_mnt().

IOW, original path->mnt stays pinned down.  We also take care to do dput()
before mntput() in the loop body (follow_mount() also needs that reordering,
but that will be done later in the series).

The following are equivalent, assuming that path.mnt == x:
(1)
	follow_mount(&path.mnt, &path.dentry)
(2)
	__follow_mount(&path);
	if (path->mnt != x)
		mntput(x);
(3)
	if (__follow_mount(&path))
		mntput(x);

Callers of follow_mount() in __link_path_walk() converted to (2).

Equivalent transformation + fix for too-late-mntput() race in __follow_mount()
loop.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:25 -07:00
Al Viro
d671d5e514 [PATCH] namei fixes (8/19)
In open_namei() we never use path.mnt or path.dentry after exit: or ok:.
Assignment of path.dentry in case of LAST_BIND is dead code and only
obfuscates already convoluted function; assignment of path.mnt after
__do_follow_link() can be moved down to the place where we set path.dentry.

Obviously equivalent transformations, just to clean the air a bit in that
region.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:25 -07:00
Al Viro
cd4e91d3bc [PATCH] namei fixes (7/19)
The first argument of __do_follow_link() switched to struct path *
(__do_follow_link(path->dentry, ...) -> __do_follow_link(path, ...)).

All callers have the same calls of mntget() right before and dput()/mntput()
right after __do_follow_link(); these calls have been moved inside.

Obviously equivalent transformations.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:25 -07:00
Al Viro
839d9f93c9 [PATCH] namei fixes (6/19)
mntget(path->mnt) in do_follow_link() moved down to right before the
__do_follow_link() call and rigth after loop: resp.

dput()+mntput() on non-ELOOP branch moved up to right after __do_follow_link()
call.

resulting
loop:
	mntget(path->mnt);
	path_release(nd);
	dput(path->mnt);
	mntput(path->mnt);
replaced with equivalent
	dput(path->mnt);
	path_release(nd);

Equivalent transformations - the reason why we have that mntget() is that
__do_follow_link() can drop a reference to nd->mnt and that's what holds
path->mnt.  So that call can happen at any point prior to __do_follow_link()
touching nd->mnt.  The rest is obvious.

NOTE: current tree relies on symlinks *never* being mounted on anything.  It's
not hard to get rid of that assumption (actually, that will come for free
later in the series).  For now we are just not making the situation worse than
it is.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:25 -07:00
Al Viro
1be4a0900b [PATCH] namei fixes (5/19)
fix for too early mntput() in open_namei() - we pin path.mnt down for the
duration of __do_follow_link().  Otherwise we could get the fs where our
symlink lived unmounted while we were in __do_follow_link().  That would end
up with dentry of symlink staying pinned down through the fs shutdown.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:24 -07:00
Al Viro
d73ffe16b8 [PATCH] namei fixes (4/19)
path.mnt in open_namei() set to mirror nd->mnt.

nd->mnt is set in 3 places in that function - path_lookup() in the beginning,
__follow_down() loop after do_last: and __do_follow_link() call after
do_link:.

We set path.mnt to nd->mnt after path_lookup() and __do_follow_link().  In
__follow_down() loop we use &path.mnt instead of &nd->mnt and set nd->mnt to
path.mnt immediately after that loop.

Obviously equivalent transformation.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:24 -07:00
Al Viro
4e7506e4dd [PATCH] namei fixes (3/19)
Replaced struct dentry *dentry in namei with struct path path.  All uses of
dentry replaced with path.dentry there.

Obviously equivalent transformation.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:24 -07:00
Al Viro
5f92b3bcec [PATCH] namei fixes (2/19)
All callers of do_follow_link() do mntget() right before it and
dput()+mntput() right after.  These calls are moved inside do_follow_link()
now.

Obviously equivalent transformation.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:24 -07:00
Al Viro
90ebe5654f [PATCH] namei fixes
OK, here comes a patch series that hopefully should close all
too-early-mntput() races in fs/namei.c.  Entire area is convoluted as hell, so
I'm splitting that series into _very_ small chunks.

Patches alread in the tree close only (very wide) races in following symlinks
(see "busy inodes after umount" thread some time ago).  Unfortunately, quite a
few narrower races of the same nature were not closed.  Hopefully this should
take care of all of them.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-06 14:42:24 -07:00
Steve French
2830077f7a Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6.git 2005-06-06 12:31:45 -05:00
Steve French
0b68177ccd Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-06-06 09:57:33 -07:00
Qu Fuping
854715be73 [PATCH] mpage_end_io_write() I/O error handling fix
When fsync() runs wait_on_page_writeback_range() it only inspects pages which
are actually under I/O (PAGECACHE_TAG_WRITEBACK).  If a page completed I/O
prior to wait_on_page_writeback_range() looking at it, it is supposed to have
recorded its I/O error state in the address_space.

But mpage_mpage_end_io_write() forgot to set the address_space error flag in
this case.

Signed-off-by: Qu Fuping <fs@ercist.iscas.ac.cn>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-04 17:12:59 -07:00
Alexey Dobriyan
36358c2142 [CIFS] fs/cifs/netmisc.c: fix sparse warning
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Alexey Dobriyan <adobriyan@mail.ru>
Signed-off-by: Domen Puncer <domen@coderock.org>
2005-06-02 20:01:16 -05:00
Steve French
d0d2f2df65 [CIFS] Update cifs version number and fix whitespace
Signed-off-by: Steve French (sfrench@us.ibm.com)
2005-06-02 15:12:36 -07:00
Jan Kara
7e3b11a9be [PATCH] ext3: fix list scanning in __cleanup_transaction
Fix a bug in list scanning that can cause us to skip the last buffer on the
checkpoint list (and hence fail to do any progress under some rather
unfavorable conditions).

The problem is we first do jh=next_jh and then test

	} while (jh!=last_jh);

Hence we skip the last buffer on the list (if it was not the only buffer on
the list).  As we already do jh=next_jh; in the beginning of the loop we
are safe to just remove the assignment in the end.  It can happen that 'jh'
will be freed at the point we test jh != last_jh but that does not matter
as we never *dereference* the pointer.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-02 15:12:29 -07:00
Jan Kara
00ea81459c [PATCH] ext3: fix log_do_checkpoint() assertion failure
Fix possible false assertion failure in log_do_checkpoint().  We might fail
to detect that we actually made a progress when cleaning up the checkpoint
lists if we don't retry after writing something to disk.  The patch was
confirmed to fix observed assertion failures for several users.

When we flushed some buffers we need to retry scanning the list.
Otherwise we can fail to detect our progress.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-02 15:12:29 -07:00
Linus Torvalds
16a789c11d Automatic merge of rsync://rsync.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2005-06-01 16:32:03 -07:00
Steve French
12725675e2 Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-06-01 15:02:37 -07:00
Benjamin Herrenschmidt
5f64f73957 [PATCH] ppc32/ppc64: cleanup /proc/device-tree
This cleans up the /proc/device-tree representation of the Open Firmware
device-tree on ppc and ppc64.  It does the following things:

 - Workaround an issue in some Apple device-trees where a property may
   exist with the same name as a child node of the parent.  We now
   simply "drop" the property instead of creating duplicate entries in
   /proc with random result...

 - Do not try to chop off the "@0" at the end of a node name whose unit
   address is 0.  This is not useful, inconsistent, and the code was
   buggy and didn't always work anyway.

 - Do not create symlinks for the short name and unit address parts of a
   node.  These were never really used, bloated the memory footprint of
   the device-tree with useless struct proc_dir_entry and their matching
   dentry and inode cache bloat.

This results in smaller code, smaller memory footprint, and a more
accurate view of the tree presented to userland.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-01 07:54:14 -07:00
Goffredo Baroncelli
e74d633dc5 [PATCH] UDF filesystem: array '__mon_yday' declared as not static
in fs/udf/udftime.c the global array '__mon_yday' is not static, and it
conflicts with the glibc one when the kernel is compiled as user mode.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-31 14:54:18 -07:00
Steve French
af6f5e3247 Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-05-31 14:32:44 -07:00
Jeff Dike
a2e4b972c9 [PATCH] uml: remove 2_5compat.h
Remove old useless header that was used in Ye Olde Times during 2.4->2.5
porting to abstract differences.  It's definitions are no more used anyway, so
let's finally kill it.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-28 16:46:11 -07:00
Christoph Hellwig
66f5507133 [XFS] remove an over-zealous WARN_ON 2005-05-27 01:17:08 -07:00
Christoph Hellwig
b19312c4c8 Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-05-27 01:16:24 -07:00
Vladimir Saveliev
f359b74c80 [PATCH] reiserfs: max_key fix
This patch fixes a bug introduced by Al Viro's patch: [patch 136/174]
reiserfs endianness: clone struct reiserfs_key

The problem is MAX_KEY and MAX_IN_CORE_KEY defined in this patch do not
look equal from reiserfs comp_key's point of view.  This caused reiserfs'
sanity check to complain.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-21 16:45:24 -07:00
Steve French
7e2987503d Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-05-19 12:26:57 -07:00
Christoph Hellwig
f81a0bffa1 [AF_UNIX]: Use lookup_create().
currently it opencodes it, but that's in the way of chaning the
lookup_hash interface.

I'd prefer to disallow modular af_unix over exporting lookup_create,
but I'll leave that to you.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-19 12:26:43 -07:00
Stephen Tweedie
301216244b [PATCH] Avoid console spam with ext3 aborted journal.
Avoid console spam with ext3 aborted journal.

ext3 usually reports error conditions that it detects in its environment.
But when its journal gets aborted due to such errors, it can sometimes
continue to report that condition forever, spamming the console to such
an extent that the initial first cause of the journal abort can be lost.

When the journal aborts, we put the filesystem into readonly mode.  Most
subsequent filesystem operations will get rejected immediately by checks
for MS_RDONLY either in the filesystem or in the VFS.  But some paths do
not have such checks --- for example, if we continue to write to a file
handle that was opened before the fs went readonly.  (We only check for
the ROFS condition when the file is first opened.)  In these cases, we
can continue to generate log errors similar to

EXT3-fs error (device $DEV) in start_transaction: Journal has aborted

for each subsequent write.

There is really no point in generating these errors after the initial
error has been fully reported.  Specifically, if we're starting a
completely new filesystem operation, and the filesystem is *already*
readonly (ie. the ext3 layer has already detected and handled the
underlying jbd abort), and we see an EROFS error, then there is simply
no point in reporting it again.

Signed-off-by: Stephen Tweedie <sct@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-18 09:10:02 -07:00
Steve French
b1a45695bd [CIFS] fix casts of unicode strings to match function definition
Signed-off-by: Steve French (sfrench@us.ibm.com)
2005-05-17 16:07:23 -05:00
Steve French
b2aeb9d565 [CIFS] Fix oops in cifs_unlink. Caused in some cases when renaming over existing,
newly created, file.

Samba bugzilla: 2697

Signed-off-by: Steve French (sfrench@us.ibm.com)
2005-05-17 13:16:18 -05:00
Steve French
67594feb4b [CIFS] missing break needed to handle < when mount option "mapchars" specified
Signed-off-by: Steve French (sfrench@us.ibm.com)
2005-05-17 13:04:49 -05:00
Andrew Morton
c64610ba58 [PATCH] block_read_full_page() get_block() error handling fix
If block_read_full_page() detects an error when running get_block() it will
run SetPageError(), then it will zero out the block in pagecache and will mark
the buffer_head uptodate.

So at the end of readahead we end up with a non-uptodate pagecache page which
is marked PageError.  But it has uptodate buffers.

The pagefault code will run ClearPageError, will launch readpage a second time
and block_read_full_page() will notice the uptodate buffers and will mark the
page uptodate as well.  We end up with an uptodate, !PageError page full of
zeros and the error is lost.

(It seems a little odd that filemap_nopage() runs ClearPageError().  I guess
all of this adds up to meaning that for each attempted access to the page, the
pagefault handler will retry the I/O.  Which is good and bad.  If the app is
ignoring SIGBUS for some reason we could get a lot of back-to-back I/O
errors.)

Fix it by not marking the pagecache buffer_head as uptodate if the attempt to
map that buffer to a disk block failed.

Credit-to: Qu Fuping <fs@ercist.iscas.ac.cn>

  For reporting the bug and identifying its source.

Signed-off-by: Qu Fuping <fs@ercist.iscas.ac.cn>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-17 07:59:20 -07:00
Hugh Dickins
64d13c00cf [PATCH] fix impossible VmallocChunk
VmallocTotal: 34359738367 kB
VmallocUsed:    266288 kB
VmallocChunk: 18014366299193295 kB
is unsettling - x86_64 and some other architectures keep a separate address
range for modules in vmalloc's vmlist, which /proc/meminfo should pass over.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-17 07:59:10 -07:00
Greg Kroah-Hartman
a84a505956 [PATCH] fix Linux kernel ELF core dump privilege elevation
As reported by Paul Starzetz <ihaquer@isec.pl>

Reference: CAN-2005-1263

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2005-05-16 21:07:05 -07:00