21 Apr, 2007
4 commits
-
Protect nfs_set_page_dirty() against races with nfs_inode_add_request.
Signed-off-by: Trond Myklebust
Signed-off-by: Linus Torvalds -
Redirtying a request that is already marked for commit will screw up the
accounting for NR_UNSTABLE_NFS as well as nfs_i.ncommit.
Ensure that all requests on the commit queue are labelled with the
PG_NEED_COMMIT flag, and avoid moving them onto the dirty list inside
nfs_page_mark_flush().Also inline nfs_mark_request_dirty() into nfs_page_mark_flush() for
atomicity reasons. Avoid dropping the spinlock until we're done marking the
request in the radix tree and have added it to the ->dirty list.Signed-off-by: Trond Myklebust
Signed-off-by: Linus Torvalds -
Ensure that we don't release the PG_writeback lock until after the page has
either been redirtied, or queued on the nfs_inode 'commit' list.Signed-off-by: Trond Myklebust
Signed-off-by: Linus Torvalds -
Get rid of the inlined #ifdefs.
Signed-off-by: Trond Myklebust
Signed-off-by: Linus Torvalds
18 Apr, 2007
2 commits
-
This patch should fix or partly fix this bug:
http://bugzilla.kernel.org/show_bug.cgi?id=8276The problem is:
- if we see "zero link case" during reading inode operation, we call
ufs_error(which remount fs readonly), but not "mark" inode as bad (1)- in readonly case we do not fill some data structures, which are used in
read and write case (2)- VFS call ufs_delete_inode if link count is zero (3)
so (1)->(3)->(2) cause oops, this patch should fix such scenario
Signed-off-by: Evgeniy Dushistov
Cc: Jim Paris
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The patch checks for "|" in the pattern not the output and doesn't nail a
pid on to a piped name (as it is a program name not a file)Also fixes a very very obscure security corner case. If you happen to have
decided on a core pattern that starts with the program name then the user
can run a program called "|myevilhack" as it stands. I doubt anyone does
this.Signed-off-by: Alan Cox
Confirmed-by: Christopher S. Aker
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
16 Apr, 2007
1 commit
-
We must remove the request from whatever list it is currently on before we
can add it to the dirty list.Signed-off-by: Trond Myklebust
Signed-off-by: Linus Torvalds
15 Apr, 2007
3 commits
-
If the writebacks are cancelled via nfs_cancel_dirty_list, or due to the
memory allocation failing in nfs_flush_one/nfs_flush_multi, then we must
ensure that the PG_writeback flag is cleared.Also ensure that we actually own the PG_writeback flag whenever we
schedule a new writeback by making nfs_set_page_writeback() return the
value of test_set_page_writeback().
The PG_writeback page flag ends up replacing the functionality of the
PG_FLUSHING nfs_page flag, so we rip that out too.Signed-off-by: Trond Myklebust
Cc: Peter Zijlstra
Signed-off-by: Linus Torvalds -
Do not flag an error if the COMMIT call fails and we decide to resend the
writes. Let the resend flag the error if it fails.If a write has failed, then nfs_direct_write_result should not attempt to
send a commit. It should just exit asap and return the error to the user.Signed-off-by: Trond Myklebust
Cc: Chuck Lever
Signed-off-by: Linus Torvalds -
It looks like nfs_setattr() and nfs_rename() also need to test whether the
target is a regular file before calling nfs_wb_all()...Signed-off-by: Trond Myklebust
Signed-off-by: Linus Torvalds
13 Apr, 2007
2 commits
-
Commit f50b6f8691cae2e0064c499dd3ef3f31142987f0 introduced a race in
autofs4 between autofs_lookup_unhashed() and autofs_dentry_release().autofs_dentry_release() ends up clearing the ->dentry and ->inode members
of autofs_info before removing it from the rehash list. The list is
protected by the rehash lock in both functions, but since
autofs_dentry_release() starts tearing the autofs_info struct down before
removing it from the list, autofs_lookup_unhashed() can get a autofs_info
with a NULL dentry.This patch moves the clearing of ->dentry and ->inode after the removal
from the rehash list.Signed-off-by: Jeff Mahoney
Acked-by: Ian Kent
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This patch fixes a bug in function decrementing a key of stat data item.
Offset of reiserfs keys are compared as signed values. To set key offset
to maximal possible value maximal signed value has to be used.This bug is responsible for severe reiserfs filesystem corruption which
shows itself as warning vs-13060. reiserfsck fixes this corruption by
filesystem tree rebuilding.Signed-off-by: Vladimir Saveliev
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
09 Apr, 2007
1 commit
-
If rootmode isn't valid, we hit the BUG() in fuse_init_inode. Now
EINVAL is returned.Signed-off-by: Timo Savola
Signed-off-by: Miklos Szeredi
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
05 Apr, 2007
1 commit
-
Revert all this. It can cause device-mapper to receive a different major from
earlier kernels and it turns out that the Amanda backup program (via GNU tar,
apparently) checks major numbers on files when performing incremental backups.Which is a bit broken of Amanda (or tar), but this feature isn't important
enough to justify the churn.Cc: Ingo Molnar
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
03 Apr, 2007
4 commits
-
Revert b46be05004abb419e303e66e143eed9f8a6e9f3f. Same reasoning as for ext3.
Cc: Kirill Korotaev
Cc: Ingo Molnar
Cc: Ken Chen
Cc: Andrey Savochkin
Cc:
Cc: Dmitriy Monakhov
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Revert e92a4d595b464c4aae64be39ca61a9ffe9c8b278.
Dmitry points out
"When we block_prepare_write() failed while ext3_prepare_write() we jump to
"failure" label and call ext3_prepare_failure() witch search last mapped bh
and invoke commit_write untill it. This is wrong!! because some bh from
begining to the last mapped bh may be not uptodate. As a result we commit to
disk not uptodate page content witch contains garbage from previous usage."and
"Unexpected file size increasing."
Call trace the same as it was in first issue but result is different.
For example we have file with i_size is zero. we want write two blocks ,
but fs has only one free block.->ext3_prepare_write(...from == 0, to == 2048)
retry:
->block_prepare_write() == -ENOSPC# we failed but allocated one block here.
->ext3_prepare_failure()
->commit_write( from == 0, to == 1024) # after this i_size becomes 1024 :)
if (ret == -ENOSPC && ext3_should_retry_alloc(inode->i_sb, &retries))
goto retry;Finally when all retries will be spended ext3_prepare_failure return
-ENOSPC, but i_size was increased and later block trimm procedures can't
help here.We don't appear to have the horsepower to fix these issues, so let's put
things back the way they were for now.Cc: Kirill Korotaev
Cc: Ingo Molnar
Cc: Ken Chen
Cc: Andrey Savochkin
Cc:
Cc: Dmitriy Monakhov
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
When the dump cannot occur most likely because of a full file system and
the page to be written is the zero page, the call to page_cache_release()
is missed.Signed-off-by: Brian Pomerantz
Cc: Hugh Dickins
Cc: Nick Piggin
Cc: David Howells
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
We're using #ifdef CONFIG_SYSCTL, but we should be using CONFIG_PROC_SYSCTL,
so we getfs/built-in.o: In function `proc_root_init':
/usr/src/linux/fs/proc/root.c:83: undefined reference to `proc_sys_init'Fix that up and remove an ifdef-in-C.
Cc: "Eric W. Biederman"
Cc: Helge Hafting
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
29 Mar, 2007
5 commits
-
* 'for-linus' of git://git.kernel.dk/data/git/linux-2.6-block:
[PATCH] splice: partial write fix -
* rename name to host_root_path
* rename data to req_root.Signed-off-by: Paolo 'Blaisorblade' Giarrusso
Signed-off-by: Jeff Dike
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Fix a few miscellaneous compilation problems -
an assignment with mismatched types in ldt.c
a missing include in mconsole.h which needs a definition of uml_pt_regs
I missed removing an include of user_util.h in hostfsSigned-off-by: Jeff Dike
Cc: Paolo 'Blaisorblade' Giarrusso
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Currently if partial write has happened while ->commit_write() then page
wasn't marked as accessed and rebalanced.Signed-off-by: Monakhov Dmitriy
Cc: Nick Piggin
Signed-off-by: Andrew Morton
Signed-off-by: Jens Axboe -
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2:
ocfs2_dlm: Check for migrateable lockres in dlm_empty_lockres()
ocfs2_dlm: Fix lockres ref counting bug
28 Mar, 2007
9 commits
-
…inville/wireless-2.6 into upstream-fixes
-
The user can generate console output if they cause do_mmap() to fail
during sys_io_setup(). This was seen in a regression test that does
exactly that by spinning calling mmap() until it gets -ENOMEM before
calling io_setup().We don't need this printk at all, just remove it.
Signed-off-by: Zach Brown
Signed-off-by: Linus Torvalds -
Johannes Berg and Michael Buesch noticed that the WPA ioctls
were missing from the 6432 bit conversion. This means that when
using a 32 bits userspace on a 64 bit kernel, those ioctls fail.Signed-off-by: Jean Tourrilhes
Signed-off-by: John W. Linville -
* 'for-linus' of git://git.kernel.dk/data/git/linux-2.6-block:
Export __splice_from_pipe()
2/2 splice: dont readpage
1/2 splice: dont steal
make elv_register() output atomic
block: blk_max_pfn is somtimes wrong -
Without attached patch against current -git I get following with
!PROC_SYSCTL (with EMBEDDED and PROC_FS set):CC init/version.o
LD init/built-in.o
LD vmlinux
fs/built-in.o: In function `do_proc_sys_lookup':
proc_sysctl.c:(.text+0x26583): undefined reference to `sysctl_head_next'
fs/built-in.o: In function `proc_sys_revalidate':
proc_sysctl.c:(.text+0x265bb): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_readdir':
proc_sysctl.c:(.text+0x26720): undefined reference to `sysctl_head_next'
proc_sysctl.c:(.text+0x267d8): undefined reference to `sysctl_head_finish'
proc_sysctl.c:(.text+0x268e7): undefined reference to `sysctl_head_next'
proc_sysctl.c:(.text+0x26910): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_write':
proc_sysctl.c:(.text+0x2695d): undefined reference to `sysctl_perm'
proc_sysctl.c:(.text+0x2699c): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_read':
proc_sysctl.c:(.text+0x269e9): undefined reference to `sysctl_perm'
proc_sysctl.c:(.text+0x26a25): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_permission':
proc_sysctl.c:(.text+0x26ad1): undefined reference to `sysctl_perm'
proc_sysctl.c:(.text+0x26adb): undefined reference to `sysctl_head_finish'
fs/built-in.o: In function `proc_sys_lookup':
proc_sysctl.c:(.text+0x26b39): undefined reference to `sysctl_head_finish'
make: *** [vmlinux] Virhe 1All those functions are in fs/proc/proc_sysctl.c, which has no CONFIG_
#define's in it, so the patch makes the compilation of that file to depend
on CONFIG_PROC_SYSCTL (the simplest choice).Acked-by: "Eric W. Biederman"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This cancel_delayed_work call is called from a function that is only called
from a piece of code that immediate follows a cancel and destruction of the
workqueue, so it's clearly a mistake.Cc: Oleg Nesterov
Signed-off-by: "J. Bruce Fields"
Signed-off-by: Neil Brown
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The reused clientid here is a more of a problem for the client than the
server, and the client can report the problem itself if it's serious.Signed-off-by: "J. Bruce Fields"
Signed-off-by: Neil Brown
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
A regression introduced in the last set of acl patches removed the
INHERIT_ONLY flag from aces derived from the posix acl. Fix.Signed-off-by: "J. Bruce Fields"
Signed-off-by: Neil Brown
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
->readdir passes lofft_t offsets (used as nfs cookies) to
nfs3svc_encode_entry{,_plus}, but when they pass it on to encode_entry it
becomes an 'off_t', which isn't good.So filesystems that returned 64bit offsets would lose.
Signed-off-by: Neil Brown
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
27 Mar, 2007
6 commits
-
Ocfs2 wants to implement it's own splice write actor so that it can better
manage cluster / page locks. This lets us re-use the rest of splice write
while only providing our own code where it's actually important.Signed-off-by: Mark Fasheh
Signed-off-by: Jens Axboe -
Splice does not need to readpage to bring the page uptodate before writing
to it, because prepare_write will take care of that for us.Splice is also wrong to SetPageUptodate before the page is actually uptodate.
This results in the old uninitialised memory leak. This gets fixed as a
matter of course when removing the readpage logic.Signed-off-by: Nick Piggin
Signed-off-by: Jens Axboe -
Stealing pages with splice is problematic because we cannot just insert
an uptodate page into the pagecache and hope the filesystem can take care
of it later.We also cannot just ClearPageUptodate, then hope prepare_write does not
write anything into the page, because I don't think prepare_write gives
that guarantee.Remove support for SPLICE_F_MOVE for now. If we really want to bring it
back, we might be able to do so with a the new filesystem buffered write
aops APIs I'm working on. If we really don't want to bring it back, then
we should decide that sooner rather than later, and remove the flag and
all the stealing infrastructure before anybody starts using it.Signed-off-by: Nick Piggin
Signed-off-by: Jens Axboe -
In dlm_migrate_lockres(), we check upfront whether the lockres is a
candidate for migration. This patch encapsulates that code in a separate
function so that dlm_empty_lockres() can also use it during umount. This
patch addresses the umount process spinning problem.Signed-off-by: Sunil Mushran
Signed-off-by: Mark Fasheh -
During umount, the umount thread migrates the lockres' and the dlm_thread
frees the empty lockres'. Due to a race, the reference counting on the
lockres goes awry leading to extra puts.Signed-off-by: Sunil Mushran
Signed-off-by: Mark Fasheh -
This patch makes te needlessly global struct v9fs_cached_file_operations
static.Signed-off-by: Adrian Bunk
Signed-off-by: Eric Van Hensbergen
24 Mar, 2007
2 commits
-
A little mistake in 8a2bfdcbfa441d8b0e5cb9c9a7f45f77f80da465 is making all
transactions synchronous, which reduces ext3 performance to comical levels.Cc: Mingming Cao
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Fix the /proc/pid/stat representation of executable boundaries. It should
show the bounds of the executable, but instead shows the bounds of the
loader.Before the patch is applied, the bug can be seen by examining, say, inetd:
# ps | grep inetd
610 root 0 S /usr/sbin/inetd -i
# cat /proc/610/maps
c0bb0000-c0bba788 r-xs 00000000 00:0b 14582157 /lib/ld-uClibc-0.9.28.so
c3180000-c31dede4 r-xs 00000000 00:0b 14582179 /lib/libuClibc-0.9.28.so
c328c000-c328ea00 rw-p 00008000 00:0b 14582157 /lib/ld-uClibc-0.9.28.so
c3290000-c329b6c0 rw-p 00000000 00:00 0
c32a0000-c32c0000 rwxp 00000000 00:00 0
c32d4000-c32d8000 rw-p 00000000 00:00 0
c3394000-c3398000 rw-p 00000000 00:00 0
c3458000-c345f464 r-xs 00000000 00:0b 16384612 /usr/sbin/inetd
c3470000-c34748f8 rw-p 00004000 00:0b 16384612 /usr/sbin/inetd
c34cc000-c34d0000 rw-p 00000000 00:00 0
c34d4000-c34d8000 rw-p 00000000 00:00 0
c34d8000-c34dc000 rw-p 00000000 00:00 0
# cat /proc/610/stat
610 (inetd) S 1 610 610 0 -1 256 0 0 0 0 0 8 0 0 19 0 1 0 94392000718
950272 0 4294967295 3233480704 3233523592 3274440352 3274439976
3273467584 0 0 4096 90115 3221712796 0 0 17 0 0 0 0The code boundaries are 3233480704 to 3233523592, which are:
(gdb) p/x 3233480704
$1 = 0xc0bb0000
(gdb) p/x 3233523592
$2 = 0xc0bba788Which corresponds to this line in the maps file:
c0bb0000-c0bba788 r-xs 00000000 00:0b 14582157 /lib/ld-uClibc-0.9.28.so
Which is wrong. After the patch is applied, the maps file is pretty much
identical (there's some minor shuffling of the location of some of the
anonymous VMAs), but the stat file is now:# cat /proc/610/stat
610 (inetd) S 1 610 610 0 -1 256 0 0 0 0 0 7 0 0 18 0 1 0 94392000722
950272 0 4294967295 3276111872 3276141668 3274440352 3274439976
3273467584 0 0 4096 90115 3221712796 0 0 17 0 0 0 0The code boundaries are then 3276111872 to 3276141668, which are:
(gdb) p/x 3276111872
$1 = 0xc3458000
(gdb) p/x 3276141668
$2 = 0xc345f464And these correspond to this line in the maps file instead:
c3458000-c345f464 r-xs 00000000 00:0b 16384612 /usr/sbin/inetd
Which is now correct.
Signed-off-by: David Howells
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
