1. 26 Jan, 2007 14 commits
  2. 24 Jan, 2007 1 commit
  3. 23 Jan, 2007 3 commits
  4. 22 Jan, 2007 5 commits
  5. 21 Jan, 2007 2 commits
  6. 18 Jan, 2007 2 commits
  7. 13 Jan, 2007 1 commit
  8. 12 Jan, 2007 2 commits
    • David Chinner's avatar
      [PATCH] Revert bd_mount_mutex back to a semaphore · f73ca1b7
      David Chinner authored
      
      
      Revert bd_mount_mutex back to a semaphore so that xfs_freeze -f /mnt/newtest;
      xfs_freeze -u /mnt/newtest works safely and doesn't produce lockdep warnings.
      
      (XFS unlocks the semaphore from a different task, by design.  The mutex
      code warns about this)
      Signed-off-by: default avatarDave Chinner <dgc@sgi.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      f73ca1b7
    • Trond Myklebust's avatar
      [PATCH] NFS: Fix race in nfs_release_page() · e3db7691
      Trond Myklebust authored
      
      
          NFS: Fix race in nfs_release_page()
      
          invalidate_inode_pages2() may find the dirty bit has been set on a page
          owing to the fact that the page may still be mapped after it was locked.
          Only after the call to unmap_mapping_range() are we sure that the page
          can no longer be dirtied.
          In order to fix this, NFS has hooked the releasepage() method and tries
          to write the page out between the call to unmap_mapping_range() and the
          call to remove_mapping(). This, however leads to deadlocks in the page
          reclaim code, where the page may be locked without holding a reference
          to the inode or dentry.
      
          Fix is to add a new address_space_operation, launder_page(), which will
          attempt to write out a dirty page without releasing the page lock.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      
          Also, the bare SetPageDirty() can skew all sort of accounting leading to
          other nasties.
      
      [akpm@osdl.org: cleanup]
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      e3db7691
  9. 10 Jan, 2007 3 commits
  10. 06 Jan, 2007 4 commits
    • Linus Torvalds's avatar
      Revert "[PATCH] binfmt_elf: randomize PIE binaries (2nd try)" · 90cb28e8
      Linus Torvalds authored
      This reverts commit 59287c09
      
      .
      
      Hugh Dickins reports that it causes random failures on x86 with SuSE
      10.2, and points out
      
        "Isn't that randomization, anywhere from 0x10000 to ELF_ET_DYN_BASE,
         sure to place the ET_DYN from time to time just where the comment
         says it's trying to avoid? I assume that somehow results in the error
         reported."
      
      (where the comment in question is the existing comment in the source
      code about mmap/brk clashes).
      Suggested-by: default avatarHugh Dickins <hugh@veritas.com>
      Acked-by: default avatarMarcus Meissner <meissner@suse.de>
      Cc: Andrew Morton <akpm@osdl.org>
      Cc: Andi Kleen <ak@suse.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Dave Jones <davej@codemonkey.org.uk>
      Cc: Arjan van de Ven <arjan@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      90cb28e8
    • Evgeniy Dushistov's avatar
      [PATCH] fix garbage instead of zeroes in UFS · d63b7090
      Evgeniy Dushistov authored
      
      
      Looks like this is the problem, which point Al Viro some time ago:
      
      ufs's get_block callback allocates 16k of disk at a time, and links that
      entire 16k into the file's metadata.  But because get_block is called for only
      a single buffer_head (a 2k buffer_head in this case?) we are only able to tell
      the VFS that this 2k is buffer_new().
      
      So when ufs_getfrag_block() is later called to map some more data in the file,
      and when that data resides within the remaining 14k of this fragment,
      ufs_getfrag_block() will incorrectly return a !buffer_new() buffer_head.
      
      I don't see _right_ way to do nullification of whole block, if use inode
      page cache, some pages may be outside of inode limits (inode size), and
      will be lost; if use blockdev page cache it is possible to zero real data,
      if later inode page cache will be used.
      
      The simpliest way, as can I see usage of block device page cache, but not only
      mark dirty, but also sync it during "nullification".  I use my simple tests
      collection, which I used for check that create,open,write,read,close works on
      ufs, and I see that this patch makes ufs code 18% slower then before.
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      d63b7090
    • Eric Sandeen's avatar
      [PATCH] fix memory corruption from misinterpreted bad_inode_ops return values · be6aab0e
      Eric Sandeen authored
      
      
      CVE-2006-5753 is for a case where an inode can be marked bad, switching
      the ops to bad_inode_ops, which are all connected as:
      
      static int return_EIO(void)
      {
              return -EIO;
      }
      
      #define EIO_ERROR ((void *) (return_EIO))
      
      static struct inode_operations bad_inode_ops =
      {
              .create         = bad_inode_create
      ...etc...
      
      The problem here is that the void cast causes return types to not be
      promoted, and for ops such as listxattr which expect more than 32 bits of
      return value, the 32-bit -EIO is interpreted as a large positive 64-bit
      number, i.e. 0x00000000fffffffa instead of 0xfffffffa.
      
      This goes particularly badly when the return value is taken as a number of
      bytes to copy into, say, a user's buffer for example...
      
      I originally had coded up the fix by creating a return_EIO_<TYPE> macro
      for each return type, like this:
      
      static int return_EIO_int(void)
      {
      	return -EIO;
      }
      #define EIO_ERROR_INT ((void *) (return_EIO_int))
      
      static struct inode_operations bad_inode_ops =
      {
      	.create		= EIO_ERROR_INT,
      ...etc...
      
      but Al felt that it was probably better to create an EIO-returner for each
      actual op signature.  Since so few ops share a signature, I just went ahead
      & created an EIO function for each individual file & inode op that returns
      a value.
      Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      be6aab0e
    • James Bursa's avatar
      [PATCH] adfs: fix filename handling · 3223ea8c
      James Bursa authored
      
      
      Fix filenames on adfs discs being terminated at the first character greater
      than 128 (adfs filenames are Latin 1).  I saw this problem when using a
      loopback adfs image on a 2.6.17-rc5 x86_64 machine, and the patch fixed it
      there.
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      3223ea8c
  11. 02 Jan, 2007 1 commit
  12. 30 Dec, 2006 2 commits