]>
Commit | Line | Data |
---|---|---|
35846eb5 JR |
1 | ChangeSet@1.1136.1.75 2003-12-07 21:20:48-02:00 willy at debian.org |
2 | [PATCH] Remove broken file lock accounting | |
3 | ||
4 | On Mon, Jul 01, 2002 at 11:13:55PM +0100, Matthew Wilcox wrote: | |
5 | > The file lock accounting code is horribly broken (and I wrote it, I | |
6 | > should know). I think the best solution to 2.4 is simply to delete it, | |
7 | > at least for BSD-style flocks. | |
8 | > | |
9 | > Patch to follow. Note that 2.5 has the same issue, but I'll fix it | |
10 | > differently there. | |
11 | ||
12 | Here's the patch for 2.4: | |
13 | ||
14 | - --- linux-2.4.23/fs/locks.c.orig Tue Dec 9 00:11:23 2003 | |
15 | +++ linux-2.4.23/fs/locks.c Tue Dec 9 00:13:00 2003 | |
16 | @@ -135,15 +135,9 @@ | |
17 | static kmem_cache_t *filelock_cache; | |
18 | ||
19 | /* Allocate an empty lock structure. */ | |
20 | - -static struct file_lock *locks_alloc_lock(int account) | |
21 | +static struct file_lock *locks_alloc_lock(void) | |
22 | { | |
23 | - - struct file_lock *fl; | |
24 | - - if (account && current->locks >= current->rlim[RLIMIT_LOCKS].rlim_cur) | |
25 | - - return NULL; | |
26 | - - fl = kmem_cache_alloc(filelock_cache, SLAB_KERNEL); | |
27 | - - if (fl) | |
28 | - - current->locks++; | |
29 | - - return fl; | |
30 | + return kmem_cache_alloc(filelock_cache, SLAB_KERNEL); | |
31 | } | |
32 | ||
33 | /* Free a lock which is not in use. */ | |
34 | @@ -153,7 +147,6 @@ | |
35 | BUG(); | |
36 | return; | |
37 | } | |
38 | - - current->locks--; | |
39 | if (waitqueue_active(&fl->fl_wait)) | |
40 | panic("Attempting to free lock with active wait queue"); | |
41 | ||
42 | @@ -220,7 +213,7 @@ | |
43 | /* Fill in a file_lock structure with an appropriate FLOCK lock. */ | |
44 | static struct file_lock *flock_make_lock(struct file *filp, unsigned int type) | |
45 | { | |
46 | - - struct file_lock *fl = locks_alloc_lock(1); | |
47 | + struct file_lock *fl = locks_alloc_lock(); | |
48 | if (fl == NULL) | |
49 | return NULL; | |
50 | ||
51 | @@ -358,7 +351,7 @@ | |
52 | /* Allocate a file_lock initialised to this type of lease */ | |
53 | static int lease_alloc(struct file *filp, int type, struct file_lock **flp) | |
54 | { | |
55 | - - struct file_lock *fl = locks_alloc_lock(1); | |
56 | + struct file_lock *fl = locks_alloc_lock(); | |
57 | if (fl == NULL) | |
58 | return -ENOMEM; | |
59 | ||
60 | @@ -721,7 +714,7 @@ | |
61 | size_t count) | |
62 | { | |
63 | struct file_lock *fl; | |
64 | - - struct file_lock *new_fl = locks_alloc_lock(0); | |
65 | + struct file_lock *new_fl = locks_alloc_lock(); | |
66 | int error; | |
67 | ||
68 | if (new_fl == NULL) | |
69 | @@ -881,8 +874,8 @@ | |
70 | * We may need two file_lock structures for this operation, | |
71 | * so we get them in advance to avoid races. | |
72 | */ | |
73 | - - new_fl = locks_alloc_lock(0); | |
74 | - - new_fl2 = locks_alloc_lock(0); | |
75 | + new_fl = locks_alloc_lock(); | |
76 | + new_fl2 = locks_alloc_lock(); | |
77 | error = -ENOLCK; /* "no luck" */ | |
78 | if (!(new_fl && new_fl2)) | |
79 | goto out_nolock; | |
80 | @@ -1488,7 +1481,7 @@ | |
81 | int fcntl_setlk(unsigned int fd, unsigned int cmd, struct flock *l) | |
82 | { | |
83 | struct file *filp; | |
84 | - - struct file_lock *file_lock = locks_alloc_lock(0); | |
85 | + struct file_lock *file_lock = locks_alloc_lock(); | |
86 | struct flock flock; | |
87 | struct inode *inode; | |
88 | int error; | |
89 | @@ -1644,7 +1637,7 @@ | |
90 | int fcntl_setlk64(unsigned int fd, unsigned int cmd, struct flock64 *l) | |
91 | { | |
92 | struct file *filp; | |
93 | - - struct file_lock *file_lock = locks_alloc_lock(0); | |
94 | + struct file_lock *file_lock = locks_alloc_lock(); | |
95 | struct flock64 flock; | |
96 | struct inode *inode; | |
97 | int error; | |
98 | ChangeSet@1.1136.1.68 2003-12-06 16:25:16-02:00 wli at holomorphy.com | |
99 | [PATCH] Fixup smb_boot_cpus(): Fix HT detection bug | |
100 | ||
101 | On Wed, Dec 03, 2003 at 06:41:36PM -0500, Ethan Weinstein wrote: | |
102 | > Ok, setting CONFIG_NR_CPUS=8 does indeed solve the HT issue, looks like | |
103 | > it was the numbering scheme: | |
104 | ||
105 | Something like this might do the trick. NR_CPUS is already checked | |
106 | indirectly via max_cpus. | |
107 | ||
108 | ||
109 | - -- wli | |
110 | ||
111 | ||
112 | ||
113 | - --- linux-2.4.23/arch/i386/kernel/smpboot.c.orig Tue Dec 9 00:27:10 2003 | |
114 | +++ linux-2.4.23/arch/i386/kernel/smpboot.c Tue Dec 9 00:27:23 2003 | |
115 | @@ -1106,7 +1106,7 @@ | |
116 | */ | |
117 | Dprintk("CPU present map: %lx\n", phys_cpu_present_map); | |
118 | ||
119 | - - for (bit = 0; bit < NR_CPUS; bit++) { | |
120 | + for (bit = 0; bit < BITS_PER_LONG; bit++) { | |
121 | apicid = cpu_present_to_apicid(bit); | |
122 | ||
123 | /* don't try to boot BAD_APICID */ | |
124 | ChangeSet@1.1136.1.73 2003-12-07 15:10:38-02:00 mikulas at cuni.cz | |
125 | [PATCH] from -aa tree: Fix potential fsync() race condition | |
126 | ||
127 | > 00_ll_rw_block-sync-race-1 first appeared in 2.4.21pre4aa3 - 470 bytes | |
128 | > | |
129 | > Add lock_page in ll_rw_block to fix a fs race | |
130 | > condition. Fix suggested by Mikulas Patocka. | |
131 | ||
132 | Yes. You have two inodes placed in the same buffer. | |
133 | ||
134 | Process 1 modifies inode 1 and calls fsync on it. fsync initiates write of | |
135 | the block. ll_rw_block returns, write is in progress. | |
136 | ||
137 | Process 2 modifies inode 2 and calls fsync on it. Filesystem calls | |
138 | ll_rw_block write on the same buffer. ll_rw_block immediatelly returns, | |
139 | because it sees there is already IO on the buffer (there used to be | |
140 | something like if (buffer_locked(bh)) return;). Process 2 waits on buffer. | |
141 | ||
142 | The write finished. Both processes are waken up. Both processes return out | |
143 | of fsync function. Process 2 returns from fsync while it did not write its | |
144 | inode modification to disk --- it waited on process 1's write. | |
145 | ||
146 | ||
147 | - --- linux-2.4.23/drivers/block/ll_rw_blk.c~ Tue Dec 9 00:17:12 2003 | |
148 | +++ linux-2.4.23/drivers/block/ll_rw_blk.c Tue Dec 9 00:17:12 2003 | |
149 | @@ -1377,9 +1377,7 @@ | |
150 | for (i = 0; i < nr; i++) { | |
151 | struct buffer_head *bh = bhs[i]; | |
152 | ||
153 | - - /* Only one thread can actually submit the I/O. */ | |
154 | - - if (test_and_set_bit(BH_Lock, &bh->b_state)) | |
155 | - - continue; | |
156 | + lock_buffer(bh); | |
157 | ||
158 | /* We have the buffer lock */ | |
159 | atomic_inc(&bh->b_count); | |
160 | ChangeSet@1.1136.73.4 2003-12-02 12:02:00-02:00 neilb at unsw.edu.au | |
161 | [PATCH] Drop module count if lockd reclaimer thread failed to start. | |
162 | ||
163 | - --- linux-2.4.23/fs/lockd/clntlock.c~ Tue Dec 9 00:35:29 2003 | |
164 | +++ linux-2.4.23/fs/lockd/clntlock.c Tue Dec 9 00:35:29 2003 | |
165 | @@ -188,7 +188,8 @@ | |
166 | nlmclnt_prepare_reclaim(host, newstate); | |
167 | nlm_get_host(host); | |
168 | MOD_INC_USE_COUNT; | |
169 | - - kernel_thread(reclaimer, host, CLONE_SIGNAL); | |
170 | + if(kernel_thread(reclaimer, host, CLONE_SIGNAL) < 0) | |
171 | + MOD_DEC_USE_COUNT; | |
172 | } | |
173 | } | |
174 | ||
175 | ChangeSet@1.1136.1.65 2003-12-05 15:53:34-02:00 mikpe at se | |
176 | [PATCH] fix reboot/no_idt bug | |
177 | ||
178 | When compiling 2.4.23 with gcc-3.3.2, gcc generates the | |
179 | following warning for arch/i386/kernel/process.c: | |
180 | ||
181 | process.c: In function `machine_restart': | |
182 | process.c:427: warning: use of memory input without lvalue in asm operand 0 | |
183 | is deprecated | |
184 | ||
185 | The warning identifies a real bug. no_idt is passed to | |
186 | lidt with an "m" constraint, which requires an l-value. | |
187 | Since no_idt is faked as an array, gcc creates an anonymous | |
188 | variable pointing to no_idt and passes that to lidt(*), | |
189 | so at runtime lidt sees the wrong address. Not good. | |
190 | (The bug, while real, is unlikely to trigger since it | |
191 | sits in an infrequently used path in the reboot code.) | |
192 | ||
193 | The fix is to make no_idt a struct (and thus an l-lvalue) | |
194 | like the other gdt/idt descriptors. | |
195 | ||
196 | This patch is a backport of the fix Linus made for the | |
197 | same bug in 2.6.0-test4. | |
198 | ||
199 | [Andi: x86-64 appears to have the same bug] | |
200 | ||
201 | (*) Verified by inspection of the assembly code. | |
202 | ||
203 | /Mikael | |
204 | ||
205 | ||
206 | - --- linux-2.4.23/arch/i386/kernel/process.c.orig Tue Dec 9 00:29:52 2003 | |
207 | +++ linux-2.4.23/arch/i386/kernel/process.c Tue Dec 9 00:30:46 2003 | |
208 | @@ -153,7 +153,6 @@ | |
209 | ||
210 | __setup("idle=", idle_setup); | |
211 | ||
212 | - -static long no_idt[2]; | |
213 | static int reboot_mode; | |
214 | int reboot_thru_bios; | |
215 | ||
216 | @@ -224,7 +223,8 @@ | |
217 | unsigned long long * base __attribute__ ((packed)); | |
218 | } | |
219 | real_mode_gdt = { sizeof (real_mode_gdt_entries) - 1, real_mode_gdt_entries }, | |
220 | - -real_mode_idt = { 0x3ff, 0 }; | |
221 | +real_mode_idt = { 0x3ff, 0 }, | |
222 | +no_idt = { 0, 0 }; | |
223 | ||
224 | /* This is 16-bit protected mode code to disable paging and the cache, | |
225 | switch to real mode and jump to the BIOS reset code. | |
226 | ChangeSet@1.1136.78.2 2003-12-07 12:43:34-02:00 wli at holomorphy.com | |
227 | [PATCH] out_of_memory() locking | |
228 | ||
229 | On Sun, Nov 30, 2003 at 08:18:02AM -0800, William Lee Irwin III wrote: | |
230 | > (1) the timestamps/etc. weren't locked, and when cpus raced, it caused | |
231 | > false OOM kills | |
232 | > (2) the mm could go away while scanning the tasklist, causing the thing | |
233 | > to try to kill kernel threads | |
234 | > Here's a preliminary backport (please do _NOT_ apply until I or someone | |
235 | > tests it) for you to comment on. Basically, do you want (1) and (2) | |
236 | > split out, is the basic thing okay, etc.? | |
237 | ||
238 | out_of_memory()'s operational variables are not locked, and can be | |
239 | reset by multiple cpus simultaneously, causing false OOM kills. | |
240 | ||
241 | This patch adds an oom_lock to out_of_memory() to protect its operational | |
242 | variables. | |
243 | ||
244 | ||
245 | - -- wli | |
246 | ||
247 | ||
248 | ||
249 | - --- linux-2.4.23/mm/oom_kill.c.orig Tue Dec 9 00:20:47 2003 | |
250 | +++ linux-2.4.23/mm/oom_kill.c Tue Dec 9 00:24:20 2003 | |
251 | @@ -202,6 +202,11 @@ | |
252 | */ | |
253 | void out_of_memory(void) | |
254 | { | |
255 | + /* | |
256 | + * oom_lock protects out_of_memory()'s static variables. | |
257 | + * It's a global lock; this is not performance-critical. | |
258 | + */ | |
259 | + static spinlock_t oom_lock = SPIN_LOCK_UNLOCKED; | |
260 | static unsigned long first, last, count, lastkill; | |
261 | unsigned long now, since; | |
262 | ||
263 | @@ -211,6 +216,7 @@ | |
264 | if (nr_swap_pages > 0) | |
265 | return; | |
266 | ||
267 | + spin_lock(&oom_lock); | |
268 | now = jiffies; | |
269 | since = now - last; | |
270 | last = now; | |
271 | @@ -229,14 +235,14 @@ | |
272 | */ | |
273 | since = now - first; | |
274 | if (since < HZ) | |
275 | - - return; | |
276 | + goto out_unlock; | |
277 | ||
278 | /* | |
279 | * If we have gotten only a few failures, | |
280 | * we're not really oom. | |
281 | */ | |
282 | if (++count < 10) | |
283 | - - return; | |
284 | + goto out_unlock; | |
285 | ||
286 | /* | |
287 | * If we just killed a process, wait a while | |
288 | @@ -245,17 +251,25 @@ | |
289 | */ | |
290 | since = now - lastkill; | |
291 | if (since < HZ*5) | |
292 | - - return; | |
293 | + goto out_unlock; | |
294 | ||
295 | /* | |
296 | * Ok, really out of memory. Kill something. | |
297 | */ | |
298 | lastkill = now; | |
299 | + | |
300 | + /* oom_kill() can sleep */ | |
301 | + spin_unlock(&oom_lock); | |
302 | oom_kill(); | |
303 | + spin_lock(&oom_lock); | |
304 | ||
305 | reset: | |
306 | - - first = now; | |
307 | + if (first < now) | |
308 | + first = now; | |
309 | count = 0; | |
310 | + | |
311 | +out_unlock: | |
312 | + spin_unlock(&oom_lock); | |
313 | } | |
314 | ||
315 | #endif /* Unused file */ | |
316 | ChangeSet@1.1136.1.61 2003-12-01 12:43:59-07:00 davidm at com[helgaas] | |
317 | ||
318 | ia64: Fix a bug in sigtramp() which corrupted ar.rnat when unwinding | |
319 | across a signal trampoline (in user space). Reported by | |
320 | Laurent Morichetti. | |
321 | ||
322 | arch/ia64/kernel/gate.S@1.11 2003-12-01 05:43:29-07:00 davidm at com[helgaas] | |
323 | ||
324 | (__kernel_sigtramp): Replace usage of p8 with p1. We must use a preserved | |
325 | predicate for the .spillsp.p directive, otherwise, the predicate | |
326 | may have been clobbered by the time the unwinder looks at it. | |
327 | Fortunately, we can just use p1 because the entire pr register | |
328 | is already saved/restored by the kernel. | |
329 | ||
330 | ||
331 | - --- linux-2.4.23/arch/ia64/kernel/gate.S~ Tue Dec 9 00:46:11 2003 | |
332 | +++ linux-2.4.23/arch/ia64/kernel/gate.S Tue Dec 9 00:46:11 2003 | |
333 | @@ -88,10 +88,10 @@ | |
334 | ld8 r15=[base1] // get address of new RBS base (or NULL) | |
335 | cover // push args in interrupted frame onto backing store | |
336 | ;; | |
337 | - - cmp.ne p8,p0=r15,r0 // do we need to switch the rbs? | |
338 | + cmp.ne p1,p0=r15,r0 // do we need to switch rbs? (note: pr is saved by kernel) | |
339 | mov.m r9=ar.bsp // fetch ar.bsp | |
340 | - - .spillsp.p p8, ar.rnat, RNAT_OFF+SIGCONTEXT_OFF | |
341 | - -(p8) br.cond.spnt setup_rbs // yup -> (clobbers r14, r15, and r16) | |
342 | + .spillsp.p p1, ar.rnat, RNAT_OFF+SIGCONTEXT_OFF | |
343 | +(p1) br.cond.spnt setup_rbs // yup -> (clobbers p8, r14, r15, and r16) | |
344 | back_from_setup_rbs: | |
345 | alloc r8=ar.pfs,0,0,3,0 | |
346 | ld8 out0=[base0],16 // load arg0 (signum) | |
347 | @@ -130,8 +130,8 @@ | |
348 | ld8 r15=[base0],(CFM_OFF-BSP_OFF) // fetch sc_ar_bsp and advance to CFM_OFF | |
349 | mov r14=ar.bsp | |
350 | ;; | |
351 | - - cmp.ne p8,p0=r14,r15 // do we need to restore the rbs? | |
352 | - -(p8) br.cond.spnt restore_rbs // yup -> (clobbers r14-r18, f6 & f7) | |
353 | + cmp.ne p1,p0=r14,r15 // do we need to restore the rbs? | |
354 | +(p1) br.cond.spnt restore_rbs // yup -> (clobbers p8, r14-r18, f6 & f7) | |
355 | ;; | |
356 | back_from_restore_rbs: | |
357 | adds base0=(FR6_OFF+SIGCONTEXT_OFF),sp | |
358 | ChangeSet@1.1136.73.2 2003-12-02 11:58:06-02:00 neilb at unsw.edu.au | |
359 | [PATCH] Make root a special case for per-user process limits. | |
360 | ||
361 | This is needed because when a setuid-root program calls | |
362 | setuid(0) to become really-root, p->user becomes root_user, | |
363 | but ->rlim stays as the original user's limit, and now | |
364 | the process cannot fork - becuase root has more processes than | |
365 | the original user had. | |
366 | ||
367 | The real problem is that NPROC is not really a per-process limit, | |
368 | but its a per-user limit, and including it with the rlim structure | |
369 | was not a good idea :-( | |
370 | ||
371 | This fix is already in 2.6 | |
372 | ||
373 | ||
374 | - --- linux-2.4.23/kernel/fork.c.orig Tue Dec 9 00:38:16 2003 | |
375 | +++ linux-2.4.23/kernel/fork.c Tue Dec 9 00:38:59 2003 | |
376 | @@ -669,6 +669,7 @@ | |
377 | * than the amount of processes root is running. -- Rik | |
378 | */ | |
379 | if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur | |
380 | + && p->user != &root_user | |
381 | && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) | |
382 | goto bad_fork_free; | |
383 | ||
384 | As per http://lkml.org/lkml/2003/12/1/150 | |
385 | ||
386 | diff -urN --exclude=CVS --exclude=.cvsignore linux-2.4.23/include/linux/mc146818rtc.h linux-cvs-2.4.23/include/linux/mc146818rtc.h | |
387 | - --- linux-2.4.23/include/linux/mc146818rtc.h 2001-11-22 20:46:58.000000000 +0100 | |
388 | +++ linux-cvs-2.4.23/include/linux/mc146818rtc.h 2003-11-28 15:09:41.000000000 +0100 | |
389 | @@ -98,4 +98,12 @@ | |
390 | #define BIN_TO_BCD(val) ((val)=(((val)/10)<<4) + (val)%10) | |
391 | #endif | |
392 | ||
393 | +#ifndef RTC_IO_EXTENT | |
394 | +#define RTC_IO_EXTENT 0x10 /* Only really two ports, but... */ | |
395 | +#endif | |
396 | + | |
397 | +#ifndef RTC_IOMAPPED | |
398 | +#define RTC_IOMAPPED 1 /* Default to I/O mapping. */ | |
399 | +#endif | |
400 | + | |
401 | #endif /* _MC146818RTC_H */ | |
402 | - From linux-kernel@vger.kernel.org Thu Dec 18 21:50:26 2003 | |
403 | Date: Tue, 16 Dec 2003 15:59:16 +0000 | |
404 | From: Linux Kernel Mailing List <linux-kernel@vger.kernel.org> | |
405 | To: bk-commits-24@vger.kernel.org | |
406 | Subject: [PATCH] duplicate PID fix | |
407 | ||
408 | ChangeSet 1.1302, 2003/12/16 13:59:16-02:00, t-kochi@bq.jp.nec.com | |
409 | ||
410 | [PATCH] duplicate PID fix | |
411 | ||
412 | Hello Marcelo, | |
413 | ||
414 | This fix was sent to lkml in April, and was merged to -ac tree, | |
415 | but is not merged in the main tree yet. | |
416 | Please consider taking this in. | |
417 | ||
418 | Without this, duplicate pids can be allocated, which will make | |
419 | one of them unkillable (signals are deliverd to only one of them), | |
420 | and this can be exploitable (I don't know for sure, but maybe, | |
421 | like brk() ;) | |
422 | ||
423 | This situation happens only when all pid space is full. | |
424 | Usually, users cannot fork processes more than 32768 (PID_MAX), | |
425 | but default user limit of max processes can be more | |
426 | than PID_MAX on large memory machines such as 64bit | |
427 | platforms (although it's adjustable by threads-max sysctl). | |
428 | ||
429 | This patch modifies common code and affects all architectures, | |
430 | but modifies code only executed when no pid is available, | |
431 | so it doesn't hurt any normal path anyway. | |
432 | ||
433 | (BTW, once I sent this patch to Rusty's Trivial patch monkey, | |
434 | but his reply was non-trivial, and he also said this is | |
435 | scary ;) | |
436 | ||
437 | The details are described below: | |
438 | ||
439 | In get_pid(), an available pid is searched through all task_structs | |
440 | even when there is no available pid. If a new pid is not available, | |
441 | the kernel exits the loop with static variable 'next_safe' untouched, | |
442 | which usually is no problem. | |
443 | ||
444 | ||
445 | spin_lock(&lastpid_lock); | |
446 | beginpid = last_pid; | |
447 | if((++last_pid) & 0xffff8000) { | |
448 | last_pid = 300; /* Skip daemons etc. */ | |
449 | goto inside; | |
450 | } | |
451 | if(last_pid >= next_safe) { | |
452 | inside: | |
453 | next_safe = PID_MAX; | |
454 | read_lock(&tasklist_lock); | |
455 | repeat: | |
456 | for_each_task(p) { | |
457 | if(p->pid == last_pid || | |
458 | p->pgrp == last_pid || | |
459 | p->tgid == last_pid || | |
460 | p->session == last_pid) { <= (A) | |
461 | if(++last_pid >= next_safe) { <= (B) | |
462 | if(last_pid & 0xffff8000) | |
463 | last_pid = 300; | |
464 | next_safe = PID_MAX; | |
465 | } | |
466 | if(unlikely(last_pid == beginpid)) <= (C) | |
467 | goto nomorepids; | |
468 | goto repeat; | |
469 | } | |
470 | if(p->pid > last_pid && next_safe > p->pid) | |
471 | next_safe = p->pid; | |
472 | if(p->pgrp > last_pid && next_safe > p->pgrp) | |
473 | next_safe = p->pgrp; | |
474 | if(p->tgid > last_pid && next_safe > p->tgid) | |
475 | next_safe = p->tgid; | |
476 | if(p->session > last_pid && next_safe > p->session) | |
477 | next_safe = p->session; | |
478 | } | |
479 | ||
480 | ||
481 | In a rare case, both (B) and (C) can be true and then, next_safe | |
482 | will remain PID_MAX (32768). If that happens, following get_pid() will | |
483 | always succeed until last_pid reaches 32768 and there may be many | |
484 | duplicate pids. | |
485 | ||
486 | For example, this happens when | |
487 | ||
488 | * PID space are full (300-32767 are all occupied) | |
489 | * the last pid allocated is 10000 | |
490 | * task list chain is like: | |
491 | ...(pids < 9999), 9999, ...(pids 300~9998, 10001~32767)... , 10000 | |
492 | ||
493 | The loop starts searching an available pid with beginpid=10000 and | |
494 | last_pid=10001. last_pid is incremented until it gets PID_MAX | |
495 | and then wraps around to 300, then is incremented again. | |
496 | ||
497 | At the point that p->pid=9999 is found in tasklist (condition (A)), | |
498 | ||
499 | last_pid = 9999 | |
500 | next_safe <= 9998 | |
501 | ||
502 | therefore condition (B) is true, and then | |
503 | ||
504 | last_pid = 10000 | |
505 | next_safe = PID_MAX | |
506 | ||
507 | and then, condition (C) is also true, and exits the loop. | |
508 | ||
509 | To protect this case is simple; when the condition (C) is true, | |
510 | set next_safe to 0 or any safe value to guarantee that a free pid | |
511 | will be searched through next time. | |
512 | ||
513 | Thanks, | |
514 | ||
515 | ||
516 | # This patch includes the following deltas: | |
517 | # ChangeSet 1.1301 -> 1.1302 | |
518 | # kernel/fork.c 1.31 -> 1.32 | |
519 | # | |
520 | ||
521 | fork.c | 4 +++- | |
522 | 1 files changed, 3 insertions(+), 1 deletion(-) | |
523 | ||
524 | ||
525 | diff -Nru a/kernel/fork.c b/kernel/fork.c | |
526 | - --- a/kernel/fork.c Tue Dec 16 09:02:43 2003 | |
527 | +++ b/kernel/fork.c Tue Dec 16 09:02:43 2003 | |
528 | @@ -114,8 +114,10 @@ | |
529 | last_pid = 300; | |
530 | next_safe = PID_MAX; | |
531 | } | |
532 | - - if(unlikely(last_pid == beginpid)) | |
533 | + if(unlikely(last_pid == beginpid)) { | |
534 | + next_safe = 0; | |
535 | goto nomorepids; | |
536 | + } | |
537 | goto repeat; | |
538 | } | |
539 | if(p->pid > last_pid && next_safe > p->pid) | |
540 | - - | |
541 | To unsubscribe from this list: send the line "unsubscribe bk-commits-24" in | |
542 | the body of a message to majordomo@vger.kernel.org | |
543 | More majordomo info at http://vger.kernel.org/majordomo-info.html | |
544 | - From linux-kernel@vger.kernel.org Thu Dec 18 21:43:15 2003 | |
545 | Date: Mon, 15 Dec 2003 04:44:43 +0000 | |
546 | From: Linux Kernel Mailing List <linux-kernel@vger.kernel.org> | |
547 | To: bk-commits-24@vger.kernel.org | |
548 | Subject: [PPC64] Fix save_flags/restore_flags on iSeries. | |
549 | ||
550 | ChangeSet 1.1270.3.9, 2003/12/15 15:44:43+11:00, engebret@us.ibm.com | |
551 | ||
552 | [PPC64] Fix save_flags/restore_flags on iSeries. | |
553 | ||
554 | ||
555 | # This patch includes the following deltas: | |
556 | # ChangeSet 1.1270.3.8 -> 1.1270.3.9 | |
557 | # arch/ppc64/kernel/misc.S 1.8 -> 1.9 | |
558 | # | |
559 | ||
560 | misc.S | 14 +++++++------- | |
561 | 1 files changed, 7 insertions(+), 7 deletions(-) | |
562 | ||
563 | ||
564 | diff -Nru a/arch/ppc64/kernel/misc.S b/arch/ppc64/kernel/misc.S | |
565 | - --- a/arch/ppc64/kernel/misc.S Mon Dec 15 07:03:59 2003 | |
566 | +++ b/arch/ppc64/kernel/misc.S Mon Dec 15 07:03:59 2003 | |
567 | @@ -69,16 +69,14 @@ | |
568 | _GLOBAL(__no_use_save_flags) | |
569 | mfspr r4,SPRG3 | |
570 | lbz r3,PACAPROCENABLED(r4) | |
571 | + /* shift into position of MSR.EE */ | |
572 | + sldi r3,r3,15 | |
573 | blr | |
574 | ||
575 | - -/* void __no_use_restore_flags(unsigned long flags) */ | |
576 | +/* void __no_use_restore_flags(unsigned long flags) */ | |
577 | _GLOBAL(__no_use_restore_flags) | |
578 | - -/* | |
579 | - - * Just set/clear the MSR_EE bit through restore/flags but do not | |
580 | - - * change anything else. This is needed by the RT system and makes | |
581 | - - * sense anyway. | |
582 | - - * -- Cort | |
583 | - - */ | |
584 | + /* shift from position of MSR.EE */ | |
585 | + srdi r3,r3,15 | |
586 | mfspr r6,SPRG3 | |
587 | lbz r5,PACAPROCENABLED(r6) | |
588 | /* Check if things are setup the way we want _already_. */ | |
589 | @@ -104,6 +102,8 @@ | |
590 | lbz r3,PACAPROCENABLED(r5) | |
591 | li r4,0 | |
592 | stb r4,PACAPROCENABLED(r5) | |
593 | + /* shift into position of MSR.EE */ | |
594 | + sldi r3,r3,15 | |
595 | blr /* Done */ | |
596 | ||
597 | _GLOBAL(__no_use_sti) | |
598 | - - | |
599 | To unsubscribe from this list: send the line "unsubscribe bk-commits-24" in | |
600 | the body of a message to majordomo@vger.kernel.org | |
601 | More majordomo info at http://vger.kernel.org/majordomo-info.html | |
602 | - From linux-kernel@vger.kernel.org Thu Dec 18 21:41:34 2003 | |
603 | Date: Fri, 12 Dec 2003 20:18:04 +0000 | |
604 | From: Linux Kernel Mailing List <linux-kernel@vger.kernel.org> | |
605 | To: bk-commits-24@vger.kernel.org | |
606 | Subject: [PATCH] USB: MCT-U232 Patch for cts | |
607 | ||
608 | ChangeSet 1.1289, 2003/12/12 12:18:04-08:00, marr@flex.com | |
609 | ||
610 | [PATCH] USB: MCT-U232 Patch for cts | |
611 | ||
612 | Brief Patch Description: | |
613 | ||
614 | Fix a problem in the 'mct_u232' driver whereby output data gets held up in the | |
615 | USB/RS-232 adapter for RS-232 devices which don't assert the 'CTS' signal. | |
616 | ||
617 | Background: | |
618 | ||
619 | The Belkin F5U109 is a 9-pin USB/RS-232 adapter that is supported by the | |
620 |