]>
Commit | Line | Data |
---|---|---|
f821c753 AM |
1 | ChangeSet@1.1136.1.75 2003-12-07 21:20:48-02:00 willy at debian.org |
2 | [PATCH] Remove broken file lock accounting | |
3 | ||
4 | On Mon, Jul 01, 2002 at 11:13:55PM +0100, Matthew Wilcox wrote: | |
5 | > The file lock accounting code is horribly broken (and I wrote it, I | |
6 | > should know). I think the best solution to 2.4 is simply to delete it, | |
7 | > at least for BSD-style flocks. | |
8 | > | |
9 | > Patch to follow. Note that 2.5 has the same issue, but I'll fix it | |
10 | > differently there. | |
11 | ||
12 | Here's the patch for 2.4: | |
13 | ||
40ef8592 | 14 | - --- linux-2.4.23/fs/locks.c.orig Tue Dec 9 00:11:23 2003 |
f821c753 AM |
15 | +++ linux-2.4.23/fs/locks.c Tue Dec 9 00:13:00 2003 |
16 | @@ -135,15 +135,9 @@ | |
17 | static kmem_cache_t *filelock_cache; | |
18 | ||
19 | /* Allocate an empty lock structure. */ | |
40ef8592 | 20 | - -static struct file_lock *locks_alloc_lock(int account) |
f821c753 AM |
21 | +static struct file_lock *locks_alloc_lock(void) |
22 | { | |
40ef8592 AM |
23 | - - struct file_lock *fl; |
24 | - - if (account && current->locks >= current->rlim[RLIMIT_LOCKS].rlim_cur) | |
25 | - - return NULL; | |
26 | - - fl = kmem_cache_alloc(filelock_cache, SLAB_KERNEL); | |
27 | - - if (fl) | |
28 | - - current->locks++; | |
29 | - - return fl; | |
f821c753 AM |
30 | + return kmem_cache_alloc(filelock_cache, SLAB_KERNEL); |
31 | } | |
32 | ||
33 | /* Free a lock which is not in use. */ | |
34 | @@ -153,7 +147,6 @@ | |
35 | BUG(); | |
36 | return; | |
37 | } | |
40ef8592 | 38 | - - current->locks--; |
f821c753 AM |
39 | if (waitqueue_active(&fl->fl_wait)) |
40 | panic("Attempting to free lock with active wait queue"); | |
41 | ||
42 | @@ -220,7 +213,7 @@ | |
43 | /* Fill in a file_lock structure with an appropriate FLOCK lock. */ | |
44 | static struct file_lock *flock_make_lock(struct file *filp, unsigned int type) | |
45 | { | |
40ef8592 | 46 | - - struct file_lock *fl = locks_alloc_lock(1); |
f821c753 AM |
47 | + struct file_lock *fl = locks_alloc_lock(); |
48 | if (fl == NULL) | |
49 | return NULL; | |
50 | ||
51 | @@ -358,7 +351,7 @@ | |
52 | /* Allocate a file_lock initialised to this type of lease */ | |
53 | static int lease_alloc(struct file *filp, int type, struct file_lock **flp) | |
54 | { | |
40ef8592 | 55 | - - struct file_lock *fl = locks_alloc_lock(1); |
f821c753 AM |
56 | + struct file_lock *fl = locks_alloc_lock(); |
57 | if (fl == NULL) | |
58 | return -ENOMEM; | |
59 | ||
60 | @@ -721,7 +714,7 @@ | |
61 | size_t count) | |
62 | { | |
63 | struct file_lock *fl; | |
40ef8592 | 64 | - - struct file_lock *new_fl = locks_alloc_lock(0); |
f821c753 AM |
65 | + struct file_lock *new_fl = locks_alloc_lock(); |
66 | int error; | |
67 | ||
68 | if (new_fl == NULL) | |
69 | @@ -881,8 +874,8 @@ | |
70 | * We may need two file_lock structures for this operation, | |
71 | * so we get them in advance to avoid races. | |
72 | */ | |
40ef8592 AM |
73 | - - new_fl = locks_alloc_lock(0); |
74 | - - new_fl2 = locks_alloc_lock(0); | |
f821c753 AM |
75 | + new_fl = locks_alloc_lock(); |
76 | + new_fl2 = locks_alloc_lock(); | |
77 | error = -ENOLCK; /* "no luck" */ | |
78 | if (!(new_fl && new_fl2)) | |
79 | goto out_nolock; | |
80 | @@ -1488,7 +1481,7 @@ | |
81 | int fcntl_setlk(unsigned int fd, unsigned int cmd, struct flock *l) | |
82 | { | |
83 | struct file *filp; | |
40ef8592 | 84 | - - struct file_lock *file_lock = locks_alloc_lock(0); |
f821c753 AM |
85 | + struct file_lock *file_lock = locks_alloc_lock(); |
86 | struct flock flock; | |
87 | struct inode *inode; | |
88 | int error; | |
89 | @@ -1644,7 +1637,7 @@ | |
90 | int fcntl_setlk64(unsigned int fd, unsigned int cmd, struct flock64 *l) | |
91 | { | |
92 | struct file *filp; | |
40ef8592 | 93 | - - struct file_lock *file_lock = locks_alloc_lock(0); |
f821c753 AM |
94 | + struct file_lock *file_lock = locks_alloc_lock(); |
95 | struct flock64 flock; | |
96 | struct inode *inode; | |
97 | int error; | |
98 | ChangeSet@1.1136.1.68 2003-12-06 16:25:16-02:00 wli at holomorphy.com | |
99 | [PATCH] Fixup smb_boot_cpus(): Fix HT detection bug | |
100 | ||
101 | On Wed, Dec 03, 2003 at 06:41:36PM -0500, Ethan Weinstein wrote: | |
102 | > Ok, setting CONFIG_NR_CPUS=8 does indeed solve the HT issue, looks like | |
103 | > it was the numbering scheme: | |
104 | ||
105 | Something like this might do the trick. NR_CPUS is already checked | |
106 | indirectly via max_cpus. | |
107 | ||
108 | ||
40ef8592 | 109 | - -- wli |
f821c753 AM |
110 | |
111 | ||
112 | ||
40ef8592 | 113 | - --- linux-2.4.23/arch/i386/kernel/smpboot.c.orig Tue Dec 9 00:27:10 2003 |
f821c753 AM |
114 | +++ linux-2.4.23/arch/i386/kernel/smpboot.c Tue Dec 9 00:27:23 2003 |
115 | @@ -1106,7 +1106,7 @@ | |
116 | */ | |
117 | Dprintk("CPU present map: %lx\n", phys_cpu_present_map); | |
118 | ||
40ef8592 | 119 | - - for (bit = 0; bit < NR_CPUS; bit++) { |
f821c753 AM |
120 | + for (bit = 0; bit < BITS_PER_LONG; bit++) { |
121 | apicid = cpu_present_to_apicid(bit); | |
122 | ||
123 | /* don't try to boot BAD_APICID */ | |
40ef8592 AM |
124 | Patch originally in 2.6 from Rusty but updated in bk by marcello for |
125 | ChangeSet@1.1136.71.52 2003-12-04 10:32:56-08:00 laforge@netfilter.org | |
126 | ||
127 | Marcelo> Please try the updated 2.4 BK tree (you can use -bk5, | |
128 | Marcelo> http://www.kernel.org/pub/linux/kernel/v2.4/snapshots/patch-2.4.23-bk5.bz2). | |
129 | ||
130 | Marcelo> It contains a fix for a known bug in the netfilter which | |
131 | Marcelo> might what you're hitting. | |
132 | ||
133 | - --- linux-2.4.23/net/ipv4/netfilter/ip_fw_compat_masq.c.orig Tue Dec 9 00:01:18 2003 | |
134 | +++ linux-2.4.23/net/ipv4/netfilter/ip_fw_compat_masq.c Tue Dec 9 00:01:27 2003 | |
135 | @@ -91,9 +91,6 @@ | |
136 | WRITE_UNLOCK(&ip_nat_lock); | |
137 | return ret; | |
138 | } | |
139 | - - | |
140 | - - place_in_hashes(ct, info); | |
141 | - - info->initialized = 1; | |
142 | } else | |
143 | DEBUGP("Masquerading already done on this conn.\n"); | |
144 | WRITE_UNLOCK(&ip_nat_lock); | |
f821c753 AM |
145 | ChangeSet@1.1136.1.73 2003-12-07 15:10:38-02:00 mikulas at cuni.cz |
146 | [PATCH] from -aa tree: Fix potential fsync() race condition | |
147 | ||
148 | > 00_ll_rw_block-sync-race-1 first appeared in 2.4.21pre4aa3 - 470 bytes | |
149 | > | |
150 | > Add lock_page in ll_rw_block to fix a fs race | |
151 | > condition. Fix suggested by Mikulas Patocka. | |
152 | ||
153 | Yes. You have two inodes placed in the same buffer. | |
154 | ||
155 | Process 1 modifies inode 1 and calls fsync on it. fsync initiates write of | |
156 | the block. ll_rw_block returns, write is in progress. | |
157 | ||
158 | Process 2 modifies inode 2 and calls fsync on it. Filesystem calls | |
159 | ll_rw_block write on the same buffer. ll_rw_block immediatelly returns, | |
160 | because it sees there is already IO on the buffer (there used to be | |
161 | something like if (buffer_locked(bh)) return;). Process 2 waits on buffer. | |
162 | ||
163 | The write finished. Both processes are waken up. Both processes return out | |
164 | of fsync function. Process 2 returns from fsync while it did not write its | |
165 | inode modification to disk --- it waited on process 1's write. | |
166 | ||
167 | ||
40ef8592 | 168 | - --- linux-2.4.23/drivers/block/ll_rw_blk.c~ Tue Dec 9 00:17:12 2003 |
f821c753 AM |
169 | +++ linux-2.4.23/drivers/block/ll_rw_blk.c Tue Dec 9 00:17:12 2003 |
170 | @@ -1377,9 +1377,7 @@ | |
171 | for (i = 0; i < nr; i++) { | |
172 | struct buffer_head *bh = bhs[i]; | |
173 | ||
40ef8592 AM |
174 | - - /* Only one thread can actually submit the I/O. */ |
175 | - - if (test_and_set_bit(BH_Lock, &bh->b_state)) | |
176 | - - continue; | |
f821c753 AM |
177 | + lock_buffer(bh); |
178 | ||
179 | /* We have the buffer lock */ | |
180 | atomic_inc(&bh->b_count); | |
181 | ChangeSet@1.1136.73.4 2003-12-02 12:02:00-02:00 neilb at unsw.edu.au | |
182 | [PATCH] Drop module count if lockd reclaimer thread failed to start. | |
183 | ||
40ef8592 | 184 | - --- linux-2.4.23/fs/lockd/clntlock.c~ Tue Dec 9 00:35:29 2003 |
f821c753 AM |
185 | +++ linux-2.4.23/fs/lockd/clntlock.c Tue Dec 9 00:35:29 2003 |
186 | @@ -188,7 +188,8 @@ | |
187 | nlmclnt_prepare_reclaim(host, newstate); | |
188 | nlm_get_host(host); | |
189 | MOD_INC_USE_COUNT; | |
40ef8592 | 190 | - - kernel_thread(reclaimer, host, CLONE_SIGNAL); |
f821c753 AM |
191 | + if(kernel_thread(reclaimer, host, CLONE_SIGNAL) < 0) |
192 | + MOD_DEC_USE_COUNT; | |
193 | } | |
194 | } | |
195 | ||
196 | ChangeSet@1.1136.1.65 2003-12-05 15:53:34-02:00 mikpe at se | |
197 | [PATCH] fix reboot/no_idt bug | |
198 | ||
199 | When compiling 2.4.23 with gcc-3.3.2, gcc generates the | |
200 | following warning for arch/i386/kernel/process.c: | |
201 | ||
202 | process.c: In function `machine_restart': | |
203 | process.c:427: warning: use of memory input without lvalue in asm operand 0 | |
204 | is deprecated | |
205 | ||
206 | The warning identifies a real bug. no_idt is passed to | |
207 | lidt with an "m" constraint, which requires an l-value. | |
208 | Since no_idt is faked as an array, gcc creates an anonymous | |
209 | variable pointing to no_idt and passes that to lidt(*), | |
210 | so at runtime lidt sees the wrong address. Not good. | |
211 | (The bug, while real, is unlikely to trigger since it | |
212 | sits in an infrequently used path in the reboot code.) | |
213 | ||
214 | The fix is to make no_idt a struct (and thus an l-lvalue) | |
215 | like the other gdt/idt descriptors. | |
216 | ||
217 | This patch is a backport of the fix Linus made for the | |
218 | same bug in 2.6.0-test4. | |
219 | ||
220 | [Andi: x86-64 appears to have the same bug] | |
221 | ||
222 | (*) Verified by inspection of the assembly code. | |
223 | ||
224 | /Mikael | |
225 | ||
226 | ||
40ef8592 | 227 | - --- linux-2.4.23/arch/i386/kernel/process.c.orig Tue Dec 9 00:29:52 2003 |
f821c753 AM |
228 | +++ linux-2.4.23/arch/i386/kernel/process.c Tue Dec 9 00:30:46 2003 |
229 | @@ -153,7 +153,6 @@ | |
230 | ||
231 | __setup("idle=", idle_setup); | |
232 | ||
40ef8592 | 233 | - -static long no_idt[2]; |
f821c753 AM |
234 | static int reboot_mode; |
235 | int reboot_thru_bios; | |
236 | ||
237 | @@ -224,7 +223,8 @@ | |
238 | unsigned long long * base __attribute__ ((packed)); | |
239 | } | |
240 | real_mode_gdt = { sizeof (real_mode_gdt_entries) - 1, real_mode_gdt_entries }, | |
40ef8592 | 241 | - -real_mode_idt = { 0x3ff, 0 }; |
f821c753 AM |
242 | +real_mode_idt = { 0x3ff, 0 }, |
243 | +no_idt = { 0, 0 }; | |
244 | ||
245 | /* This is 16-bit protected mode code to disable paging and the cache, | |
246 | switch to real mode and jump to the BIOS reset code. | |
247 | ChangeSet@1.1136.78.2 2003-12-07 12:43:34-02:00 wli at holomorphy.com | |
248 | [PATCH] out_of_memory() locking | |
249 | ||
250 | On Sun, Nov 30, 2003 at 08:18:02AM -0800, William Lee Irwin III wrote: | |
251 | > (1) the timestamps/etc. weren't locked, and when cpus raced, it caused | |
252 | > false OOM kills | |
253 | > (2) the mm could go away while scanning the tasklist, causing the thing | |
254 | > to try to kill kernel threads | |
255 | > Here's a preliminary backport (please do _NOT_ apply until I or someone | |
256 | > tests it) for you to comment on. Basically, do you want (1) and (2) | |
257 | > split out, is the basic thing okay, etc.? | |
258 | ||
259 | out_of_memory()'s operational variables are not locked, and can be | |
260 | reset by multiple cpus simultaneously, causing false OOM kills. | |
261 | ||
262 | This patch adds an oom_lock to out_of_memory() to protect its operational | |
263 | variables. | |
264 | ||
265 | ||
40ef8592 | 266 | - -- wli |
f821c753 AM |
267 | |
268 | ||
269 | ||
40ef8592 | 270 | - --- linux-2.4.23/mm/oom_kill.c.orig Tue Dec 9 00:20:47 2003 |
f821c753 AM |
271 | +++ linux-2.4.23/mm/oom_kill.c Tue Dec 9 00:24:20 2003 |
272 | @@ -202,6 +202,11 @@ | |
273 | */ | |
274 | void out_of_memory(void) | |
275 | { | |
276 | + /* | |
277 | + * oom_lock protects out_of_memory()'s static variables. | |
278 | + * It's a global lock; this is not performance-critical. | |
279 | + */ | |
280 | + static spinlock_t oom_lock = SPIN_LOCK_UNLOCKED; | |
281 | static unsigned long first, last, count, lastkill; | |
282 | unsigned long now, since; | |
283 | ||
284 | @@ -211,6 +216,7 @@ | |
285 | if (nr_swap_pages > 0) | |
286 | return; | |
287 | ||
288 | + spin_lock(&oom_lock); | |
289 | now = jiffies; | |
290 | since = now - last; | |
291 | last = now; | |
292 | @@ -229,14 +235,14 @@ | |
293 | */ | |
294 | since = now - first; | |
295 | if (since < HZ) | |
40ef8592 | 296 | - - return; |
f821c753 AM |
297 | + goto out_unlock; |
298 | ||
299 | /* | |
300 | * If we have gotten only a few failures, | |
301 | * we're not really oom. | |
302 | */ | |
303 | if (++count < 10) | |
40ef8592 | 304 | - - return; |
f821c753 AM |
305 | + goto out_unlock; |
306 | ||
307 | /* | |
308 | * If we just killed a process, wait a while | |
309 | @@ -245,17 +251,25 @@ | |
310 | */ | |
311 | since = now - lastkill; | |
312 | if (since < HZ*5) | |
40ef8592 | 313 | - - return; |
f821c753 AM |
314 | + goto out_unlock; |
315 | ||
316 | /* | |
317 | * Ok, really out of memory. Kill something. | |
318 | */ | |
319 | lastkill = now; | |
320 | + | |
321 | + /* oom_kill() can sleep */ | |
322 | + spin_unlock(&oom_lock); | |
323 | oom_kill(); | |
324 | + spin_lock(&oom_lock); | |
325 | ||
326 | reset: | |
40ef8592 | 327 | - - first = now; |
f821c753 AM |
328 | + if (first < now) |
329 | + first = now; | |
330 | count = 0; | |
331 | + | |
332 | +out_unlock: | |
333 | + spin_unlock(&oom_lock); | |
334 | } | |
335 | ||
336 | #endif /* Unused file */ | |
337 | ChangeSet@1.1136.1.61 2003-12-01 12:43:59-07:00 davidm at com[helgaas] | |
338 | ||
339 | ia64: Fix a bug in sigtramp() which corrupted ar.rnat when unwinding | |
340 | across a signal trampoline (in user space). Reported by | |
341 | Laurent Morichetti. | |
342 | ||
343 | arch/ia64/kernel/gate.S@1.11 2003-12-01 05:43:29-07:00 davidm at com[helgaas] | |
344 | ||
345 | (__kernel_sigtramp): Replace usage of p8 with p1. We must use a preserved | |
346 | predicate for the .spillsp.p directive, otherwise, the predicate | |
347 | may have been clobbered by the time the unwinder looks at it. | |
348 | Fortunately, we can just use p1 because the entire pr register | |
349 | is already saved/restored by the kernel. | |
350 | ||
351 | ||
40ef8592 | 352 | - --- linux-2.4.23/arch/ia64/kernel/gate.S~ Tue Dec 9 00:46:11 2003 |
f821c753 AM |
353 | +++ linux-2.4.23/arch/ia64/kernel/gate.S Tue Dec 9 00:46:11 2003 |
354 | @@ -88,10 +88,10 @@ | |
355 | ld8 r15=[base1] // get address of new RBS base (or NULL) | |
356 | cover // push args in interrupted frame onto backing store | |
357 | ;; | |
40ef8592 | 358 | - - cmp.ne p8,p0=r15,r0 // do we need to switch the rbs? |
f821c753 AM |
359 | + cmp.ne p1,p0=r15,r0 // do we need to switch rbs? (note: pr is saved by kernel) |
360 | mov.m r9=ar.bsp // fetch ar.bsp | |
40ef8592 AM |
361 | - - .spillsp.p p8, ar.rnat, RNAT_OFF+SIGCONTEXT_OFF |
362 | - -(p8) br.cond.spnt setup_rbs // yup -> (clobbers r14, r15, and r16) | |
f821c753 AM |
363 | + .spillsp.p p1, ar.rnat, RNAT_OFF+SIGCONTEXT_OFF |
364 | +(p1) br.cond.spnt setup_rbs // yup -> (clobbers p8, r14, r15, and r16) | |
365 | back_from_setup_rbs: | |
366 | alloc r8=ar.pfs,0,0,3,0 | |
367 | ld8 out0=[base0],16 // load arg0 (signum) | |
368 | @@ -130,8 +130,8 @@ | |
369 | ld8 r15=[base0],(CFM_OFF-BSP_OFF) // fetch sc_ar_bsp and advance to CFM_OFF | |
370 | mov r14=ar.bsp | |
371 | ;; | |
40ef8592 AM |
372 | - - cmp.ne p8,p0=r14,r15 // do we need to restore the rbs? |
373 | - -(p8) br.cond.spnt restore_rbs // yup -> (clobbers r14-r18, f6 & f7) | |
f821c753 AM |
374 | + cmp.ne p1,p0=r14,r15 // do we need to restore the rbs? |
375 | +(p1) br.cond.spnt restore_rbs // yup -> (clobbers p8, r14-r18, f6 & f7) | |
376 | ;; | |
377 | back_from_restore_rbs: | |
378 | adds base0=(FR6_OFF+SIGCONTEXT_OFF),sp | |
379 | ChangeSet@1.1136.73.2 2003-12-02 11:58:06-02:00 neilb at unsw.edu.au | |
380 | [PATCH] Make root a special case for per-user process limits. | |
381 | ||
382 | This is needed because when a setuid-root program calls | |
383 | setuid(0) to become really-root, p->user becomes root_user, | |
384 | but ->rlim stays as the original user's limit, and now | |
385 | the process cannot fork - becuase root has more processes than | |
386 | the original user had. | |
387 | ||
388 | The real problem is that NPROC is not really a per-process limit, | |
389 | but its a per-user limit, and including it with the rlim structure | |
390 | was not a good idea :-( | |
391 | ||
392 | This fix is already in 2.6 | |
393 | ||
394 | ||
40ef8592 | 395 | - --- linux-2.4.23/kernel/fork.c.orig Tue Dec 9 00:38:16 2003 |
f821c753 AM |
396 | +++ linux-2.4.23/kernel/fork.c Tue Dec 9 00:38:59 2003 |
397 | @@ -669,6 +669,7 @@ | |
398 | * than the amount of processes root is running. -- Rik | |
399 | */ | |
400 | if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur | |
401 | + && p->user != &root_user | |
402 | && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) | |
403 | goto bad_fork_free; | |
404 | ||
405 | As per http://lkml.org/lkml/2003/12/1/150 | |
406 | ||
407 | diff -urN --exclude=CVS --exclude=.cvsignore linux-2.4.23/include/linux/mc146818rtc.h linux-cvs-2.4.23/include/linux/mc146818rtc.h | |
40ef8592 | 408 | - --- linux-2.4.23/include/linux/mc146818rtc.h 2001-11-22 20:46:58.000000000 +0100 |
f821c753 AM |
409 | +++ linux-cvs-2.4.23/include/linux/mc146818rtc.h 2003-11-28 15:09:41.000000000 +0100 |
410 | @@ -98,4 +98,12 @@ | |
411 | #define BIN_TO_BCD(val) ((val)=(((val)/10)<<4) + (val)%10) | |
412 | #endif | |
413 | ||
414 | +#ifndef RTC_IO_EXTENT | |
415 | +#define RTC_IO_EXTENT 0x10 /* Only really two ports, but... */ | |
416 | +#endif | |
417 | + | |
418 | +#ifndef RTC_IOMAPPED | |
419 | +#define RTC_IOMAPPED 1 /* Default to I/O mapping. */ | |
420 | +#endif | |
421 | + | |
422 | #endif /* _MC146818RTC_H */ | |
40ef8592 AM |
423 | - From linux-kernel@vger.kernel.org Thu Dec 18 21:50:26 2003 |
424 | Date: Tue, 16 Dec 2003 15:59:16 +0000 | |
425 | From: Linux Kernel Mailing List <linux-kernel@vger.kernel.org> | |
426 | To: bk-commits-24@vger.kernel.org | |
427 | Subject: [PATCH] duplicate PID fix | |
428 | ||
429 | ChangeSet 1.1302, 2003/12/16 13:59:16-02:00, t-kochi@bq.jp.nec.com | |
430 | ||
431 | [PATCH] duplicate PID fix | |
432 | ||
433 | Hello Marcelo, | |
434 | ||
435 | This fix was sent to lkml in April, and was merged to -ac tree, | |
436 | but is not merged in the main tree yet. | |
437 | Please consider taking this in. | |
438 | ||
439 | Without this, duplicate pids can be allocated, which will make | |
440 | one of them unkillable (signals are deliverd to only one of them), | |
441 | and this can be exploitable (I don't know for sure, but maybe, | |
442 | like brk() ;) | |
443 | ||
444 | This situation happens only when all pid space is full. | |
445 | Usually, users cannot fork processes more than 32768 (PID_MAX), | |
446 | but default user limit of max processes can be more | |
447 | than PID_MAX on large memory machines such as 64bit | |
448 | platforms (although it's adjustable by threads-max sysctl). | |
449 | ||
450 | This patch modifies common code and affects all architectures, | |
451 | but modifies code only executed when no pid is available, | |
452 | so it doesn't hurt any normal path anyway. | |
453 | ||
454 | (BTW, once I sent this patch to Rusty's Trivial patch monkey, | |
455 | but his reply was non-trivial, and he also said this is | |
456 | scary ;) | |
457 | ||
458 | The details are described below: | |
459 | ||
460 | In get_pid(), an available pid is searched through all task_structs | |
461 | even when there is no available pid. If a new pid is not available, | |
462 | the kernel exits the loop with static variable 'next_safe' untouched, | |
463 | which usually is no problem. | |
464 | ||
465 | ||
466 | spin_lock(&lastpid_lock); | |
467 | beginpid = last_pid; | |
468 | if((++last_pid) & 0xffff8000) { | |
469 | last_pid = 300; /* Skip daemons etc. */ | |
470 | goto inside; | |
471 | } | |
472 | if(last_pid >= next_safe) { | |
473 | inside: | |
474 | next_safe = PID_MAX; | |
475 | read_lock(&tasklist_lock); | |
476 | repeat: | |
477 | for_each_task(p) { | |
478 | if(p->pid == last_pid || | |
479 | p->pgrp == last_pid || | |
480 | p->tgid == last_pid || | |
481 | p->session == last_pid) { <= (A) | |
482 | if(++last_pid >= next_safe) { <= (B) | |
483 | if(last_pid & 0xffff8000) | |
484 | last_pid = 300; | |
485 | next_safe = PID_MAX; | |
486 | } | |
487 | if(unlikely(last_pid == beginpid)) <= (C) | |
488 | goto nomorepids; | |
489 | goto repeat; | |
490 | } | |
491 | if(p->pid > last_pid && next_safe > p->pid) | |
492 | next_safe = p->pid; | |
493 | if(p->pgrp > last_pid && next_safe > p->pgrp) | |
494 | next_safe = p->pgrp; | |
495 | if(p->tgid > last_pid && next_safe > p->tgid) | |
496 | next_safe = p->tgid; | |
497 | if(p->session > last_pid && next_safe > p->session) | |
498 | next_safe = p->session; | |
499 | } | |
500 | ||
501 | ||
502 | In a rare case, both (B) and (C) can be true and then, next_safe | |
503 | will remain PID_MAX (32768). If that happens, following get_pid() will | |
504 | always succeed until last_pid reaches 32768 and there may be many | |
505 | duplicate pids. | |
506 | ||
507 | For example, this happens when | |
508 | ||
509 | * PID space are full (300-32767 are all occupied) | |
510 | * the last pid allocated is 10000 | |
511 | * task list chain is like: | |
512 | ...(pids < 9999), 9999, ...(pids 300~9998, 10001~32767)... , 10000 | |
513 | ||
514 | The loop starts searching an available pid with beginpid=10000 and | |
515 | last_pid=10001. last_pid is incremented until it gets PID_MAX | |
516 | and then wraps around to 300, then is incremented again. | |
517 | ||
518 | At the point that p->pid=9999 is found in tasklist (condition (A)), | |
519 | ||
520 | last_pid = 9999 | |
521 | next_safe <= 9998 | |
522 | ||
523 | therefore condition (B) is true, and then | |
524 | ||
525 | last_pid = 10000 | |
526 | next_safe = PID_MAX | |
527 | ||
528 | and then, condition (C) is also true, and exits the loop. | |
529 | ||
530 | To protect this case is simple; when the condition (C) is true, | |
531 | set next_safe to 0 or any safe value to guarantee that a free pid | |
532 | will be searched through next time. | |
533 | ||
534 | Thanks, | |
535 | ||
536 | ||
537 | # This patch includes the following deltas: | |
538 | # ChangeSet 1.1301 -> 1.1302 | |
539 | # kernel/fork.c 1.31 -> 1.32 | |
540 | # | |
541 | ||
542 | fork.c | 4 +++- | |
543 | 1 files changed, 3 insertions(+), 1 deletion(-) | |
544 | ||
545 | ||
546 | diff -Nru a/kernel/fork.c b/kernel/fork.c | |
547 | - --- a/kernel/fork.c Tue Dec 16 09:02:43 2003 | |
548 | +++ b/kernel/fork.c Tue Dec 16 09:02:43 2003 | |
549 | @@ -114,8 +114,10 @@ | |
550 | last_pid = 300; | |
551 | next_safe = PID_MAX; | |
552 | } | |
553 | - - if(unlikely(last_pid == beginpid)) | |
554 | + if(unlikely(last_pid == beginpid)) { | |
555 | + next_safe = 0; | |
556 | goto nomorepids; | |
557 | + } | |
558 | goto repeat; | |
559 | } | |
560 | if(p->pid > last_pid && next_safe > p->pid) | |
561 | - - | |
562 | To unsubscribe from this list: send the line "unsubscribe bk-commits-24" in | |
563 | the body of a message to majordomo@vger.kernel.org | |
564 | More majordomo info at http://vger.kernel.org/majordomo-info.html | |
565 | - From linux-kernel@vger.kernel.org Thu Dec 18 21:30:47 2003 | |
566 | Date: Sat, 13 Dec 2003 13:20:08 +0000 | |
567 | From: Linux Kernel Mailing List <linux-kernel@vger.kernel.org> | |
568 | To: bk-commits-24@vger.kernel.org | |
569 | Subject: [PATCH] IrDA kernel log buster | |
570 | ||
571 | ChangeSet 1.1277, 2003/12/13 11:20:08-02:00, jt@bougret.hpl.hp.com | |
572 | ||
573 | [PATCH] IrDA kernel log buster | |
574 | ||
575 | Hi Marcelo, | |
576 | ||
577 | I just ran 2.4.23, and after a few min the disk reached 100% | |
578 | capacity. A quick check lead to to oversized kernel log, and to the | |
579 | following changeset : | |
580 | ||
581 | http://linux.bkbits.net:8080/linux-2.4/cset@1.1136.23.2?nav=index.html|ChangeSet@-12w | |
582 | ||
583 | Patch to fix this problem is attached below, I've just | |
584 | backported the proper fixes from 2.5.X into 2.4.X. | |
585 | Probably this person did too much Python, but in C you need | |
586 | braces around multiple statements part of the same branch, so the | |
587 | second printf was always executed even when logging was disabled. I | |
588 | also don't understand why this person didn't decided to backport the | |
589 | 2.5.X fix. | |
590 | I'm also bit surprised that this kind of patch went into the | |
591 | kernel behind my back, because I though that freeze meant not | |
592 | accepting untested patch from random hacker. | |
593 | ||
594 | Have fun... | |
595 | ||
596 | Jean | |
597 | ||
598 | ||
599 | # This patch includes the following deltas: | |
600 | # ChangeSet 1.1276 -> 1.1277 | |
601 | # net/irda/irnet/irnet.h 1.11 -> 1.12 | |
602 | # | |
603 | ||
604 | irnet.h | 20 ++++++++++---------- | |
605 | 1 files changed, 10 insertions(+), 10 deletions(-) | |
606 | ||
607 | ||
608 | diff -Nru a/net/irda/irnet/irnet.h b/net/irda/irnet/irnet.h | |
609 | - --- a/net/irda/irnet/irnet.h Sat Dec 13 06:02:55 2003 | |
610 | +++ b/net/irda/irnet/irnet.h Sat Dec 13 06:02:55 2003 | |
611 | @@ -322,29 +322,29 @@ | |
612 | * compiler will optimise away the if() in all cases. | |
613 | */ | |
614 | /* All error messages (will show up in the normal logs) */ | |
615 | - -#define DERROR(dbg, args...) \ | |
616 | +#define DERROR(dbg, format, args...) \ | |
617 | {if(DEBUG_##dbg) \ | |
618 | - - printk(KERN_INFO "irnet: %s(): ", __FUNCTION__); printk(args);} | |
619 | + printk(KERN_INFO "irnet: %s(): " format, __FUNCTION__ , ##args);} | |
620 | ||
621 | /* Normal debug message (will show up in /var/log/debug) */ | |
622 | - -#define DEBUG(dbg, args...) \ | |
623 | +#define DEBUG(dbg, format, args...) \ | |
624 | {if(DEBUG_##dbg) \ | |
625 | - - printk(KERN_DEBUG "irnet: %s(): ", __FUNCTION__); printk(args);} | |
626 | + printk(KERN_DEBUG "irnet: %s(): " format, __FUNCTION__ , ##args);} | |
627 | ||
628 | /* Entering a function (trace) */ | |
629 | - -#define DENTER(dbg, args...) \ | |
630 | +#define DENTER(dbg, format, args...) \ | |
631 | {if(DEBUG_##dbg) \ | |
632 | - - printk(KERN_DEBUG "irnet: ->%s", __FUNCTION__); printk(args);} | |
633 | + printk(KERN_DEBUG "irnet: -> %s" format, __FUNCTION__ , ##args);} | |
634 | ||
635 | /* Entering and exiting a function in one go (trace) */ | |
636 | - -#define DPASS(dbg, args...) \ | |
637 | +#define DPASS(dbg, format, args...) \ | |
638 | {if(DEBUG_##dbg) \ | |
639 | - - printk(KERN_DEBUG "irnet: <>%s", __FUNCTION__); printk(args);} | |
640 | + printk(KERN_DEBUG "irnet: <>%s" format, __FUNCTION__ , ##args);} | |
641 | ||
642 | /* Exiting a function (trace) */ | |
643 | - -#define DEXIT(dbg, args...) \ | |
644 | +#define DEXIT(dbg, format, args...) \ | |
645 | {if(DEBUG_##dbg) \ | |
646 | - - printk(KERN_DEBUG "irnet: <-%s()", __FUNCTION__); printk(args);} | |
647 | + printk(KERN_DEBUG "irnet: <-%s()" format, __FUNCTION__ , ##args);} | |
648 | ||
649 | /* Exit a function with debug */ | |
650 | #define DRETURN(ret, dbg, args...) \ | |
651 | - - | |
652 | To unsubscribe from this list: send the line "unsubscribe bk-commits-24" in | |
653 | the body of a message to majordomo@vger.kernel.org | |
654 | More majordomo info at http://vger.kernel.org/majordomo-info.html | |
655 | - From linux-kernel@vger.kernel.org Thu Dec 18 21:43:15 2003 | |
656 | Date: Mon, 15 Dec 2003 04:44:43 +0000 | |
657 | From: Linux Kernel Mailing List <linux-kernel@vger.kernel.org> | |
658 | To: bk-commits-24@vger.kernel.org | |
659 | Subject: [PPC64] Fix save_flags/restore_flags on iSeries. | |
660 | ||
661 | ChangeSet 1.1270.3.9, 2003/12/15 15:44:43+11:00, engebret@us.ibm.com | |
662 | ||
663 | [PPC64] Fix save_flags/restore_flags on iSeries. | |
664 | ||
665 | ||
666 | # This patch includes the following deltas: | |
667 | # ChangeSet 1.1270.3.8 -> 1.1270.3.9 | |
668 | # arch/ppc64/kernel/misc.S 1.8 -> 1.9 | |
669 | # | |
670 | ||
671 | misc.S | 14 +++++++------- | |
672 | 1 files changed, 7 insertions(+), 7 deletions(-) | |
673 | ||
674 | ||
675 | diff -Nru a/arch/ppc64/kernel/misc.S b/arch/ppc64/kernel/misc.S | |
676 | - --- a/arch/ppc64/kernel/misc.S Mon Dec 15 07:03:59 2003 | |
677 | +++ b/arch/ppc64/kernel/misc.S Mon Dec 15 07:03:59 2003 | |
678 | @@ -69,16 +69,14 @@ | |
679 | _GLOBAL(__no_use_save_flags) | |
680 | mfspr r4,SPRG3 | |
681 | lbz r3,PACAPROCENABLED(r4) | |
682 | + /* shift into position of MSR.EE */ | |
683 | + sldi r3,r3,15 | |
684 | blr | |
685 | ||
686 | - -/* void __no_use_restore_flags(unsigned long flags) */ | |
687 | +/* void __no_use_restore_flags(unsigned long flags) */ | |
688 | _GLOBAL(__no_use_restore_flags) | |
689 | - -/* | |
690 | - - * Just set/clear the MSR_EE bit through restore/flags but do not | |
691 | - - * change anything else. This is needed by the RT system and makes | |
692 | - - * sense anyway. | |
693 | - - * -- Cort | |
694 | - - */ | |
695 | + /* shift from position of MSR.EE */ | |
696 | + srdi r3,r3,15 | |
697 | mfspr r6,SPRG3 | |
698 | lbz r5,PACAPROCENABLED(r6) | |
699 | /* Check if things are setup the way we want _already_. */ | |
700 | @@ -104,6 +102,8 @@ | |
701 | lbz r3,PACAPROCENABLED(r5) | |
702 | li r4,0 | |
703 | stb r4,PACAPROCENABLED(r5) | |
704 | + /* shift into position of MSR.EE */ | |
705 | + sldi r3,r3,15 | |
706 | blr /* Done */ | |
707 | ||
708 | _GLOBAL(__no_use_sti) | |
709 | - - | |
710 | To unsubscribe from this list: send the line "unsubscribe bk-commits-24" in | |
711 | the body of a message to majordomo@vger.kernel.org | |
712 | More majordomo info at http://vger.kernel.org/majordomo-info.html | |
713 | - From linux-kernel@vger.kernel.org Thu Dec 18 21:41:34 2003 | |
714 | Date: Fri, 12 Dec 2003 20:18:04 +0000 | |
715 | From: Linux Kernel Mailing List <linux-kernel@vger.kernel.org> | |
716 | To: bk-commits-24@vger.kernel.org | |
717 | Subject: [PATCH] USB: MCT-U232 Patch for cts | |
718 | ||
719 | ChangeSet 1.1289, 2003/12/12 12:18:04-08:00, marr@flex.com | |
720 | ||
721 | [PATCH] USB: MCT-U232 Patch for cts | |
722 | ||
723 | Brief Patch Description: | |
724 | ||
725 | Fix a problem in the 'mct_u232' driver whereby output data gets held up in the | |
726 | USB/RS-232 adapter for RS-232 devices which don't assert the 'CTS' signal. | |
727 | ||
728 | Background: | |
729 | ||
730 | The Belkin F5U109 is a 9-pin USB/RS-232 adapter that is supported by the | |
731 |