Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jan 23, 2012
  1. @torvalds

    SHM_UNLOCK: fix Unevictable pages stranded after swap

    Hugh Dickins authored torvalds committed
    Commit cc39c6a ("mm: account skipped entries to avoid looping in
    find_get_pages") correctly fixed an infinite loop; but left a problem
    that find_get_pages() on shmem would return 0 (appearing to callers to
    mean end of tree) when it meets a run of nr_pages swap entries.
    
    The only uses of find_get_pages() on shmem are via pagevec_lookup(),
    called from invalidate_mapping_pages(), and from shmctl SHM_UNLOCK's
    scan_mapping_unevictable_pages().  The first is already commented, and
    not worth worrying about; but the second can leave pages on the
    Unevictable list after an unusual sequence of swapping and locking.
    
    Fix that by using shmem_find_get_pages_and_swap() (then ignoring the
    swap) instead of pagevec_lookup().
    
    But I don't want to contaminate vmscan.c with shmem internals, nor
    shmem.c with LRU locking.  So move scan_mapping_unevictable_pages() into
    shmem.c, renaming it shmem_unlock_mapping(); and rename
    check_move_unevictable_page() to check_move_unevictable_pages(), looping
    down an array of pages, oftentimes under the same lock.
    
    Leave out the "rotate unevictable list" block: that's a leftover from
    when this was used for /proc/sys/vm/scan_unevictable_pages, whose flawed
    handling involved looking at pages at tail of LRU.
    
    Was there significance to the sequence first ClearPageUnevictable, then
    test page_evictable, then SetPageUnevictable here? I think not, we're
    under LRU lock, and have no barriers between those.
    
    Signed-off-by: Hugh Dickins <hughd@google.com>
    Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Cc: Minchan Kim <minchan.kim@gmail.com>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Shaohua Li <shaohua.li@intel.com>
    Cc: Eric Dumazet <eric.dumazet@gmail.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: Michel Lespinasse <walken@google.com>
    Cc: <stable@vger.kernel.org> [back to 3.1 but will need respins]
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  2. @torvalds

    SHM_UNLOCK: fix long unpreemptible section

    Hugh Dickins authored torvalds committed
    scan_mapping_unevictable_pages() is used to make SysV SHM_LOCKed pages
    evictable again once the shared memory is unlocked.  It does this with
    pagevec_lookup()s across the whole object (which might occupy most of
    memory), and takes 300ms to unlock 7GB here.  A cond_resched() every
    PAGEVEC_SIZE pages would be good.
    
    However, KOSAKI-san points out that this is called under shmem.c's
    info->lock, and it's also under shm.c's shm_lock(), both spinlocks.
    There is no strong reason for that: we need to take these pages off the
    unevictable list soonish, but those locks are not required for it.
    
    So move the call to scan_mapping_unevictable_pages() from shmem.c's
    unlock handling up to shm.c's unlock handling.  Remove the recently
    added barrier, not needed now we have spin_unlock() before the scan.
    
    Use get_file(), with subsequent fput(), to make sure we have a reference
    to mapping throughout scan_mapping_unevictable_pages(): that's something
    that was previously guaranteed by the shm_lock().
    
    Remove shmctl's lru_add_drain_all(): we don't fault in pages at SHM_LOCK
    time, and we lazily discover them to be Unevictable later, so it serves
    no purpose for SHM_LOCK; and serves no purpose for SHM_UNLOCK, since
    pages still on pagevec are not marked Unevictable.
    
    The original code avoided redundant rescans by checking VM_LOCKED flag
    at its level: now avoid them by checking shp's SHM_LOCKED.
    
    The original code called scan_mapping_unevictable_pages() on a locked
    area at shm_destroy() time: perhaps we once had accounting cross-checks
    which required that, but not now, so skip the overhead and just let
    inode eviction deal with them.
    
    Put check_move_unevictable_page() and scan_mapping_unevictable_pages()
    under CONFIG_SHMEM (with stub for the TINY case when ramfs is used),
    more as comment than to save space; comment them used for SHM_UNLOCK.
    
    Signed-off-by: Hugh Dickins <hughd@google.com>
    Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Cc: Minchan Kim <minchan.kim@gmail.com>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Shaohua Li <shaohua.li@intel.com>
    Cc: Eric Dumazet <eric.dumazet@gmail.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: Michel Lespinasse <walken@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  3. @torvalds

    ipc/mqueue: simplify reading msgqueue limit

    Davidlohr Bueso authored torvalds committed
    Because the current task is being used to get the limit, we can simply
    use rlimit() instead of task_rlimit().
    
    Signed-off-by: Davidlohr Bueso <dave@gnu.org>
    Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Jan 11, 2012
  1. @hallyn @torvalds

    user namespace: make signal.c respect user namespaces

    hallyn authored torvalds committed
    ipc/mqueue.c: for __SI_MESQ, convert the uid being sent to recipient's
    user namespace. (new, thanks Oleg)
    
    __send_signal: convert current's uid to the recipient's user namespace
    for any siginfo which is not SI_FROMKERNEL (patch from Oleg, thanks
    again :)
    
    do_notify_parent and do_notify_parent_cldstop: map task's uid to parent's
    user namespace
    
    ptrace_signal maps parent's uid into current's user namespace before
    including in signal to current.  IIUC Oleg has argued that this shouldn't
    matter as the debugger will play with it, but it seems like not converting
    the value currently being set is misleading.
    
    Changelog:
    Sep 20: Inspired by Oleg's suggestion, define map_cred_ns() helper to
    	simplify callers and help make clear what we are translating
            (which uid into which namespace).  Passing the target task would
    	make callers even easier to read, but we pass in user_ns because
    	current_user_ns() != task_cred_xxx(current, user_ns).
    Sep 20: As recommended by Oleg, also put task_pid_vnr() under rcu_read_lock
    	in ptrace_signal().
    Sep 23: In send_signal(), detect when (user) signal is coming from an
    	ancestor or unrelated user namespace.  Pass that on to __send_signal,
    	which sets si_uid to 0 or overflowuid if needed.
    Oct 12: Base on Oleg's fixup_uid() patch.  On top of that, handle all
    	SI_FROMKERNEL cases at callers, because we can't assume sender is
    	current in those cases.
    Nov 10: (mhelsley) rename fixup_uid to more meaningful usern_fixup_signal_uid
    Nov 10: (akpm) make the !CONFIG_USER_NS case clearer
    
    Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: Matt Helsley <matthltc@us.ibm.com>
    Cc: "Eric W. Biederman" <ebiederm@xmission.com>
    From: Serge Hallyn <serge.hallyn@canonical.com>
    Subject: __send_signal: pass q->info, not info, to userns_fixup_signal_uid (v2)
    
    Eric Biederman pointed out that passing info is a bug and could lead to a
    NULL pointer deref to boot.
    
    A collection of signal, securebits, filecaps, cap_bounds, and a few other
    ltp tests passed with this kernel.
    
    Changelog:
        Nov 18: previous patch missed a leading '&'
    
    Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
    Cc: "Eric W. Biederman" <ebiederm@xmission.com>
    From: Dan Carpenter <dan.carpenter@oracle.com>
    Subject: ipc/mqueue: lock() => unlock() typo
    
    There was a double lock typo introduced in b085f4bd6b21 "user namespace:
    make signal.c respect user namespaces"
    
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: Matt Helsley <matthltc@us.ibm.com>
    Cc: "Eric W. Biederman" <ebiederm@xmission.com>
    Acked-by: Serge Hallyn <serge@hallyn.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Jan 4, 2012
  1. switch mq_open() to umode_t

    Al Viro authored
  2. mqueue: propagate umode_t

    Al Viro authored
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
  3. switch ->create() to umode_t

    Al Viro authored
    vfs_create() ignores everything outside of 16bit subset of its
    mode argument; switching it to umode_t is obviously equivalent
    and it's the only caller of the method
    
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
  4. vfs: fix the stupidity with i_dentry in inode destructors

    Al Viro authored
    Seeing that just about every destructor got that INIT_LIST_HEAD() copied into
    it, there is no point whatsoever keeping this INIT_LIST_HEAD in inode_init_once();
    the cost of taking it into inode_init_always() will be negligible for pipes
    and sockets and negative for everything else.  Not to mention the removal of
    boilerplate code from ->destroy_inode() instances...
    
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Commits on Dec 9, 2011
  1. ... and the same kind of leak for mqueue

    Al Viro authored
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Commits on Nov 2, 2011
  1. @manfred-colorfu @torvalds

    ipc/sem.c: remove private structures from public header file

    manfred-colorfu authored torvalds committed
    include/linux/sem.h contains several structures that are only used within
    ipc/sem.c.
    
    The patch moves them into ipc/sem.c - there is no need to expose the
    structures to the whole kernel.
    
    No functional changes, only whitespace cleanups and 80-char per line
    fixes.
    
    Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
    Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Mike Galbraith <efault@gmx.de>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  2. @manfred-colorfu @torvalds

    ipc/sem.c: handle spurious wakeups

    manfred-colorfu authored torvalds committed
    semtimedop() does not handle spurious wakeups, it returns -EINTR to user
    space.  Most other schedule() users would just loop and not return to user
    space.  The patch adds such a loop to semtimedop()
    
    Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
    Reported-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Mike Galbraith <efault@gmx.de>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  3. @manfred-colorfu @torvalds

    ipc/sem.c: fix return code race with semop vs. semop +semctl(IPC_RMID)

    manfred-colorfu authored torvalds committed
    sys_semtimedop() may return -EIDRM although the semaphore operation
    completed successfully:
    
    thread 1:	thread 2:
    		semtimedop(), sleeps
    semop():
    * acquires sem_lock()
    		semtimedop() woken up due to timeout
    		sem_lock() loops
    * notices that thread 2 could be completed.
    * performs the operations that thread 2 is sleeping on.
    * marks the semaphore operation as IN_WAKEUP
    * drops sem_lock(), does wakeup, sets return code to 0
    		* thread delayed due to interrupt, whatever
    * returns to user space
    		* thread still delayed
    semctl(IPC_RMID)
    * acquires sem_lock()
    * ipc_rmid(), ipcp->deleted=1
    * drops sem_lock()
    		* thread finally continues - but seem_lock()
    		  now fails due to ipcp->deleted == 1
    		* returns -EIDRM instead of 0
    
    The fix is trivial: Always use the return code in queue.status.
    
    In real world, the race probably doesn't matter:
    If the semaphore array is destroyed, the app is probably not interested
    if the last operation succeeded or was already cancelled.
    
    Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Mike Galbraith <efault@gmx.de>
    Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Nov 1, 2011
  1. @gaowanlong @torvalds

    ipc/mqueue.c: fix wrong use of schedule_hrtimeout_range_clock()

    gaowanlong authored torvalds committed
    Fix the wrong use of schedule_hrtimeout_range_clock() in wq_sleep(),
    although it is harmless for the syscall mq_timed* now.  It was introduced
    by 9ca7d8e ("mqueue: Convert message queue timeout to use hrtimers").
    
    Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
    Cc: Carsten Emde <C.Emde@osadl.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Manfred Spraul <manfred@colorfullife.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Aug 5, 2011
  1. @torvalds

    Do 'shm_init_ns()' in an early pure_initcall

    torvalds authored
    This isn't really critical any more, since other patches (commit
    298507d: "shm: optimize exit_shm()") have caused us to not actually
    need to touch the rw_mutex unless there are actual shm segments
    associated with the namespace, but we really should do tne shm_init_ns()
    earlier than we do now.
    
    This, together with commit 288d5ab ("Boot up with usermodehelper
    disabled") will mean that we really do initialize the initial ipc
    namespace data structure before we run any tasks.
    
    Tested-by: Marc Zyngier <marc.zyngier@arm.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Aug 4, 2011
  1. @torvalds

    shm: optimize exit_shm()

    Vasiliy Kulikov authored torvalds committed
    We may optimistically check .in_use == 0 without holding the rw_mutex:
    it's the common case, and if it's zero, there certainly won't be any
    segments associated with us.
    
    After taking the lock, the idr_for_each() will do the right thing, so we
    could now drop the re-check inside the lock without any real cost.  But
    it won't hurt.
    
    Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  2. @torvalds

    shm: fix wrong tests

    Vasiliy Kulikov authored torvalds committed
    Commit 4c677e2 ("shm: optimize locking and ipc_namespace getting")
    introduced a copy-paste bug.  Due to the bug cycle optimizations were
    disabled.
    
    Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Jul 30, 2011
  1. @torvalds

    shm: optimize locking and ipc_namespace getting

    Vasiliy Kulikov authored torvalds committed
    shm_lock() does a lookup of shm segment in shm_ids(ns).ipcs_idr, which
    is redundant as we already know shmid_kernel address.  An actual lock is
    also not required for reads until we really want to destroy the segment.
    
    exit_shm() and shm_destroy_orphaned() may avoid the loop by checking
    whether there is at least one segment in current ipc_namespace.
    
    The check of nsproxy and ipc_ns against NULL is redundant as exit_shm()
    is called from do_exit() before the call to exit_notify(), so the
    dereferencing current->nsproxy->ipc_ns is guaranteed to be safe.
    
    Reported-by: Oleg Nesterov <oleg@redhat.com>
    Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
    Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  2. @torvalds

    shm: handle separate PID namespaces case

    Vasiliy Kulikov authored torvalds committed
    shm_try_destroy_orphaned() and shm_try_destroy_current() didn't handle
    the case of separate PID namespaces, but a single IPC namespace.  If
    there are tasks with the same PID values using the same shmem object,
    the wrong destroy decision could be reached.
    
    On shm segment creation store the pointer to the creator task in
    shmid_kernel->shm_creator field and zero it on task exit.  Then
    use the ->shm_creator insread of shm_cprid in both functions.  As
    shmid_kernel object is already locked at this stage, no additional
    locking is needed.
    
    Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
    Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Jul 26, 2011
  1. @torvalds

    ipc: introduce shm_rmid_forced sysctl

    Vasiliy Kulikov authored torvalds committed
    Add support for the shm_rmid_forced sysctl.  If set to 1, all shared
    memory objects in current ipc namespace will be automatically forced to
    use IPC_RMID.
    
    The POSIX way of handling shmem allows one to create shm objects and
    call shmdt(), leaving shm object associated with no process, thus
    consuming memory not counted via rlimits.
    
    With shm_rmid_forced=1 the shared memory object is counted at least for
    one process, so OOM killer may effectively kill the fat process holding
    the shared memory.
    
    It obviously breaks POSIX - some programs relying on the feature would
    stop working.  So set shm_rmid_forced=1 only if you're sure nobody uses
    "orphaned" memory.  Use shm_rmid_forced=0 by default for compatability
    reasons.
    
    The feature was previously impemented in -ow as a configure option.
    
    [akpm@linux-foundation.org: fix documentation, per Randy]
    [akpm@linux-foundation.org: fix warning]
    [akpm@linux-foundation.org: readability/conventionality tweaks]
    [akpm@linux-foundation.org: fix shm_rmid_forced/shm_forced_rmid confusion, use standard comment layout]
    Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
    Cc: Randy Dunlap <rdunlap@xenotime.net>
    Cc: "Eric W. Biederman" <ebiederm@xmission.com>
    Cc: "Serge E. Hallyn" <serge.hallyn@canonical.com>
    Cc: Daniel Lezcano <daniel.lezcano@free.fr>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: Tejun Heo <tj@kernel.org>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Cc: Solar Designer <solar@openwall.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  2. @torvalds

    ipc/mqueue.c: fix mq_open() return value

    Jiri Slaby authored torvalds committed
    We return ENOMEM from mqueue_get_inode even when we have enough memory.
    Namely in case the system rlimit of mqueue was reached.  This error
    propagates to mq_queue and user sees the error unexpectedly.  So fix
    this up to properly return EMFILE as described in the manpage:
    
    	EMFILE The process already has the maximum number of files and
    	       message queues open.
    
    instead of:
    
    	ENOMEM Insufficient memory.
    
    With the previous patch we just switch to ERR_PTR/PTR_ERR/IS_ERR error
    handling here.
    
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>
    Cc: Manfred Spraul <manfred@colorfullife.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  3. @torvalds

    ipc/mqueue.c: refactor failure handling

    Jiri Slaby authored torvalds committed
    If new_inode fails to allocate an inode we need only to return with
    NULL.  But now we test the opposite and have all the work in a nested
    block.  So do the opposite to save one indentation level (and remove
    unnecessary line breaks).
    
    This is only a preparation/cleanup for the next patch where we fix up
    return values from mqueue_get_inode.
    
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>
    Cc: Manfred Spraul <manfred@colorfullife.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  4. @manfred-colorfu @torvalds

    ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID

    manfred-colorfu authored torvalds committed
    If a semaphore array is removed and in parallel a sleeping task is woken
    up (signal or timeout, does not matter), then the woken up task does not
    wait until wake_up_sem_queue_do() is completed.  This will cause crashes,
    because wake_up_sem_queue_do() will read from a stale pointer.
    
    The fix is simple: Regardless of anything, always call get_queue_result().
    This function waits until wake_up_sem_queue_do() has finished it's task.
    
    Addresses https://bugzilla.kernel.org/show_bug.cgi?id=27142
    
    Reported-by: Yuriy Yevtukhov <yuriy@ucoz.com>
    Reported-by: Harald Laabs <kernel@dasr.de>
    Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
    Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
    Cc: <stable@kernel.org>		[2.6.35+]
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Jul 23, 2011
  1. @torvalds

    Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel…

    torvalds authored
    …/git/viro/vfs-2.6
    
    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (107 commits)
      vfs: use ERR_CAST for err-ptr tossing in lookup_instantiate_filp
      isofs: Remove global fs lock
      jffs2: fix IN_DELETE_SELF on overwriting rename() killing a directory
      fix IN_DELETE_SELF on overwriting rename() on ramfs et.al.
      mm/truncate.c: fix build for CONFIG_BLOCK not enabled
      fs:update the NOTE of the file_operations structure
      Remove dead code in dget_parent()
      AFS: Fix silly characters in a comment
      switch d_add_ci() to d_splice_alias() in "found negative" case as well
      simplify gfs2_lookup()
      jfs_lookup(): don't bother with . or ..
      get rid of useless dget_parent() in btrfs rename() and link()
      get rid of useless dget_parent() in fs/btrfs/ioctl.c
      fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
      drivers: fix up various ->llseek() implementations
      fs: handle SEEK_HOLE/SEEK_DATA properly in all fs's that define their own llseek
      Ext4: handle SEEK_HOLE/SEEK_DATA generically
      Btrfs: implement our own ->llseek
      fs: add SEEK_HOLE and SEEK_DATA flags
      reiserfs: make reiserfs default to barrier=flush
      ...
    
    Fix up trivial conflicts in fs/xfs/linux-2.6/xfs_super.c due to the new
    shrinker callout for the inode cache, that clashed with the xfs code to
    start the periodic workers later.
Commits on Jul 21, 2011
  1. fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers

    Josef Bacik authored Al Viro committed
    Btrfs needs to be able to control how filemap_write_and_wait_range() is called
    in fsync to make it less of a painful operation, so push down taking i_mutex and
    the calling of filemap_write_and_wait() down into the ->fsync() handlers.  Some
    file systems can drop taking the i_mutex altogether it seems, like ext3 and
    ocfs2.  For correctness sake I just pushed everything down in all cases to make
    sure that we keep the current behavior the same for everybody, and then each
    individual fs maintainer can make up their mind about what to do from there.
    Thanks,
    
    Acked-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Josef Bacik <josef@redhat.com>
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Commits on Jul 20, 2011
  1. @laijs @paulmck

    ipc,rcu: Convert call_rcu(ipc_immediate_free) to kfree_rcu()

    laijs authored paulmck committed
    The rcu callback ipc_immediate_free() just calls a kfree(),
    so we use kfree_rcu() instead of the call_rcu(ipc_immediate_free).
    
    Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Reviewed-by: Josh Triplett <josh@joshtriplett.org>
  2. @laijs @paulmck

    ipc,rcu: Convert call_rcu(free_un) to kfree_rcu()

    laijs authored paulmck committed
    The rcu callback free_un() just calls a kfree(),
    so we use kfree_rcu() instead of the call_rcu(free_un).
    
    Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Manfred Spraul <manfred@colorfullife.com>
    Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Commits on May 26, 2011
  1. @kosaki @torvalds

    mm: don't access vm_flags as 'int'

    kosaki authored torvalds committed
    The type of vma->vm_flags is 'unsigned long'. Neither 'int' nor
    'unsigned int'. This patch fixes such misuse.
    
    Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    [ Changed to use a typedef - we'll extend it to cover more cases
      later, since there has been discussion about making it a 64-bit
      type..                      - Linus ]
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on May 10, 2011
  1. @ebiederm

    ns proc: Add support for the ipc namespace

    ebiederm authored
    Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
    Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Commits on Mar 31, 2011
  1. @lucasdemarchi

    Fix common misspellings

    lucasdemarchi authored
    Fixes generated by 'codespell' and manually reviewed.
    
    Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
Commits on Mar 28, 2011
  1. @torvalds

    ipc: fix util.c kernel-doc warnings

    Randy Dunlap authored torvalds committed
    Fix ipc/util.c kernel-doc warnings:
    
      Warning(ipc/util.c:336): No description found for parameter 'ns'
      Warning(ipc/util.c:620): No description found for parameter 'ns'
      Warning(ipc/util.c:790): No description found for parameter 'ns'
    
    Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
    Reviewed-by: Jesper Juhl <jj@chaosbits.net>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Mar 26, 2011
  1. @torvalds

    ipcns: fix use after free in free_ipc_ns()

    Xiaotian Feng authored torvalds committed
    commit b515498 ("userns: add a user namespace owner of ipc ns") added a
    user namespace owner of ipc ns, but it also introduced a use after free in
    free_ipc_ns().
    
    Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
    Acked-by: "Serge E. Hallyn" <serge.hallyn@canonical.com>
    Acked-by: David Howells <dhowells@redhat.com>
    Cc: "Eric W. Biederman" <ebiederm@xmission.com>
    Cc: Daniel Lezcano <daniel.lezcano@free.fr>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Mar 24, 2011
  1. @hallyn @torvalds

    userns: user namespaces: convert several capable() calls

    hallyn authored torvalds committed
    CAP_IPC_OWNER and CAP_IPC_LOCK can be checked against current_user_ns(),
    because the resource comes from current's own ipc namespace.
    
    setuid/setgid are to uids in own namespace, so again checks can be against
    current_user_ns().
    
    Changelog:
    	Jan 11: Use task_ns_capable() in place of sched_capable().
    	Jan 11: Use nsown_capable() as suggested by Bastian Blank.
    	Jan 11: Clarify (hopefully) some logic in futex and sched.c
    	Feb 15: use ns_capable for ipc, not nsown_capable
    	Feb 23: let copy_ipcs handle setting ipc_ns->user_ns
    	Feb 23: pass ns down rather than taking it from current
    
    [akpm@linux-foundation.org: coding-style fixes]
    Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
    Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
    Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
    Acked-by: David Howells <dhowells@redhat.com>
    Cc: James Morris <jmorris@namei.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  2. @hallyn @torvalds

    userns: add a user namespace owner of ipc ns

    hallyn authored torvalds committed
    Changelog:
    	Feb 15: Don't set new ipc->user_ns if we didn't create a new
    		ipc_ns.
    	Feb 23: Move extern declaration to ipc_namespace.h, and group
    		fwd declarations at top.
    
    Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
    Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
    Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
    Acked-by: David Howells <dhowells@redhat.com>
    Cc: James Morris <jmorris@namei.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on Jan 7, 2011
  1. fs: icache RCU free inodes

    Nick Piggin authored
    RCU free the struct inode. This will allow:
    
    - Subsequent store-free path walking patch. The inode must be consulted for
      permissions when walking, so an RCU inode reference is a must.
    - sb_inode_list_lock to be moved inside i_lock because sb list walkers who want
      to take i_lock no longer need to take sb_inode_list_lock to walk the list in
      the first place. This will simplify and optimize locking.
    - Could remove some nested trylock loops in dcache code
    - Could potentially simplify things a bit in VM land. Do not need to take the
      page lock to follow page->mapping.
    
    The downsides of this is the performance cost of using RCU. In a simple
    creat/unlink microbenchmark, performance drops by about 10% due to inability to
    reuse cache-hot slab objects. As iterations increase and RCU freeing starts
    kicking over, this increases to about 20%.
    
    In cases where inode lifetimes are longer (ie. many inodes may be allocated
    during the average life span of a single inode), a lot of this cache reuse is
    not applicable, so the regression caused by this patch is smaller.
    
    The cache-hot regression could largely be avoided by using SLAB_DESTROY_BY_RCU,
    however this adds some complexity to list walking and store-free path walking,
    so I prefer to implement this at a later date, if it is shown to be a win in
    real situations. I haven't found a regression in any non-micro benchmark so I
    doubt it will be a problem.
    
    Signed-off-by: Nick Piggin <npiggin@kernel.dk>
Commits on Oct 30, 2010
  1. @segoon @torvalds

    ipc: shm: fix information leak to userland

    segoon authored torvalds committed
    The shmid_ds structure is copied to userland with shm_unused{,2,3}
    fields unitialized.  It leads to leaking of contents of kernel stack
    memory.
    
    Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
    Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
    Cc: stable@kernel.org
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Something went wrong with that request. Please try again.