1. 30 Nov, 2009 1 commit
    • David Woodhouse's avatar
      jffs2: Fix memory corruption in jffs2_read_inode_range() · 199bc9ff
      David Woodhouse authored
      In 2.6.23 kernel, commit a32ea1e1
      ("Fix read/truncate race") fixed a race in the generic code, and as a
      side effect, now do_generic_file_read() can ask us to readpage() past
      the i_size. This seems to be correctly handled by the block routines
      (e.g. block_read_full_page() fills the page with zeroes in case if
      somebody is trying to read past the last inode's block).
      
      JFFS2 doesn't handle this; it assumes that it won't be asked to read
      pages which don't exist -- and thus that there will be at least _one_
      valid 'frag' on the page it's being asked to read. It will fill any
      holes with the following memset:
      
        memset(buf, 0, min(end, frag->ofs + frag->size) - offset);
      
      When the 'closest smaller match' returned by jffs2_lookup_node_frag() is
      actually on a previous page and ends before 'offset', that results in:
      
        memset(buf, 0, <huge unsigned negative>);
      
      Hopefully, in most cases the corruption is fatal, and quickly causing
      random oopses, like this:
      
        root@10.0.0.4:~/ltp-fs-20090531# ./testcases/kernel/fs/ftest/ftest01
        Unable to handle kernel paging request for data at address 0x00000008
        Faulting instruction address: 0xc01cd980
        Oops: Kernel access of bad area, sig: 11 [#1
      
      ]
        [...]
        NIP [c01cd980] rb_insert_color+0x38/0x184
        LR [c0043978] enqueue_hrtimer+0x88/0xc4
        Call Trace:
        [c6c63b60] [c004f9a8] tick_sched_timer+0xa0/0xe4 (unreliable)
        [c6c63b80] [c0043978] enqueue_hrtimer+0x88/0xc4
        [c6c63b90] [c0043a48] __run_hrtimer+0x94/0xbc
        [c6c63bb0] [c0044628] hrtimer_interrupt+0x140/0x2b8
        [c6c63c10] [c000f8e8] timer_interrupt+0x13c/0x254
        [c6c63c30] [c001352c] ret_from_except+0x0/0x14
        --- Exception: 901 at memset+0x38/0x5c
            LR = jffs2_read_inode_range+0x144/0x17c
        [c6c63cf0] [00000000] (null) (unreliable)
      
      This patch fixes the issue, plus fixes all LTP tests on NAND/UBI with
      JFFS2 filesystem that were failing since 2.6.23 (seems like the bug
      above also broke the truncation).
      Reported-By: default avatarAnton Vorontsov <avorontsov@ru.mvista.com>
      Tested-By: default avatarAnton Vorontsov <avorontsov@ru.mvista.com>
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      199bc9ff
  2. 22 Sep, 2009 1 commit
  3. 19 Sep, 2009 1 commit
  4. 08 Sep, 2009 1 commit
  5. 04 Sep, 2009 1 commit
  6. 03 Sep, 2009 1 commit
  7. 04 Aug, 2009 1 commit
  8. 12 Jul, 2009 1 commit
  9. 08 Jul, 2009 1 commit
  10. 24 Jun, 2009 3 commits
  11. 23 Jun, 2009 1 commit
  12. 15 Jun, 2009 1 commit
  13. 12 Jun, 2009 6 commits
  14. 29 May, 2009 1 commit
  15. 01 Apr, 2009 1 commit
  16. 20 Mar, 2009 2 commits
  17. 21 Feb, 2009 1 commit
    • Thomas Gleixner's avatar
      [JFFS2] fix mount crash caused by removed nodes · 4c41bd0e
      Thomas Gleixner authored
      
      
      At scan time we observed following scenario:
      
         node A inserted
         node B inserted
         node C inserted -> sets overlapped flag on node B
      
         node A is removed due to CRC failure -> overlapped flag on node B remains
      
         while (tn->overlapped)
         	 tn = tn_prev(tn);
      
         ==> crash, when tn_prev(B) is referenced.
      
      When the ultimate node is removed at scan time and the overlapped flag
      is set on the penultimate node, then nothing updates the overlapped
      flag of that node. The overlapped iterators blindly expect that the
      ultimate node does not have the overlapped flag set, which causes the
      scan code to crash.
      
      It would be a huge overhead to go through the node chain on node
      removal and fix up the overlapped flags, so detecting such a case on
      the fly in the overlapped iterators is a simpler and reliable
      solution.
      
      Cc: stable@kernel.org
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      4c41bd0e
  18. 14 Feb, 2009 1 commit
    • Andres Salomon's avatar
      [JFFS2] force the jffs2 GC daemon to behave a bit better · efab0b5d
      Andres Salomon authored
      
      
      I've noticed some pretty poor behavior on OLPC machines after bootup, when
      gdm/X are starting.  The GCD monopolizes the scheduler (which in turns
      means it gets to do more nand i/o), which results in processes taking much
      much longer than they should to start.
      
      As an example, on an OLPC machine going from OFW to a usable X (via
      auto-login gdm) takes 2m 30s.  The majority of this time is consumed by
      the switch into graphical mode.  With this patch, we cut a full 60s off of
      bootup time.  After bootup, things are much snappier as well.
      
      Note that we have seen a CRC node error with this patch that causes the machine
      to fail to boot, but we've also seen that problem without this patch.
      Signed-off-by: default avatarAndres Salomon <dilinger@debian.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      efab0b5d
  19. 09 Jan, 2009 1 commit
  20. 04 Jan, 2009 1 commit
    • Nick Piggin's avatar
      fs: symlink write_begin allocation context fix · 54566b2c
      Nick Piggin authored
      
      
      With the write_begin/write_end aops, page_symlink was broken because it
      could no longer pass a GFP_NOFS type mask into the point where the
      allocations happened.  They are done in write_begin, which would always
      assume that the filesystem can be entered from reclaim.  This bug could
      cause filesystem deadlocks.
      
      The funny thing with having a gfp_t mask there is that it doesn't really
      allow the caller to arbitrarily tinker with the context in which it can be
      called.  It couldn't ever be GFP_ATOMIC, for example, because it needs to
      take the page lock.  The only thing any callers care about is __GFP_FS
      anyway, so turn that into a single flag.
      
      Add a new flag for write_begin, AOP_FLAG_NOFS.  Filesystems can now act on
      this flag in their write_begin function.  Change __grab_cache_page to
      accept a nofs argument as well, to honour that flag (while we're there,
      change the name to grab_cache_page_write_begin which is more instructive
      and does away with random leading underscores).
      
      This is really a more flexible way to go in the end anyway -- if a
      filesystem happens to want any extra allocations aside from the pagecache
      ones in ints write_begin function, it may now use GFP_KERNEL (rather than
      GFP_NOFS) for common case allocations (eg.  ocfs2_alloc_write_ctxt, for a
      random example).
      
      [kosaki.motohiro@jp.fujitsu.com: fix ubifs]
      [kosaki.motohiro@jp.fujitsu.com: fix fuse]
      Signed-off-by: default avatarNick Piggin <npiggin@suse.de>
      Reviewed-by: default avatarKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
      Cc: <stable@kernel.org>		[2.6.28.x]
      Signed-off-by: default avatarKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      [ Cleaned up the calling convention: just pass in the AOP flags
        untouched to the grab_cache_page_write_begin() function.  That
        just simplifies everybody, and may even allow future expansion of the
        logic.   - Linus ]
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      54566b2c
  21. 10 Dec, 2008 2 commits
    • David Woodhouse's avatar
      [JFFS2] Clean up fs/jffs2/compr_rubin.c · 0bc4382a
      David Woodhouse authored
      
      
      Triggered by a smaller cleanup from Jianjun Kong <jianjun@zeuux.org>
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      0bc4382a
    • Adrian Hunter's avatar
      [MTD] update internal API to support 64-bit device size · 69423d99
      Adrian Hunter authored
      
      
      MTD internal API presently uses 32-bit values to represent
      device size.  This patch updates them to 64-bits but leaves
      the external API unchanged.  Extending the external API
      is a separate issue for several reasons.  First, no one
      needs it at the moment.  Secondly, whether the implementation
      is done with IOCTLs, sysfs or both is still debated.  Thirdly
      external API changes require the internal API to be accepted
      first.
      
      Note that although the MTD API will be able to support 64-bit
      device sizes, existing drivers do not and are not required
      to do so, although NAND base has been updated.
      
      In general, changing from 32-bit to 64-bit values cause little
      or no changes to the majority of the code with the following
      exceptions:
          	- printk message formats
          	- division and modulus of 64-bit values
          	- NAND base support
      	- 32-bit local variables used by mtdpart and mtdconcat
      	- naughtily assuming one structure maps to another
      	in MEMERASE ioctl
      Signed-off-by: default avatarAdrian Hunter <ext-adrian.hunter@nokia.com>
      Signed-off-by: default avatarArtem Bityutskiy <Artem.Bityutskiy@nokia.com>
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      69423d99
  22. 05 Nov, 2008 1 commit
  23. 31 Oct, 2008 1 commit
  24. 23 Oct, 2008 3 commits
  25. 21 Oct, 2008 1 commit
  26. 18 Oct, 2008 1 commit
  27. 17 Oct, 2008 1 commit
  28. 01 Sep, 2008 2 commits