linux/fs
NeilBrown 01408c4939 [PATCH] Prepare for __copy_from_user_inatomic to not zero missed bytes
The problem is that when we write to a file, the copy from userspace to
pagecache is first done with preemption disabled, so if the source address is
not immediately available the copy fails *and* *zeros* *the* *destination*.

This is a problem because a concurrent read (which admittedly is an odd thing
to do) might see zeros rather that was there before the write, or what was
there after, or some mixture of the two (any of these being a reasonable thing
to see).

If the copy did fail, it will immediately be retried with preemption
re-enabled so any transient problem with accessing the source won't cause an
error.

The first copying does not need to zero any uncopied bytes, and doing so
causes the problem.  It uses copy_from_user_atomic rather than copy_from_user
so the simple expedient is to change copy_from_user_atomic to *not* zero out
bytes on failure.

The first of these two patches prepares for the change by fixing two places
which assume copy_from_user_atomic does zero the tail.  The two usages are
very similar pieces of code which copy from a userspace iovec into one or more
page-cache pages.  These are changed to remove the assumption.

The second patch changes __copy_from_user_inatomic* to not zero the tail.
Once these are accepted, I will look at similar patches of other architectures
where this is important (ppc, mips and sparc being the ones I can find).

This patch:

There is a problem with __copy_from_user_inatomic zeroing the tail of the
buffer in the case of an error.  As it is called in atomic context, the error
may be transient, so it results in zeros being written where maybe they
shouldn't be.

In the usage in filemap, this opens a window for a well timed read to see data
(zeros) which is not consistent with any ordering of reads and writes.

Most cases where __copy_from_user_inatomic is called, a failure results in
__copy_from_user being called immediately.  As long as the latter zeros the
tail, the former doesn't need to.  However in *copy_from_user_iovec
implementations (in both filemap and ntfs/file), it is assumed that
copy_from_user_inatomic will zero the tail.

This patch removes that assumption, so that after this patch it will
be safe for copy_from_user_inatomic to not zero the tail.

This patch also adds some commentary to filemap.h and asm-i386/uaccess.h.

After this patch, all architectures that might disable preempt when
kmap_atomic is called need to have their __copy_from_user_inatomic* "fixed".
This includes
 - powerpc
 - i386
 - mips
 - sparc

Signed-off-by: Neil Brown <neilb@suse.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Anton Altaparmakov <aia21@cantab.net>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: William Lee Irwin III <wli@holomorphy.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-25 10:01:09 -07:00
..
9p [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
adfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
affs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
afs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
autofs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
autofs4 [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
befs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
bfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
cifs [PATCH] vfs: add lock owner argument to flush operation 2006-06-23 07:43:02 -07:00
coda [PATCH] vfs: add lock owner argument to flush operation 2006-06-23 07:43:02 -07:00
configfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
cramfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
debugfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
devfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
devpts [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
efs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
exportfs [PATCH] NFS server subtree_check returns dubious value 2006-05-21 12:59:16 -07:00
ext2 [PATCH] ext2: clean up dead code from mount code 2006-06-25 10:01:07 -07:00
ext3 [PATCH] ext3: remove inconsistent space before exclamation point in mount code 2006-06-25 10:01:07 -07:00
fat [PATCH] fs/fat/misc.c: unexport fat_sync_bhs 2006-06-23 07:43:03 -07:00
freevxfs [PATCH] fs/freevxfs: cleanup of spelling errors 2006-06-25 10:01:01 -07:00
fuse [PATCH] vfs: add lock owner argument to flush operation 2006-06-23 07:43:02 -07:00
hfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
hfsplus [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
hostfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hpfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hppfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hugetlbfs [PATCH] tightening hugetlb strict accounting 2006-06-23 07:42:48 -07:00
isofs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
jbd [PATCH] ext3: fix memory leak when the journal file is corrupted 2006-06-25 10:01:07 -07:00
jffs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
jffs2 [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
jfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
lockd NFS: make 2 functions static 2006-04-19 12:43:47 -04:00
minix [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
msdos [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
ncpfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
nfs [PATCH] vfs: add lock owner argument to flush operation 2006-06-23 07:43:02 -07:00
nfs_common [PATCH] nfsacl: Solaris VxFS compatibility fix 2005-10-11 09:46:54 -07:00
nfsd [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
nls [PATCH] fs: Use ARRAY_SIZE macro 2006-03-24 07:33:19 -08:00
ntfs [PATCH] Prepare for __copy_from_user_inatomic to not zero missed bytes 2006-06-25 10:01:09 -07:00
ocfs2 [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
openpromfs [PATCH] openpromfs: factorize out 2006-06-25 10:01:05 -07:00
partitions [PATCH] make kernel warn about incorrectly sized partitions 2006-06-23 07:43:09 -07:00
proc [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
qnx4 [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
ramfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
reiserfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
romfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
smbfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
sysfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
sysv [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
udf [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
ufs [PATCH] fs/ufs/inode.c: make 2 functions static 2006-06-25 10:01:04 -07:00
vfat [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
xfs [PATCH] for_each_possible_cpu: xfs 2006-06-23 07:42:45 -07:00
aio.c [PATCH] list: use list_replace_init() instead of list_splice_init() 2006-06-23 07:43:07 -07:00
attr.c [PATCH] capable/capability.h (fs/) 2006-01-11 18:42:13 -08:00
bad_inode.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
binfmt_aout.c [PATCH] dump_thread() cleanup 2006-01-10 08:01:25 -08:00
binfmt_elf_fdpic.c [PATCH] frv: binfmt_elf_fdpic __user annotations 2006-06-23 07:42:54 -07:00
binfmt_elf.c [PATCH] binflt_elf: remove more casts 2006-06-23 07:43:05 -07:00
binfmt_em86.c
binfmt_flat.c [PATCH] binfmt_flat: don't check for EMFILE 2006-05-21 12:59:17 -07:00
binfmt_misc.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
binfmt_script.c
binfmt_som.c [PATCH] mm: mm_init set_mm_counters 2005-10-29 21:40:38 -07:00
bio.c [PATCH] Fix missing ret assignment in __bio_map_user() error path 2006-06-17 10:52:12 -07:00
block_dev.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
buffer.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
char_dev.c [PATCH] Simplify proc/devices and fix early termination regression 2006-03-31 12:18:53 -08:00
compat_ioctl.c [PATCH] fs: Use ARRAY_SIZE macro 2006-03-24 07:33:19 -08:00
compat.c [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
dcache.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
dcookies.c [PATCH] Use __read_mostly on some hot fs variables 2006-03-26 08:56:56 -08:00
direct-io.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
dnotify.c [PATCH] Use __read_mostly on some hot fs variables 2006-03-26 08:56:56 -08:00
dquot.c BUG_ON() Conversion in fs/dquot.c 2006-04-02 13:36:13 +02:00
drop_caches.c [PATCH] drop-pagecache 2006-01-08 20:12:40 -08:00
eventpoll.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
exec.c [PATCH] remove steal_locks() 2006-06-22 15:05:57 -07:00
fcntl.c BUG_ON() Conversion in fs/fcntl.c 2006-04-02 13:37:19 +02:00
fifo.c [PATCH] pipe.c/fifo.c code cleanups 2006-04-11 13:53:33 +02:00
file_table.c [PATCH] percpu counter data type changes to suppport more than 2**31 ext3 free blocks counter 2006-06-23 07:43:06 -07:00
file.c [PATCH] for_each_possible_cpu: fixes for generic part 2006-03-28 09:16:05 -08:00
filesystems.c [PATCH] fix missing includes 2005-10-30 17:37:32 -08:00
fs-writeback.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
inode.c BUG_ON() Conversion in fs/inode.c 2006-04-02 13:38:18 +02:00
inotify_user.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
inotify.c [PATCH] inotify (4/5): allow watch removal from event handler 2006-06-20 05:25:19 -04:00
ioctl.c [PATCH] capable/capability.h (fs/) 2006-01-11 18:42:13 -08:00
ioprio.c [PATCH] lsm: add task_setioprio hook 2006-06-23 07:42:53 -07:00
Kconfig [PATCH] ufs: easy debug 2006-06-25 10:01:03 -07:00
Kconfig.binfmt [PATCH] frv: suppress configuration of certain features for FRV 2006-01-08 20:13:36 -08:00
libfs.c [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
locks.c [PATCH] fs/locks.c: make posix_locks_deadlock() static 2006-06-23 07:43:03 -07:00
Makefile [PATCH] inotify (1/5): split kernel API from userspace support 2006-06-20 05:25:17 -04:00
mbcache.c [PATCH] Typo fixes 2006-03-28 09:16:08 -08:00
mpage.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
namei.c [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
namespace.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
nfsctl.c [PATCH] fs: Use ARRAY_SIZE macro 2006-03-24 07:33:19 -08:00
open.c [PATCH] vfs: add lock owner argument to flush operation 2006-06-23 07:43:02 -07:00
pipe.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
pnode.c [PATCH] s/;;/;/g 2006-03-24 07:33:24 -08:00
pnode.h [PATCH] unbindable mounts 2005-11-07 18:18:11 -08:00
posix_acl.c [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
quota_v1.c
quota_v2.c [PATCH] sem2mutex: quota 2006-03-23 07:38:11 -08:00
quota.c [PATCH] sem2mutex: quota 2006-03-23 07:38:11 -08:00
read_write.c [PATCH] splice: unlikely() optimizations 2006-04-11 13:56:09 +02:00
readdir.c [PATCH] mutex subsystem, semaphore to mutex: VFS, ->i_sem 2006-01-09 15:59:24 -08:00
select.c [PATCH] Poll cleanups/microoptimizations 2006-06-23 07:43:03 -07:00
seq_file.c [PATCH] sem2mutex: fs/seq_file.c 2006-03-23 07:38:12 -08:00
splice.c [PATCH] splice: retrieve mapping after locking the page 2006-06-23 17:10:39 +02:00
stat.c [PATCH] powerpc: Wire up *at syscalls 2006-04-28 21:04:59 +10:00
super.c [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
sync.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
xattr_acl.c
xattr.c [PATCH] log more info for directory entry change events 2006-06-20 05:25:28 -04:00