linux/include/asm-i386
NeilBrown 01408c4939 [PATCH] Prepare for __copy_from_user_inatomic to not zero missed bytes
The problem is that when we write to a file, the copy from userspace to
pagecache is first done with preemption disabled, so if the source address is
not immediately available the copy fails *and* *zeros* *the* *destination*.

This is a problem because a concurrent read (which admittedly is an odd thing
to do) might see zeros rather that was there before the write, or what was
there after, or some mixture of the two (any of these being a reasonable thing
to see).

If the copy did fail, it will immediately be retried with preemption
re-enabled so any transient problem with accessing the source won't cause an
error.

The first copying does not need to zero any uncopied bytes, and doing so
causes the problem.  It uses copy_from_user_atomic rather than copy_from_user
so the simple expedient is to change copy_from_user_atomic to *not* zero out
bytes on failure.

The first of these two patches prepares for the change by fixing two places
which assume copy_from_user_atomic does zero the tail.  The two usages are
very similar pieces of code which copy from a userspace iovec into one or more
page-cache pages.  These are changed to remove the assumption.

The second patch changes __copy_from_user_inatomic* to not zero the tail.
Once these are accepted, I will look at similar patches of other architectures
where this is important (ppc, mips and sparc being the ones I can find).

This patch:

There is a problem with __copy_from_user_inatomic zeroing the tail of the
buffer in the case of an error.  As it is called in atomic context, the error
may be transient, so it results in zeros being written where maybe they
shouldn't be.

In the usage in filemap, this opens a window for a well timed read to see data
(zeros) which is not consistent with any ordering of reads and writes.

Most cases where __copy_from_user_inatomic is called, a failure results in
__copy_from_user being called immediately.  As long as the latter zeros the
tail, the former doesn't need to.  However in *copy_from_user_iovec
implementations (in both filemap and ntfs/file), it is assumed that
copy_from_user_inatomic will zero the tail.

This patch removes that assumption, so that after this patch it will
be safe for copy_from_user_inatomic to not zero the tail.

This patch also adds some commentary to filemap.h and asm-i386/uaccess.h.

After this patch, all architectures that might disable preempt when
kmap_atomic is called need to have their __copy_from_user_inatomic* "fixed".
This includes
 - powerpc
 - i386
 - mips
 - sparc

Signed-off-by: Neil Brown <neilb@suse.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Anton Altaparmakov <aia21@cantab.net>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: William Lee Irwin III <wli@holomorphy.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-25 10:01:09 -07:00
..
mach-bigsmp [PATCH] x86: convert bigsmp to use flat physical mode 2006-01-06 08:33:37 -08:00
mach-default [PATCH] Clean up and refactor i386 sub-architecture setup 2006-06-25 10:00:55 -07:00
mach-es7000 [PATCH] Compilation fix for ES7000 when no ACPI is specified in config (i386) 2006-03-23 07:38:04 -08:00
mach-generic [PATCH] x86: sutomatically enable bigsmp when we have more than 8 CPUs 2005-09-05 00:06:10 -07:00
mach-numaq [PATCH] Do not enforce unique IO_APIC_ID check for xAPIC systems (i386) 2005-06-23 09:45:09 -07:00
mach-summit Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
mach-visws [PATCH] Clean up and refactor i386 sub-architecture setup 2006-06-25 10:00:55 -07:00
mach-voyager [PATCH] Clean up and refactor i386 sub-architecture setup 2006-06-25 10:00:55 -07:00
8253pit.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
a.out.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
acpi.h [PATCH] don't call check_acpi_pci() on x86 with ACPI disabled 2006-03-22 07:53:54 -08:00
agp.h [PATCH] i386: inline asm cleanup 2005-09-05 00:06:11 -07:00
alternative.h [PATCH] x86: compile fix for asm-i386/alternatives.h 2006-06-23 07:42:59 -07:00
apic.h [PATCH] arch/i386/kernel/apic.c: make modern_apic() static 2006-06-23 07:42:56 -07:00
apicdef.h x86_64: Remove stale lapic definition from apicdef.h 2006-04-01 22:50:03 -05:00
arch_hooks.h [PATCH] x86: early printk handling fixes 2006-03-23 07:38:05 -08:00
atomic.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
auxvec.h [PATCH] auxiliary vector cleanups 2005-09-07 16:57:21 -07:00
bitops.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
boot.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
bug.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
bugs.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
byteorder.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
cache.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
cacheflush.h [PATCH] x86/x86_64: mark rodata section read only: x86 parts 2006-01-06 08:33:36 -08:00
checksum.h [NET]: Fix ipl=>ihl typo in ip_fast_csum 2005-08-29 16:02:48 -07:00
cpu.h [PATCH] i386 CPU hotplug 2005-06-25 16:24:29 -07:00
cpufeature.h [PATCH] x86: VIA C7 CPU flags 2006-06-23 07:42:59 -07:00
cputime.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
current.h [PATCH] mark several functions __always_inline 2006-01-14 18:27:15 -08:00
debugreg.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
delay.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
desc.h [PATCH] x86: fix broken SMP boot sequence 2006-02-24 14:31:38 -08:00
div64.h [PATCH] include/asm-i386/: "extern inline" -> "static inline" 2005-09-10 10:06:34 -07:00
dma-mapping.h [PATCH] i386: make pci_map_single/pci_map_sg warn for zero length. 2006-01-11 19:04:56 -08:00
dma.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
dmi.h [PATCH] x86_64: Implement early DMI scanning 2006-03-25 09:10:55 -08:00
e820.h [PATCH] x86_64: Introduce e820_all_mapped 2006-04-09 11:53:50 -07:00
edac.h [PATCH] EDAC: core EDAC support code 2006-01-18 19:20:31 -08:00
elf.h [PATCH] fix remaining missing includes 2005-11-07 07:53:41 -08:00
emergency-restart.h [PATCH] i386: Implement machine_emergency_reboot 2005-07-26 14:35:42 -07:00
errno.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fcntl.h [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
fixmap.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
floppy.h [PATCH] random: remove SA_SAMPLE_RANDOM from floppy driver 2006-06-25 10:01:00 -07:00
futex.h [PATCH] lightweight robust futexes updates 2006-03-27 08:44:49 -08:00
genapic.h [PATCH] Do not enforce unique IO_APIC_ID check for xAPIC systems (i386) 2005-06-23 09:45:09 -07:00
hardirq.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
highmem.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
hpet.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
hw_irq.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
i387.h [PATCH] i386: fix broken FP exception handling 2006-04-29 14:13:16 -07:00
i8253.h [PATCH] x86: i8253/i8259A lock cleanup 2005-06-30 08:45:10 -07:00
i8259.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ide.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
io.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
io_apic.h Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2006-05-24 09:22:21 +01:00
ioctl.h [PATCH] Generic ioctl.h 2006-01-10 08:01:34 -08:00
ioctls.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipc.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipcbuf.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
irq.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ist.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
kdebug.h [PATCH] Notifier chain update: API changes 2006-03-27 08:44:50 -08:00
kexec.h [PATCH] Kdump: i386 compiler warning fix 2006-01-10 08:01:27 -08:00
kmap_types.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
kprobes.h [PATCH] x86: kprobes-booster 2006-03-26 08:57:04 -08:00
ldt.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
linkage.h [PATCH] i386: fix prevent_tail_call 2005-05-26 16:16:16 -07:00
local.h [PATCH] make local_t signed 2006-03-31 12:18:55 -08:00
math_emu.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mc146818rtc.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mca.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mca_dma.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mce.h [PATCH] Don't trigger full rebuild via CONFIG_X86_MCE 2006-06-23 07:42:56 -07:00
mman.h [PATCH] add asm-generic/mman.h 2006-02-15 15:32:22 -08:00
mmu.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mmu_context.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
mmx.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mmzone.h [PATCH] unify pfn_to_page: i386 pfn_to_page 2006-03-27 08:44:44 -08:00
module.h [PATCH] Base support for AMD Geode GX/LX processors 2006-01-06 08:33:38 -08:00
mpspec.h [PATCH] mptspec: remove duplicate #include 2006-04-11 06:18:34 -07:00
mpspec_def.h [PATCH] mpspec: remove unneeded packed attribute 2006-01-06 08:33:39 -08:00
msgbuf.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
msi.h [PATCH] PCI: cleanup unused variable about msi driver 2006-06-21 12:00:00 -07:00
msr.h [PATCH] x86: more asm cleanups 2005-09-05 00:06:12 -07:00
mtrr.h [PATCH] Don't trigger full rebuild via CONFIG_MTRR 2006-06-23 07:42:56 -07:00
mutex.h [PATCH] x86: SMP alternatives 2006-03-23 07:38:04 -08:00
namei.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nmi.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
node.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
numa.h [PATCH] x86-64: Use ACPI PXM to parse PCI<->node assignments 2005-09-12 10:49:57 -07:00
numaq.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
page.h Exclude asm-generic/{page,memory_model}.h from user bits of i386/x86_64 page.h 2006-04-27 15:48:08 +01:00
param.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
parport.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pci-direct.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pci.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
percpu.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pgalloc.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
pgtable-2level-defs.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pgtable-2level.h [PATCH] x86/PAE: Fix pte_clear for the >4GB RAM case 2006-04-27 12:00:59 -07:00
pgtable-3level-defs.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pgtable-3level.h [PATCH] x86/PAE: Fix pte_clear for the >4GB RAM case 2006-04-27 12:00:59 -07:00
pgtable.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2006-04-29 01:42:26 +01:00
poll.h [PATCH] POLLRDHUP/EPOLLRDHUP handling for half-closed devices notifications 2006-03-25 08:22:56 -08:00
posix_types.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
processor.h [PATCH] Don't trigger full rebuild via CONFIG_X86_MCE 2006-06-23 07:42:56 -07:00
ptrace.h [PATCH] PTRACE_SYSEMU is only for i386 and clashes with other ptrace codes of other archs 2006-01-08 20:14:04 -08:00
resource.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
rtc.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
rwlock.h [PATCH] x86: SMP alternatives 2006-03-23 07:38:04 -08:00
rwsem.h [PATCH] add sem_is_read/write_locked() 2005-10-29 21:40:35 -07:00
scatterlist.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
seccomp.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sections.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
segment.h [PATCH] x86: Pnp segments in segment h 2006-01-06 08:33:34 -08:00
semaphore.h [PATCH] x86: SMP alternatives 2006-03-23 07:38:04 -08:00
sembuf.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
serial.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
setup.h [PATCH] Clean up and refactor i386 sub-architecture setup 2006-06-25 10:00:55 -07:00
shmbuf.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
shmparam.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sigcontext.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
siginfo.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
signal.h [PATCH] Handle TIF_RESTORE_SIGMASK for i386 2006-01-18 19:20:29 -08:00
smp.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
socket.h [NET]: Introduce SO_{SND,RCV}BUFFORCE socket options 2005-08-29 15:31:35 -07:00
sockios.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sparsemem.h [PATCH] sparsemem memory model for i386 2005-06-23 09:45:05 -07:00
spinlock.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
spinlock_types.h [PATCH] spinlock consolidation 2005-09-10 10:06:21 -07:00
srat.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
stat.h [PATCH] 2TB files: st_blocks is invalid when calling stat64 2006-03-26 08:57:00 -08:00
statfs.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
string.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
suspend.h [PATCH] i386: Use loaddebug macro consistently 2005-04-16 15:24:46 -07:00
system.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
termbits.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
termios.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
thread_info.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
timer.h [PATCH] add suspend/resume for timer 2005-09-05 00:06:18 -07:00
timex.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
tlb.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
tlbflush.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
topology.h [PATCH] sched: new sched domain for representing multi-core 2006-03-27 08:44:43 -08:00
types.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
uaccess.h [PATCH] Prepare for __copy_from_user_inatomic to not zero missed bytes 2006-06-25 10:01:09 -07:00
ucontext.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
unaligned.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
unistd.h [PATCH] sys_move_pages: 32bit support (i386, x86_64) 2006-06-23 07:42:53 -07:00
user.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
vga.h [PATCH] vgacon: make VGA_MAP_MEM take size, remove extra use 2006-06-22 15:05:58 -07:00
vic.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
vm86.h [PATCH] Make vm86 support optional 2006-01-08 20:14:11 -08:00
voyager.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xor.h [PATCH] i386: inline asm cleanup 2005-09-05 00:06:11 -07:00