Hi,
This patch fixes a subtle corruption when doing raw IO on the 2.2.x
kernel
with bigmem enabled. The problem was first reported by Markus Döhr while
running SAP DB on a variation of the 2.2.16 kernel with among others the
following patches installed,
> linux-2.2.16-rawio.patch
> linux-2.2.16-raw-fixup.patch
> linux-2.2.16-raw-fixup2.patch
> linux-2.2.16-bigmem.patch
> linux-2.2.16-bigmem-raw.patch
> linux-2.2.16-bigmem-dcache.patch
> linux-2.2.16-bigmem-initrd.patch
See http://marc.theaimsgroup.com/?l=linux-kernel&m=97038067229365&w=2
for the original description.
The corruption is caused by a bug in kiobuf_copy_bounce in fs/iobuf.c -
the
bigmem page containing the user data is not always copied to its
associated
bounce buffer. This would occur when an array of pages (>1) are passed
to
kiobuf_copy_bounce and a normal page happens to appear before a bigmem
page in the array, which in turn leads to the writing of uninitialized
(garbage)
pages to the raw device.
The corruption happens rather infrequently. It has been reproduced both
with
the SAP DB and without. It appears that intense paging activity
increases its
chance of occurrence.
Regards,
Peng Dai
Kernel Engineering Tel:
978-446-9166 ext. 276
Mission Critical Linux Inc. Fax:
978-446-9470
100 Foot of John Email:
[EMAIL PROTECTED]
Lowell, MA 01852
--- linux/fs/iobuf.c.orig Tue Nov 28 13:54:26 2000
+++ linux/fs/iobuf.c Tue Nov 28 13:55:17 2000
@@ -213,10 +213,10 @@
unsigned long kin, kout;
int pagelen = length;
- if (bounce_page) {
- if ((pagelen+offset) > PAGE_SIZE)
- pagelen = PAGE_SIZE - offset;
-
+ if ((pagelen+offset) > PAGE_SIZE)
+ pagelen = PAGE_SIZE - offset;
+
+ if (bounce_page) {
if (direction == COPY_TO_BOUNCE) {
kin = kmap(page, KM_READ);
kout = kmap(bounce_page, KM_WRITE);
