Linux 2.4 Status/TODO Page
This list is almost always out of date, by definition, since kernel
development moves so quickly. I try to keep it as up to date as
possible, though.Please send updates to tytso@mit.edu.
Every few days or so, I periodically send updated versions of this
list to the linux-kernel list, but you should consult
http://linux24.sourceforge.net to get the latest information.
Last modified: [tytso:20000811.1722EDT]
Hopefully up to date as of: test7-pre1
Should Be Fixed (Confirmation Wanted)
* Fbcon races
Capable Of Corrupting Your FS
* Use PCI DMA by default in IDE is unsafe (must not do so on via
VPx, x < 3) (requires chipset tuning to be enabled according to
Andre Hedrick --- we need to turn this on by default -- TYT)
Security
* Fix module remove race bug (still to be done: TTY, ldisc, I2C,
video_device - Al Viro) (OSS also needs to be fixed -- Christoph
Hellwig will supply patch) (Rogier Wolff will handle ATM)
(ipchains modules -- Rusty)
Boot Time Failures
* AHA29xx driver appears to stomp other cards (may be BIOS)
* AHA27xx is broken (maybe 28xx too)
* Use PCI DMA 'lost interrupt' problem with some hw [which ?] (NEC
Versa LX with PIIX tuning)
* HT6560/UMC8672 ide sets up stuff too early (before region stuff
can be done)
* Crashes on boot on some Compaqs ? (may be fixed)
* Boot hangs on a range of Dell docking stations (Latitude)
+ Almost certainly related: PCI code doesn't see devices behind
DECchip 21150 PCI bridges (used in Dell Latitude). Reported
by Simon Trimmer .
In Progress
* Merge the network fixes (DaveM)
* Finish I2O merge (Intel/Alan)
* Restore O_SYNC functionality (Stephen) - core code and ext2 done
* Fix all remaining PCI code to use pci_enable_device (mostly done)
Obvious Projects For People (well if you have the hardware..)
* NCR5380 isnt smp safe
* DMFE is not SMP safe
* Make syncppp use new ppp code
* Fix SPX socket code
* Merge the 2.2 ServeRAID driver into 2.4 (Christoph Hellwig)
Fix Exists But Isnt Merged
* Update SGI VisWS to new-style IRQ handling (Ingo)
* Support MP table above 1Gig (Ingo)
* Dont panic on boot when meeting HP boxes with wacked APIC table
numbering (AC)
* Scheduler bugs in RT (Dimitris)
* AIC7xxx doesnt work non PCI ? (Doug says OK, new version due
anyway)
* Fix boards with different TSC per CPU and kill TSC use on them
* Floppy last block cache flush error
* PPC-specific: won't boot on 601 CPU's (powermac) (Andreas Tobler;
Paul Mackerras has fix in PPC tree)
* IRDA fixes (patches from Russell King sent to Linus and DAG)>
+ IRDA calls get_random_bytes before random is set up
+ Infinite loop in IrDA parameter code
+ Device name in /proc/net/irda/irias is not updated when
/proc/sys/net/irda/devname is written
+ IrDA Discovery slot allocation is not random
* Splitting a posix lock causes an infinite loop (Stephen Rothwell)
To Do
* Check all devices use resources properly
* Tulip hang on rmmod/crashes sometimes
* Devfs races (mostly done - Al Viro)
* Fix further NFS races (Al Viro)
* Test other file systems on write
* Audit all char and block drivers to ensure they are safe with the
2.3 locking - a lot of them are not especially on the
read()/write() path.
* Fix mount failures due to copy_* user mishandling
* Check all file systems are either LFS compliant or error large
files
* Issue with notifiers that try to deregister themselves? (lnz;
notifier locking change by Garzik should backed out, according to
Jeff)
* Mount of new fs over existing mointpoint should return an error
unless forced (Andrew McNabb, Alan Cox)
* Kernel build has race conditions when building modversions.h
(Mikael Pettersson)
* Misc locking problems
+ drivers/pcmcia/ds.c: ds_read & ds_write. SMP locks are
missing, on UP the sleep_on() use is unsafe.
+ drivers/usb/*.c
o unsafe sleep_on users
o usbpl_{read,write}(): on UP concurrent read/write
operations could corrupt the urb structures if
copy_to_user sleeps, on SMP it's worse.
o do_execve (Al Viro, reported by Manfred)
o misc ext2 races
* Symbol clashes from ppp and irda compression code
* Fix sysinfo interface so it is binary compatible with 2.2.x (i.e.
mem_unit=1), except when memory >= 4Gb (Erik Andersen)
* SCSI CD-ROM doesn't work on filesystems with < 2kb block size
(Jens Axboe will fix)
To Do But Non Showstopper
* Finish 64bit vfs merges (lockf64 and friends missing -- willy?)
* Go through as 2.4pre kicks in and figure what we should mark
obsolete for the final 2.4 (i.e. XT hard disk support?)
* Union mount (Al Viro)
* Per Process rtsigio limit
* iget abuse in knfsd
* Some people report 2.3.x serial problems
* USB hangs on APM suspend on some machines
* ISAPnP IRQ handling failing on SB1000 + resource handling bug
* DVD-RAM is apparently not working for write currently (Rogier
Wolff)
* Parallel ports should set SA_SHIRQ if PCI (eg in Plip)
* Devfs compiled in but not mounted causes crap for ->mnt_devname of
root (Al Viro)
* PCMCIA/Cardbus hangs (Basically unusable - Hinds pcmcia code is
reliable)
+ PCMCIA crashes on unloading pci_socket
* RTL 8139 cards sometimes stop responding. Both drivers don't
handle this quite good enough yet. (reported by Rogier Wolff)
* Can't compile CONFIG_IBMTR and CONFIG_PCMCIA_IBMTR in kernel at
once; kernel link failes (rasmus)
To Check
* Check O_APPEND atomicity bug fixing is complete
* Protection on i_size (sct) [Al Viro mostly done]
* Mikulas claims we need to fix the getblk/mark_buffer_uptodate
thing for 2.3.x as well
* Network block device seems broken by block device changes
* VFS?VM - mmap/write deadlock (demo code seems to show lock is
there)
* kiobuf seperate lock functions/bounce/page_address fixes
* Fix routing by fwmark
* rw semaphores on inodes to fix read/truncate races ? [Probably
fixed]
* Not all device drivers are safe now the write inode lock isnt
taken on write
* Multiwrite IDE breaks on a disk error [minor issue at best]
(hopefully fixed)
* ACPI/APM suspend issue - IDE related stuff ? (requires full
taskfile support that was vetoed by Linus)
* NFS bugs are fixed
* Chase reports of SMB not working
* Some AWE cards are not being found by ISAPnP ??
* SHM segments not always being detached and destroyed right ?
(problem reported by Lincoln Dale)
* RAM disk contents vanishing on cramfs (block change) and bforget
cases
* ACPI hangs on boot for some systems (Are there any cases left ?)
* Disappointing performance of Software Raid, esp. write performance
(reported by Nils Rennebarth)
* List of potential problems found by Stanford students using g++
hacks:
+ Andy Chou's list of mismatched spinlocks and interrupts/bh
enable/disable.
+ Seth Andrew Hallem's list potentially sleeping functions
called with interrupts off or spinlocks held.
+ Dawson Engler's list of potential kmalloc/kfree bugs
* Potential deadlock in EMU10K driver when running SMP
(orre@nada.kth.se, Alan)
* Potential races in file locking code (Christian Ehrhardt)
+ locks_verify_area checks the wrong range if O_APPEND is set
and the current file position is not at the end of the file.
+ dito if the file position changes between the call to
locks_verify_area and the actual read/write (requires a
shared file pointer, an attacker can use this to circumvent
virtually any mandatory lock).
+ active writes should prevent anyone from getting mandatory
locks for the area beeing written.
+ active reads should prevent anyone from getting mandatory
write locks for the area beeing read.
* Possible ppp problem (fail to connect; may be user error; reported
by Matt Spong; claims worked on 2.3.40)
Probably Post 2.4
* per super block write_super needs an async flag
* addres_space needs a VM pressure/flush callback (Ingo)
* per file_op rw_kiovec
* rw sempahores on page faults (mmap_sem) (Currently protected by
mmap_sem)
_________________________________________________________________
Fixed
* Incredibly slow loopback tcp bug (believed fixed about 2.3.48)
* COMX series WAN now merged
* VM needs rebalancing or we have a bad leak
* SHM works chroot
* SHM back compatibility
* Intel i960 problems with I2O
* Symbol clashes and other mess from _three_ copies of zlib!
* PCI buffer overruns
* Shared memory changes change the API breaking applications (eg
gimp)
* Finish softnet driver port over and cleanups
* via rhine oopses under load ?
* SCSI generic driver crashes controllers (need to pass
PCI_DIR_UNKNOWN..)
* UMSDOS fixups resync (not quite done)
* Make NTFS sort of work
* Any user can crash FAT fs code with ftruncate
* AFFS fixups
* Directory race fix for UFS
* Security holes in execve()
* Lan Media WAN update for 2.3
* Get the Emu10K merged
* Paride seems to need fixes for the block changes yet
* Kernel corrupts fs and gs in some situations (Ulrich has demo
code)
* 1.07 AMI MegaRAID
* Merge 2.2.15 changes (Alan)
* Get RAID 0.90 in (Ingo)
* S/390 Merge
* NFS DoS fix (security)
* Merge the RIO driver
* Fix Space.c duplicate string/write to constants
* Elevator and block handling queue change errors are all sorted
* Make sure all drivers return 1 from their __setup functions (Done
?)
* Enhanced disk statistics
* Complete vfsmount merge (Al Viro)
* Merge removed-buf-open directory stuff into VFS (Al Viro)
* Problems with ip autoconfig according to Zaitcev
* NFS causes dup kmem_create on reload (Trond)
* vmalloc(GFP_DMA) is needed for DMA drivers (Ingo)
* TLB flush should use highest priority (Ingo)
* SMP affinity code creates multiple dirs with the same name (Ingo)
* Set SMP affinity mask to actual cpu online mask (needed for some
boards) (Ingo)
* heavy swapping corrupts ptes (believed so)
* pci_set_master forces a 64 latency on low latency setting
devices.Some boards require all cards have latency <= 32
* msync fails on NFS (probably fixed anyway)
* Find out what has ruined disk I/O throughput. (mostly)
* PIII FXSAVE/FXRESTORE support
* The netdev name changing stuff broke GRE
* put_user is broken for i386 machines (security) - sem stuff may be
wrong too
* BusLogic crashes when you cat /proc/scsi/BusLogic/0 (Robert de
Vries)
* Finish sorting out VM balancing (Rik Van Riel, Juan Quintela et
al)
* Fix eth= command line
* 8139 + bridging fails
* RtSig limit handling bug
* Signals leak kernel memory (security) [FIX in ac tree]
* TTY and N_HDLC layer called poll_wait twice per fd and corrupt
memory
* ATM layer calls poll_wait twice per fd and corrupts memory
* Random calls poll_wait twice per fd and corrupts memory
* PCI sound calls poll_wait twice per fd and corrupts memory
* sbus audio calls poll_wait twice per fd and corrupts memory
* IBM MCA driver breaks on Device_Inquiry at boot
* SHM code corrupts memory (Russell)
* Linux sends a 1K buffer with SCSI inquiries. The ANSI-SCSI limit
is 255.
* Linux uses TEST_UNIT_READY to chck for device presence on a
PUN/LUN. The INQUIRY is the only valid test allowed by the spec.
* truncate_inode_pages does unsafe page cache operations
* Fix the ptrace code to be back compatible and add a new PTRACE
call set for getting the PIII extra registers
* EPIC100 fixes
* Tlan and Epic100 crash under load
* Fix hpfs_unlink (Al Viro)
* exec loader permissions
* Locking on getcwd
* E820 memory setup causes crashes/corruption on some laptops[**VERY
NASTY**] (fixed in test5)
* Debian report that the gcc 2.95 possibly miscompiles fault.c or
mm/remap.c (Perl script available from Arjan) (fixed in test2 or
3)
* Dcache threading (Al Viro)
* Sockfs races (removing NULL ->i_sb stuf) (Al Viro)
* Module remove race bug (done: anything with file_operations, fb
stuff, procfs stuff - Al Viro)
* DEFXX driver appears broken (reported fixed by Jeff Garzik)
* Some FB drivers check the A000 area and find it busy then bomb out
(checked and fixed, reported by Jeff Garzik)
* Stick lock_kernel() calls around OSS driver with issues to hard to
fix nicely for 2.4 itself (Alan, fixed)
* Merge the current Compaq RAID driver into 2.4 (fixed, reported by
thomas.hiller@sap.com)
* mount crashes on Alpha platforms (fixed, reported by Thorsten
Kranzkowski)
* IDE fails on some VIA boards (eg the i-opener) (reported fixed by
Konrad Stepien)
* access_process_mm oops/lockup if task->mm changes (Manfred) [user
can cause deliberately]
* PCMCIA IRQ routing should now be fixed modulo ISA cards and bios
doesn't tell us that an IRQ is ISA-only (Martin Mares)
* TB Multisound driver hasnt been updated for new isa I/O totally.
(reported fixed by John Coiner; see
http://atv.ne.mediaone.net/linux-multisound)
* yenta (PCMCIA) and pci_socket modules have mutual dependency
(cardbus_register, yenta_operations) (test5, worked in test3)
(reported fixed by Erik Mouw)
* Keyboard/mouse problems (should be fixed?)
* Loop device hangs (Peter Enderborg can duplicate by writing large
file to dosfs mounted via loop device; Steve Dodd reports deadlock
issues; Linus says fixed in test6)
* Floppy driver broken by VFS changes. Other drivers may be too
(Stuff gets called after _close now - unload race possibly too;
should be fixed in test6)
Probably Hardware Bugs
* Data corruption on IDE disks (Generic PCI DMA and SiS support
Steven Walter) (sounds like PCChips #M599LMR motherboard doesn't
disable UDMA when a non-UDMA cable is used. If you disable UDMA in
the BIOS, then there is no problem. hardware bug?)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:25 EST