Linux 2.4 Status/TODO Page
                                      
   This list is almost always out of date, by definition, since kernel
   development moves so quickly. I try to keep it as up to date as
   possible, though.Please send updates to tytso@mit.edu.
   
   Every few days or so, I periodically send updated versions of this
   list to the linux-kernel list, but you should consult
   http://linux24.sourceforge.net to get the latest information.
   
   Last modified: [tytso:20000811.1722EDT]
   
   Hopefully up to date as of: test7-pre1
   
Should Be Fixed (Confirmation Wanted)
     * Fbcon races
       
Capable Of Corrupting Your FS
     * Use PCI DMA by default in IDE is unsafe (must not do so on via
       VPx, x < 3) (requires chipset tuning to be enabled according to
       Andre Hedrick --- we need to turn this on by default -- TYT)
       
Security
     * Fix module remove race bug (still to be done: TTY, ldisc, I2C,
       video_device - Al Viro) (OSS also needs to be fixed -- Christoph
       Hellwig will supply patch) (Rogier Wolff will handle ATM)
       (ipchains modules -- Rusty)
       
Boot Time Failures
     * AHA29xx driver appears to stomp other cards (may be BIOS)
     * AHA27xx is broken (maybe 28xx too)
     * Use PCI DMA 'lost interrupt' problem with some hw [which ?] (NEC
       Versa LX with PIIX tuning)
     * HT6560/UMC8672 ide sets up stuff too early (before region stuff
       can be done)
     * Crashes on boot on some Compaqs ? (may be fixed)
     * Boot hangs on a range of Dell docking stations (Latitude)
          + Almost certainly related: PCI code doesn't see devices behind
            DECchip 21150 PCI bridges (used in Dell Latitude). Reported
            by Simon Trimmer .
       
In Progress
     * Merge the network fixes (DaveM)
     * Finish I2O merge (Intel/Alan)
     * Restore O_SYNC functionality (Stephen) - core code and ext2 done
     * Fix all remaining PCI code to use pci_enable_device (mostly done)
       
Obvious Projects For People (well if you have the hardware..)
     * NCR5380 isnt smp safe
     * DMFE is not SMP safe
     * Make syncppp use new ppp code
     * Fix SPX socket code
     * Merge the 2.2 ServeRAID driver into 2.4 (Christoph Hellwig)
       
Fix Exists But Isnt Merged
     * Update SGI VisWS to new-style IRQ handling (Ingo)
     * Support MP table above 1Gig (Ingo)
     * Dont panic on boot when meeting HP boxes with wacked APIC table
       numbering (AC)
     * Scheduler bugs in RT (Dimitris)
     * AIC7xxx doesnt work non PCI ? (Doug says OK, new version due
       anyway)
     * Fix boards with different TSC per CPU and kill TSC use on them
     * Floppy last block cache flush error
     * PPC-specific: won't boot on 601 CPU's (powermac) (Andreas Tobler;
       Paul Mackerras has fix in PPC tree)
     * IRDA fixes (patches from Russell King sent to Linus and DAG)>
          + IRDA calls get_random_bytes before random is set up
          + Infinite loop in IrDA parameter code
          + Device name in /proc/net/irda/irias is not updated when
            /proc/sys/net/irda/devname is written
          + IrDA Discovery slot allocation is not random
     * Splitting a posix lock causes an infinite loop (Stephen Rothwell)
       
To Do
     * Check all devices use resources properly
     * Tulip hang on rmmod/crashes sometimes
     * Devfs races (mostly done - Al Viro)
     * Fix further NFS races (Al Viro)
     * Test other file systems on write
     * Audit all char and block drivers to ensure they are safe with the
       2.3 locking - a lot of them are not especially on the
       read()/write() path.
     * Fix mount failures due to copy_* user mishandling
     * Check all file systems are either LFS compliant or error large
       files
     * Issue with notifiers that try to deregister themselves? (lnz;
       notifier locking change by Garzik should backed out, according to
       Jeff)
     * Mount of new fs over existing mointpoint should return an error
       unless forced (Andrew McNabb, Alan Cox)
     * Kernel build has race conditions when building modversions.h
       (Mikael Pettersson)
     * Misc locking problems
          + drivers/pcmcia/ds.c: ds_read & ds_write. SMP locks are
            missing, on UP the sleep_on() use is unsafe.
          + drivers/usb/*.c
               o unsafe sleep_on users
               o usbpl_{read,write}(): on UP concurrent read/write
                 operations could corrupt the urb structures if
                 copy_to_user sleeps, on SMP it's worse.
               o do_execve (Al Viro, reported by Manfred)
               o misc ext2 races
     * Symbol clashes from ppp and irda compression code
     * Fix sysinfo interface so it is binary compatible with 2.2.x (i.e.
       mem_unit=1), except when memory >= 4Gb (Erik Andersen)
     * SCSI CD-ROM doesn't work on filesystems with < 2kb block size
       (Jens Axboe will fix)
       
To Do But Non Showstopper
     * Finish 64bit vfs merges (lockf64 and friends missing -- willy?)
     * Go through as 2.4pre kicks in and figure what we should mark
       obsolete for the final 2.4 (i.e. XT hard disk support?)
     * Union mount (Al Viro)
     * Per Process rtsigio limit
     * iget abuse in knfsd
     * Some people report 2.3.x serial problems
     * USB hangs on APM suspend on some machines
     * ISAPnP IRQ handling failing on SB1000 + resource handling bug
     * DVD-RAM is apparently not working for write currently (Rogier
       Wolff)
     * Parallel ports should set SA_SHIRQ if PCI (eg in Plip)
     * Devfs compiled in but not mounted causes crap for ->mnt_devname of
       root (Al Viro)
     * PCMCIA/Cardbus hangs (Basically unusable - Hinds pcmcia code is
       reliable)
          + PCMCIA crashes on unloading pci_socket
     * RTL 8139 cards sometimes stop responding. Both drivers don't
       handle this quite good enough yet. (reported by Rogier Wolff)
     * Can't compile CONFIG_IBMTR and CONFIG_PCMCIA_IBMTR in kernel at
       once; kernel link failes (rasmus)
       
To Check
     * Check O_APPEND atomicity bug fixing is complete
     * Protection on i_size (sct) [Al Viro mostly done]
     * Mikulas claims we need to fix the getblk/mark_buffer_uptodate
       thing for 2.3.x as well
     * Network block device seems broken by block device changes
     * VFS?VM - mmap/write deadlock (demo code seems to show lock is
       there)
     * kiobuf seperate lock functions/bounce/page_address fixes
     * Fix routing by fwmark
     * rw semaphores on inodes to fix read/truncate races ? [Probably
       fixed]
     * Not all device drivers are safe now the write inode lock isnt
       taken on write
     * Multiwrite IDE breaks on a disk error [minor issue at best]
       (hopefully fixed)
     * ACPI/APM suspend issue - IDE related stuff ? (requires full
       taskfile support that was vetoed by Linus)
     * NFS bugs are fixed
     * Chase reports of SMB not working
     * Some AWE cards are not being found by ISAPnP ??
     * SHM segments not always being detached and destroyed right ?
       (problem reported by Lincoln Dale)
     * RAM disk contents vanishing on cramfs (block change) and bforget
       cases
     * ACPI hangs on boot for some systems (Are there any cases left ?)
     * Disappointing performance of Software Raid, esp. write performance
       (reported by Nils Rennebarth)
     * List of potential problems found by Stanford students using g++
       hacks:
          + Andy Chou's list of mismatched spinlocks and interrupts/bh
            enable/disable.
          + Seth Andrew Hallem's list potentially sleeping functions
            called with interrupts off or spinlocks held.
          + Dawson Engler's list of potential kmalloc/kfree bugs
     * Potential deadlock in EMU10K driver when running SMP
       (orre@nada.kth.se, Alan)
     * Potential races in file locking code (Christian Ehrhardt)
          + locks_verify_area checks the wrong range if O_APPEND is set
            and the current file position is not at the end of the file.
          + dito if the file position changes between the call to
            locks_verify_area and the actual read/write (requires a
            shared file pointer, an attacker can use this to circumvent
            virtually any mandatory lock).
          + active writes should prevent anyone from getting mandatory
            locks for the area beeing written.
          + active reads should prevent anyone from getting mandatory
            write locks for the area beeing read.
     * Possible ppp problem (fail to connect; may be user error; reported
       by Matt Spong; claims worked on 2.3.40)
       
Probably Post 2.4
     * per super block write_super needs an async flag
     * addres_space needs a VM pressure/flush callback (Ingo)
     * per file_op rw_kiovec
     * rw sempahores on page faults (mmap_sem) (Currently protected by
       mmap_sem)
     _________________________________________________________________
   
Fixed
     * Incredibly slow loopback tcp bug (believed fixed about 2.3.48)
     * COMX series WAN now merged
     * VM needs rebalancing or we have a bad leak
     * SHM works chroot
     * SHM back compatibility
     * Intel i960 problems with I2O
     * Symbol clashes and other mess from _three_ copies of zlib!
     * PCI buffer overruns
     * Shared memory changes change the API breaking applications (eg
       gimp)
     * Finish softnet driver port over and cleanups
     * via rhine oopses under load ?
     * SCSI generic driver crashes controllers (need to pass
       PCI_DIR_UNKNOWN..)
     * UMSDOS fixups resync (not quite done)
     * Make NTFS sort of work
     * Any user can crash FAT fs code with ftruncate
     * AFFS fixups
     * Directory race fix for UFS
     * Security holes in execve()
     * Lan Media WAN update for 2.3
     * Get the Emu10K merged
     * Paride seems to need fixes for the block changes yet
     * Kernel corrupts fs and gs in some situations (Ulrich has demo
       code)
     * 1.07 AMI MegaRAID
     * Merge 2.2.15 changes (Alan)
     * Get RAID 0.90 in (Ingo)
     * S/390 Merge
     * NFS DoS fix (security)
     * Merge the RIO driver
     * Fix Space.c duplicate string/write to constants
     * Elevator and block handling queue change errors are all sorted
     * Make sure all drivers return 1 from their __setup functions (Done
       ?)
     * Enhanced disk statistics
     * Complete vfsmount merge (Al Viro)
     * Merge removed-buf-open directory stuff into VFS (Al Viro)
     * Problems with ip autoconfig according to Zaitcev
     * NFS causes dup kmem_create on reload (Trond)
     * vmalloc(GFP_DMA) is needed for DMA drivers (Ingo)
     * TLB flush should use highest priority (Ingo)
     * SMP affinity code creates multiple dirs with the same name (Ingo)
     * Set SMP affinity mask to actual cpu online mask (needed for some
       boards) (Ingo)
     * heavy swapping corrupts ptes (believed so)
     * pci_set_master forces a 64 latency on low latency setting
       devices.Some boards require all cards have latency <= 32
     * msync fails on NFS (probably fixed anyway)
     * Find out what has ruined disk I/O throughput. (mostly)
     * PIII FXSAVE/FXRESTORE support
     * The netdev name changing stuff broke GRE
     * put_user is broken for i386 machines (security) - sem stuff may be
       wrong too
     * BusLogic crashes when you cat /proc/scsi/BusLogic/0 (Robert de
       Vries)
     * Finish sorting out VM balancing (Rik Van Riel, Juan Quintela et
       al)
     * Fix eth= command line
     * 8139 + bridging fails
     * RtSig limit handling bug
     * Signals leak kernel memory (security) [FIX in ac tree]
     * TTY and N_HDLC layer called poll_wait twice per fd and corrupt
       memory
     * ATM layer calls poll_wait twice per fd and corrupts memory
     * Random calls poll_wait twice per fd and corrupts memory
     * PCI sound calls poll_wait twice per fd and corrupts memory
     * sbus audio calls poll_wait twice per fd and corrupts memory
     * IBM MCA driver breaks on Device_Inquiry at boot
     * SHM code corrupts memory (Russell)
     * Linux sends a 1K buffer with SCSI inquiries. The ANSI-SCSI limit
       is 255.
     * Linux uses TEST_UNIT_READY to chck for device presence on a
       PUN/LUN. The INQUIRY is the only valid test allowed by the spec.
     * truncate_inode_pages does unsafe page cache operations
     * Fix the ptrace code to be back compatible and add a new PTRACE
       call set for getting the PIII extra registers
     * EPIC100 fixes
     * Tlan and Epic100 crash under load
     * Fix hpfs_unlink (Al Viro)
     * exec loader permissions
     * Locking on getcwd
     * E820 memory setup causes crashes/corruption on some laptops[**VERY
       NASTY**] (fixed in test5)
     * Debian report that the gcc 2.95 possibly miscompiles fault.c or
       mm/remap.c (Perl script available from Arjan) (fixed in test2 or
       3)
     * Dcache threading (Al Viro)
     * Sockfs races (removing NULL ->i_sb stuf) (Al Viro)
     * Module remove race bug (done: anything with file_operations, fb
       stuff, procfs stuff - Al Viro)
     * DEFXX driver appears broken (reported fixed by Jeff Garzik)
     * Some FB drivers check the A000 area and find it busy then bomb out
       (checked and fixed, reported by Jeff Garzik)
     * Stick lock_kernel() calls around OSS driver with issues to hard to
       fix nicely for 2.4 itself (Alan, fixed)
     * Merge the current Compaq RAID driver into 2.4 (fixed, reported by
       thomas.hiller@sap.com)
     * mount crashes on Alpha platforms (fixed, reported by Thorsten
       Kranzkowski)
     * IDE fails on some VIA boards (eg the i-opener) (reported fixed by
       Konrad Stepien)
     * access_process_mm oops/lockup if task->mm changes (Manfred) [user
       can cause deliberately]
     * PCMCIA IRQ routing should now be fixed modulo ISA cards and bios
       doesn't tell us that an IRQ is ISA-only (Martin Mares)
     * TB Multisound driver hasnt been updated for new isa I/O totally.
       (reported fixed by John Coiner; see
       http://atv.ne.mediaone.net/linux-multisound)
     * yenta (PCMCIA) and pci_socket modules have mutual dependency
       (cardbus_register, yenta_operations) (test5, worked in test3)
       (reported fixed by Erik Mouw)
     * Keyboard/mouse problems (should be fixed?)
     * Loop device hangs (Peter Enderborg can duplicate by writing large
       file to dosfs mounted via loop device; Steve Dodd reports deadlock
       issues; Linus says fixed in test6)
     * Floppy driver broken by VFS changes. Other drivers may be too
       (Stuff gets called after _close now - unload race possibly too;
       should be fixed in test6)
       
Probably Hardware Bugs
     * Data corruption on IDE disks (Generic PCI DMA and SiS support
       Steven Walter) (sounds like PCChips #M599LMR motherboard doesn't
       disable UDMA when a non-UDMA cable is used. If you disable UDMA in
       the BIOS, then there is no problem. hardware bug?)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:25 EST