On Sat, Jun 20, 2009 at 4:54 PM, Jeff Law<l...@redhat.com> wrote:
>
> Imagine a loop like this
>
> EXECUTE_IF_SET_IN_BITMAP (something, 0, i, bi)
>  {
>   bitmap_clear_bit (something, i)
>   [ ... whatever code we want to process i, ... ]
>  }
>
> This code is unsafe.
>
> If bit I happens to be the only bit set in the current bitmap word, then
> bitmap_clear_bit will free the current element and return it to the element
> free list where it can be recycled.
>
> So assume the bitmap element gets recycled for some other bitmap...  We then
> come around to the top of the loop where EXECUTE_IF_SET_IN_BITMAP will call
> bmp_iter_set which can reference the recycled element when it tries to
> advance to the next element via bi->elt1 = bi->elt1->next.  So we start
> iterating on elements of a completely different bitmap.  You can assume this
> is not good.
>
> Our documentation clearly states that I is to remain unchanged, but ISTM
> that the bitmap we're iterating over needs to remain unchanged as well.
> Is this a known issue, or am I just the lucky bastard who tripped over it
> and now gets to audit all the EXECUTE_IF_SET_IN_BITMAP loops?

It is known (but maybe not appropriately documented) that deleting
bits in the bitmap you iterate over is not safe.  If it would be me I would
see if I could make it safe though.

Richard.

> Jeff
>

Reply via email to