Kfifo is a ring-buffer in kernel which can be used as a lock-free way
for concurrent read/write when there are only one producer and one
consumer. Details of its design can be found in kernel/kfifo.c and
include/linux/kfifo.h.
You will find that the 'in' and 'out' fields of 'struct kfifo' are
both represented as 'unsigned int' and in most cases 'in' is larger
than 'out' and their difference will NOT be over 'size'.
Now the problem is that 'in' will be *smaller* than 'out' when 'in'
overflows and 'out' doesn't (Yes, this may occur quietly.). This is
NOT what we expect, though it may not cause any serious problems if we
carefully use kfifo*() functions. And this is really a bug. This bug
affects the kernel since version 2.6.10. I have tested this patch on
x86 machines.
Signed-off-by: WANG Cong <[EMAIL PROTECTED]>
---
--- kernel/kfifo.c.orig 2007-02-07 19:42:51.000000000 +0800
+++ kernel/kfifo.c 2007-02-07 19:43:31.000000000 +0800
@@ -24,6 +24,7 @@
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/kfifo.h>
+#include <linux/compiler.h>
/**
* kfifo_init - allocates a new FIFO using a preallocated buffer
@@ -120,6 +121,12 @@ unsigned int __kfifo_put(struct kfifo *f
{
unsigned int l;
+ /*If only fifo->in overflows, let both overflow!*/
+ if (unlikely(fifo->in < fifo->out)) {
+ fifo->out += fifo->size;
+ fifo->in += fifo->size;
+ }
+
len = min(len, fifo->size - fifo->in + fifo->out);
/*
@@ -166,6 +173,12 @@ unsigned int __kfifo_get(struct kfifo *f
{
unsigned int l;
+ /*If only fifo->in overflows, let both overflow!*/
+ if (unlikely(fifo->in < fifo->out)) {
+ fifo->out += fifo->size;
+ fifo->in += fifo->size;
+ }
+
len = min(len, fifo->in - fifo->out);
/*
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
