On Mon, Jun 01, 2015 at 11:37:21AM -0700, Paul E. McKenney wrote:
> On Fri, May 29, 2015 at 11:53:37AM +0200, Alexander Gordeev wrote:
> > Currently a condition when RCU tree is unable to accommodate
> > the configured number of CPUs is not permitted and causes
> > a fall back to compile-time values. However, the code has no
> > means to exceed the RCU tree capacity neither at compile-time
> > nor in run-time. Therefore, if the condition is met in run-
> > time then it indicates a serios problem elsewhere and should
> > be handled with a panic.
> >
> > Cc: "Paul E. McKenney" <paul...@linux.vnet.ibm.com>
> > Cc: Steven Rostedt <rost...@goodmis.org>
> > Signed-off-by: Alexander Gordeev <agord...@redhat.com>
> > ---
> > kernel/rcu/tree.c | 15 +++++++++------
> > 1 file changed, 9 insertions(+), 6 deletions(-)
> >
> > diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
> > index 2fce662..66a4230 100644
> > --- a/kernel/rcu/tree.c
> > +++ b/kernel/rcu/tree.c
> > @@ -4117,16 +4117,19 @@ static void __init rcu_init_geometry(void)
> > rcu_capacity[i] = rcu_capacity[i - 1] * RCU_FANOUT;
> >
> > /*
> > + * The tree must be able to accommodate the configured number of CPUs.
> > + * If this limit is exceeded than we have a serious problem elsewhere.
> > + *
> > * The boot-time rcu_fanout_leaf parameter is only permitted
> > * to increase the leaf-level fanout, not decrease it. Of course,
> > * the leaf-level fanout cannot exceed the number of bits in
> > - * the rcu_node masks. Finally, the tree must be able to accommodate
> > - * the configured number of CPUs. Complain and fall back to the
> > - * compile-time values if these limits are exceeded.
> > + * the rcu_node masks. Complain and fall back to the compile-
> > + * time values if these limits are exceeded.
> > */
> > - if (rcu_fanout_leaf < RCU_FANOUT_LEAF ||
> > - rcu_fanout_leaf > sizeof(unsigned long) * 8 ||
> > - n > rcu_capacity[MAX_RCU_LVLS]) {
> > + if (n > rcu_capacity[MAX_RCU_LVLS])
> > + panic("rcu_init_geometry: rcu_capacity[] is too small");
>
> The way this is set up, if the boot parameter (illegally) sets
> rcu_fanout_lead smaller than RCU_FANOUT_LEAF, we might panic. It would
> be far better to first check for rcu_fanout_leaf being out of bounds,
> and only then have the possibility of panic(). That way, a typo in
> the rcu_fanout_leaf boot paremeter is ignored, but with a splat.
>
> Or am I missing something here?
I think you are quite right. But the bounds check is misplaced then.
I would say, it should be placed before rcu_capacity[] seed, as it
only deals with constants and has nothing with rcu_capacity[].
I will send the updated version.
> Thanx, Paul
>
> > + else if (rcu_fanout_leaf < RCU_FANOUT_LEAF ||
> > + rcu_fanout_leaf > sizeof(unsigned long) * 8) {
> > WARN_ON(1);
> > return;
> > }
> > --
> > 1.8.3.1
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Regards,
Alexander Gordeev
agord...@redhat.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
