From: Sam Ravnborg <sam@ravnborg.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linux Arch Mailing List <linux-arch@vger.kernel.org>,
Ralf Baechle <ralf@linux-mips.org>
Subject: Re: [PATCH REVISED] Avoid overflows in kernel/time.c
Date: Fri, 14 Dec 2007 09:10:33 +0100 [thread overview]
Message-ID: <20071214081033.GA17598@uranus.ravnborg.org> (raw)
In-Reply-To: <200712140113.lBE1DJvS000316@tazenda.hos.anvin.org>
On Thu, Dec 13, 2007 at 05:13:19PM -0800, H. Peter Anvin wrote:
> When the conversion factor between jiffies and milli- or microseconds
> is not a single multiply or divide, as for the case of HZ == 300, we
> currently do a multiply followed by a divide. The intervening
> result, however, is subject to overflows, especially since the
> fraction is not simplified (for HZ == 300, we multiply by 300 and
> divide by 1000).
>
> This is exposed to the user when passing a large timeout to poll(),
> for example.
>
> This patch replaces the multiply-divide with a reciprocal
> multiplication on 32-bit platforms. When the input is an unsigned
> long, there is no portable way to do this on 64-bit platforms there is
> no portable way to do this since it requires a 128-bit intermediate
> result (which gcc does support on 64-bit platforms but may generate
> libgcc calls, e.g. on 64-bit s390), but since the output is a 32-bit
> integer in the cases affected, just simplify the multiply-divide
> (*3/10 instead of *300/1000).
>
> The reciprocal multiply used can have off-by-one errors in the upper
> half of the valid output range. This could be avoided at the expense
> of having to deal with a potential 65-bit intermediate result. Since
> the intent is to avoid overflow problems and most of the other time
> conversions are only semiexact, the off-by-one errors were considered
> an acceptable tradeoff.
>
> NOTE: This patch uses a bc-based shell script to compute the
> appropriate constants. This script should be run by hand if new HZ
> values are created, as doing it automatically introduces a dependency
> on bc, and has been shown to be unreliable in some environments. The
> flipside, unfortunately, is that this may cause problems for "make
> randconfig" on MIPS and OMAP, which appear to allow arbitrary values
> to be entered into CONFIG_HZ.
I understood that bc is unreliable.
How about creating a small .c program that does to necessary computation
and integrate it in the build process.
It should be much cleaner than this approach.
Sam
next prev parent reply other threads:[~2007-12-14 8:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-14 1:13 [PATCH REVISED] Avoid overflows in kernel/time.c H. Peter Anvin
2007-12-14 8:10 ` Sam Ravnborg [this message]
2007-12-14 17:58 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071214081033.GA17598@uranus.ravnborg.org \
--to=sam@ravnborg.org \
--cc=akpm@linux-foundation.org \
--cc=hpa@zytor.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ralf@linux-mips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.