Re: [PATCH v2 1/9] rcu: Panic if RCU tree can not accommodate all CPUs

["Paul E. McKenney" <paulmck@linux.vnet.ibm.com>]

On Tue, Jun 02, 2015 at 07:45:27AM +0100, Alexander Gordeev wrote:
> On Mon, Jun 01, 2015 at 11:37:21AM -0700, Paul E. McKenney wrote:
> > On Fri, May 29, 2015 at 11:53:37AM +0200, Alexander Gordeev wrote:
> > > Currently a condition when RCU tree is unable to accommodate
> > > the configured number of CPUs is not permitted and causes
> > > a fall back to compile-time values. However, the code has no
> > > means to exceed the RCU tree capacity neither at compile-time
> > > nor in run-time. Therefore, if the condition is met in run-
> > > time then it indicates a serios problem elsewhere and should
> > > be handled with a panic.
> > > 
> > > Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
> > > Cc: Steven Rostedt <rostedt@goodmis.org>
> > > Signed-off-by: Alexander Gordeev <agordeev@redhat.com>
> > > ---
> > >  kernel/rcu/tree.c | 15 +++++++++------
> > >  1 file changed, 9 insertions(+), 6 deletions(-)
> > > 
> > > diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
> > > index 2fce662..66a4230 100644
> > > --- a/kernel/rcu/tree.c
> > > +++ b/kernel/rcu/tree.c
> > > @@ -4117,16 +4117,19 @@ static void __init rcu_init_geometry(void)
> > >  		rcu_capacity[i] = rcu_capacity[i - 1] * RCU_FANOUT;
> > > 
> > >  	/*
> > > +	 * The tree must be able to accommodate the configured number of CPUs.
> > > +	 * If this limit is exceeded than we have a serious problem elsewhere.
> > > +	 *
> > >  	 * The boot-time rcu_fanout_leaf parameter is only permitted
> > >  	 * to increase the leaf-level fanout, not decrease it.  Of course,
> > >  	 * the leaf-level fanout cannot exceed the number of bits in
> > > -	 * the rcu_node masks.  Finally, the tree must be able to accommodate
> > > -	 * the configured number of CPUs.  Complain and fall back to the
> > > -	 * compile-time values if these limits are exceeded.
> > > +	 * the rcu_node masks.  Complain and fall back to the compile-
> > > +	 * time values if these limits are exceeded.
> > >  	 */
> > > -	if (rcu_fanout_leaf < RCU_FANOUT_LEAF ||
> > > -	    rcu_fanout_leaf > sizeof(unsigned long) * 8 ||
> > > -	    n > rcu_capacity[MAX_RCU_LVLS]) {
> > > +	if (n > rcu_capacity[MAX_RCU_LVLS])
> > > +		panic("rcu_init_geometry: rcu_capacity[] is too small");
> > 
> > The way this is set up, if the boot parameter (illegally) sets
> > rcu_fanout_lead smaller than RCU_FANOUT_LEAF, we might panic.  It would
> > be far better to first check for rcu_fanout_leaf being out of bounds,
> > and only then have the possibility of panic().  That way, a typo in
> > the rcu_fanout_leaf boot paremeter is ignored, but with a splat.
> > 
> > Or am I missing something here?
> 
> I think you are quite right. But the bounds check is misplaced then.
> I would say, it should be placed before rcu_capacity[] seed, as it
> only deals with constants and has nothing with rcu_capacity[].

That makes sense as well.

> I will send the updated version.

Very good, looking forward to it!

By the way, on the specific configurations that I test, the patch
generates the same topology as previously, which is reassuring.
An exhaustive test is needed, of course.

							Thanx, Paul

> > > +	else if (rcu_fanout_leaf < RCU_FANOUT_LEAF ||
> > > +		 rcu_fanout_leaf > sizeof(unsigned long) * 8) {
> > >  		WARN_ON(1);
> > >  		return;
> > >  	}
> > > -- 
> > > 1.8.3.1
> > > 
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/
> 
> -- 
> Regards,
> Alexander Gordeev
> agordeev@redhat.com
>