From: Zach Brown <zach.brown@oracle.com>
To: Matthew Wilcox <matthew@wil.cx>
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
Eric Sesterhenn <snakebyte@gmx.de>,
kernel-janitors@lists.osdl.org, linux-fsdevel@vger.kernel.org
Subject: Re: [KJ] [Patch] fs/ kzalloc conversions
Date: Sat, 25 Feb 2006 00:07:20 +0000 [thread overview]
Message-ID: <43FF9FB8.9030808@oracle.com> (raw)
In-Reply-To: <20060224152628.GO28587@parisc-linux.org>
> So the test isn't useless and we should use kcalloc here, otherwise an
> unthinking sysadmin can increment the aio_max_nr sysctl value to, let's
> say, 0x7fffffff. On a 32-bit machine, the multiplication will wrap,
> maybe turn into a small positive number, and we'll gleefully walk off
> the end of the array, corrupting data as we go.
nr_events isn't just limited by aio_max_nr, it's also clamped (oddly) by:
/* Prevent overflows */
if ((nr_events > (0x10000000U / sizeof(struct io_event))) ||
(nr_events > (0x10000000U / sizeof(struct kiocb)))) {
pr_debug("ENOMEM: nr_events too high\n");
return ERR_PTR(-EINVAL);
}
Does that put your mind at ease? (Barring reasonable unease at the
existence of confusing code :))
> And we should set the .extra1 and .extra2 values in the FS_AIO_MAX_NR
> clause of kernel/sysctl.c anyway. Does anyone have thoughts on what the
> *useful* range of this variable is?
Well, the tunable exists to cap the amount of kernel memory pinned in
event buffers. So some relation to the number of pages in the machine
wouldn't surprise me. I don't know what default portion would be
considered reasonable, though..
- z
_______________________________________________
Kernel-janitors mailing list
Kernel-janitors@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/kernel-janitors
WARNING: multiple messages have this Message-ID (diff)
From: Zach Brown <zach.brown@oracle.com>
To: Matthew Wilcox <matthew@wil.cx>
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
Eric Sesterhenn <snakebyte@gmx.de>,
kernel-janitors@lists.osdl.org, linux-fsdevel@vger.kernel.org
Subject: Re: [KJ] [Patch] fs/ kzalloc conversions
Date: Fri, 24 Feb 2006 16:07:20 -0800 [thread overview]
Message-ID: <43FF9FB8.9030808@oracle.com> (raw)
In-Reply-To: <20060224152628.GO28587@parisc-linux.org>
> So the test isn't useless and we should use kcalloc here, otherwise an
> unthinking sysadmin can increment the aio_max_nr sysctl value to, let's
> say, 0x7fffffff. On a 32-bit machine, the multiplication will wrap,
> maybe turn into a small positive number, and we'll gleefully walk off
> the end of the array, corrupting data as we go.
nr_events isn't just limited by aio_max_nr, it's also clamped (oddly) by:
/* Prevent overflows */
if ((nr_events > (0x10000000U / sizeof(struct io_event))) ||
(nr_events > (0x10000000U / sizeof(struct kiocb)))) {
pr_debug("ENOMEM: nr_events too high\n");
return ERR_PTR(-EINVAL);
}
Does that put your mind at ease? (Barring reasonable unease at the
existence of confusing code :))
> And we should set the .extra1 and .extra2 values in the FS_AIO_MAX_NR
> clause of kernel/sysctl.c anyway. Does anyone have thoughts on what the
> *useful* range of this variable is?
Well, the tunable exists to cap the amount of kernel memory pinned in
event buffers. So some relation to the number of pages in the machine
wouldn't surprise me. I don't know what default portion would be
considered reasonable, though..
- z
next prev parent reply other threads:[~2006-02-25 0:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-24 9:14 [KJ] [Patch] fs/ kzalloc conversions Eric Sesterhenn
2006-02-24 11:17 ` Alexey Dobriyan
2006-02-24 15:26 ` Matthew Wilcox
2006-02-24 15:26 ` Matthew Wilcox
2006-02-24 20:50 ` Eric Sesterhenn
2006-02-24 20:50 ` Eric Sesterhenn
2006-02-25 0:07 ` Zach Brown [this message]
2006-02-25 0:07 ` Zach Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43FF9FB8.9030808@oracle.com \
--to=zach.brown@oracle.com \
--cc=adobriyan@gmail.com \
--cc=kernel-janitors@lists.osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=matthew@wil.cx \
--cc=snakebyte@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.