From: zijun_hu <zijun_hu@zoho.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
zijun_hu@htc.com, akpm@linux-foundation.org, rientjes@google.com,
tj@kernel.org, sfr@canb.auug.org.au, mingo@kernel.org,
iamjoonsoo.kim@lge.com, mgorman@techsingularity.net,
hannes@cmpxchg.org, chris@chris-wilson.co.uk,
vdavydov.dev@gmail.com, Nicholas Piggin <npiggin@gmail.com>,
Michal Hocko <mhocko@kernel.org>
Subject: Re: [RFC PATCH 1/1] mm/vmalloc.c: correct logic errors when insert vmap_area
Date: Thu, 13 Oct 2016 14:39:56 +0800 [thread overview]
Message-ID: <57FF2C3C.5070507@zoho.com> (raw)
In-Reply-To: <20161012144610.GN17128@dhcp22.suse.cz>
Hi Nicholas,
i find __insert_vmap_area() is introduced by you
could you offer comments for this patch related to that funciton
thanks
On 10/12/2016 10:46 PM, Michal Hocko wrote:
> [Let's CC Nick who has written this code]
>
> On Wed 12-10-16 22:30:13, zijun_hu wrote:
>> From: zijun_hu <zijun_hu@htc.com>
>>
>> the KVA allocator organizes vmap_areas allocated by rbtree. in order to
>> insert a new vmap_area @i_va into the rbtree, walk around the rbtree from
>> root and compare the vmap_area @t_va met on the rbtree against @i_va; walk
>> toward the left branch of @t_va if @i_va is lower than @t_va, and right
>> branch if higher, otherwise handle this error case since @i_va has overlay
>> with @t_va; however, __insert_vmap_area() don't follow the desired
>> procedure rightly, moreover, it includes a meaningless else if condition
>> and a redundant else branch as shown by comments in below code segments:
>> static void __insert_vmap_area(struct vmap_area *va)
>> {
>> as a internal interface parameter, we assume vmap_area @va has nonzero size
>> ...
>> if (va->va_start < tmp->va_end)
>> p = &(*p)->rb_left;
>> else if (va->va_end > tmp->va_start)
>> p = &(*p)->rb_right;
>> this else if condition is always true and meaningless due to
>> va->va_end > va->va_start >= tmp_va->va_end > tmp_va->va_start normally
>> else
>> BUG();
>> this BUG() is meaningless too due to never be reached normally
>> ...
>> }
>>
>> it looks like the else if condition and else branch are canceled. no errors
>> are caused since the vmap_area @va to insert as a internal interface
>> parameter doesn't have overlay with any one on the rbtree normally. however
>> __insert_vmap_area() looks weird and really has several logic errors as
>> pointed out above when it is viewed as a separate function.
>
> I have tried to read this several times but I am completely lost to
> understand what the actual bug is and how it causes vmap_area sorting to
> misbehave. So is this a correctness issue, performance improvement or
> theoretical fix for an incorrect input?
>
>> fix by walking around vmap_area rbtree as described above to insert
>> a vmap_area.
>>
>> BTW, (va->va_end == tmp_va->va_start) is consider as legal case since it
>> indicates vmap_area @va left neighbors with @tmp_va tightly.
>>
>> Fixes: db64fe02258f ("mm: rewrite vmap layer")
>> Signed-off-by: zijun_hu <zijun_hu@htc.com>
>> ---
>> mm/vmalloc.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
>> index 5daf3211b84f..8b80931654b7 100644
>> --- a/mm/vmalloc.c
>> +++ b/mm/vmalloc.c
>> @@ -321,10 +321,10 @@ static void __insert_vmap_area(struct vmap_area *va)
>>
>> parent = *p;
>> tmp_va = rb_entry(parent, struct vmap_area, rb_node);
>> - if (va->va_start < tmp_va->va_end)
>> - p = &(*p)->rb_left;
>> - else if (va->va_end > tmp_va->va_start)
>> - p = &(*p)->rb_right;
>> + if (va->va_end <= tmp_va->va_start)
>> + p = &parent->rb_left;
>> + else if (va->va_start >= tmp_va->va_end)
>> + p = &parent->rb_right;
>> else
>> BUG();
>> }
>> --
>> 1.9.1
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: zijun_hu <zijun_hu@zoho.com>
To: Nicholas Piggin <npiggin@gmail.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
zijun_hu@htc.com, akpm@linux-foundation.org, rientjes@google.com,
tj@kernel.org, sfr@canb.auug.org.au, mingo@kernel.org,
iamjoonsoo.kim@lge.com, mgorman@techsingularity.net,
hannes@cmpxchg.org, chris@chris-wilson.co.uk,
vdavydov.dev@gmail.com, Nicholas Piggin <npiggin@gmail.com>,
Michal Hocko <mhocko@kernel.org>
Subject: Re: [RFC PATCH 1/1] mm/vmalloc.c: correct logic errors when insert vmap_area
Date: Thu, 13 Oct 2016 14:39:56 +0800 [thread overview]
Message-ID: <57FF2C3C.5070507@zoho.com> (raw)
In-Reply-To: <20161012144610.GN17128@dhcp22.suse.cz>
Hi Nicholas,
i find __insert_vmap_area() is introduced by you
could you offer comments for this patch related to that funciton
thanks
On 10/12/2016 10:46 PM, Michal Hocko wrote:
> [Let's CC Nick who has written this code]
>
> On Wed 12-10-16 22:30:13, zijun_hu wrote:
>> From: zijun_hu <zijun_hu@htc.com>
>>
>> the KVA allocator organizes vmap_areas allocated by rbtree. in order to
>> insert a new vmap_area @i_va into the rbtree, walk around the rbtree from
>> root and compare the vmap_area @t_va met on the rbtree against @i_va; walk
>> toward the left branch of @t_va if @i_va is lower than @t_va, and right
>> branch if higher, otherwise handle this error case since @i_va has overlay
>> with @t_va; however, __insert_vmap_area() don't follow the desired
>> procedure rightly, moreover, it includes a meaningless else if condition
>> and a redundant else branch as shown by comments in below code segments:
>> static void __insert_vmap_area(struct vmap_area *va)
>> {
>> as a internal interface parameter, we assume vmap_area @va has nonzero size
>> ...
>> if (va->va_start < tmp->va_end)
>> p = &(*p)->rb_left;
>> else if (va->va_end > tmp->va_start)
>> p = &(*p)->rb_right;
>> this else if condition is always true and meaningless due to
>> va->va_end > va->va_start >= tmp_va->va_end > tmp_va->va_start normally
>> else
>> BUG();
>> this BUG() is meaningless too due to never be reached normally
>> ...
>> }
>>
>> it looks like the else if condition and else branch are canceled. no errors
>> are caused since the vmap_area @va to insert as a internal interface
>> parameter doesn't have overlay with any one on the rbtree normally. however
>> __insert_vmap_area() looks weird and really has several logic errors as
>> pointed out above when it is viewed as a separate function.
>
> I have tried to read this several times but I am completely lost to
> understand what the actual bug is and how it causes vmap_area sorting to
> misbehave. So is this a correctness issue, performance improvement or
> theoretical fix for an incorrect input?
>
>> fix by walking around vmap_area rbtree as described above to insert
>> a vmap_area.
>>
>> BTW, (va->va_end == tmp_va->va_start) is consider as legal case since it
>> indicates vmap_area @va left neighbors with @tmp_va tightly.
>>
>> Fixes: db64fe02258f ("mm: rewrite vmap layer")
>> Signed-off-by: zijun_hu <zijun_hu@htc.com>
>> ---
>> mm/vmalloc.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
>> index 5daf3211b84f..8b80931654b7 100644
>> --- a/mm/vmalloc.c
>> +++ b/mm/vmalloc.c
>> @@ -321,10 +321,10 @@ static void __insert_vmap_area(struct vmap_area *va)
>>
>> parent = *p;
>> tmp_va = rb_entry(parent, struct vmap_area, rb_node);
>> - if (va->va_start < tmp_va->va_end)
>> - p = &(*p)->rb_left;
>> - else if (va->va_end > tmp_va->va_start)
>> - p = &(*p)->rb_right;
>> + if (va->va_end <= tmp_va->va_start)
>> + p = &parent->rb_left;
>> + else if (va->va_start >= tmp_va->va_end)
>> + p = &parent->rb_right;
>> else
>> BUG();
>> }
>> --
>> 1.9.1
>
next prev parent reply other threads:[~2016-10-13 6:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-12 14:30 [RFC PATCH 1/1] mm/vmalloc.c: correct logic errors when insert vmap_area zijun_hu
2016-10-12 14:30 ` zijun_hu
2016-10-12 14:46 ` Michal Hocko
2016-10-12 14:46 ` Michal Hocko
2016-10-12 15:06 ` zijun_hu
2016-10-12 15:06 ` zijun_hu
2016-10-13 6:39 ` zijun_hu [this message]
2016-10-13 6:39 ` zijun_hu
2016-10-20 7:20 ` zijun_hu
2016-10-20 7:20 ` zijun_hu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57FF2C3C.5070507@zoho.com \
--to=zijun_hu@zoho.com \
--cc=akpm@linux-foundation.org \
--cc=chris@chris-wilson.co.uk \
--cc=hannes@cmpxchg.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=mhocko@kernel.org \
--cc=mingo@kernel.org \
--cc=npiggin@gmail.com \
--cc=rientjes@google.com \
--cc=sfr@canb.auug.org.au \
--cc=tj@kernel.org \
--cc=vdavydov.dev@gmail.com \
--cc=zijun_hu@htc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.