From: Matthew Wilcox <matthew@wil.cx>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Justin Chen <jchen@hpdst41.cup.hp.com>,
linux-arch@vger.kernel.org, bjorn.helgaas@hp.com,
justin.chen@hp.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 00/15] bitops: Change bitmap index from int to unsigned long
Date: Wed, 25 Feb 2009 08:53:47 -0700 [thread overview]
Message-ID: <20090225155347.GR16891@parisc-linux.org> (raw)
In-Reply-To: <1235576760.4645.3535.camel@laptop>
On Wed, Feb 25, 2009 at 04:46:00PM +0100, Peter Zijlstra wrote:
> > Adding one more bit only doubles the maximum size. That buys us, what,
> > another eighteen months until we have to change it again? Unsigned long
> > seems most sensible to me. Unsigned long long probably isn't worth
> > doing -- you'd have to be using one eighth of your address space on a
> > single bitmap.
>
> Are you serious? Bitmaps of length 4G-bit (512M-byte) are way past the
> sanely allocatable size anyway.
Runtime allocatable, yes. This particular instance was during boot.
Justin wrote:
> If the caller passes a large unsigned integer and we interpret it as
> being negative, we compute an address outside the bitmap. This can
> cause memory corruption or other errors.
> The issue that triggered me to do this change is the routine
> mark_bootmem_node() while we ran on an ia64 box with large memory.
> As long as the EFI maps the available memory chunk at the physical
> address 0x200000000000 (or above), the routine mark_bootmem_node() will
> get the start PFN>=0x80000000. While it calls the __free() with this
> sidx=0x80000000 (bit31 set), the bitops (test_and_clear_bit) will treat
> this idx as a negative number since it accepts it as an "int". It turns
> out the memory outside the bitmap will be corrupted.
If we've got problems with overflowing 'int' on memory size, we'll be
overflowing 'unsigned int' in eighteen months. 0x200000000000 is large,
but we can easily add on an extra four nybbles.
I don't see the downside to using unsigned long instead of unsigned int.
--
Matthew Wilcox Intel Open Source Technology Centre
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours. We can't possibly take such
a retrograde step."
next prev parent reply other threads:[~2009-02-25 15:53 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-25 4:41 [PATCH 00/15] bitops: Change bitmap index from int to unsigned long Justin Chen
2009-02-25 6:54 ` Peter Zijlstra
2009-02-25 15:37 ` Matthew Wilcox
2009-02-25 15:46 ` Peter Zijlstra
2009-02-25 15:46 ` Peter Zijlstra
2009-02-25 15:53 ` Matthew Wilcox [this message]
2009-02-25 16:03 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090225155347.GR16891@parisc-linux.org \
--to=matthew@wil.cx \
--cc=bjorn.helgaas@hp.com \
--cc=jchen@hpdst41.cup.hp.com \
--cc=justin.chen@hp.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox