From: Tejun Heo <htejun@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Kristian Hoegsberg <krh@redhat.com>,
linux-kernel@vger.kernel.org, openib-general@openib.org,
Stefan Roscher <ossrosch@linux.vnet.ibm.com>,
linuxppc-dev@ozlabs.org, raisch@de.ibm.com,
Hoang-Nam Nguyen <hnguyen@linux.vnet.ibm.com>,
jim.houston@ccur.com
Subject: Re: [PATCH] fix idr_get_new_above id alias bugs
Date: Fri, 13 Jul 2007 12:46:53 +0900 [thread overview]
Message-ID: <4696F5AD.1050306@gmail.com> (raw)
In-Reply-To: <20070712143501.2c2cdf1f.akpm@linux-foundation.org>
Hello,
Andrew Morton wrote:
>> Hoang-Nam Nguyen reported a bug in idr_get_new_above()
>> which occurred with a starting id value like 0x3ffffffc.
>> His test module easily reproduced the problem. Thanks.
>>
>> The test revealed the following bugs:
>>
>> 1. Relying on shift operations which have undefined results
>> e.g.: 1 << n where n > word size. On i386 an integer shift
>> only uses the low 5 bits of the shift count.
>>
>> 2. An off by one error which prevented the top most layer
>> of the radix tree from being allocated. This meant that
>> sub_alloc() would allocate an entry in the existing portion
>> of the radix tree which aliased the requested address. When
>> it tried to allocate id 0x40000000, it might use the slot
>> belonging to id 0.
>>
>> 3. There was also a failure in the code which walked back up
>> the tree if an allocation failed. The normal case is to
>> descend the tree checking the starting id value against the
>> bitmap at each level. If the bit is set, we know that the
>> entire sub-tree is full and we can short cut the search.
>> We may still descend to the lowest level and find that the
>> portion of the id space we want is full. In this case we
>> need to walk back up the tree and continue the search.
>> The existing code just returned to the previous level and
>> continued. This resulted in an attempt to allocate an id
>> above 0x3ffffffc using the slot for id 0x3ffffc00 instead of
>> 0x40000000 which it then claimed to have allocated. The same
>> problem occurs with 0x3ff as the requested id value if it
>> is already in use.
The third one sounds like the bug I fixed. With it fixed, I verified
idr works correctly at least in the lower range of allocation by running
it parallelly with simple bitmap allocator but haven't tested higher
range like 0x3ffffffc.
--
tejun
prev parent reply other threads:[~2007-07-13 3:47 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-02 17:19 idr_get_new_above() limitation? Hoang-Nam Nguyen
2007-07-02 22:56 ` Andrew Morton
2007-07-03 0:31 ` Jim Houston
2007-07-04 14:11 ` Hoang-Nam Nguyen
2007-07-10 20:05 ` [PATCH] fix idr_get_new_above id alias bugs Jim Houston
2007-07-11 19:27 ` Hoang-Nam Nguyen
2007-07-12 21:35 ` Andrew Morton
2007-07-12 21:56 ` Chuck Ebbert
2007-07-13 3:46 ` Tejun Heo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4696F5AD.1050306@gmail.com \
--to=htejun@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=hnguyen@linux.vnet.ibm.com \
--cc=jim.houston@ccur.com \
--cc=krh@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=openib-general@openib.org \
--cc=ossrosch@linux.vnet.ibm.com \
--cc=raisch@de.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).