From: Willy Tarreau <willy@w.ods.org>
To: Nish Aravamudan <nish.aravamudan@gmail.com>
Cc: Willy Tarreau <willy@w.ods.org>,
Davide Libenzi <davidel@xmailserver.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>
Subject: Re: [patch] sys_epoll_wait() timeout saga ...
Date: Sat, 24 Sep 2005 08:15:00 +0200 [thread overview]
Message-ID: <20050924061500.GA24628@alpha.home.local> (raw)
In-Reply-To: <29495f1d05092321447417503@mail.gmail.com>
On Fri, Sep 23, 2005 at 09:44:10PM -0700, Nish Aravamudan wrote:
> > > * that why (t * HZ) / 1000.
> > > */
> > > - jtimeout = timeout == -1 || timeout > (MAX_SCHEDULE_TIMEOUT - 1000) / HZ ?
> > > + jtimeout = timeout < 0 || (timeout / 1000) >= (MAX_SCHEDULE_TIMEOUT / HZ) ?
> > > MAX_SCHEDULE_TIMEOUT: (timeout * HZ + 999) / 1000;
> >
> > Here, I'm not certain that gcc will optimize the divide. It would be better
> > anyway to write this which is equivalent, and a pure integer comparison :
> >
> > + jtimeout = timeout < 0 || timeout >= 1000 * MAX_SCHEDULE_TIMEOUT / HZ ?
> > > MAX_SCHEDULE_TIMEOUT: (timeout * HZ + 999) / 1000;
>
> Just a question here, maybe it's dumb.
Your question is not dumb, this code is not trivial at all !
> * and / have the same priority in the order of operations, yes? If so,
> won't the the 1000 * MAX_SCHEDULE_TIMEOUT overflow
> (MAX_SCHEDULE_TIMEOUT is LONG_MAX)?
Yes it can, and that's why I said that gcc should send a warning when
comparing an int with something too large for an int. But I should have
forced the constant to be evaluated as long long. At the moment, the
constant cannot overflow, but it can reach a value so high that
timeout/1000 will never reach it. Example :
MAX_SCHEDULE_TIMEOUT=LONG_MAX
HZ=250
timeout=LONG_MAX-1
=> timeout/1000 < MAX_SCHEDULE_TIMEOUT/HZ
but (timeout * HZ + 999) / 1000 will still overflow !
So I finally think that the safest test would be to avoid the timeout
range which can overflow in the computation, using something like this
(but which will limit the timeout to 49 days on HZ=1000 machines) :
+ jtimeout = timeout < 0 || \
+ timeout >= (1000ULL * MAX_SCHEDULE_TIMEOUT / HZ) || \
+ timeout >= (LONG_MAX / HZ - 1000) ?
MAX_SCHEDULE_TIMEOUT: (timeout * HZ + 999) / 1000;
as both are constants, they can be optimized. Otherwise, we can resort to
using a MAX() macro to reduce this to only one test which will catch all
corner cases.
> I really think this code just move
> to the same thing that sys_poll() does to avoid overlflow (I fixed the
> bug Alexey was experiencing, so I think the changes are safe now).
I'm not totally certain that all overflows are avoided, see above. If
you play with timeout values close to LONG_MAX / HZ, you're still not
caught by the test and can overflow in the multiply.
> In any case, this code is approaching unreadable with lots of jiffies
> <--> human-time units manipulations done in non-standard ways, which
> the updated sys_poll() also tries to avoid.
I've not checked sys_poll(), but I agree with you that it's rather
difficult to imagine all corner cases this way.
Regards,
Willy
next prev parent reply other threads:[~2005-09-24 6:18 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-23 18:13 [patch] sys_epoll_wait() timeout saga Davide Libenzi
2005-09-23 18:24 ` Nish Aravamudan
2005-09-24 4:05 ` Willy Tarreau
2005-09-24 4:44 ` Nish Aravamudan
2005-09-24 6:15 ` Willy Tarreau [this message]
2005-09-24 7:33 ` Vadim Lobanov
2005-09-24 7:51 ` Willy Tarreau
2005-09-24 15:10 ` Davide Libenzi
2005-09-24 17:20 ` Willy Tarreau
2005-09-24 18:19 ` Davide Libenzi
2005-09-25 6:05 ` Andrew Morton
2005-09-25 6:20 ` Willy Tarreau
2005-09-25 6:32 ` Andrew Morton
2005-09-25 7:08 ` Vadim Lobanov
2005-09-25 8:03 ` Willy Tarreau
2005-09-24 17:19 ` Nishanth Aravamudan
2005-09-24 18:25 ` Davide Libenzi
2005-09-24 19:38 ` [PATCH 0/3] fixes for overflow in poll(), epoll(), and msec_to_jiffies() Willy Tarreau
2005-09-24 19:44 ` [PATCH 1/3] 2.6.14-rc2-mm1: fixes for overflow msec_to_jiffies() Willy Tarreau
2005-09-29 9:43 ` Andrew Morton
2005-09-29 19:41 ` Willy Tarreau
2005-09-29 19:52 ` Andrew Morton
2005-09-29 20:55 ` Willy Tarreau
2005-10-01 17:39 ` Willy Tarreau
2005-09-24 19:47 ` [PATCH 2/3] 2.6.14-rc2-mm1: fixes for overflow in epoll() Willy Tarreau
2005-09-24 19:52 ` [PATCH 3/3] 2.6.14-rc2-mm1 : fixes for overflow in sys_poll() Willy Tarreau
2005-10-01 20:39 ` Willy Tarreau
2005-09-24 20:08 ` [PATCH 0/3] fixes for overflow in poll(), epoll(), and msec_to_jiffies() Davide Libenzi
2005-09-24 20:21 ` Willy TARREAU
2005-09-25 20:55 ` Nishanth Aravamudan
2005-09-25 22:06 ` Willy Tarreau
2005-09-24 21:25 ` [patch] sys_epoll_wait() timeout saga Vadim Lobanov
2005-09-24 18:30 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050924061500.GA24628@alpha.home.local \
--to=willy@w.ods.org \
--cc=akpm@osdl.org \
--cc=davidel@xmailserver.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nish.aravamudan@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox