From: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
To: Tom Zanussi <tzanussi@gmail.com>
Cc: penberg@cs.helsinki.fi, akpm@linux-foundation.org,
compudj@krystal.dyndns.org, linux-kernel@vger.kernel.org,
righi.andrea@gmail.com
Subject: Re: [PATCH 1/3] relay: Fix 4 off-by-one errors occuring when writing to a CPU buffer.
Date: Sat, 14 Jun 2008 17:52:23 +0300 [thread overview]
Message-ID: <20080614175223.4d3c6084@linux360.ro> (raw)
In-Reply-To: <1213418437.8237.51.camel@charm-linux>
On Fri, 13 Jun 2008 23:40:37 -0500
Tom Zanussi <tzanussi@gmail.com> wrote:
> I'm wondering if the all-zeroes at the end of the buffer might be
> another case of the all-zeroes you were seeing due to cross-cpu
> reading you decribed in the other patch. In any case, I'm pretty
> sure this patch isn't doing what you think it is, and don't see how
> it could have fixed the problem (see below). There may still be a
> bug somewhere, but it would be good to be able to reproduce it. Does
> it happen even when running on a single cpu?
Hi,
I noticed this problem after adding those spinlocks. As far as I can
tell, having (offset == subbuf_size + 1) at any given moment allows the
read() handler to see inconsistent offsets:
1. writer sets offset = subbuf_size + 1
2. writer releases spinlock
3. read() acquires spinlock and reads the wrong offset
4. read() releases spinlock
5. next writer corrects the offset at the next write
> This case, offset being 1 larger than the subbuf size, is how we note
> a full sub-buffer, so changing this will break full-subbuffer cases.
No, it won't. Maximum length messages result in the following condition:
start + offset == subbuf_size
This happens because a buffer of length subbuf_size actually ranges
from zero to (subbuf_size - 1) in regard to how it is addressed. Then,
subbuf_size + 1 isn't just outside the bounds, but one more byte off.
"Visual" example:
subbuf_size = 4
|[ ][ ][ ][ ]|[ ]
0 1 2 3 subbuf_size
So, a full subbufer means offset equals subbuf_size, that is, the next
empty slot is just outside the subbuffer.
Eduard
next prev parent reply other threads:[~2008-06-14 14:53 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-13 1:09 [PATCH 1/3] relay: Fix 4 off-by-one errors occuring when writing to a CPU buffer Eduard - Gabriel Munteanu
2008-06-14 4:40 ` Tom Zanussi
2008-06-14 14:52 ` Eduard - Gabriel Munteanu [this message]
2008-06-16 5:22 ` Tom Zanussi
2008-06-21 2:06 ` Eduard - Gabriel Munteanu
2008-07-24 5:09 ` Tom Zanussi
2008-07-30 17:48 ` Eduard - Gabriel Munteanu
2008-08-13 6:16 ` Tom Zanussi
2008-08-14 16:35 ` Eduard - Gabriel Munteanu
2008-08-15 4:31 ` Tom Zanussi
-- strict thread matches above, loose matches on Subject: below --
2008-06-12 20:26 Eduard - Gabriel Munteanu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080614175223.4d3c6084@linux360.ro \
--to=eduard.munteanu@linux360.ro \
--cc=akpm@linux-foundation.org \
--cc=compudj@krystal.dyndns.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penberg@cs.helsinki.fi \
--cc=righi.andrea@gmail.com \
--cc=tzanussi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox