Re: [PATCH RFC 5/5] kdbus: improve tests on incrementing quota

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sergei Zviagintsev <sergei@s15v.net>
To: David Herrmann <dh.herrmann@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Daniel Mack <daniel@zonque.org>,
	David Herrmann <dh.herrmann@googlemail.com>,
	Djalal Harouni <tixxdz@opendz.org>,
	linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH RFC 5/5] kdbus: improve tests on incrementing quota
Date: Sat, 4 Jul 2015 16:32:37 +0300	[thread overview]
Message-ID: <20150704133237.GB17917@localhost.localdomain> (raw)
In-Reply-To: <CANq1E4Qi6b43VAjK1iX2mJ_TkZ6GMZzQ+88bFD=AMoCTgC18yw@mail.gmail.com>

Hi,

On Sat, Jul 04, 2015 at 01:42:31PM +0200, David Herrmann wrote:
> Hi
> 
> On Thu, Jul 2, 2015 at 3:45 PM, Sergei Zviagintsev <sergei@s15v.net> wrote:
> > Hi David,
> >
> > Thank you for reviewing and providing comments on these all! I answered below.
> >
> > On Thu, Jul 02, 2015 at 10:50:47AM +0200, David Herrmann wrote:
> >> Hi
> >>
> >> On Sun, Jun 28, 2015 at 3:17 PM, Sergei Zviagintsev <sergei@s15v.net> wrote:
> >> >  1) Rewrite
> >> >
> >> >         quota->memory + memory > U32_MAX
> >> >
> >> >     as
> >> >         U32_MAX - quota->memory < memory
> >> >
> >> >     and provide the comment on why we need that check.
> >> >
> >> >     We have no overflow issue in the original expression when size_t is
> >> >     32-bit because the previous one (available - quota->memory < memory)
> >> >     guarantees that quota->memory + memory doesn't exceed `available'
> >> >     which is <= U32_MAX in that case.
> >> >
> >> >     But lets stay explicit rather than implicit, it would save us from
> >> >     describing HOW the code works.
> >> >
> >> >  2) Add WARN_ON when quota->msgs > KDBUS_CONN_MAX_MSGS
> >> >
> >> >     This is somewhat inconsistent, so we need to properly report it.
> >>
> >> I don't see the purpose of this WARN_ON(). Sure, ">" should never
> >> happen, but that doesn't mean we have to add a WARN_ON. I'd just keep
> >> the code as it is.
> >
> > I agree on WARN_ON. The intention of this change was to provide
> > consistency. Current code checks for 'quota->msgs > KDBUS_CONN_MAX_MSGS'
> > having '>=' test. If this ever happens, it means that we have a bug, but
> > silently ignore it.
> >
> > If we agree that '>' case should never happen, isn't it better to
> > place '==' instead of '>=' in the original test?
> 
> I don't see why. This code does not care whether quota->msgs is bigger
> than MAX_MSGS. Sure, it does not happen in current code, but this
> code-path really doesn't care whether that case can happen or not. All
> it does, it verify that it is smaller. Hence, we use ">=".
> 
> Furthermore, I usually prefer being rather safe than sorry. WARN_ON()s
> are usually not free, but ">=" is for free, if we already have a
> condition.

ok, thank you for explanation!

next prev parent reply	other threads:[~2015-07-05  8:27 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-28 13:17 [PATCH RFC 0/5] kdbus: minor quota code improvements Sergei Zviagintsev
2015-06-28 13:17 ` [PATCH RFC 1/5] kdbus: fix typos in kdbus_conn_quota_inc() Sergei Zviagintsev
2015-07-02  8:31   ` David Herrmann
2015-07-02  9:51     ` Sergei Zviagintsev
2015-07-02 10:26       ` David Herrmann
2015-06-28 13:17 ` [PATCH RFC 2/5] kdbus: use standard kernel types in struct kdbus_quota Sergei Zviagintsev
2015-07-02  8:32   ` David Herrmann
2015-06-28 13:17 ` [PATCH RFC 3/5] kdbus: do explicit overflow check in kdbus_conn_quota_inc() Sergei Zviagintsev
2015-07-02  8:35   ` David Herrmann
2015-07-02 14:06     ` Sergei Zviagintsev
2015-06-28 13:17 ` [PATCH RFC 4/5] kdbus: handle WARN_ON cases properly when decrementing quota Sergei Zviagintsev
2015-07-02  8:37   ` David Herrmann
2015-07-02 10:27     ` Sergei Zviagintsev
2015-06-28 13:17 ` [PATCH RFC 5/5] kdbus: improve tests on incrementing quota Sergei Zviagintsev
2015-07-02  8:50   ` David Herrmann
2015-07-02 13:45     ` Sergei Zviagintsev
2015-07-02 14:13       ` Djalal Harouni
2015-07-02 17:47         ` Sergei Zviagintsev
2015-07-04 11:48           ` David Herrmann
2015-07-04 11:42       ` David Herrmann
2015-07-04 13:32         ` Sergei Zviagintsev [this message]
2015-07-06 18:48 ` [PATCH RFC 0/5] kdbus: minor quota code improvements David Herrmann
2015-07-07 16:29   ` Sergei Zviagintsev
2015-07-07 22:21     ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150704133237.GB17917@localhost.localdomain \
    --to=sergei@s15v.net \
    --cc=daniel@zonque.org \
    --cc=dh.herrmann@gmail.com \
    --cc=dh.herrmann@googlemail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tixxdz@opendz.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox