Re: [PATCH][RFC] Handle improbable possibility ofio_context->refcount overflow

From: Andrew Morton
Date: Wed Apr 29 2009 - 11:18:00 EST

Next message: Michal Simek: "Re: [PATCH 20/30] microblaze_mmu_v1: uaccess MMU update"
Previous message: Andrew Morton: "Re: [PATCH 5/5] ring-buffer: fix printk output"
In reply to: Nikanth Karthikesan: "Re: [PATCH][RFC] Handle improbable possibility of io_context->refcount overflow"
Next in thread: Nikanth Karthikesan: "Re: [PATCH][RFC] Handle improbable possibility of io_context->refcount overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 29 Apr 2009 15:33:06 +0530 Nikanth Karthikesan <knikanth@xxxxxxxxxx> wrote:

> On Wednesday 29 April 2009 13:29:30 Andrew Morton wrote:
> > On Wed, 29 Apr 2009 12:21:39 +0530 Nikanth Karthikesan <knikanth@xxxxxxxxxx> wrote:
> > > Hi Jens
> > >
> > > Currently io_context has an atomic_t(int) as refcount. In case of cfq,
> > > for each device a task does I/O, a reference to the io_context would be
> > > taken. And when there are multiple process sharing io_contexts(CLONE_IO)
> > > would also have a reference to the same io_context. Theoretically the
> > > possible maximum number of processes sharing the same io_context + the
> > > number of disks/cfq_data referring to the same io_context can overflow
> > > the 32-bit counter on a very high-end machine. Even though it is an
> > > improbable case, let us make it difficult by changing the refcount to
> > > atomic64_t(long).
> >
> > Sorry, atomic64_t isn't implemented on 32 bit architectures.
> >
> > Perhaps it should be, but I expect it'd be pretty slow.
>
> Oh! Sorry, I didn't notice the #ifdef earlier. I guess thats why there is only
> a single in-tree user for atomic64_t!

Yes, it's a bit irritating.

> In this case, could we make it atomic64_t only on 64-bit architectures and
> keep it as atomic_t on 32-bit machines?

Sure.

> Something like the attached patch.

Check out atomic_long_t ;)

> I wonder whether we should also add BUG_ON's whenever the refcount is about to
> wrap? Or try to handle it gracefully. Another approach would be to impose an
> artificial limit on the no of tasks that could share an io_context. Or resort
> to lock protection. The problem is not very serious/common.
>

For a long time there was a debug patch in -mm which would warn if
atomic_dec() ever took any atomic_t from zero to -1. I don't think it
ever triggered false positives and it did find a couple of bugs.

I forget what happened to the patch - probably it died when the atomic
code got altered.

It could well be that a similar kernel-wide check for atomic_inc()
overflows would be similarly useful.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michal Simek: "Re: [PATCH 20/30] microblaze_mmu_v1: uaccess MMU update"
Previous message: Andrew Morton: "Re: [PATCH 5/5] ring-buffer: fix printk output"
In reply to: Nikanth Karthikesan: "Re: [PATCH][RFC] Handle improbable possibility of io_context->refcount overflow"
Next in thread: Nikanth Karthikesan: "Re: [PATCH][RFC] Handle improbable possibility of io_context->refcount overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]