Re: [PATCH][RFC] Handle improbable possibility of io_context->refcount overflow

From: Nikanth Karthikesan
Date: Thu Apr 30 2009 - 03:30:53 EST

Next message: Nikanth Karthikesan: "[PATCH v2] Handle improbable possibility of io_context->refcount overflow"
Previous message: Ingo Molnar: "Re: [PATCH] x86/irq: using move_irq_desc"
In reply to: Andrew Morton: "Re: [PATCH][RFC] Handle improbable possibility ofio_context->refcount overflow"
Next in thread: Nikanth Karthikesan: "[PATCH v2] Handle improbable possibility of io_context->refcount overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 29 April 2009 20:45:58 Andrew Morton wrote:
> On Wed, 29 Apr 2009 15:33:06 +0530 Nikanth Karthikesan <knikanth@xxxxxxxxxx>
wrote:
> > On Wednesday 29 April 2009 13:29:30 Andrew Morton wrote:
> > > On Wed, 29 Apr 2009 12:21:39 +0530 Nikanth Karthikesan
<knikanth@xxxxxxxxxx> wrote:
> > > > Hi Jens
> > > >
> > > > Currently io_context has an atomic_t(int) as refcount. In case of
> > > > cfq, for each device a task does I/O, a reference to the io_context
> > > > would be taken. And when there are multiple process sharing
> > > > io_contexts(CLONE_IO) would also have a reference to the same
> > > > io_context. Theoretically the possible maximum number of processes
> > > > sharing the same io_context + the number of disks/cfq_data referring
> > > > to the same io_context can overflow the 32-bit counter on a very
> > > > high-end machine. Even though it is an improbable case, let us make
> > > > it difficult by changing the refcount to atomic64_t(long).
> > >
> > > Sorry, atomic64_t isn't implemented on 32 bit architectures.
> > >
> > > Perhaps it should be, but I expect it'd be pretty slow.
> >
> > Oh! Sorry, I didn't notice the #ifdef earlier. I guess thats why there is
> > only a single in-tree user for atomic64_t!
>
> Yes, it's a bit irritating.
>
> > In this case, could we make it atomic64_t only on 64-bit architectures
> > and keep it as atomic_t on 32-bit machines?
>
> Sure.
>
> > Something like the attached patch.
>
> Check out atomic_long_t ;)
>

Oh, thanks! I was about to re-invent it. :) Sending a patch using that in a
seperate mail.

> > I wonder whether we should also add BUG_ON's whenever the refcount is
> > about to wrap? Or try to handle it gracefully. Another approach would be
> > to impose an artificial limit on the no of tasks that could share an
> > io_context. Or resort to lock protection. The problem is not very
> > serious/common.
>
> For a long time there was a debug patch in -mm which would warn if
> atomic_dec() ever took any atomic_t from zero to -1. I don't think it
> ever triggered false positives and it did find a couple of bugs.
>
> I forget what happened to the patch - probably it died when the atomic
> code got altered.
>
> It could well be that a similar kernel-wide check for atomic_inc()
> overflows would be similarly useful.

Sending a patch for this as well as a seperate mail.

Thanks
Nikanth
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nikanth Karthikesan: "[PATCH v2] Handle improbable possibility of io_context->refcount overflow"
Previous message: Ingo Molnar: "Re: [PATCH] x86/irq: using move_irq_desc"
In reply to: Andrew Morton: "Re: [PATCH][RFC] Handle improbable possibility ofio_context->refcount overflow"
Next in thread: Nikanth Karthikesan: "[PATCH v2] Handle improbable possibility of io_context->refcount overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]