Re: Serious bug in recent Linux kernels

Linus Torvalds (torvalds@transmeta.com)
Sun, 10 Jan 1999 22:33:02 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chip Salzenberg: "Re: testing/pre-7 and do_poll()"
Previous message: Linus Torvalds: "Re: testing/pre-7 and do_poll()"

On Mon, 11 Jan 1999, Alan Modra wrote:
>
> There is still a problem for values of timeout a little larger than
> ((unsigned long)-1 / HZ). eg. for HZ==100, a timeout of 42949673 gets
> turned into a timeout of 2.
>
> better is something like
>
> if ((unsigned long)timeout > (unsigned long)-999 / HZ)
> timeout = MAX_SCHEDULE_TIMEOUT;
> else if (timeout)
> timeout = (timeout*HZ+999)/1000+1;

Heh. Even this is incorrect, but it's _really_ close to being right.

The problem is that you're doing a signed division with 1000 if I'm not
mistaken, and thus even if "timeout*HZ+999" doesn't overflow in 32 bits,
it's enough that it oevrflows in 31..

Making the 1000 be "1000UL" should fix it. But I'm too lazy to test.

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chip Salzenberg: "Re: testing/pre-7 and do_poll()"
Previous message: Linus Torvalds: "Re: testing/pre-7 and do_poll()"