On Wed, Feb 14, 2024 at 05:35:49PM +0100, Pankaj Raghav (Samsung) wrote:
> > > struct xfs_inode *ip;
> > > + int min_order = 0;
> > >
> > > /*
> > > * XXX: If this didn't occur in transactions, we could drop GFP_NOFAIL
> > > @@ -88,7 +89,8 @@ xfs_inode_alloc(
> > > /* VFS doesn't initialise i_mode or i_state! */
> > > VFS_I(ip)->i_mode = 0;
> > > VFS_I(ip)->i_state = 0;
> > > - mapping_set_large_folios(VFS_I(ip)->i_mapping);
> > > + min_order = max(min_order, ilog2(mp->m_sb.sb_blocksize) - PAGE_SHIFT);
> > > + mapping_set_folio_orders(VFS_I(ip)->i_mapping, min_order, MAX_PAGECACHE_ORDER);
> >
> > That's pretty nasty. You're using max() to hide underflow in the
> > subtraction to clamp the value to zero. And you don't need ilog2()
> > because we have the log of the block size in the superblock already.
> >
> > int min_order = 0;
> > .....
> > if (mp->m_sb.sb_blocksize > PAGE_SIZE)
> > min_order = mp->m_sb.sb_blocklog - PAGE_SHIFT;
> how is it underflowing if I am comparing two values of type int?
Folio order is supposed to be unsigned. Negative orders are not
valid values. So you're hacking around an unsigned underflow by
using signed ints, then hiding the fact that unsigned subtraction
would underflow check behind a max(0, underflowing calc) construct
that works only because you're using signed ints rather than
unsigned ints for the order.
It also implicitly relies on the max_order being zero at that point
in time, so if we change the value of max order in future before
this check, this check may not fuction correctly in future.
Please: use unsigned ints for order, and explicitly write the
code so it doesn't ever need negative values that could underflow.
-Dave.
--
Dave Chinner
[email protected]