Date: Mon, 1 Jun 2015 11:37:21 -0700
From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Alexander Gordeev <agordeev@redhat.com>
Cc: linux-kernel@vger.kernel.org, Steven Rostedt <rostedt@goodmis.org>
Subject: Re: [PATCH v2 1/9] rcu: Panic if RCU tree can not accommodate all
 CPUs
Message-ID: <20150601183720.GY5989@linux.vnet.ibm.com>
Reply-To: paulmck@linux.vnet.ibm.com
References: <cover.1432889921.git.agordeev@redhat.com>
 <1e5e5cf188c90193dc176caa5b6270606ae7af5b.1432889921.git.agordeev@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1e5e5cf188c90193dc176caa5b6270606ae7af5b.1432889921.git.agordeev@redhat.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 2724
Lines: 66

On Fri, May 29, 2015 at 11:53:37AM +0200, Alexander Gordeev wrote:
> Currently a condition when RCU tree is unable to accommodate
> the configured number of CPUs is not permitted and causes
> a fall back to compile-time values. However, the code has no
> means to exceed the RCU tree capacity neither at compile-time
> nor in run-time. Therefore, if the condition is met in run-
> time then it indicates a serios problem elsewhere and should
> be handled with a panic.
> 
> Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Signed-off-by: Alexander Gordeev <agordeev@redhat.com>
> ---
>  kernel/rcu/tree.c | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
> 
> diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
> index 2fce662..66a4230 100644
> --- a/kernel/rcu/tree.c
> +++ b/kernel/rcu/tree.c
> @@ -4117,16 +4117,19 @@ static void __init rcu_init_geometry(void)
>  		rcu_capacity[i] = rcu_capacity[i - 1] * RCU_FANOUT;
> 
>  	/*
> +	 * The tree must be able to accommodate the configured number of CPUs.
> +	 * If this limit is exceeded than we have a serious problem elsewhere.
> +	 *
>  	 * The boot-time rcu_fanout_leaf parameter is only permitted
>  	 * to increase the leaf-level fanout, not decrease it.  Of course,
>  	 * the leaf-level fanout cannot exceed the number of bits in
> -	 * the rcu_node masks.  Finally, the tree must be able to accommodate
> -	 * the configured number of CPUs.  Complain and fall back to the
> -	 * compile-time values if these limits are exceeded.
> +	 * the rcu_node masks.  Complain and fall back to the compile-
> +	 * time values if these limits are exceeded.
>  	 */
> -	if (rcu_fanout_leaf < RCU_FANOUT_LEAF ||
> -	    rcu_fanout_leaf > sizeof(unsigned long) * 8 ||
> -	    n > rcu_capacity[MAX_RCU_LVLS]) {
> +	if (n > rcu_capacity[MAX_RCU_LVLS])
> +		panic("rcu_init_geometry: rcu_capacity[] is too small");

The way this is set up, if the boot parameter (illegally) sets
rcu_fanout_lead smaller than RCU_FANOUT_LEAF, we might panic.  It would
be far better to first check for rcu_fanout_leaf being out of bounds,
and only then have the possibility of panic().  That way, a typo in
the rcu_fanout_leaf boot paremeter is ignored, but with a splat.

Or am I missing something here?

							Thanx, Paul

> +	else if (rcu_fanout_leaf < RCU_FANOUT_LEAF ||
> +		 rcu_fanout_leaf > sizeof(unsigned long) * 8) {
>  		WARN_ON(1);
>  		return;
>  	}
> -- 
> 1.8.3.1
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/