Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755966AbYH1W7f (ORCPT ); Thu, 28 Aug 2008 18:59:35 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753149AbYH1W70 (ORCPT ); Thu, 28 Aug 2008 18:59:26 -0400 Received: from quackingmoose.com ([63.73.180.143]:36254 "EHLO penguin.merfinllc.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752959AbYH1W7Z (ORCPT ); Thu, 28 Aug 2008 18:59:25 -0400 Date: Thu, 28 Aug 2008 15:59:24 -0700 From: Aaron Straus To: mpm@selenic.com Cc: LKML Subject: Re: drivers/char/random.c line 728 BUG Message-ID: <20080828225924.GD6432@merfinllc.com> References: <20080826225918.GC5452@merfinllc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080826225918.GC5452@merfinllc.com> User-Agent: Mutt/1.5.11 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1840 Lines: 73 Hi, On Aug 26 03:59 PM, Aaron Straus wrote: > kernel BUG at drivers/char/random.c:728! OK so that's (outside spinlock): BUG_ON(r->entropy_count > r->poolinfo->POOLBITS); in credit_entropy_bits we do (inside spinlock): r->entropy_count += nbits; if (r->entropy_count < 0) { DEBUG_ENT("negative entropy/overflow\n"); r->entropy_count = 0; } else if (r->entropy_count > r->poolinfo->POOLBITS) r->entropy_count = r->poolinfo->POOLBITS; I wonder if we got unlucky and did the: r->entropy_count += nbits - overflowed the entropy_count THEN - another thread hits the BUG before this thread reaches r->entropy_count = r->poolinfo->POOLBITS; -- I notice before this commit: commit adc782dae6c4c0f6fb679a48a544cfbcd79ae3dc Author: Matt Mackall Date: Tue Apr 29 01:03:07 2008 -0700 random: simplify and rename credit_entropy_store The credit_entropy_store function looks like this: spin_lock_irqsave(&r->lock, flags); if (r->entropy_count + nbits < 0) { DEBUG_ENT("negative entropy/overflow (%d+%d)\n", r->entropy_count, nbits); r->entropy_count = 0; } else if (r->entropy_count + nbits > r->poolinfo->POOLBITS) { r->entropy_count = r->poolinfo->POOLBITS; } else { r->entropy_count += nbits; if (nbits) DEBUG_ENT("added %d entropy credits to %s\n", nbits, r->name); } Notice the old version is careful not to overflow r->entropy_count at any point (even within the spinlock). So perhaps that's why we didn't hit this BUG() in the past? Thanks! =a= -- =================== Aaron Straus aaron@merfinllc.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/