Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965899Ab0BZTnM (ORCPT ); Fri, 26 Feb 2010 14:43:12 -0500 Received: from mail-pz0-f172.google.com ([209.85.222.172]:56239 "EHLO mail-pz0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965843Ab0BZTnL convert rfc822-to-8bit (ORCPT ); Fri, 26 Feb 2010 14:43:11 -0500 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=PzApdVjqVEsbqsgtAEcWHNjErEpPSob5r+hgcpA6x6NhPSVL8ftxUCNnzkFt1go657 7eI84WCH64/FVunOMgqDoJ9Ct3V5rrTijpvwrRQz4FqBtY/x/AuwZ2L612UJGkLwDE3t En73bAEpxcu0thfP62+RGRhQVLaHXlslubDHM= MIME-Version: 1.0 In-Reply-To: <1267211701.3124.204.camel@iscandar.digidescorp.com> References: <1267139849.3079.68.camel@iscandar.digidescorp.com> <20100226102745.GC8417@bicker> <1267211701.3124.204.camel@iscandar.digidescorp.com> Date: Fri, 26 Feb 2010 12:43:10 -0700 X-Google-Sender-Auth: 431a3464b1bf37b5 Message-ID: Subject: Re: Buggy variable-length array code...or compiler? From: Dan Williams To: steve@digidescorp.com Cc: Dan Carpenter , David Rientjes , linux-kernel@vger.kernel.org, microblaze-uclinux@itee.uq.edu.au, Dave Hansen Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2034 Lines: 53 On Fri, Feb 26, 2010 at 12:15 PM, Steven J. Magnani wrote: > On Thu, 25 Feb 2010, Steven J. Magnani wrote: >> > >> > > When I run a memcpy dmatest with a Microblaze 2.6.33 noMMU kernel, the >> > > system crashes after about 400 iterations. After much head scratching, I >> > > believe I've narrowed the problem to this fragment of code in >> > > drivers/dma/dmatest.c: >> > > >> > > static int dmatest_func(void *data) >> > > { >> > > ... >> > > ? ? int ? ? ? ? ? ? ? ? ? ? src_cnt; >> > > ? ? int ? ? ? ? ? ? ? ? ? ? dst_cnt; >> > > ... >> > > ? ? if (thread->type == DMA_MEMCPY) >> > > ? ? ? ? ? ? src_cnt = dst_cnt = 1; >> > > ... >> > > ? ? while (!kthread_should_stop() >> > > ? ? ? ? ? ?&& !(iterations && total_tests >= iterations)) { >> > > ... >> > > ? ? ? ? ? ? dma_addr_t dma_srcs[src_cnt]; >> > > ? ? ? ? ? ? dma_addr_t dma_dsts[dst_cnt]; >> > > ... > > On Thu, Feb 25, 2010 at 03:46:48PM -0800, David Rientjes wrote: >> > This could probably become the first kernel user of the flexible array >> > library (see Documentation/flexible-arrays.txt). ?Dan? >> > -- > > On Fri, 2010-02-26 at 13:27 +0300, Dan Carpenter wrote: >> I think the max that src_cnt can be is 3 and the most dst_cnt can be is 2. >> We could just put that there. > > src_cnt is dependent on module parameters. > > The bug goes away if dma_srcs and dma_dsts are declared outside the > loop, but that requires knocking the loop in another tabstop. At that > point dmatest_func() would be begging for refactoring. > ...and even if you refactored it there is no guarantee that gcc would not re-inline the functions and put you back in the same situation. Especially given the finding that J.A.'s simple test, where the size of the array should have been constant, still failed. -- Dan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/