Re: [PATCH] remove name length check in a workqueue

[Simon Derr]

On Wed, 10 Aug 2005, Andrew Morton wrote:

> > What I posted originally; the current SCSI format for a workqueue:
> > scsi_wq_%d hits the bug after the host number rises to 100, which has
> > been seen by some enterprise person with > 100 HBAs.
> > 
> > The reason for this name is that the error handler thread is called
> > scsi_eh_%d; so we could rename all our threads to avoid this, but one
> > day someone will come along with a huge enough machine to hit whatever
> > limit we squeeze it down to.
> 
> OK, well scsi is using single-threaded workqueues anyway.  So we could do:
> 
> 	if (singlethread)
> 		BUG_ON(strlen(name) > sizeof(task_struct.comm) - 1);
> 	else
> 		BUG_ON(strlen(name) > sizeof(task_struct.comm) - 1 - 4);
> 
> which gets you 10,000,000 HBAs.   Enough?

I suppose so, but the problem is slightly worse:

One does not need 100 HBAs to trigger the BUG_ON: 

It is sufficient to have a few HBAs and to insmod/rmmod the driver a few 
times.

Since the host_no is choosen with a mere counter increment 
in scsi_host_alloc():

      shost->host_no = scsi_host_next_hn++; /* XXX(hch): still racy */

Unused `host_no's are not reused and the 100 limit is reached even on 
smaller systems.

I have no idea of why someone would do repeated insmod/rmmods, though.
(But someone did).

	Simon.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/