Re: [PATCH] kfifo: overflow of unsigned integer
From: Andrew Morton
Date: Thu Feb 08 2007 - 04:39:11 EST
On Thu, 8 Feb 2007 17:07:28 +0800 "Cong WANG" <xiyou.wangcong@xxxxxxxxx> wrote:
> Kfifo is a ring-buffer in kernel which can be used as a lock-free way
> for concurrent read/write when there are only one producer and one
> consumer. Details of its design can be found in kernel/kfifo.c and
> include/linux/kfifo.h.
>
> You will find that the 'in' and 'out' fields of 'struct kfifo' are
> both represented as 'unsigned int' and in most cases 'in' is larger
> than 'out' and their difference will NOT be over 'size'.
>
> Now the problem is that 'in' will be *smaller* than 'out' when 'in'
> overflows and 'out' doesn't (Yes, this may occur quietly.). This is
> NOT what we expect, though it may not cause any serious problems if we
> carefully use kfifo*() functions. And this is really a bug.
You seem to be saying that it's not a bug, but it's a bug.
Exactly what goes wrong?
> This bug
> affects the kernel since version 2.6.10. I have tested this patch on
> x86 machines.
>
> Signed-off-by: WANG Cong <xiyou.wangcong@xxxxxxxxx>
>
> ---
>
> --- kernel/kfifo.c.orig 2007-02-07 19:42:51.000000000 +0800
> +++ kernel/kfifo.c 2007-02-07 19:43:31.000000000 +0800
> @@ -24,6 +24,7 @@
> #include <linux/slab.h>
> #include <linux/err.h>
> #include <linux/kfifo.h>
> +#include <linux/compiler.h>
>
> /**
> * kfifo_init - allocates a new FIFO using a preallocated buffer
> @@ -120,6 +121,12 @@ unsigned int __kfifo_put(struct kfifo *f
> {
> unsigned int l;
>
> + /*If only fifo->in overflows, let both overflow!*/
> + if (unlikely(fifo->in < fifo->out)) {
> + fifo->out += fifo->size;
> + fifo->in += fifo->size;
> + }
> +
hm. That would indicate that there's a problem elsewhere in the logic.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/