Re: [PATCH v4 1/2] rbd: convert timeouts to secs_to_jiffies()
From: Easwar Hariharan
Date: Mon Mar 03 2025 - 13:13:50 EST
On 3/2/2025 9:05 AM, Alex Elder wrote:
> On 2/28/25 10:22 PM, Easwar Hariharan wrote:
>> Commit b35108a51cf7 ("jiffies: Define secs_to_jiffies()") introduced
>> secs_to_jiffies(). As the value here is a multiple of 1000, use
>> secs_to_jiffies() instead of msecs_to_jiffies() to avoid the multiplication
>>
>> This is converted using scripts/coccinelle/misc/secs_to_jiffies.cocci with
>> the following Coccinelle rules:
>>
>> @depends on patch@ expression E; @@
>>
>> -msecs_to_jiffies(E * 1000)
>> +secs_to_jiffies(E)
>>
>> @depends on patch@ expression E; @@
>>
>> -msecs_to_jiffies(E * MSEC_PER_SEC)
>> +secs_to_jiffies(E)
>>
>> Change the check for range to check against HZ.
>>
>> Acked-by: Ilya Dryomov <idryomov@xxxxxxxxx>
>> Signed-off-by: Easwar Hariharan <eahariha@xxxxxxxxxxxxxxxxxxx>
>
> I think what you've done in the last hunk below should not be
> done that way. I also suggest something to the (related, but
> not part of this series) secs_to_jiffies() implementation.
>
>> ---
>> drivers/block/rbd.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
>> index faafd7ff43d6ef53110ab3663cc7ac322214cc8c..1c406b17f3cee741b7bdd9f742958b3f1d5b1bbe 100644
>> --- a/drivers/block/rbd.c
>> +++ b/drivers/block/rbd.c
>> @@ -108,7 +108,7 @@ static int atomic_dec_return_safe(atomic_t *v)
>> #define RBD_OBJ_PREFIX_LEN_MAX 64
>> #define RBD_NOTIFY_TIMEOUT 5 /* seconds */
>> -#define RBD_RETRY_DELAY msecs_to_jiffies(1000)
>> +#define RBD_RETRY_DELAY secs_to_jiffies(1)
>> /* Feature bits */
>> @@ -4162,7 +4162,7 @@ static void rbd_acquire_lock(struct work_struct *work)
>> dout("%s rbd_dev %p requeuing lock_dwork\n", __func__,
>> rbd_dev);
>> mod_delayed_work(rbd_dev->task_wq, &rbd_dev->lock_dwork,
>> - msecs_to_jiffies(2 * RBD_NOTIFY_TIMEOUT * MSEC_PER_SEC));
>> + secs_to_jiffies(2 * RBD_NOTIFY_TIMEOUT));
>> }
>> }
>> @@ -6283,9 +6283,9 @@ static int rbd_parse_param(struct fs_parameter *param,
>> break;
>> case Opt_lock_timeout:
>> /* 0 is "wait forever" (i.e. infinite timeout) */
>> - if (result.uint_32 > INT_MAX / 1000)
>
> Previously, the above line was verifying that the multiplication
> done below would not overflow. It was unrelated to whatever
> msecs_to_jiffies() did.
>
>> + if (result.uint32 > INT_MAX / HZ)
>
> Here you are assuming something about what secs_to_jiffies()
> does. It's a very reasonable assumption, but you are encoding
> this in unrelated code, which you shouldn't do.
>
> Just do the direct conversion as you've done above:
>
> if (result.uint32 > INT_MAX)
>
>> goto out_of_range;
>> - opt->lock_timeout = msecs_to_jiffies(result.uint_32 * 1000);
>> + opt->lock_timeout = secs_to_jiffies(result.uint_32);
>
> Unfortunately, secs_to_jiffies() does not implement the clamp
> operation that msecs_to_jiffies() does. If you look at
> __msecs_to_jiffies() you see that the unsigned value provided
> is limited to MAX_JIFFY_OFFSET if it's negative when interpreted
> as a signed int (i.e., if its high bit is set).
>
> I think the secs_to_jiffies() implementation could benefit
> from the use of an overflow check. This might not be
> exactly right, but it gives the idea:
Fair enough, let me explore this.
@Jens, @Andrew, can you drop the rbd and libceph patches from your respective
trees while I work this out?
Thanks,
Easwar (he/him)
>
> #define secs_to_jiffies(_secs) \
> ({ \
> unsigned long _result; \
> \
> if (check_mul_overflow(_secs, HZ, &_result)) \
> _result = MAX_JIFFY_OFFSET; \
> (_result); \
> })
>
> -Alex
>
>
>> break;
>> case Opt_pool_ns:
>> kfree(pctx->spec->pool_ns);
>>