IB/hfi1: Fix a wrapping test (make it less strict)

Message ID	20171013105559.tqzh6jhcnvmqhdwy@mwanda (mailing list archive)
State	Superseded
Headers	show Return-Path: <linux-rdma-owner@kernel.org> Date: Fri, 13 Oct 2017 13:56:02 +0300 From: Dan Carpenter <dan.carpenter@oracle.com> To: Mike Marciniszyn <mike.marciniszyn@intel.com> Cc: Dennis Dalessandro <dennis.dalessandro@intel.com>, Doug Ledford <dledford@redhat.com>, Sean Hefty <sean.hefty@intel.com>, Hal Rosenstock <hal.rosenstock@gmail.com>, linux-rdma@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH] IB/hfi1: Fix a wrapping test (make it less strict) Message-ID: <20171013105559.tqzh6jhcnvmqhdwy@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk

Dan Carpenter Oct. 13, 2017, 10:56 a.m. UTC

The "2 * UINT_MAX" overflows so the test is essentially doing this:

	if ((u64)(ts - cce->timestamp) > UINT_MAX - 1) {

I've changed it to a 64bit type.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Not tested.

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Doug Ledford Oct. 23, 2017, 3:05 p.m. UTC | #1

On Fri, 2017-10-13 at 13:56 +0300, Dan Carpenter wrote:
> The "2 * UINT_MAX" overflows so the test is essentially doing this:
> 
> 	if ((u64)(ts - cce->timestamp) > UINT_MAX - 1) {
> 
> I've changed it to a 64bit type.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> Not tested.
> 
> diff --git a/drivers/infiniband/hw/hfi1/mad.c
> b/drivers/infiniband/hw/hfi1/mad.c
> index f4c0ffc040cc..3aeea8afd44f 100644
> --- a/drivers/infiniband/hw/hfi1/mad.c
> +++ b/drivers/infiniband/hw/hfi1/mad.c
> @@ -3781,7 +3781,7 @@ static int __subn_get_opa_hfi1_cong_log(struct
> opa_smp *smp, u32 am,
>  		 * required to wrap the counter are supposed to
>  		 * be zeroed (CA10-49 IBTA, release 1.2.1, V1).
>  		 */
> -		if ((u64)(ts - cce->timestamp) > (2 * UINT_MAX))
> +		if ((u64)(ts - cce->timestamp) > (2ULL * UINT_MAX))
>  			continue;
>  		memcpy(cong_log->events[i].local_qp_cn_entry, &cce-
> >lqpn, 3);
>  		memcpy(cong_log-
> >events[i].remote_qp_number_cn_entry,

Denny, I'm looking for feedback from you on this patch.  This fixes a
bug, my only concern is that the code used to work with the bug, could
this make the code not work?

Dennis Dalessandro Oct. 23, 2017, 5:57 p.m. UTC | #2

On 10/23/2017 11:05 AM, Doug Ledford wrote:
> On Fri, 2017-10-13 at 13:56 +0300, Dan Carpenter wrote:
>> The "2 * UINT_MAX" overflows so the test is essentially doing this:
>>
>> 	if ((u64)(ts - cce->timestamp) > UINT_MAX - 1) {
>>
>> I've changed it to a 64bit type.
>>
>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>> ---
>> Not tested.
>>
>> diff --git a/drivers/infiniband/hw/hfi1/mad.c
>> b/drivers/infiniband/hw/hfi1/mad.c
>> index f4c0ffc040cc..3aeea8afd44f 100644
>> --- a/drivers/infiniband/hw/hfi1/mad.c
>> +++ b/drivers/infiniband/hw/hfi1/mad.c
>> @@ -3781,7 +3781,7 @@ static int __subn_get_opa_hfi1_cong_log(struct
>> opa_smp *smp, u32 am,
>>   		 * required to wrap the counter are supposed to
>>   		 * be zeroed (CA10-49 IBTA, release 1.2.1, V1).
>>   		 */
>> -		if ((u64)(ts - cce->timestamp) > (2 * UINT_MAX))
>> +		if ((u64)(ts - cce->timestamp) > (2ULL * UINT_MAX))
>>   			continue;
>>   		memcpy(cong_log->events[i].local_qp_cn_entry, &cce-
>>> lqpn, 3);
>>   		memcpy(cong_log-
>>> events[i].remote_qp_number_cn_entry,
> 
> Denny, I'm looking for feedback from you on this patch.  This fixes a
> bug, my only concern is that the code used to work with the bug, could
> this make the code not work?
> 

Mike and I have been looking at this. The code seems to work as it is 
but fails with Dan's patch. We are still looking at it, but I'd advise 
against pulling just yet. It's not something for 4.14.

-Denny
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Doug Ledford Oct. 23, 2017, 6:33 p.m. UTC | #3

On Mon, 2017-10-23 at 13:57 -0400, Dennis Dalessandro wrote:
> On 10/23/2017 11:05 AM, Doug Ledford wrote:
> > On Fri, 2017-10-13 at 13:56 +0300, Dan Carpenter wrote:
> > > The "2 * UINT_MAX" overflows so the test is essentially doing
> > > this:
> > > 
> > > 	if ((u64)(ts - cce->timestamp) > UINT_MAX - 1) {
> > > 
> > > I've changed it to a 64bit type.
> > > 
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > ---
> > > Not tested.
> > > 
> > > diff --git a/drivers/infiniband/hw/hfi1/mad.c
> > > b/drivers/infiniband/hw/hfi1/mad.c
> > > index f4c0ffc040cc..3aeea8afd44f 100644
> > > --- a/drivers/infiniband/hw/hfi1/mad.c
> > > +++ b/drivers/infiniband/hw/hfi1/mad.c
> > > @@ -3781,7 +3781,7 @@ static int
> > > __subn_get_opa_hfi1_cong_log(struct
> > > opa_smp *smp, u32 am,
> > >   		 * required to wrap the counter are supposed to
> > >   		 * be zeroed (CA10-49 IBTA, release 1.2.1, V1).
> > >   		 */
> > > -		if ((u64)(ts - cce->timestamp) > (2 * UINT_MAX))
> > > +		if ((u64)(ts - cce->timestamp) > (2ULL *
> > > UINT_MAX))
> > >   			continue;
> > >   		memcpy(cong_log->events[i].local_qp_cn_entry,
> > > &cce-
> > > > lqpn, 3);
> > > 
> > >   		memcpy(cong_log-
> > > > events[i].remote_qp_number_cn_entry,
> > 
> > Denny, I'm looking for feedback from you on this patch.  This fixes
> > a
> > bug, my only concern is that the code used to work with the bug,
> > could
> > this make the code not work?
> > 
> 
> Mike and I have been looking at this. The code seems to work as it
> is 
> but fails with Dan's patch. We are still looking at it, but I'd
> advise 
> against pulling just yet. It's not something for 4.14.

That's what I was afraid of: by fixing a C language bug, you expose the
fact that there is a subtle logic bug that's only been working because
of the C language bug ;-).

I'll hold off until you send this patch through with whatever
incremental changes are needed elsewhere to make it work.

Jason Gunthorpe Oct. 23, 2017, 7:04 p.m. UTC | #4

On Mon, Oct 23, 2017 at 02:33:46PM -0400, Doug Ledford wrote:
> > > > @@ -3781,7 +3781,7 @@ static int
> > > > __subn_get_opa_hfi1_cong_log(struct
> > > > opa_smp *smp, u32 am,
> > > >   		 * required to wrap the counter are supposed to
> > > >   		 * be zeroed (CA10-49 IBTA, release 1.2.1, V1).
> > > >   		 */
> > > > -		if ((u64)(ts - cce->timestamp) > (2 * UINT_MAX))
> > > > +		if ((u64)(ts - cce->timestamp) > (2ULL *
> > > > UINT_MAX))

This is really weird looking. Both ts and cce->timestamp are s64, why
do the convoluted conversion to unsigned? And surely UINT_MAX is not
the right thing..

if ((ts - cce->timestamp)/2 > 0xFFFFFFFF)

?

ktime_get is defined to be monotonic, so ts - cce->timestamp should
never go negative.

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Marciniszyn, Mike Oct. 24, 2017, 7:54 p.m. UTC | #5

> Subject: Re: [PATCH] IB/hfi1: Fix a wrapping test (make it less strict)
> 
> On Mon, Oct 23, 2017 at 02:33:46PM -0400, Doug Ledford wrote:
> > > > > @@ -3781,7 +3781,7 @@ static int
> > > > > __subn_get_opa_hfi1_cong_log(struct
> > > > > opa_smp *smp, u32 am,
> > > > >   		 * required to wrap the counter are supposed to
> > > > >   		 * be zeroed (CA10-49 IBTA, release 1.2.1, V1).
> > > > >   		 */
> > > > > -		if ((u64)(ts - cce->timestamp) > (2 * UINT_MAX))
> > > > > +		if ((u64)(ts - cce->timestamp) > (2ULL *
> > > > > UINT_MAX))
> 
> This is really weird looking. Both ts and cce->timestamp are s64, why
> do the convoluted conversion to unsigned? And surely UINT_MAX is not
> the right thing..
> 
> if ((ts - cce->timestamp)/2 > 0xFFFFFFFF)
> 
> ?
> 
> ktime_get is defined to be monotonic, so ts - cce->timestamp should
> never go negative.
> 

I agree that this is an issue.

My proposal:
- Change s64 to u64 for ts and in timestamp in opa_hfi1_cong_log_event_internal
- Change the calls:
        ktime_to_ns(ktime_get()) / 1024
        -- to --
        ktime_get_ns() / 1024
- Change to use Jason's test from above with UINT_MAX

Dan, we can do the patch or you can send a v2?

Mike

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Jason Gunthorpe Oct. 24, 2017, 8:02 p.m. UTC | #6

On Tue, Oct 24, 2017 at 07:54:40PM +0000, Marciniszyn, Mike wrote:

> - Change to use Jason's test from above with UINT_MAX

UINT_MAX isn't U32_MAX, is it?

Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Marciniszyn, Mike Oct. 24, 2017, 8:03 p.m. UTC | #7

> 
> > - Change to use Jason's test from above with UINT_MAX
> 
> UINT_MAX isn't U32_MAX, is it?
> 

Yes.  My bad.

Mike
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Dan Carpenter Oct. 25, 2017, 5:14 a.m. UTC | #8

On Tue, Oct 24, 2017 at 07:54:40PM +0000, Marciniszyn, Mike wrote:
> > Subject: Re: [PATCH] IB/hfi1: Fix a wrapping test (make it less strict)
> > 
> > On Mon, Oct 23, 2017 at 02:33:46PM -0400, Doug Ledford wrote:
> > > > > > @@ -3781,7 +3781,7 @@ static int
> > > > > > __subn_get_opa_hfi1_cong_log(struct
> > > > > > opa_smp *smp, u32 am,
> > > > > >   		 * required to wrap the counter are supposed to
> > > > > >   		 * be zeroed (CA10-49 IBTA, release 1.2.1, V1).
> > > > > >   		 */
> > > > > > -		if ((u64)(ts - cce->timestamp) > (2 * UINT_MAX))
> > > > > > +		if ((u64)(ts - cce->timestamp) > (2ULL *
> > > > > > UINT_MAX))
> > 
> > This is really weird looking. Both ts and cce->timestamp are s64, why
> > do the convoluted conversion to unsigned? And surely UINT_MAX is not
> > the right thing..
> > 
> > if ((ts - cce->timestamp)/2 > 0xFFFFFFFF)
> > 
> > ?
> > 
> > ktime_get is defined to be monotonic, so ts - cce->timestamp should
> > never go negative.
> > 
> 
> I agree that this is an issue.
> 
> My proposal:
> - Change s64 to u64 for ts and in timestamp in opa_hfi1_cong_log_event_internal
> - Change the calls:
>         ktime_to_ns(ktime_get()) / 1024
>         -- to --
>         ktime_get_ns() / 1024
> - Change to use Jason's test from above with UINT_MAX
> 
> Dan, we can do the patch or you can send a v2?
> 

Can you do the patch and give me a Reported-by tag?

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Dan Carpenter Oct. 25, 2017, 5:27 a.m. UTC | #9

On Tue, Oct 24, 2017 at 02:02:16PM -0600, Jason Gunthorpe wrote:
> On Tue, Oct 24, 2017 at 07:54:40PM +0000, Marciniszyn, Mike wrote:
> 
> > - Change to use Jason's test from above with UINT_MAX
> 
> UINT_MAX isn't U32_MAX, is it?

They are always the same.

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

IB/hfi1: Fix a wrapping test (make it less strict)

Commit Message

Comments

Patch