newbus: Limit units to [0, INT_MAX)
ClosedPublic
Actions

Authored by imp on Thu, Oct 31, 5:01 PM.

Details

Reviewers

Summary

Limit the number of units a newbus device can have to be a positive
number. Reserve and reject the unit INT_MAX so that we can set maxunit
to INT_MAX without ill effect and so the normal signed int math
works. Add sanity checks to make sure we don't get negative unit numbers
from bus routines that can set the unit. Remove now-redundant check for
unit >=0 since it must be after an earlier check.

This should be largely a nop, since we'll likely run out of memory
before we have 2^31 devices. Also, finding unit number is O(n^2) since
we do linear searches for the next unit number, which even on very fast
machines will grind to a halt well before we reach this limit...

Add note to device_find_free_unit that says it can return INT_MAX when
all the unit numbers are in use. The one user in the tree
(ata_pci_attach) will then add a child with this unit and it will fail
and that failure will be handled properly. Hardware limitations, though
mean there will never be more than tens of units, let alone billions.

Update docs to document that EINVAL can be returned for bogus unit
numbers, or when we run out.

Co-Authored-by: Elliott Mitchell <ehem+freebsd@m5p.com>
Sponsored-by: Netflix

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 60299
Build 57183: arc lint + arc unit

Event Timeline

imp created this revision.Thu, Oct 31, 5:01 PM

Herald added a subscriber: olce. · View Herald TranscriptThu, Oct 31, 5:01 PM

imp requested review of this revision.Thu, Oct 31, 5:01 PM

Harbormaster completed remote builds in B60289: Diff 145762.Thu, Oct 31, 5:01 PM

finish comment

Harbormaster completed remote builds in B60290: Diff 145765.Thu, Oct 31, 5:35 PM

Maybe cleanup the realloc thing as a prior commit?

sys/kern/subr_bus.c
1239	this comment looks incomplete?
1251–1252	Hmm, is this MIN() needed? We already reject `unit == INT_MAX` above. Sigh, this expression is ridiculously over-complicated. MINALLOCSIZE is UMA_SMALLEST_UNIT which is 8, so you end up with 'MAX(1, 1)'. I don't care enough about 32-bit kernels to care about the optimization to basically avoid malloc_usable_size(). This should just be: newsize = unit + 1; Currently it's a silly way of writing that on 64-bit kernels. On 32-bit kernels it is: newsizse = roundup2(unit + 1, 2); This is not a hot path and not worth being unreadable.
1251–1252	This all seems to be an expanded version of `realloc`. `realloc` would handle copying the old data, etc. I guess though it doesn't zero the old bits. Using realloc though would mean that all the silliness above with trying to avoid malloc's by simulating malloc_usable_size. This is also something that can use M_WAITOK. :-P I would write the whole thing now as: newsize = unit + 1; dc->devices = reallocf(dc->devices, newsize * sizeof(newlist), M_BUS, M_WAITOK); memset(dc->devices + dc->maxunit, 0, sizeof(device_t) (newsize - dc->maxunit)); dc->maxunit = newsize;

imp marked an inline comment as done.Thu, Oct 31, 7:40 PM

imp added inline comments.

sys/kern/subr_bus.c
1239	I noticed and updated while you were reviewing :)
1251–1252	Oh I like that.
1251–1252	Why not dc->devices[unit] = NULL instead of the memset since we're just growing by 1?