On 2012-02-21, at 9:36 AM, Eric Sandeen wrote:

On 02/21/2012 07:55 AM, Xi Wang wrote:

quoted

On Feb 20, 2012, at 6:47 PM, Eric Sandeen wrote:

quoted

Hm this raises a few questions I think.

On the one hand, making sure the kmalloc arg doesn't overflow here is
certainly a good thing and probably the right thing to do in the short term.

So I guess:

Reviewed-by: Eric Sandeen <redacted>

for that, to close the hole.

Another possibility is to wait for knalloc/kmalloc_array in the -mm
tree, which is basically the non-zeroing version of kcalloc that
performs overflow checking.

quoted

Doesn't this also mean that a valid s_log_groups_per_flex (i.e. 31)
will fail in this resize code?  That would be an unexpected outcome.
2^31 groups per flex is a little crazy, but still technically valid
according to the limits in the code.

Or we could limit s_log_groups_per_flex/groups_per_flex to a
reasonable upper bound in ext4_fill_flex_info(), right?

Depends on the "flex_bg" design intent, I guess.

I don't know if the 2^31 was an intended design limit, or just a
mathematical limit that based on container sizes etc...

I'd have to look at the resize code more carefully but I can't imagine
that it's imperative to allocate this stuff all at once.

We previously tried to use a large flex_bg size to put all metadata into a
single group so it could easily be allocated on a separate SSD device, but
that didn't work very well.  Once the number of bitmaps in group 0 is more
than the number of free blocks in that group (below 16k groups, due to group
descriptors) then they need to overflow into group 1 and collide with the
group descriptors there.  Then mke2fs chokes, AFAIR.

It may be different with bigalloc, since the number of blocks in a group can
be very large, I haven't tried that.

In any case, I don't think anyone expects vmalloc(2^32 * struct size) to work,
but I wouldn't sweat fixing this until there is some real reason to do so.

Cheers, Andreas