On Fri, May 14, 2021 at 02:17:49PM +0200, Peter Zijlstra wrote:
> On Wed, Apr 28, 2021 at 03:36:02PM +0000, Liam Howlett wrote:
> > +static void mas_set_height(struct ma_state *mas)
> > +{
> > + unsigned int new_flags = mas->tree->ma_flags;
> > +
> > + new_flags &= ~MAPLE_HEIGHT_MASK;
> > + new_flags |= mas->depth << MAPLE_HEIGHT_OFFSET;
> > + mas->tree->ma_flags = new_flags;
> > +}
>
> This goes sideways when mas->depth is too large; I didn't quickly see an
> assertion / range checks for mas->depth anywhere.
Not arguing that we shouldn't have such an assertion (to catch bugs),
but with 4 bits, that's a height 15 tree. At a minimum fanout of 5.5
per level (with a minimum of 8.5 in the leaf), that's 197 x 10^9 entries.
At a more typical fanout of 8 per level and 12 entries in each leaf, it's
52.8 x 10^12 entries in the tree (about 2^46). You'll run out of memory
and address space first.
