On Tue, 30 Jun 2009, H. Peter Anvin wrote:
>
> By process of elimination, the culprit must be round_up(), which reveals
> that the macro definition of round_up() has a *very* sublte behavior
> with mixed types:
>
> #define round_up(x, y) (((x) + (y) - 1) & ~((y) - 1))
>
> ram_alignment() returns unsigned long, which becomes (y). This means
> that the mask word on the right hand of the & gets truncated to 32 bits
> *before* the masking happens -- since ((y) - 1) is still unsigned long,
> inverting it will not set bits [63..32] to on.
Good catch.
Also, this shows another bug in the #define: it evaluates 'y' twice, which
is a no-no for something that _looks_ like a function.
> I think this macro is actively dangerous. Better would be:
>
> ({ __typeof__(x) __mask = (y)-1; ((x)+__mask) & ~__mask; })
Yes. Please make it so.
> The deep irony in this is that in our particular case is perhaps that
> align_up(x,y)-1 is the same thing as x | (y-1) which would have avoided
> the problem...
I don't know how deep that irony is, but I do agree that maybe we should
do that simplification too. In addition to fixing round_up() to not bite
future generations in the ass.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
