| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 May 2014 19:17:05 +0900
From: Masayoshi Mizuma <m.mizuma@...fujitsu.com>
To: Rik van Riel <riel@...hat.com>
CC: Andrew Morton <akpm@...ux-foundation.org>,
Michal Hocko <mhocko@...e.cz>, <linux-kernel@...r.kernel.org>,
<linux-mm@...ck.org>, <sandeen@...hat.com>, <jweiner@...hat.com>,
<kosaki.motohiro@...fujitsu.com>, <fengguang.wu@...el.com>,
<mpatlasov@...allels.com>, <Motohiro.Kosaki@...fujitsu.com>
Subject: Re: [PATCH v5] mm,writeback: fix divide by zero in pos_ratio_polynom
Hi Rik,
On Wed, 30 Apr 2014 16:42:55 -0400 Rik van Riel wrote:
> On Wed, 30 Apr 2014 13:13:53 -0700
> Andrew Morton <akpm@...ux-foundation.org> wrote:
>
>> This was a consequence of 64->32 truncation and it can't happen any
>> more, can it?
>
> Andrew, this is cleaner indeed :)
>
> Masayoshi-san, does the bug still happen with this version, or does
> this fix the problem?
I applied the v5 patch and the divide error did not happen when I ran the test.
Thank you for fixing it!
Thanks,
Masayoshi Mizuma
>
> ---8<---
>
> Subject: mm,writeback: fix divide by zero in pos_ratio_polynom
>
> It is possible for "limit - setpoint + 1" to equal zero, after
> getting truncated to a 32 bit variable, and resulting in a divide
> by zero error.
>
> Using the fully 64 bit divide functions avoids this problem.
>
> Also uninline pos_ratio_polynom, at Andrew's request.
>
> Signed-off-by: Rik van Riel <riel@...hat.com>
> ---
> mm/page-writeback.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/mm/page-writeback.c b/mm/page-writeback.c
> index ef41349..a4317da 100644
> --- a/mm/page-writeback.c
> +++ b/mm/page-writeback.c
> @@ -593,14 +593,14 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty)
> * (5) the closer to setpoint, the smaller |df/dx| (and the reverse)
> * => fast response on large errors; small oscillation near setpoint
> */
> -static inline long long pos_ratio_polynom(unsigned long setpoint,
> +static long long pos_ratio_polynom(unsigned long setpoint,
> unsigned long dirty,
> unsigned long limit)
> {
> long long pos_ratio;
> long x;
>
> - x = div_s64(((s64)setpoint - (s64)dirty) << RATELIMIT_CALC_SHIFT,
> + x = div64_s64(((s64)setpoint - (s64)dirty) << RATELIMIT_CALC_SHIFT,
> limit - setpoint + 1);
> pos_ratio = x;
> pos_ratio = pos_ratio * x >> RATELIMIT_CALC_SHIFT;
> @@ -842,7 +842,7 @@ static unsigned long bdi_position_ratio(struct backing_dev_info *bdi,
> x_intercept = bdi_setpoint + span;
>
> if (bdi_dirty < x_intercept - span / 4) {
> - pos_ratio = div_u64(pos_ratio * (x_intercept - bdi_dirty),
> + pos_ratio = div64_u64(pos_ratio * (x_intercept - bdi_dirty),
> x_intercept - bdi_setpoint + 1);
> } else
> pos_ratio /= 4;
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@...ck.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@...ck.org"> email@...ck.org </a>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists