| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131014123426.GG19604@quack.suse.cz>
Date: Mon, 14 Oct 2013 14:34:26 +0200
From: Jan Kara <jack@...e.cz>
To: Fengguang Wu <fengguang.wu@...el.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Toralf Förster <toralf.foerster@....de>,
Richard Weinberger <richard@....at>, Jan Kara <jack@...e.cz>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
UML devel <user-mode-linux-devel@...ts.sourceforge.net>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
hannes@...xchg.org, darrick.wong@...cle.com,
Michal Hocko <mhocko@...e.cz>
Subject: Re: [PATCH v2] writeback: fix negative bdi max pause
On Sat 12-10-13 12:45:17, Wu Fengguang wrote:
> Toralf runs trinity on UML/i386.
> After some time it hangs and the last message line is
>
> BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521]
>
> It's found that pages_dirtied becomes very large.
> More than 1000000000 pages in this case:
>
> period = HZ * pages_dirtied / task_ratelimit;
> BUG_ON(pages_dirtied > 2000000000);
> BUG_ON(pages_dirtied > 1000000000); <---------
>
> UML debug printf shows that we got negative pause here:
>
> ick: pause : -984
> ick: pages_dirtied : 0
> ick: task_ratelimit: 0
>
> pause:
> + if (pause < 0) {
> + extern int printf(char *, ...);
> + printf("ick : pause : %li\n", pause);
> + printf("ick: pages_dirtied : %lu\n", pages_dirtied);
> + printf("ick: task_ratelimit: %lu\n", task_ratelimit);
> + BUG_ON(1);
> + }
> trace_balance_dirty_pages(bdi,
>
> Since pause is bounded by [min_pause, max_pause] where min_pause is also
> bounded by max_pause. It's suspected and demonstrated that the max_pause
> calculation goes wrong:
>
> ick: pause : -717
> ick: min_pause : -177
> ick: max_pause : -717
> ick: pages_dirtied : 14
> ick: task_ratelimit: 0
>
> The problem lies in the two "long = unsigned long" assignments in
> bdi_max_pause() which might go negative if the highest bit is 1, and
> the min_t(long, ...) check failed to protect it falling under 0. Fix
> all of them by using "unsigned long" throughout the function.
>
> Reported-by: Toralf Förster <toralf.foerster@....de>
> Tested-by: Toralf Förster <toralf.foerster@....de>
> Cc: <stable@...r.kernel.org>
> Cc: Jan Kara <jack@...e.cz>
> Cc: Richard Weinberger <richard@....at>
> Cc: Geert Uytterhoeven <geert@...ux-m68k.org>
> Signed-off-by: Fengguang Wu <fengguang.wu@...el.com>
The patch looks good. You can add:
Reviewed-by: Jan Kara <jack@...e.cz>
Honza
> ---
> mm/page-writeback.c | 10 +++++-----
> mm/readahead.c | 2 +-
> 2 files changed, 6 insertions(+), 6 deletions(-)
>
> Changes since v1: Add CC list.
>
> diff --git a/mm/page-writeback.c b/mm/page-writeback.c
> index 3f0c895..241a746 100644
> --- a/mm/page-writeback.c
> +++ b/mm/page-writeback.c
> @@ -1104,11 +1104,11 @@ static unsigned long dirty_poll_interval(unsigned long dirty,
> return 1;
> }
>
> -static long bdi_max_pause(struct backing_dev_info *bdi,
> - unsigned long bdi_dirty)
> +static unsigned long bdi_max_pause(struct backing_dev_info *bdi,
> + unsigned long bdi_dirty)
> {
> - long bw = bdi->avg_write_bandwidth;
> - long t;
> + unsigned long bw = bdi->avg_write_bandwidth;
> + unsigned long t;
>
> /*
> * Limit pause time for small memory systems. If sleeping for too long
> @@ -1120,7 +1120,7 @@ static long bdi_max_pause(struct backing_dev_info *bdi,
> t = bdi_dirty / (1 + bw / roundup_pow_of_two(1 + HZ / 8));
> t++;
>
> - return min_t(long, t, MAX_PAUSE);
> + return min_t(unsigned long, t, MAX_PAUSE);
> }
>
> static long bdi_min_pause(struct backing_dev_info *bdi,
--
Jan Kara <jack@...e.cz>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists