lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20140430123526.bc6a229c1ea4addad1fb483d@linux-foundation.org>
Date:	Wed, 30 Apr 2014 12:35:26 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Rik van Riel <riel@...hat.com>
Cc:	Michal Hocko <mhocko@...e.cz>,
	Masayoshi Mizuma <m.mizuma@...fujitsu.com>,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	sandeen@...hat.com, jweiner@...hat.com,
	kosaki.motohiro@...fujitsu.com, fengguang.wu@...el.com,
	mpatlasov@...allels.com, Motohiro.Kosaki@...fujitsu.com
Subject: Re: [PATCH v3] mm,writeback: fix divide by zero in
 pos_ratio_polynom

On Wed, 30 Apr 2014 15:30:04 -0400 Rik van Riel <riel@...hat.com> wrote:

> On 04/30/2014 03:00 PM, Andrew Morton wrote:
> > On Wed, 30 Apr 2014 10:41:14 -0400 Rik van Riel <riel@...hat.com> wrote:
> >
> >> It is possible for "limit - setpoint + 1" to equal zero, leading to a
> >> divide by zero error. Blindly adding 1 to "limit - setpoint" is not
> >> working, so we need to actually test the divisor before calling div64.
> >>
> >> ...
> >>
> >> --- a/mm/page-writeback.c
> >> +++ b/mm/page-writeback.c
> >> @@ -598,10 +598,15 @@ static inline long long pos_ratio_polynom(unsigned long setpoint,
> >>   					  unsigned long limit)
> >>   {
> >>   	long long pos_ratio;
> >> +	long divisor;
> >>   	long x;
> >>
> >> +	divisor = limit - setpoint;
> >> +	if (!(s32)divisor)
> >> +		divisor = 1;	/* Avoid div-by-zero */
> >> +
> >>   	x = div_s64(((s64)setpoint - (s64)dirty) << RATELIMIT_CALC_SHIFT,
> >> -		    limit - setpoint + 1);
> >> +		    (s32)divisor);
> >
> > Doesn't this just paper over the bug one time in four billion?  The
> > other 3999999999 times, pos_ratio_polynom() returns an incorect result?
> >
> > If it is indeed the case that pos_ratio_polynom() callers are
> > legitimately passing a setpoint which is more than 2^32 less than limit
> > then it would be better to handle that input correctly.
> 
> The easy way would be by calling div64_s64 and div64_u64,
> which are 64 bit all the way through.
> 
> Any objections?

Sounds good to me.

> The inlined bits seem to be stubs calling the _rem variants
> of the functions, and discarding the remainder.

I was referring to pos_ratio_polynom().  The compiler will probably be
uninlining it anyway, but still...

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ