lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Mon, 14 Jul 2014 12:06:01 +0400
From:	Maxim Patlasov <mpatlasov@...allels.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	<riel@...hat.com>, <linux-kernel@...r.kernel.org>,
	<mhocko@...e.cz>, <linux-mm@...ck.org>,
	<kosaki.motohiro@...fujitsu.com>, <fengguang.wu@...el.com>,
	<jweiner@...hat.com>
Subject: Re: [PATCH] mm/page-writeback.c: fix divide by zero in bdi_dirty_limits

Hi Andrew,

On 07/12/2014 02:27 AM, Andrew Morton wrote:
> On Fri, 11 Jul 2014 12:18:27 +0400 Maxim Patlasov <MPatlasov@...allels.com> wrote:
>
>> Under memory pressure, it is possible for dirty_thresh, calculated by
>> global_dirty_limits() in balance_dirty_pages(), to equal zero.
> Under what circumstances?  Really small values of vm_dirty_bytes?

No, I used default settings:

vm_dirty_bytes = 0;
dirty_background_bytes = 0;
vm_dirty_ratio = 20;
dirty_background_ratio = 10;

and a simple program like main() { while(1) { p = malloc(4096); mlock(p, 
4096); } }. Of course, this triggers oom eventually, but immediately 
before oom, the system is under hard memory pressure.

>
>> Then, if
>> strictlimit is true, bdi_dirty_limits() tries to resolve the proportion:
>>
>>    bdi_bg_thresh : bdi_thresh = background_thresh : dirty_thresh
>>
>> by dividing by zero.
>>
>> ...
>>
>> --- a/mm/page-writeback.c
>> +++ b/mm/page-writeback.c
>> @@ -1306,9 +1306,9 @@ static inline void bdi_dirty_limits(struct backing_dev_info *bdi,
>>   	*bdi_thresh = bdi_dirty_limit(bdi, dirty_thresh);
>>   
>>   	if (bdi_bg_thresh)
>> -		*bdi_bg_thresh = div_u64((u64)*bdi_thresh *
>> -					 background_thresh,
>> -					 dirty_thresh);
>> +		*bdi_bg_thresh = dirty_thresh ? div_u64((u64)*bdi_thresh *
>> +							background_thresh,
>> +							dirty_thresh) : 0;
> This introduces a peculiar discontinuity:
>
> if dirty_thresh==3, treat it as 3
> if dirty_thresh==2, treat it as 2
> if dirty_thresh==1, treat it as 1
> if dirty_thresh==0, treat it as infinity

No, the patch doesn't treat dirty_thresh==0 as infinity. In fact, in 
that case we have equation: x : 0 = 0 : 0, and the patch resolves it as 
x=0. Here is the reasoning:

1. A bdi counter is always a fraction of global one. Hence bdi_thresh is 
always not greater than dirty_thresh. So far as dirty_thresh is equal to 
zero, bdi_thresh is equal to zero too.
2. bdi_bg_thresh must be not greater than bdi_thresh because we want to 
start background process earlier than throttling it. So far as 
bdi_thresh is equal to zero, bdi_bg_thresh must be zero too.


>
> Would it not make more sense to change global_dirty_limits() to convert
> 0 to 1?  With an appropriate comment, obviously.
>
>
> Or maybe the fix lies elsewhere.  Please do tell us how this zero comes
> about.
>

Firstly let me explain where available_memory equal to one came from. 
global_dirty_limits() calculates it by calling 
global_dirtyable_memory(). The latter takes into consideration three 
global counters and a global reserve. In my case corresponding values were:

NR_INACTIVE_FILE = 0
NR_ACTIVE_FILE = 0
NR_FREE_PAGES = 7006
dirty_balance_reserve = 7959.

Consequently, "x" in global_dirtyable_memory() was equal to zero, and 
the function returned one. Now global_dirty_limits() assigns 
available_memory to one and calculates "dirty" as a fraction of 
available_memory:

     dirty = (vm_dirty_ratio * available_memory) / 100;

So far as vm_drity_ratio is lesser than 100 (it is 20 by default), dirty 
is calculated as zero.

As for your question about conversion 0 to 1, I think that bdi_thresh = 
dirty_thresh = 0 makes natural sense: we are under strong memory 
pressure, please always start background writeback and throttle process 
(even if actual number of dirty pages is low). So other parts of 
balance_dirty_pages machinery must handle zero thresholds properly.

Thanks,
Maxim
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists