lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 11 Dec 2015 17:00:01 +0300
From:	Andrey Ryabinin <aryabinin@...tuozzo.com>
To:	Peter Zijlstra <peterz@...radead.org>
CC:	<mingo@...hat.com>, <linux-kernel@...r.kernel.org>,
	<yuyang.du@...el.com>, Morten Rasmussen <morten.rasmussen@....com>,
	Paul Turner <pjt@...gle.com>, Ben Segall <bsegall@...gle.com>
Subject: Re: [PATCH] sched/fair: fix mul overflow on 32-bit systems



On 12/11/2015 04:36 PM, Peter Zijlstra wrote:
> On Fri, Dec 11, 2015 at 02:25:51PM +0100, Peter Zijlstra wrote:
>> On Fri, Dec 11, 2015 at 03:55:18PM +0300, Andrey Ryabinin wrote:
>>> Make 'r' 64-bit type to avoid overflow in 'r * LOAD_AVG_MAX'
>>> on 32-bit systems:
>>> 	UBSAN: Undefined behaviour in kernel/sched/fair.c:2785:18
>>> 	signed integer overflow:
>>> 	87950 * 47742 cannot be represented in type 'int'
>>>
>>> Fixes: 9d89c257dfb9 ("sched/fair: Rewrite runnable load and utilization average tracking")
>>> Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
>>> ---
>>>  kernel/sched/fair.c | 4 ++--
>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
>>> index e3266eb..733f0b8 100644
>>> --- a/kernel/sched/fair.c
>>> +++ b/kernel/sched/fair.c
>>> @@ -2780,14 +2780,14 @@ static inline int update_cfs_rq_load_avg(u64 now, struct cfs_rq *cfs_rq)
>>>  	int decayed, removed = 0;
>>>  
>>>  	if (atomic_long_read(&cfs_rq->removed_load_avg)) {
>>> -		long r = atomic_long_xchg(&cfs_rq->removed_load_avg, 0);
>>> +		s64 r = atomic_long_xchg(&cfs_rq->removed_load_avg, 0);
>>>  		sa->load_avg = max_t(long, sa->load_avg - r, 0);
>>>  		sa->load_sum = max_t(s64, sa->load_sum - r * LOAD_AVG_MAX, 0);
>>
>> This makes sense, because sched_avg::load_sum is u64.
>>
>>>  		removed = 1;
>>>  	}
>>>  
>>>  	if (atomic_long_read(&cfs_rq->removed_util_avg)) {
>>> -		long r = atomic_long_xchg(&cfs_rq->removed_util_avg, 0);
>>> +		s64 r = atomic_long_xchg(&cfs_rq->removed_util_avg, 0);
>>>  		sa->util_avg = max_t(long, sa->util_avg - r, 0);
>>>  		sa->util_sum = max_t(s32, sa->util_sum - r * LOAD_AVG_MAX, 0);
>>>  	}
>>
>> However sched_avg::util_sum is u32, so this is still wrecked.
> 
> I seems to have wrecked that in:
> 
>   006cdf025a33 ("sched/fair: Optimize per entity utilization tracking")
> 
> maybe just make util_load u64 too?
> 

Is there any guarantee that the final result of expression 'util_sum - r * LOAD_AVG_MAX' always can be represented by s32?

If yes, than we could just do this:
	max_t(s32, (u64)sa->util_sum - r * LOAD_AVG_MAX, 0)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ