lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4c4b3d6f-64b7-4ba3-8d2e-d8b1f1a03a53@ieee.org>
Date: Sun, 2 Mar 2025 11:05:30 -0600
From: Alex Elder <elder@...e.org>
To: Easwar Hariharan <eahariha@...ux.microsoft.com>,
 Andrew Morton <akpm@...ux-foundation.org>,
 Christophe JAILLET <christophe.jaillet@...adoo.fr>,
 Daniel Vacek <neelx@...e.com>, Ilya Dryomov <idryomov@...il.com>,
 Dongsheng Yang <dongsheng.yang@...ystack.cn>, Jens Axboe <axboe@...nel.dk>,
 Xiubo Li <xiubli@...hat.com>
Cc: ceph-devel@...r.kernel.org, linux-block@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 1/2] rbd: convert timeouts to secs_to_jiffies()

On 2/28/25 10:22 PM, Easwar Hariharan wrote:
> Commit b35108a51cf7 ("jiffies: Define secs_to_jiffies()") introduced
> secs_to_jiffies().  As the value here is a multiple of 1000, use
> secs_to_jiffies() instead of msecs_to_jiffies() to avoid the multiplication
> 
> This is converted using scripts/coccinelle/misc/secs_to_jiffies.cocci with
> the following Coccinelle rules:
> 
> @depends on patch@ expression E; @@
> 
> -msecs_to_jiffies(E * 1000)
> +secs_to_jiffies(E)
> 
> @depends on patch@ expression E; @@
> 
> -msecs_to_jiffies(E * MSEC_PER_SEC)
> +secs_to_jiffies(E)
> 
> Change the check for range to check against HZ.
> 
> Acked-by: Ilya Dryomov <idryomov@...il.com>
> Signed-off-by: Easwar Hariharan <eahariha@...ux.microsoft.com>

I think what you've done in the last hunk below should not be
done that way.  I also suggest something to the (related, but
not part of this series) secs_to_jiffies() implementation.

> ---
>   drivers/block/rbd.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
> index faafd7ff43d6ef53110ab3663cc7ac322214cc8c..1c406b17f3cee741b7bdd9f742958b3f1d5b1bbe 100644
> --- a/drivers/block/rbd.c
> +++ b/drivers/block/rbd.c
> @@ -108,7 +108,7 @@ static int atomic_dec_return_safe(atomic_t *v)
>   #define RBD_OBJ_PREFIX_LEN_MAX	64
>   
>   #define RBD_NOTIFY_TIMEOUT	5	/* seconds */
> -#define RBD_RETRY_DELAY		msecs_to_jiffies(1000)
> +#define RBD_RETRY_DELAY		secs_to_jiffies(1)
>   
>   /* Feature bits */
>   
> @@ -4162,7 +4162,7 @@ static void rbd_acquire_lock(struct work_struct *work)
>   		dout("%s rbd_dev %p requeuing lock_dwork\n", __func__,
>   		     rbd_dev);
>   		mod_delayed_work(rbd_dev->task_wq, &rbd_dev->lock_dwork,
> -		    msecs_to_jiffies(2 * RBD_NOTIFY_TIMEOUT * MSEC_PER_SEC));
> +		    secs_to_jiffies(2 * RBD_NOTIFY_TIMEOUT));
>   	}
>   }
>   
> @@ -6283,9 +6283,9 @@ static int rbd_parse_param(struct fs_parameter *param,
>   		break;
>   	case Opt_lock_timeout:
>   		/* 0 is "wait forever" (i.e. infinite timeout) */
> -		if (result.uint_32 > INT_MAX / 1000)

Previously, the above line was verifying that the multiplication
done below would not overflow.  It was unrelated to whatever
msecs_to_jiffies() did.

> +		if (result.uint32 > INT_MAX / HZ)

Here you are assuming something about what secs_to_jiffies()
does.  It's a very reasonable assumption, but you are encoding
this in unrelated code, which you shouldn't do.

Just do the direct conversion as you've done above:

		if (result.uint32 > INT_MAX)

>   			goto out_of_range;
> -		opt->lock_timeout = msecs_to_jiffies(result.uint_32 * 1000);
> +		opt->lock_timeout = secs_to_jiffies(result.uint_32);

Unfortunately, secs_to_jiffies() does not implement the clamp
operation that msecs_to_jiffies() does.  If you look at
__msecs_to_jiffies() you see that the unsigned value provided
is limited to MAX_JIFFY_OFFSET if it's negative when interpreted
as a signed int (i.e., if its high bit is set).

I think the secs_to_jiffies() implementation could benefit
from the use of an overflow check.  This might not be
exactly right, but it gives the idea:

#define secs_to_jiffies(_secs)					\
	({							\
		unsigned long _result;				\
								\
		if (check_mul_overflow(_secs, HZ, &_result))	\
			_result = MAX_JIFFY_OFFSET;		\
		(_result);					\
	})

					-Alex


>   		break;
>   	case Opt_pool_ns:
>   		kfree(pctx->spec->pool_ns);
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ