* [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN @ 2013-04-12 6:39 Sha Zhengju 2013-04-12 8:11 ` Daisuke Nishimura 0 siblings, 1 reply; 8+ messages in thread From: Sha Zhengju @ 2013-04-12 6:39 UTC (permalink / raw) To: cgroups, linux-mm; +Cc: akpm, jeff.liu, Sha Zhengju From: Sha Zhengju <handai.szj@taobao.com> While writing memory.limit_in_bytes, a confusing result may happen: $ mkdir /memcg/test $ cat /memcg/test/memory.limit_in_bytes 9223372036854775807 $ cat /memcg/test/memory.memsw.limit_in_bytes 9223372036854775807 $ echo 18446744073709551614 > /memcg/test/memory.limit_in_bytes $ cat /memcg/test/memory.limit_in_bytes 0 Strangely, the write successed and reset the limit to 0. The patch corrects RESOURCE_MAX and fixes this kind of overflow. Signed-off-by: Sha Zhengju <handai.szj@taobao.com> Reported-by: Li Wenpeng < xingke.lwp@taobao.com> Cc: Jie Liu <jeff.liu@oracle.com> --- include/linux/res_counter.h | 2 +- kernel/res_counter.c | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/include/linux/res_counter.h b/include/linux/res_counter.h index c230994..c2f01fc 100644 --- a/include/linux/res_counter.h +++ b/include/linux/res_counter.h @@ -54,7 +54,7 @@ struct res_counter { struct res_counter *parent; }; -#define RESOURCE_MAX (unsigned long long)LLONG_MAX +#define RESOURCE_MAX (unsigned long long)ULLONG_MAX /** * Helpers to interact with userspace diff --git a/kernel/res_counter.c b/kernel/res_counter.c index ff55247..6c35310 100644 --- a/kernel/res_counter.c +++ b/kernel/res_counter.c @@ -195,6 +195,12 @@ int res_counter_memparse_write_strategy(const char *buf, if (*end != '\0') return -EINVAL; - *res = PAGE_ALIGN(*res); + /* Since PAGE_ALIGN is aligning up(the next page boundary), + * check the left space to avoid overflow to 0. */ + if (RESOURCE_MAX - *res < PAGE_SIZE - 1) + *res = RESOURCE_MAX; + else + *res = PAGE_ALIGN(*res); + return 0; } -- 1.7.9.5 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN 2013-04-12 6:39 [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN Sha Zhengju @ 2013-04-12 8:11 ` Daisuke Nishimura 2013-04-12 10:38 ` Sha Zhengju 2013-04-15 20:58 ` Andrew Morton 0 siblings, 2 replies; 8+ messages in thread From: Daisuke Nishimura @ 2013-04-12 8:11 UTC (permalink / raw) To: Sha Zhengju; +Cc: cgroups, linux-mm, akpm, jeff.liu, Sha Zhengju Hi, On Fri, 12 Apr 2013 14:39:23 +0800 Sha Zhengju <handai.szj@gmail.com> wrote: > From: Sha Zhengju <handai.szj@taobao.com> > > While writing memory.limit_in_bytes, a confusing result may happen: > > $ mkdir /memcg/test > $ cat /memcg/test/memory.limit_in_bytes > 9223372036854775807 > $ cat /memcg/test/memory.memsw.limit_in_bytes > 9223372036854775807 > $ echo 18446744073709551614 > /memcg/test/memory.limit_in_bytes > $ cat /memcg/test/memory.limit_in_bytes > 0 > > Strangely, the write successed and reset the limit to 0. > The patch corrects RESOURCE_MAX and fixes this kind of overflow. > > > Signed-off-by: Sha Zhengju <handai.szj@taobao.com> > Reported-by: Li Wenpeng < xingke.lwp@taobao.com> > Cc: Jie Liu <jeff.liu@oracle.com> > --- > include/linux/res_counter.h | 2 +- > kernel/res_counter.c | 8 +++++++- > 2 files changed, 8 insertions(+), 2 deletions(-) > > diff --git a/include/linux/res_counter.h b/include/linux/res_counter.h > index c230994..c2f01fc 100644 > --- a/include/linux/res_counter.h > +++ b/include/linux/res_counter.h > @@ -54,7 +54,7 @@ struct res_counter { > struct res_counter *parent; > }; > > -#define RESOURCE_MAX (unsigned long long)LLONG_MAX > +#define RESOURCE_MAX (unsigned long long)ULLONG_MAX > I don't think it's a good idea to change a user-visible value. > /** > * Helpers to interact with userspace > diff --git a/kernel/res_counter.c b/kernel/res_counter.c > index ff55247..6c35310 100644 > --- a/kernel/res_counter.c > +++ b/kernel/res_counter.c > @@ -195,6 +195,12 @@ int res_counter_memparse_write_strategy(const char *buf, > if (*end != '\0') > return -EINVAL; > > - *res = PAGE_ALIGN(*res); > + /* Since PAGE_ALIGN is aligning up(the next page boundary), > + * check the left space to avoid overflow to 0. */ > + if (RESOURCE_MAX - *res < PAGE_SIZE - 1) > + *res = RESOURCE_MAX; > + else > + *res = PAGE_ALIGN(*res); > + Current interface seems strange because we can set a bigger value than the value which means "unlimited". So, how about some thing like: if (*res > RESOURCE_MAX) return -EINVAL; if (*res > PAGE_ALIGN(RESOURCE_MAX) - PAGE_SIZE) *res = RESOURCE_MAX; else *res = PAGE_ALIGN(*res); ? > return 0; > } > -- > 1.7.9.5 > > -- > To unsubscribe, send a message with 'unsubscribe linux-mm' in > the body to majordomo@kvack.org. For more info on Linux MM, > see: http://www.linux-mm.org/ . > Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN 2013-04-12 8:11 ` Daisuke Nishimura @ 2013-04-12 10:38 ` Sha Zhengju 2013-04-15 20:58 ` Andrew Morton 1 sibling, 0 replies; 8+ messages in thread From: Sha Zhengju @ 2013-04-12 10:38 UTC (permalink / raw) To: Daisuke Nishimura Cc: Cgroups, linux-mm@kvack.org, Andrew Morton, jeff.liu, Sha Zhengju Hi, On Fri, Apr 12, 2013 at 4:11 PM, Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote: > Hi, > > On Fri, 12 Apr 2013 14:39:23 +0800 > Sha Zhengju <handai.szj@gmail.com> wrote: > >> From: Sha Zhengju <handai.szj@taobao.com> >> >> While writing memory.limit_in_bytes, a confusing result may happen: >> >> $ mkdir /memcg/test >> $ cat /memcg/test/memory.limit_in_bytes >> 9223372036854775807 >> $ cat /memcg/test/memory.memsw.limit_in_bytes >> 9223372036854775807 >> $ echo 18446744073709551614 > /memcg/test/memory.limit_in_bytes >> $ cat /memcg/test/memory.limit_in_bytes >> 0 >> >> Strangely, the write successed and reset the limit to 0. >> The patch corrects RESOURCE_MAX and fixes this kind of overflow. >> >> >> Signed-off-by: Sha Zhengju <handai.szj@taobao.com> >> Reported-by: Li Wenpeng < xingke.lwp@taobao.com> >> Cc: Jie Liu <jeff.liu@oracle.com> >> --- >> include/linux/res_counter.h | 2 +- >> kernel/res_counter.c | 8 +++++++- >> 2 files changed, 8 insertions(+), 2 deletions(-) >> >> diff --git a/include/linux/res_counter.h b/include/linux/res_counter.h >> index c230994..c2f01fc 100644 >> --- a/include/linux/res_counter.h >> +++ b/include/linux/res_counter.h >> @@ -54,7 +54,7 @@ struct res_counter { >> struct res_counter *parent; >> }; >> >> -#define RESOURCE_MAX (unsigned long long)LLONG_MAX >> +#define RESOURCE_MAX (unsigned long long)ULLONG_MAX >> > > I don't think it's a good idea to change a user-visible value. I'm not sure why we set the max of ull to LLONG_MAX or there are other considerations, but we indeed can write a larger limit into it. > >> /** >> * Helpers to interact with userspace >> diff --git a/kernel/res_counter.c b/kernel/res_counter.c >> index ff55247..6c35310 100644 >> --- a/kernel/res_counter.c >> +++ b/kernel/res_counter.c >> @@ -195,6 +195,12 @@ int res_counter_memparse_write_strategy(const char *buf, >> if (*end != '\0') >> return -EINVAL; >> >> - *res = PAGE_ALIGN(*res); >> + /* Since PAGE_ALIGN is aligning up(the next page boundary), >> + * check the left space to avoid overflow to 0. */ >> + if (RESOURCE_MAX - *res < PAGE_SIZE - 1) >> + *res = RESOURCE_MAX; >> + else >> + *res = PAGE_ALIGN(*res); >> + > > Current interface seems strange because we can set a bigger value than > the value which means "unlimited". > So, how about some thing like: > > if (*res > RESOURCE_MAX) > return -EINVAL; > if (*res > PAGE_ALIGN(RESOURCE_MAX) - PAGE_SIZE) > *res = RESOURCE_MAX; > else > *res = PAGE_ALIGN(*res); > Actually, once a memcg is created even if the limits remain unchanged, we still account the tasks' memory usages, but since the current RESOURCE_MAX is already large enough(8589934591G...) we can consider it as 'unlimited'. So here if still using the current 'fake' MAX value and a little hacking behavior above, we're just intended for making up for the previous defect(keeping user-visible value unchanged)? Except for those, I'm fine with both of the approaches. :) > > >> return 0; >> } >> -- >> 1.7.9.5 >> >> -- >> To unsubscribe, send a message with 'unsubscribe linux-mm' in >> the body to majordomo@kvack.org. For more info on Linux MM, >> see: http://www.linux-mm.org/ . >> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> -- Thanks, Sha -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN 2013-04-12 8:11 ` Daisuke Nishimura 2013-04-12 10:38 ` Sha Zhengju @ 2013-04-15 20:58 ` Andrew Morton 2013-04-16 1:29 ` Daisuke Nishimura 2013-04-16 7:29 ` Sha Zhengju 1 sibling, 2 replies; 8+ messages in thread From: Andrew Morton @ 2013-04-15 20:58 UTC (permalink / raw) To: Daisuke Nishimura; +Cc: Sha Zhengju, cgroups, linux-mm, jeff.liu, Sha Zhengju On Fri, 12 Apr 2013 17:11:08 +0900 Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote: > > --- a/include/linux/res_counter.h > > +++ b/include/linux/res_counter.h > > @@ -54,7 +54,7 @@ struct res_counter { > > struct res_counter *parent; > > }; > > > > -#define RESOURCE_MAX (unsigned long long)LLONG_MAX > > +#define RESOURCE_MAX (unsigned long long)ULLONG_MAX > > > > I don't think it's a good idea to change a user-visible value. The old value was a mistake, surely. RESOURCE_MAX shouldn't be in this header file - that is far too general a name. I suggest the definition be moved to res_counter.c. And the (unsigned long long) cast is surely unneeded if we're to use ULLONG_MAX. > > /** > > * Helpers to interact with userspace > > diff --git a/kernel/res_counter.c b/kernel/res_counter.c > > index ff55247..6c35310 100644 > > --- a/kernel/res_counter.c > > +++ b/kernel/res_counter.c > > @@ -195,6 +195,12 @@ int res_counter_memparse_write_strategy(const char *buf, > > if (*end != '\0') > > return -EINVAL; > > > > - *res = PAGE_ALIGN(*res); > > + /* Since PAGE_ALIGN is aligning up(the next page boundary), > > + * check the left space to avoid overflow to 0. */ > > + if (RESOURCE_MAX - *res < PAGE_SIZE - 1) > > + *res = RESOURCE_MAX; > > + else > > + *res = PAGE_ALIGN(*res); > > + > > Current interface seems strange because we can set a bigger value than > the value which means "unlimited". I'm not sure what you mean by this? > So, how about some thing like: > > if (*res > RESOURCE_MAX) > return -EINVAL; > if (*res > PAGE_ALIGN(RESOURCE_MAX) - PAGE_SIZE) > *res = RESOURCE_MAX; > else > *res = PAGE_ALIGN(*res); > The first thing I'd do to res_counter_memparse_write_strategy() is to rename its second arg to `resp' then add a local called `res'. Because that function dereferences res far too often. Then, - *res = PAGE_ALIGN(*res); if (PAGE_ALIGN(res) >= res) res = PAGE_ALIGN(res); else res = RESOURCE_MAX; /* PAGE_ALIGN wrapped to zero */ *resp = res; return 0; -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN 2013-04-15 20:58 ` Andrew Morton @ 2013-04-16 1:29 ` Daisuke Nishimura 2013-04-16 7:30 ` Sha Zhengju 2013-04-16 22:30 ` Andrew Morton 2013-04-16 7:29 ` Sha Zhengju 1 sibling, 2 replies; 8+ messages in thread From: Daisuke Nishimura @ 2013-04-16 1:29 UTC (permalink / raw) To: Andrew Morton Cc: glommer, Sha Zhengju, cgroups, linux-mm, jeff.liu, Sha Zhengju On Mon, 15 Apr 2013 13:58:05 -0700 Andrew Morton <akpm@linux-foundation.org> wrote: > On Fri, 12 Apr 2013 17:11:08 +0900 Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote: > > > > --- a/include/linux/res_counter.h > > > +++ b/include/linux/res_counter.h > > > @@ -54,7 +54,7 @@ struct res_counter { > > > struct res_counter *parent; > > > }; > > > > > > -#define RESOURCE_MAX (unsigned long long)LLONG_MAX > > > +#define RESOURCE_MAX (unsigned long long)ULLONG_MAX > > > > > > > I don't think it's a good idea to change a user-visible value. > > The old value was a mistake, surely. > I introduced 'RESOURCE_MAX' in commit:c5b947b2, but I just used the default value of the res_counter.limit. I'm not sure why it had been initialized to (unsigned long long)LLONG_MAX. > RESOURCE_MAX shouldn't be in this header file - that is far too general > a name. I suggest the definition be moved to res_counter.c. And the > (unsigned long long) cast is surely unneeded if we're to use > ULLONG_MAX. > Hmm, RESOUCE_MAX is now used outside of res_counter.c(e.g. tcp_memcontrol.c). Adding Glauber Costa to the cc list. Just changing the name to RES_COUNTER_MAX might be the choice. > > > /** > > > * Helpers to interact with userspace > > > diff --git a/kernel/res_counter.c b/kernel/res_counter.c > > > index ff55247..6c35310 100644 > > > --- a/kernel/res_counter.c > > > +++ b/kernel/res_counter.c > > > @@ -195,6 +195,12 @@ int res_counter_memparse_write_strategy(const char *buf, > > > if (*end != '\0') > > > return -EINVAL; > > > > > > - *res = PAGE_ALIGN(*res); > > > + /* Since PAGE_ALIGN is aligning up(the next page boundary), > > > + * check the left space to avoid overflow to 0. */ > > > + if (RESOURCE_MAX - *res < PAGE_SIZE - 1) > > > + *res = RESOURCE_MAX; > > > + else > > > + *res = PAGE_ALIGN(*res); > > > + > > > > Current interface seems strange because we can set a bigger value than > > the value which means "unlimited". > > I'm not sure what you mean by this? > 9223372036854775807(LLONG_MAX) means "unlimited" now. But we can set a bigger value than that. # cat /cgroup/memory/A/memory.memsw.limit_in_bytes 9223372036854775807 # echo 9223372036854775808 >/cgroup/memory/A/memory.memsw.limit_in_bytes # cat /cgroup/memory/A/memory.memsw.limit_in_bytes 9223372036854775808 I feel "bigger than unlimited" is strange. > > So, how about some thing like: > > > > if (*res > RESOURCE_MAX) > > return -EINVAL; > > if (*res > PAGE_ALIGN(RESOURCE_MAX) - PAGE_SIZE) > > *res = RESOURCE_MAX; > > else > > *res = PAGE_ALIGN(*res); > > > > The first thing I'd do to res_counter_memparse_write_strategy() is to > rename its second arg to `resp' then add a local called `res'. Because > that function dereferences res far too often. > > Then, > > - *res = PAGE_ALIGN(*res); > if (PAGE_ALIGN(res) >= res) > res = PAGE_ALIGN(res); > else > res = RESOURCE_MAX; /* PAGE_ALIGN wrapped to zero */ > > *resp = res; > return 0; > > Good idea :) Thanks, Daisuke Nishimura. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN 2013-04-16 1:29 ` Daisuke Nishimura @ 2013-04-16 7:30 ` Sha Zhengju 2013-04-16 22:30 ` Andrew Morton 1 sibling, 0 replies; 8+ messages in thread From: Sha Zhengju @ 2013-04-16 7:30 UTC (permalink / raw) To: Daisuke Nishimura Cc: Andrew Morton, Glauber Costa, Cgroups, linux-mm@kvack.org, jeff.liu, Sha Zhengju On Tue, Apr 16, 2013 at 9:29 AM, Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote: > On Mon, 15 Apr 2013 13:58:05 -0700 > Andrew Morton <akpm@linux-foundation.org> wrote: > >> On Fri, 12 Apr 2013 17:11:08 +0900 Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote: >> >> > > --- a/include/linux/res_counter.h >> > > +++ b/include/linux/res_counter.h >> > > @@ -54,7 +54,7 @@ struct res_counter { >> > > struct res_counter *parent; >> > > }; >> > > >> > > -#define RESOURCE_MAX (unsigned long long)LLONG_MAX >> > > +#define RESOURCE_MAX (unsigned long long)ULLONG_MAX >> > > >> > >> > I don't think it's a good idea to change a user-visible value. >> >> The old value was a mistake, surely. >> > > I introduced 'RESOURCE_MAX' in commit:c5b947b2, but I just used the > default value of the res_counter.limit. I'm not sure why it had been > initialized to (unsigned long long)LLONG_MAX. Then let's correct it now. > >> RESOURCE_MAX shouldn't be in this header file - that is far too general >> a name. I suggest the definition be moved to res_counter.c. And the >> (unsigned long long) cast is surely unneeded if we're to use >> ULLONG_MAX. >> > > Hmm, RESOUCE_MAX is now used outside of res_counter.c(e.g. tcp_memcontrol.c). Yeah, and another mm/memcontrol.c used it too. > Adding Glauber Costa to the cc list. > Just changing the name to RES_COUNTER_MAX might be the choice. > >> > > /** >> > > * Helpers to interact with userspace >> > > diff --git a/kernel/res_counter.c b/kernel/res_counter.c >> > > index ff55247..6c35310 100644 >> > > --- a/kernel/res_counter.c >> > > +++ b/kernel/res_counter.c >> > > @@ -195,6 +195,12 @@ int res_counter_memparse_write_strategy(const char *buf, >> > > if (*end != '\0') >> > > return -EINVAL; >> > > >> > > - *res = PAGE_ALIGN(*res); >> > > + /* Since PAGE_ALIGN is aligning up(the next page boundary), >> > > + * check the left space to avoid overflow to 0. */ >> > > + if (RESOURCE_MAX - *res < PAGE_SIZE - 1) >> > > + *res = RESOURCE_MAX; >> > > + else >> > > + *res = PAGE_ALIGN(*res); >> > > + >> > >> > Current interface seems strange because we can set a bigger value than >> > the value which means "unlimited". >> >> I'm not sure what you mean by this? >> > 9223372036854775807(LLONG_MAX) means "unlimited" now. But we can set a bigger > value than that. > > # cat /cgroup/memory/A/memory.memsw.limit_in_bytes > 9223372036854775807 > # echo 9223372036854775808 >/cgroup/memory/A/memory.memsw.limit_in_bytes > # cat /cgroup/memory/A/memory.memsw.limit_in_bytes > 9223372036854775808 > > I feel "bigger than unlimited" is strange. > >> > So, how about some thing like: >> > >> > if (*res > RESOURCE_MAX) >> > return -EINVAL; >> > if (*res > PAGE_ALIGN(RESOURCE_MAX) - PAGE_SIZE) >> > *res = RESOURCE_MAX; >> > else >> > *res = PAGE_ALIGN(*res); >> > >> >> The first thing I'd do to res_counter_memparse_write_strategy() is to >> rename its second arg to `resp' then add a local called `res'. Because >> that function dereferences res far too often. >> >> Then, >> >> - *res = PAGE_ALIGN(*res); >> if (PAGE_ALIGN(res) >= res) >> res = PAGE_ALIGN(res); >> else >> res = RESOURCE_MAX; /* PAGE_ALIGN wrapped to zero */ >> >> *resp = res; >> return 0; >> >> > Good idea :) > > > Thanks, > Daisuke Nishimura. -- Thanks, Sha -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN 2013-04-16 1:29 ` Daisuke Nishimura 2013-04-16 7:30 ` Sha Zhengju @ 2013-04-16 22:30 ` Andrew Morton 1 sibling, 0 replies; 8+ messages in thread From: Andrew Morton @ 2013-04-16 22:30 UTC (permalink / raw) To: Daisuke Nishimura Cc: glommer, Sha Zhengju, cgroups, linux-mm, jeff.liu, Sha Zhengju On Tue, 16 Apr 2013 10:29:38 +0900 Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote: > On Mon, 15 Apr 2013 13:58:05 -0700 > Andrew Morton <akpm@linux-foundation.org> wrote: > > > On Fri, 12 Apr 2013 17:11:08 +0900 Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote: > > > > > > --- a/include/linux/res_counter.h > > > > +++ b/include/linux/res_counter.h > > > > @@ -54,7 +54,7 @@ struct res_counter { > > > > struct res_counter *parent; > > > > }; > > > > > > > > -#define RESOURCE_MAX (unsigned long long)LLONG_MAX > > > > +#define RESOURCE_MAX (unsigned long long)ULLONG_MAX > > > > > > > > > > I don't think it's a good idea to change a user-visible value. > > > > The old value was a mistake, surely. > > > > I introduced 'RESOURCE_MAX' in commit:c5b947b2, but I just used the > default value of the res_counter.limit. I'm not sure why it had been > initialized to (unsigned long long)LLONG_MAX. > > > RESOURCE_MAX shouldn't be in this header file - that is far too general > > a name. I suggest the definition be moved to res_counter.c. And the > > (unsigned long long) cast is surely unneeded if we're to use > > ULLONG_MAX. > > > > Hmm, RESOUCE_MAX is now used outside of res_counter.c(e.g. tcp_memcontrol.c). > Adding Glauber Costa to the cc list. > Just changing the name to RES_COUNTER_MAX might be the choice. That sounds a lot better. > > > > /** > > > > * Helpers to interact with userspace > > > > diff --git a/kernel/res_counter.c b/kernel/res_counter.c > > > > index ff55247..6c35310 100644 > > > > --- a/kernel/res_counter.c > > > > +++ b/kernel/res_counter.c > > > > @@ -195,6 +195,12 @@ int res_counter_memparse_write_strategy(const char *buf, > > > > if (*end != '\0') > > > > return -EINVAL; > > > > > > > > - *res = PAGE_ALIGN(*res); > > > > + /* Since PAGE_ALIGN is aligning up(the next page boundary), > > > > + * check the left space to avoid overflow to 0. */ > > > > + if (RESOURCE_MAX - *res < PAGE_SIZE - 1) > > > > + *res = RESOURCE_MAX; > > > > + else > > > > + *res = PAGE_ALIGN(*res); > > > > + > > > > > > Current interface seems strange because we can set a bigger value than > > > the value which means "unlimited". > > > > I'm not sure what you mean by this? > > > 9223372036854775807(LLONG_MAX) means "unlimited" now. But we can set a bigger > value than that. Ah, hm, OK, that's pretty random. I suggest we switch it to ~0ULL, which is apparently what was intended. I don't think that will alter the API in terms of input - we still do "echo -1 > ...". > # cat /cgroup/memory/A/memory.memsw.limit_in_bytes > 9223372036854775807 > # echo 9223372036854775808 >/cgroup/memory/A/memory.memsw.limit_in_bytes > # cat /cgroup/memory/A/memory.memsw.limit_in_bytes > 9223372036854775808 But it affects the user *output*. > I feel "bigger than unlimited" is strange. Yes. Let's just straighten it all out - I doubt if the small compatibility changes will hurt anyone. But please do spell out the interface changes in full detail in the changelog so we can make the correct decision here. I suspect we're looking at two patches here: one to fix/change the control interface, one to clean up random/misc things we noticed on the way. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN 2013-04-15 20:58 ` Andrew Morton 2013-04-16 1:29 ` Daisuke Nishimura @ 2013-04-16 7:29 ` Sha Zhengju 1 sibling, 0 replies; 8+ messages in thread From: Sha Zhengju @ 2013-04-16 7:29 UTC (permalink / raw) To: Andrew Morton Cc: Daisuke Nishimura, Cgroups, linux-mm@kvack.org, jeff.liu, Sha Zhengju On Tue, Apr 16, 2013 at 4:58 AM, Andrew Morton <akpm@linux-foundation.org> wrote: > On Fri, 12 Apr 2013 17:11:08 +0900 Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> wrote: > >> > --- a/include/linux/res_counter.h >> > +++ b/include/linux/res_counter.h >> > @@ -54,7 +54,7 @@ struct res_counter { >> > struct res_counter *parent; >> > }; >> > >> > -#define RESOURCE_MAX (unsigned long long)LLONG_MAX >> > +#define RESOURCE_MAX (unsigned long long)ULLONG_MAX >> > >> >> I don't think it's a good idea to change a user-visible value. > > The old value was a mistake, surely. > > RESOURCE_MAX shouldn't be in this header file - that is far too general > a name. I suggest the definition be moved to res_counter.c. And the > (unsigned long long) cast is surely unneeded if we're to use > ULLONG_MAX. > >> > /** >> > * Helpers to interact with userspace >> > diff --git a/kernel/res_counter.c b/kernel/res_counter.c >> > index ff55247..6c35310 100644 >> > --- a/kernel/res_counter.c >> > +++ b/kernel/res_counter.c >> > @@ -195,6 +195,12 @@ int res_counter_memparse_write_strategy(const char *buf, >> > if (*end != '\0') >> > return -EINVAL; >> > >> > - *res = PAGE_ALIGN(*res); >> > + /* Since PAGE_ALIGN is aligning up(the next page boundary), >> > + * check the left space to avoid overflow to 0. */ >> > + if (RESOURCE_MAX - *res < PAGE_SIZE - 1) >> > + *res = RESOURCE_MAX; >> > + else >> > + *res = PAGE_ALIGN(*res); >> > + >> >> Current interface seems strange because we can set a bigger value than >> the value which means "unlimited". > > I'm not sure what you mean by this? > >> So, how about some thing like: >> >> if (*res > RESOURCE_MAX) >> return -EINVAL; >> if (*res > PAGE_ALIGN(RESOURCE_MAX) - PAGE_SIZE) >> *res = RESOURCE_MAX; >> else >> *res = PAGE_ALIGN(*res); >> > > The first thing I'd do to res_counter_memparse_write_strategy() is to > rename its second arg to `resp' then add a local called `res'. Because > that function dereferences res far too often. > > Then, > > - *res = PAGE_ALIGN(*res); > if (PAGE_ALIGN(res) >= res) > res = PAGE_ALIGN(res); > else > res = RESOURCE_MAX; /* PAGE_ALIGN wrapped to zero */ > > *resp = res; > return 0; > Okay, this one is better. Thanks, Sha -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2013-04-16 22:30 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-04-12 6:39 [PATCH] memcg: Check more strictly to avoid ULLONG overflow by PAGE_ALIGN Sha Zhengju 2013-04-12 8:11 ` Daisuke Nishimura 2013-04-12 10:38 ` Sha Zhengju 2013-04-15 20:58 ` Andrew Morton 2013-04-16 1:29 ` Daisuke Nishimura 2013-04-16 7:30 ` Sha Zhengju 2013-04-16 22:30 ` Andrew Morton 2013-04-16 7:29 ` Sha Zhengju
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).