* [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems [not found] <CGME20210906122653epcas5p19c46576f0be4d4a101f851a751addde8@epcas5p1.samsung.com> @ 2021-09-06 12:25 ` Ravi Singh 2021-09-08 11:32 ` Johannes Weiner 2021-09-10 15:33 ` Peter Zijlstra 0 siblings, 2 replies; 6+ messages in thread From: Ravi Singh @ 2021-09-06 12:25 UTC (permalink / raw) To: hannes, mingo, peterz, linux-kernel Cc: a.sahrawat, v.narang, vishal.goel, Ravi Singh psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case where window_us is larger than 4294967, the result of an multiplication overflows an unsigned int/long(4 bytes on 32 bit system). For example, this can happen when the window_us is 5000000 so 5000000 * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in t->win.size instead of 5000000000. Now psi will be monitoring the window size of 705 msecs instead of 5 secs as expected by user. Fix this by type casting the first term of the mutiply to a u64. Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type long which is 8 bytes on 64 bit systems. Signed-off-by: Ravi Singh <ravi.singh1@samsung.com> Signed-off-by: Vishal Goel <vishal.goel@samsung.com> --- kernel/sched/psi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index 1652f2bb5..a2cc33dc2 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group, t->group = group; t->state = state; t->threshold = threshold_us * NSEC_PER_USEC; - t->win.size = window_us * NSEC_PER_USEC; + t->win.size = (u64)window_us * NSEC_PER_USEC; window_reset(&t->win, 0, 0, 0); t->event = 0; -- 2.17.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems 2021-09-06 12:25 ` [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems Ravi Singh @ 2021-09-08 11:32 ` Johannes Weiner 2021-09-10 15:33 ` Peter Zijlstra 1 sibling, 0 replies; 6+ messages in thread From: Johannes Weiner @ 2021-09-08 11:32 UTC (permalink / raw) To: Ravi Singh Cc: mingo, peterz, linux-kernel, a.sahrawat, v.narang, vishal.goel, Suren Baghdasaryan CC Suren On Mon, Sep 06, 2021 at 05:55:24PM +0530, Ravi Singh wrote: > psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case > where window_us is larger than 4294967, the result of an > multiplication overflows an unsigned int/long(4 bytes on 32 bit > system). > > For example, this can happen when the window_us is 5000000 so 5000000 > * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than > UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in > t->win.size instead of 5000000000. Now psi will be monitoring the > window size of 705 msecs instead of 5 secs as expected by user. > > Fix this by type casting the first term of the mutiply to a u64. > > Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type > long which is 8 bytes on 64 bit systems. > > Signed-off-by: Ravi Singh <ravi.singh1@samsung.com> > Signed-off-by: Vishal Goel <vishal.goel@samsung.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> > --- > kernel/sched/psi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c > index 1652f2bb5..a2cc33dc2 100644 > --- a/kernel/sched/psi.c > +++ b/kernel/sched/psi.c > @@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group, > t->group = group; > t->state = state; > t->threshold = threshold_us * NSEC_PER_USEC; > - t->win.size = window_us * NSEC_PER_USEC; > + t->win.size = (u64)window_us * NSEC_PER_USEC; > window_reset(&t->win, 0, 0, 0); > > t->event = 0; > -- > 2.17.1 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems 2021-09-06 12:25 ` [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems Ravi Singh 2021-09-08 11:32 ` Johannes Weiner @ 2021-09-10 15:33 ` Peter Zijlstra 1 sibling, 0 replies; 6+ messages in thread From: Peter Zijlstra @ 2021-09-10 15:33 UTC (permalink / raw) To: Ravi Singh; +Cc: hannes, mingo, linux-kernel, a.sahrawat, v.narang, vishal.goel On Mon, Sep 06, 2021 at 05:55:24PM +0530, Ravi Singh wrote: > psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case > where window_us is larger than 4294967, the result of an > multiplication overflows an unsigned int/long(4 bytes on 32 bit > system). > > For example, this can happen when the window_us is 5000000 so 5000000 > * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than > UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in > t->win.size instead of 5000000000. Now psi will be monitoring the > window size of 705 msecs instead of 5 secs as expected by user. > > Fix this by type casting the first term of the mutiply to a u64. > > Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type > long which is 8 bytes on 64 bit systems. > > Signed-off-by: Ravi Singh <ravi.singh1@samsung.com> > Signed-off-by: Vishal Goel <vishal.goel@samsung.com> That's not a valid SoB chain. ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <CGME20210913085226epcas5p2b516f0f591926c927faa9c60d211bf44@epcas5p2.samsung.com>]
* [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems [not found] <CGME20210913085226epcas5p2b516f0f591926c927faa9c60d211bf44@epcas5p2.samsung.com> @ 2021-09-13 8:51 ` Ravi Singh 2021-11-04 16:55 ` Johannes Weiner 0 siblings, 1 reply; 6+ messages in thread From: Ravi Singh @ 2021-09-13 8:51 UTC (permalink / raw) To: hannes, mingo, peterz, linux-kernel Cc: a.sahrawat, v.narang, vishal.goel, Ravi Singh psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case where window_us is larger than 4294967, the result of an multiplication overflows an unsigned int/long(4 bytes on 32 bit system). For example, this can happen when the window_us is 5000000 so 5000000 * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in t->win.size instead of 5000000000. Now psi will be monitoring the window size of 705 msecs instead of 5 secs as expected by user. Fix this by type casting the first term of the mutiply to a u64. Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type long which is 8 bytes on 64 bit systems. Signed-off-by: Ravi Singh <ravi.singh1@samsung.com> --- kernel/sched/psi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index 1652f2bb5..a2cc33dc2 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group, t->group = group; t->state = state; t->threshold = threshold_us * NSEC_PER_USEC; - t->win.size = window_us * NSEC_PER_USEC; + t->win.size = (u64)window_us * NSEC_PER_USEC; window_reset(&t->win, 0, 0, 0); t->event = 0; -- 2.17.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems 2021-09-13 8:51 ` Ravi Singh @ 2021-11-04 16:55 ` Johannes Weiner 2021-11-04 23:11 ` Suren Baghdasaryan 0 siblings, 1 reply; 6+ messages in thread From: Johannes Weiner @ 2021-11-04 16:55 UTC (permalink / raw) To: Ravi Singh Cc: mingo, peterz, linux-kernel, a.sahrawat, v.narang, vishal.goel, Suren Baghdasaryan CC Suren Sorry, this fell through the cracks. On Mon, Sep 13, 2021 at 02:21:35PM +0530, Ravi Singh wrote: > psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case > where window_us is larger than 4294967, the result of an > multiplication overflows an unsigned int/long(4 bytes on 32 bit > system). > > For example, this can happen when the window_us is 5000000 so 5000000 > * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than > UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in > t->win.size instead of 5000000000. Now psi will be monitoring the > window size of 705 msecs instead of 5 secs as expected by user. > > Fix this by type casting the first term of the mutiply to a u64. > > Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type > long which is 8 bytes on 64 bit systems. > > Signed-off-by: Ravi Singh <ravi.singh1@samsung.com> Fixes: 0e94682b73bf psi: introduce psi monitor Acked-by: Johannes Weiner <hannes@cmpxchg.org> Peter would you mind taking this through -tip? > --- > kernel/sched/psi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c > index 1652f2bb5..a2cc33dc2 100644 > --- a/kernel/sched/psi.c > +++ b/kernel/sched/psi.c > @@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group, > t->group = group; > t->state = state; > t->threshold = threshold_us * NSEC_PER_USEC; > - t->win.size = window_us * NSEC_PER_USEC; > + t->win.size = (u64)window_us * NSEC_PER_USEC; > window_reset(&t->win, 0, 0, 0); > > t->event = 0; > -- > 2.17.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems 2021-11-04 16:55 ` Johannes Weiner @ 2021-11-04 23:11 ` Suren Baghdasaryan 0 siblings, 0 replies; 6+ messages in thread From: Suren Baghdasaryan @ 2021-11-04 23:11 UTC (permalink / raw) To: Johannes Weiner Cc: Ravi Singh, mingo, peterz, linux-kernel, a.sahrawat, v.narang, vishal.goel On Thu, Nov 4, 2021 at 9:55 AM Johannes Weiner <hannes@cmpxchg.org> wrote: > > CC Suren Thanks! > > Sorry, this fell through the cracks. > > On Mon, Sep 13, 2021 at 02:21:35PM +0530, Ravi Singh wrote: > > psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case > > where window_us is larger than 4294967, the result of an > > multiplication overflows an unsigned int/long(4 bytes on 32 bit > > system). > > > > For example, this can happen when the window_us is 5000000 so 5000000 > > * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than > > UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in > > t->win.size instead of 5000000000. Now psi will be monitoring the > > window size of 705 msecs instead of 5 secs as expected by user. > > > > Fix this by type casting the first term of the mutiply to a u64. Looks reasonable to me. > > > > Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type > > long which is 8 bytes on 64 bit systems. > > > > Signed-off-by: Ravi Singh <ravi.singh1@samsung.com> > > Fixes: 0e94682b73bf psi: introduce psi monitor > Acked-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> > > Peter would you mind taking this through -tip? > > > --- > > kernel/sched/psi.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c > > index 1652f2bb5..a2cc33dc2 100644 > > --- a/kernel/sched/psi.c > > +++ b/kernel/sched/psi.c > > @@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group, > > t->group = group; > > t->state = state; > > t->threshold = threshold_us * NSEC_PER_USEC; > > - t->win.size = window_us * NSEC_PER_USEC; > > + t->win.size = (u64)window_us * NSEC_PER_USEC; > > window_reset(&t->win, 0, 0, 0); > > > > t->event = 0; > > -- > > 2.17.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-11-04 23:11 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CGME20210906122653epcas5p19c46576f0be4d4a101f851a751addde8@epcas5p1.samsung.com>
2021-09-06 12:25 ` [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems Ravi Singh
2021-09-08 11:32 ` Johannes Weiner
2021-09-10 15:33 ` Peter Zijlstra
[not found] <CGME20210913085226epcas5p2b516f0f591926c927faa9c60d211bf44@epcas5p2.samsung.com>
2021-09-13 8:51 ` Ravi Singh
2021-11-04 16:55 ` Johannes Weiner
2021-11-04 23:11 ` Suren Baghdasaryan
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox