From: Paul Gortmaker <paul.gortmaker@windriver.com>
To: <stable@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Cc: Stanislaw Gruszka <sgruszka@redhat.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Thomas Gleixner <tglx@linutronix.de>,
Paul Gortmaker <paul.gortmaker@windriver.com>
Subject: [v2.6.34-stable 69/77] sched: fix divide by zero at {thread_group,task}_times
Date: Tue, 8 Jan 2013 18:35:48 -0500 [thread overview]
Message-ID: <1357688156-25387-70-git-send-email-paul.gortmaker@windriver.com> (raw)
In-Reply-To: <1357688156-25387-1-git-send-email-paul.gortmaker@windriver.com>
From: Stanislaw Gruszka <sgruszka@redhat.com>
-------------------
This is a commit scheduled for the next v2.6.34 longterm release.
http://git.kernel.org/?p=linux/kernel/git/paulg/longterm-queue-2.6.34.git
If you see a problem with using this for longterm, please comment.
-------------------
commit bea6832cc8c4a0a9a65dd17da6aaa657fe27bc3e upstream.
On architectures where cputime_t is 64 bit type, is possible to trigger
divide by zero on do_div(temp, (__force u32) total) line, if total is a
non zero number but has lower 32 bit's zeroed. Removing casting is not
a good solution since some do_div() implementations do cast to u32
internally.
This problem can be triggered in practice on very long lived processes:
PID: 2331 TASK: ffff880472814b00 CPU: 2 COMMAND: "oraagent.bin"
#0 [ffff880472a51b70] machine_kexec at ffffffff8103214b
#1 [ffff880472a51bd0] crash_kexec at ffffffff810b91c2
#2 [ffff880472a51ca0] oops_end at ffffffff814f0b00
#3 [ffff880472a51cd0] die at ffffffff8100f26b
#4 [ffff880472a51d00] do_trap at ffffffff814f03f4
#5 [ffff880472a51d60] do_divide_error at ffffffff8100cfff
#6 [ffff880472a51e00] divide_error at ffffffff8100be7b
[exception RIP: thread_group_times+0x56]
RIP: ffffffff81056a16 RSP: ffff880472a51eb8 RFLAGS: 00010046
RAX: bc3572c9fe12d194 RBX: ffff880874150800 RCX: 0000000110266fad
RDX: 0000000000000000 RSI: ffff880472a51eb8 RDI: 001038ae7d9633dc
RBP: ffff880472a51ef8 R8: 00000000b10a3a64 R9: ffff880874150800
R10: 00007fcba27ab680 R11: 0000000000000202 R12: ffff880472a51f08
R13: ffff880472a51f10 R14: 0000000000000000 R15: 0000000000000007
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffff880472a51f00] do_sys_times at ffffffff8108845d
#8 [ffff880472a51f40] sys_times at ffffffff81088524
#9 [ffff880472a51f80] system_call_fastpath at ffffffff8100b0f2
RIP: 0000003808caac3a RSP: 00007fcba27ab6d8 RFLAGS: 00000202
RAX: 0000000000000064 RBX: ffffffff8100b0f2 RCX: 0000000000000000
RDX: 00007fcba27ab6e0 RSI: 000000000076d58e RDI: 00007fcba27ab6e0
RBP: 00007fcba27ab700 R8: 0000000000000020 R9: 000000000000091b
R10: 00007fcba27ab680 R11: 0000000000000202 R12: 00007fff9ca41940
R13: 0000000000000000 R14: 00007fcba27ac9c0 R15: 00007fff9ca41940
ORIG_RAX: 0000000000000064 CS: 0033 SS: 002b
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Link: http://lkml.kernel.org/r/20120808092714.GA3580@redhat.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[PG: sched/core.c is just sched.c in 2.6.34; also the do_div() on
__force u32 isn't explicitly seen since that is in v3.3-rc1~191^2~11]
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
kernel/sched.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/kernel/sched.c b/kernel/sched.c
index 245458e..e24d139 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -3410,6 +3410,20 @@ void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t *st)
# define nsecs_to_cputime(__nsecs) nsecs_to_jiffies(__nsecs)
#endif
+static cputime_t scale_utime(cputime_t utime, cputime_t rtime, cputime_t total)
+{
+ u64 temp = (__force u64) rtime;
+
+ temp *= (__force u64) utime;
+
+ if (sizeof(cputime_t) == 4)
+ temp = div_u64(temp, (__force u32) total);
+ else
+ temp = div64_u64(temp, (__force u64) total);
+
+ return (__force cputime_t) temp;
+}
+
void task_times(struct task_struct *p, cputime_t *ut, cputime_t *st)
{
cputime_t rtime, utime = p->utime, total = cputime_add(utime, p->stime);
@@ -3419,13 +3433,9 @@ void task_times(struct task_struct *p, cputime_t *ut, cputime_t *st)
*/
rtime = nsecs_to_cputime(p->se.sum_exec_runtime);
- if (total) {
- u64 temp = rtime;
-
- temp *= utime;
- do_div(temp, total);
- utime = (cputime_t)temp;
- } else
+ if (total)
+ utime = scale_utime(utime, rtime, total);
+ else
utime = rtime;
/*
@@ -3452,13 +3462,9 @@ void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t *st)
total = cputime_add(cputime.utime, cputime.stime);
rtime = nsecs_to_cputime(cputime.sum_exec_runtime);
- if (total) {
- u64 temp = rtime;
-
- temp *= cputime.utime;
- do_div(temp, total);
- utime = (cputime_t)temp;
- } else
+ if (total)
+ utime = scale_utime(cputime.utime, rtime, total);
+ else
utime = rtime;
sig->prev_utime = max(sig->prev_utime, utime);
--
1.7.12.1
next prev parent reply other threads:[~2013-01-08 23:35 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-08 23:34 [v2.6.34-stable 00/77] v2.6.34.14 longterm review Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 01/77] net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 02/77] time: Improve sanity checking of timekeeping inputs Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 03/77] time: Avoid making adjustments if we haven't accumulated anything Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 04/77] time: Move ktime_t overflow checking into timespec_valid_strict Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 05/77] ALSA: hda_intel: ALSA HD Audio patch for Intel Patsburg DeviceIDs Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 06/77] ALSA: hda: add Vortex86MX PCI ids Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 07/77] ALSA: hda - Add support for VMware controller Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 08/77] ALSA: hda - Reduce pci id list for Intel with class id Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 09/77] ALSA: hda - ALSA HD Audio patch for Intel Panther Point DeviceIDs Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 10/77] ALSA: hda: Use position_fix=1 for Acer Aspire 5538 to enable capture on internal mic Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 11/77] cifs: fix cifs stable patch cifs-fix-oplock-break-handling-try-2.patch Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 12/77] gro: reset vlan_tci on reuse Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 13/77] md: Fix handling for devices from 2TB to 4TB in 0.90 metadata Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 14/77] md: Don't truncate size at 4TB for RAID0 and Linear Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 15/77] genalloc: stop crashing the system when destroying a pool Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 16/77] inotify: stop kernel memory leak on file creation failure Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 17/77] xfs: validate acl count Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 18/77] xfs: fix acl count validation in xfs_acl_from_disk() Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 19/77] x86, ioapic: initialize nr_ioapic_registers early in mp_register_ioapic() Paul Gortmaker
2013-01-08 23:34 ` [v2.6.34-stable 20/77] i2c-algo-bit: Generate correct i2c address sequence for 10-bit target Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 21/77] eCryptfs: Extend array bounds for all filename chars Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 22/77] PCI hotplug: shpchp: don't blindly claim non-AMD 0x7450 device IDs Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 23/77] ARM: 7161/1: errata: no automatic store buffer drain Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 24/77] ALSA: lx6464es - fix device communication via command bus Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 25/77] SUNRPC: Ensure we return EAGAIN in xs_nospace if congestion is cleared Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 26/77] timekeeping: add arch_offset hook to ktime_get functions Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 27/77] p54spi: Add missing spin_lock_init Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 28/77] p54spi: Fix workqueue deadlock Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 29/77] nl80211: fix MAC address validation Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 30/77] staging: usbip: bugfix for deadlock Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 31/77] staging: comedi: fix oops for USB DAQ devices Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 32/77] Staging: comedi: fix signal handling in read and write Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 33/77] USB: whci-hcd: fix endian conversion in qset_clear() Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 34/77] usb: ftdi_sio: add PID for Propox ISPcable III Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 35/77] usb: option: add SIMCom SIM5218 Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 36/77] USB: usb-storage: unusual_devs entry for Kingston DT 101 G2 Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 37/77] Silencing 'killing requests for dead queue' Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 38/77] sched, x86: Avoid unnecessary overflow in sched_clock Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 39/77] x86/mpparse: Account for bus types other than ISA and PCI Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 40/77] oprofile, x86: Fix crash when unloading module (nmi timer mode) Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 41/77] genirq: Fix race condition when stopping the irq thread Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 42/77] tick-broadcast: Stop active broadcast device when replacing it Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 43/77] ALSA: sis7019 - give slow codecs more time to reset Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 44/77] ALSA: hda/realtek - Fix Oops in alc_mux_select() Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 45/77] ARM: davinci: dm646x evm: wrong register used in setup_vpif_input_channel_mode Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 46/77] oprofile: Free potentially owned tasks in case of errors Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 47/77] oprofile: Fix locking dependency in sync_start() Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 48/77] percpu: fix first chunk match in per_cpu_ptr_to_phys() Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 49/77] percpu: fix chunk range calculation Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 50/77] xfrm: Fix key lengths for rfc3686(ctr(aes)) Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 51/77] linux/log2.h: Fix rounddown_pow_of_two(1) Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 52/77] jbd/jbd2: validate sb->s_first in journal_get_superblock() Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 53/77] Make TASKSTATS require root access Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 54/77] hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 55/77] export __get_user_pages_fast() function Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 56/77] oprofile, x86: Fix nmi-unsafe callgraph support Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 57/77] ext4: avoid hangs in ext4_da_should_update_i_disksize() Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 58/77] USB: cdc-acm: add IDs for Motorola H24 HSPA USB module Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 59/77] udf: Fortify loading of sparing table Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 60/77] udf: Avoid run away loop when partition table length is corrupted Paul Gortmaker
2013-01-10 14:43 ` Ben Hutchings
2013-01-10 17:03 ` Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 61/77] sctp: malloc enough room for asconf-ack chunk Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 62/77] sctp: Fix list corruption resulting from freeing an association on a list Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 63/77] sctp: ABORT if receive, reassmbly, or reodering queue is not empty while closing socket Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 64/77] sctp: Enforce retransmission limit during shutdown Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 65/77] SCTP: fix race between sctp_bind_addr_free() and sctp_bind_addr_conflict() Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 66/77] KVM: x86: Prevent starting PIT timers in the absence of irqchip support Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 67/77] perf_events: Fix races in group composition Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 68/77] perf: Fix tear-down of inherited group events Paul Gortmaker
2013-01-08 23:35 ` Paul Gortmaker [this message]
2013-01-08 23:35 ` [v2.6.34-stable 70/77] mutex: Place lock in contended state after fastpath_lock failure Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 71/77] crypto: ghash - Avoid null pointer dereference if no key is set Paul Gortmaker
2013-01-09 2:56 ` Nick Bowler
2013-01-09 14:56 ` Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 72/77] net: Fix ip link add netns oops Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 73/77] sched/rt: Fix task stack corruption under __ARCH_WANT_INTERRUPTS_ON_CTXSW Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 74/77] rwsem: Remove redundant asmregparm annotation Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 75/77] um: Use RWSEM_GENERIC_SPINLOCK on x86 Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 76/77] x86: Get rid of asmregparm Paul Gortmaker
2013-01-08 23:35 ` [v2.6.34-stable 77/77] x86: Don't use the EFI reboot method by default Paul Gortmaker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1357688156-25387-70-git-send-email-paul.gortmaker@windriver.com \
--to=paul.gortmaker@windriver.com \
--cc=a.p.zijlstra@chello.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=sgruszka@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).