From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Wen Yang <wenyang@linux.alibaba.com>,
Andrew Morton <akpm@linux-foundation.org>, Qian Cai <cai@lca.pw>,
Tejun Heo <tj@kernel.org>, Jens Axboe <axboe@kernel.dk>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.14 28/65] mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
Date: Wed, 22 Jan 2020 10:29:13 +0100 [thread overview]
Message-ID: <20200122092754.784874453@linuxfoundation.org> (raw)
In-Reply-To: <20200122092750.976732974@linuxfoundation.org>
From: Wen Yang <wenyang@linux.alibaba.com>
commit 6d9e8c651dd979aa666bee15f086745f3ea9c4b3 upstream.
Patch series "use div64_ul() instead of div_u64() if the divisor is
unsigned long".
We were first inspired by commit b0ab99e7736a ("sched: Fix possible divide
by zero in avg_atom () calculation"), then refer to the recently analyzed
mm code, we found this suspicious place.
201 if (min) {
202 min *= this_bw;
203 do_div(min, tot_bw);
204 }
And we also disassembled and confirmed it:
/usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 201
0xffffffff811c37da <__wb_calc_thresh+234>: xor %r10d,%r10d
0xffffffff811c37dd <__wb_calc_thresh+237>: test %rax,%rax
0xffffffff811c37e0 <__wb_calc_thresh+240>: je 0xffffffff811c3800 <__wb_calc_thresh+272>
/usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 202
0xffffffff811c37e2 <__wb_calc_thresh+242>: imul %r8,%rax
/usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 203
0xffffffff811c37e6 <__wb_calc_thresh+246>: mov %r9d,%r10d ---> truncates it to 32 bits here
0xffffffff811c37e9 <__wb_calc_thresh+249>: xor %edx,%edx
0xffffffff811c37eb <__wb_calc_thresh+251>: div %r10
0xffffffff811c37ee <__wb_calc_thresh+254>: imul %rbx,%rax
0xffffffff811c37f2 <__wb_calc_thresh+258>: shr $0x2,%rax
0xffffffff811c37f6 <__wb_calc_thresh+262>: mul %rcx
0xffffffff811c37f9 <__wb_calc_thresh+265>: shr $0x2,%rdx
0xffffffff811c37fd <__wb_calc_thresh+269>: mov %rdx,%r10
This series uses div64_ul() instead of div_u64() if the divisor is
unsigned long, to avoid truncation to 32-bit on 64-bit platforms.
This patch (of 3):
The variables 'min' and 'max' are unsigned long and do_div truncates
them to 32 bits, which means it can test non-zero and be truncated to
zero for division. Fix this issue by using div64_ul() instead.
Link: http://lkml.kernel.org/r/20200102081442.8273-2-wenyang@linux.alibaba.com
Fixes: 693108a8a667 ("writeback: make bdi->min/max_ratio handling cgroup writeback aware")
Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Qian Cai <cai@lca.pw>
Cc: Tejun Heo <tj@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page-writeback.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -201,11 +201,11 @@ static void wb_min_max_ratio(struct bdi_
if (this_bw < tot_bw) {
if (min) {
min *= this_bw;
- do_div(min, tot_bw);
+ min = div64_ul(min, tot_bw);
}
if (max < 100) {
max *= this_bw;
- do_div(max, tot_bw);
+ max = div64_ul(max, tot_bw);
}
}
next prev parent reply other threads:[~2020-01-22 9:49 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-22 9:28 [PATCH 4.14 00/65] 4.14.167-stable review Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 01/65] dt-bindings: reset: meson8b: fix duplicate reset IDs Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 02/65] clk: Dont try to enable critical clocks if prepare failed Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 03/65] ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 04/65] ALSA: seq: Fix racy access for queue timer in proc read Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 05/65] Fix built-in early-load Intel microcode alignment Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 06/65] block: fix an integer overflow in logical block size Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 07/65] ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 08/65] iio: buffer: align the size of scan bytes to size of the largest element Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 09/65] USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 10/65] USB: serial: option: Add support for Quectel RM500Q Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 11/65] USB: serial: opticon: fix control-message timeouts Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 12/65] USB: serial: option: add support for Quectel RM500Q in QDL mode Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 13/65] USB: serial: suppress driver bind attributes Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.14 14/65] USB: serial: ch341: handle unbound port at reset_resume Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 15/65] USB: serial: io_edgeport: add missing active-port sanity check Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 16/65] USB: serial: keyspan: handle unbound ports Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 17/65] USB: serial: quatech2: " Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 18/65] scsi: fnic: fix invalid stack access Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 19/65] scsi: mptfusion: Fix double fetch bug in ioctl Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 20/65] ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() Greg Kroah-Hartman
2020-01-23 23:01 ` Guenter Roeck
2020-01-24 7:38 ` Greg Kroah-Hartman
2020-04-20 14:15 ` Ben Hutchings
2020-01-22 9:29 ` [PATCH 4.14 21/65] usb: core: hub: Improved device recognition on remote wakeup Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 22/65] x86/resctrl: Fix an imbalance in domain_remove_cpu() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 23/65] x86/efistub: Disable paging at mixed mode entry Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 24/65] perf hists: Fix variable names inconsistency in hists__for_each() macro Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 25/65] perf report: Fix incorrectly added dimensions as switch perf data file Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 26/65] mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 27/65] btrfs: fix memory leak in qgroup accounting Greg Kroah-Hartman
2020-01-22 9:29 ` Greg Kroah-Hartman [this message]
2020-01-22 9:29 ` [PATCH 4.14 29/65] net: stmmac: 16KB buffer must be 16 byte aligned Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 30/65] net: stmmac: Enable 16KB buffer size Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 31/65] USB: serial: io_edgeport: use irqsave() in USBs complete callback Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 32/65] USB: serial: io_edgeport: handle unbound ports on URB completion Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 33/65] mm/huge_memory.c: make __thp_get_unmapped_area static Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 34/65] mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 35/65] arm64: dts: agilex/stratix10: fix pmu interrupt numbers Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 36/65] cfg80211: fix page refcount issue in A-MSDU decap Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 37/65] netfilter: fix a use-after-free in mtype_destroy() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 38/65] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 39/65] NFC: pn533: fix bulk-message timeout Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 40/65] batman-adv: Fix DAT candidate selection on little endian systems Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 41/65] macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 42/65] hv_netvsc: Fix memory leak when removing rndis device Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 43/65] net: dsa: tag_qca: fix doubled Tx statistics Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 44/65] net: hns: fix soft lockup when there is not enough memory Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 45/65] net: usb: lan78xx: limit size of local TSO packets Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 46/65] net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 47/65] ptp: free ptp device pin descriptors properly Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 48/65] r8152: add missing endpoint sanity check Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 49/65] tcp: fix marked lost packets not being retransmitted Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 50/65] xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 51/65] cw1200: Fix a signedness bug in cw1200_load_firmware() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 52/65] arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 53/65] cfg80211: check for set_wiphy_params Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 54/65] tick/sched: Annotate lockless access to last_jiffies_update Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 55/65] Revert "arm64: dts: juno: add dma-ranges property" Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 56/65] reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 57/65] scsi: esas2r: unlock on error in esas2r_nvram_read_direct() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 58/65] scsi: qla4xxx: fix double free bug Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 59/65] scsi: bnx2i: fix potential use after free Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 60/65] scsi: target: core: Fix a pr_debug() argument Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 61/65] scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 62/65] scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 63/65] scsi: core: scsi_trace: Use get_unaligned_be*() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 64/65] perf probe: Fix wrong address verification Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.14 65/65] regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id Greg Kroah-Hartman
2020-01-22 14:39 ` [PATCH 4.14 00/65] 4.14.167-stable review Naresh Kamboju
2020-01-22 14:58 ` Jon Hunter
2020-01-22 19:00 ` Guenter Roeck
2020-01-22 20:53 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200122092754.784874453@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=cai@lca.pw \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wenyang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).