All of lore.kernel.org
 help / color / mirror / Atom feed
From: Tejun Heo <tj@kernel.org>
To: Yu Kuai <yukuai1@huaweicloud.com>
Cc: josef@toxicpanda.com, axboe@kernel.dk, cgroups@vger.kernel.org,
	linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
	yukuai3@huawei.com, yi.zhang@huawei.com
Subject: Re: [PATCH v3 4/5] blk-iocost: fix divide by 0 error in calc_lcoefs()
Date: Wed, 4 Jan 2023 11:54:04 -1000	[thread overview]
Message-ID: <Y7X1fFO4UP7QnwkC@slm.duckdns.org> (raw)
In-Reply-To: <20221226085859.2701195-5-yukuai1@huaweicloud.com>

On Mon, Dec 26, 2022 at 04:58:58PM +0800, Yu Kuai wrote:
> From: Li Nan <linan122@huawei.com>
> 
> echo max of u64 to cost.model can cause divide by 0 error.
> 
>   # echo 8:0 rbps=18446744073709551615 > /sys/fs/cgroup/io.cost.model
> 
>   divide error: 0000 [#1] PREEMPT SMP
>   RIP: 0010:calc_lcoefs+0x4c/0xc0
>   Call Trace:
>    <TASK>
>    ioc_refresh_params+0x2b3/0x4f0
>    ioc_cost_model_write+0x3cb/0x4c0
>    ? _copy_from_iter+0x6d/0x6c0
>    ? kernfs_fop_write_iter+0xfc/0x270
>    cgroup_file_write+0xa0/0x200
>    kernfs_fop_write_iter+0x17d/0x270
>    vfs_write+0x414/0x620
>    ksys_write+0x73/0x160
>    __x64_sys_write+0x1e/0x30
>    do_syscall_64+0x35/0x80
>    entry_SYSCALL_64_after_hwframe+0x63/0xcd
> 
> calc_lcoefs() uses the input value of cost.model in DIV_ROUND_UP_ULL,
> overflow would happen if bps plus IOC_PAGE_SIZE is greater than
> ULLONG_MAX, it can cause divide by 0 error.
> 
> Fix the problem by setting basecost
> 
> Signed-off-by: Li Nan <linan122@huawei.com>
> Signed-off-by: Yu Kuai <yukuai3@huawei.com>
> ---
>  block/blk-iocost.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/block/blk-iocost.c b/block/blk-iocost.c
> index f8726e20da20..c6b39024117b 100644
> --- a/block/blk-iocost.c
> +++ b/block/blk-iocost.c
> @@ -866,9 +866,13 @@ static void calc_lcoefs(u64 bps, u64 seqiops, u64 randiops,
>  
>  	*page = *seqio = *randio = 0;
>  
> -	if (bps)
> -		*page = DIV64_U64_ROUND_UP(VTIME_PER_SEC,
> -					   DIV_ROUND_UP_ULL(bps, IOC_PAGE_SIZE));
> +	if (bps) {
> +		if (bps >= U64_MAX - IOC_PAGE_SIZE)
> +			*page = 1;
> +		else
> +			*page = DIV64_U64_ROUND_UP(VTIME_PER_SEC,
> +					DIV_ROUND_UP_ULL(bps, IOC_PAGE_SIZE));
> +	}

This is a nitpick but wouldn't something like the following be easier to
understand?

        if (bps) {
                u64 bps_pages = DIV_ROUND_UP_ULL(bps, IOC_PAGE_SIZE);

                if (bps_pages)
                        *pages = DIV64_U64_ROUND_UP(VTIME_PER_SEC, bps_pages);
                else
                        *pages = 1;
        }

Out of scope but this seems more like a bug in the DIV macros. The fact that
it returns 0 is an implementation artifact more than anything and a
surprising one at that as it ends up returning 0 for an input that a regular
division would handle just fine and the rounded up result fits well within
the result type.

Thanks.

-- 
tejun

  reply	other threads:[~2023-01-04 21:54 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-26  8:58 [PATCH v3 0/5] blk-iocost: random bugfix Yu Kuai
2022-12-26  8:58 ` [PATCH v3 1/5] blk-iocost: check return value of match_u64() Yu Kuai
2022-12-26  8:58   ` Yu Kuai
2023-01-04 21:48   ` Tejun Heo
2023-01-04 21:48     ` Tejun Heo
2022-12-26  8:58 ` [PATCH v3 2/5] blk-iocost: don't allow to configure bio based device Yu Kuai
2022-12-26  8:58 ` [PATCH v3 3/5] blk-iocost: read params inside lock in sysfs apis Yu Kuai
2022-12-26  8:58   ` Yu Kuai
2022-12-26  8:58 ` [PATCH v3 4/5] blk-iocost: fix divide by 0 error in calc_lcoefs() Yu Kuai
2022-12-26  8:58   ` Yu Kuai
2023-01-04 21:54   ` Tejun Heo [this message]
2023-01-05  1:53     ` Yu Kuai
2023-01-05  1:53       ` Yu Kuai
2022-12-26  8:58 ` [PATCH v3 5/5] blk-iocost: change div64_u64 to DIV64_U64_ROUND_UP in ioc_refresh_params() Yu Kuai
2023-01-04 21:48   ` Tejun Heo
2023-01-04 21:48     ` Tejun Heo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y7X1fFO4UP7QnwkC@slm.duckdns.org \
    --to=tj@kernel.org \
    --cc=axboe@kernel.dk \
    --cc=cgroups@vger.kernel.org \
    --cc=josef@toxicpanda.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=yi.zhang@huawei.com \
    --cc=yukuai1@huaweicloud.com \
    --cc=yukuai3@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.