* [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems
[not found] <CGME20210913085226epcas5p2b516f0f591926c927faa9c60d211bf44@epcas5p2.samsung.com>
@ 2021-09-13 8:51 ` Ravi Singh
2021-11-04 16:55 ` Johannes Weiner
0 siblings, 1 reply; 6+ messages in thread
From: Ravi Singh @ 2021-09-13 8:51 UTC (permalink / raw)
To: hannes, mingo, peterz, linux-kernel
Cc: a.sahrawat, v.narang, vishal.goel, Ravi Singh
psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case
where window_us is larger than 4294967, the result of an
multiplication overflows an unsigned int/long(4 bytes on 32 bit
system).
For example, this can happen when the window_us is 5000000 so 5000000
* 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than
UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in
t->win.size instead of 5000000000. Now psi will be monitoring the
window size of 705 msecs instead of 5 secs as expected by user.
Fix this by type casting the first term of the mutiply to a u64.
Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type
long which is 8 bytes on 64 bit systems.
Signed-off-by: Ravi Singh <ravi.singh1@samsung.com>
---
kernel/sched/psi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
index 1652f2bb5..a2cc33dc2 100644
--- a/kernel/sched/psi.c
+++ b/kernel/sched/psi.c
@@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group,
t->group = group;
t->state = state;
t->threshold = threshold_us * NSEC_PER_USEC;
- t->win.size = window_us * NSEC_PER_USEC;
+ t->win.size = (u64)window_us * NSEC_PER_USEC;
window_reset(&t->win, 0, 0, 0);
t->event = 0;
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems
2021-09-13 8:51 ` [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems Ravi Singh
@ 2021-11-04 16:55 ` Johannes Weiner
2021-11-04 23:11 ` Suren Baghdasaryan
0 siblings, 1 reply; 6+ messages in thread
From: Johannes Weiner @ 2021-11-04 16:55 UTC (permalink / raw)
To: Ravi Singh
Cc: mingo, peterz, linux-kernel, a.sahrawat, v.narang, vishal.goel,
Suren Baghdasaryan
CC Suren
Sorry, this fell through the cracks.
On Mon, Sep 13, 2021 at 02:21:35PM +0530, Ravi Singh wrote:
> psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case
> where window_us is larger than 4294967, the result of an
> multiplication overflows an unsigned int/long(4 bytes on 32 bit
> system).
>
> For example, this can happen when the window_us is 5000000 so 5000000
> * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than
> UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in
> t->win.size instead of 5000000000. Now psi will be monitoring the
> window size of 705 msecs instead of 5 secs as expected by user.
>
> Fix this by type casting the first term of the mutiply to a u64.
>
> Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type
> long which is 8 bytes on 64 bit systems.
>
> Signed-off-by: Ravi Singh <ravi.singh1@samsung.com>
Fixes: 0e94682b73bf psi: introduce psi monitor
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Peter would you mind taking this through -tip?
> ---
> kernel/sched/psi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
> index 1652f2bb5..a2cc33dc2 100644
> --- a/kernel/sched/psi.c
> +++ b/kernel/sched/psi.c
> @@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group,
> t->group = group;
> t->state = state;
> t->threshold = threshold_us * NSEC_PER_USEC;
> - t->win.size = window_us * NSEC_PER_USEC;
> + t->win.size = (u64)window_us * NSEC_PER_USEC;
> window_reset(&t->win, 0, 0, 0);
>
> t->event = 0;
> --
> 2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems
2021-11-04 16:55 ` Johannes Weiner
@ 2021-11-04 23:11 ` Suren Baghdasaryan
0 siblings, 0 replies; 6+ messages in thread
From: Suren Baghdasaryan @ 2021-11-04 23:11 UTC (permalink / raw)
To: Johannes Weiner
Cc: Ravi Singh, mingo, peterz, linux-kernel, a.sahrawat, v.narang,
vishal.goel
On Thu, Nov 4, 2021 at 9:55 AM Johannes Weiner <hannes@cmpxchg.org> wrote:
>
> CC Suren
Thanks!
>
> Sorry, this fell through the cracks.
>
> On Mon, Sep 13, 2021 at 02:21:35PM +0530, Ravi Singh wrote:
> > psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case
> > where window_us is larger than 4294967, the result of an
> > multiplication overflows an unsigned int/long(4 bytes on 32 bit
> > system).
> >
> > For example, this can happen when the window_us is 5000000 so 5000000
> > * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than
> > UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in
> > t->win.size instead of 5000000000. Now psi will be monitoring the
> > window size of 705 msecs instead of 5 secs as expected by user.
> >
> > Fix this by type casting the first term of the mutiply to a u64.
Looks reasonable to me.
> >
> > Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type
> > long which is 8 bytes on 64 bit systems.
> >
> > Signed-off-by: Ravi Singh <ravi.singh1@samsung.com>
>
> Fixes: 0e94682b73bf psi: introduce psi monitor
> Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Suren Baghdasaryan <surenb@google.com>
>
> Peter would you mind taking this through -tip?
>
> > ---
> > kernel/sched/psi.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
> > index 1652f2bb5..a2cc33dc2 100644
> > --- a/kernel/sched/psi.c
> > +++ b/kernel/sched/psi.c
> > @@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group,
> > t->group = group;
> > t->state = state;
> > t->threshold = threshold_us * NSEC_PER_USEC;
> > - t->win.size = window_us * NSEC_PER_USEC;
> > + t->win.size = (u64)window_us * NSEC_PER_USEC;
> > window_reset(&t->win, 0, 0, 0);
> >
> > t->event = 0;
> > --
> > 2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems
2021-09-06 12:25 ` Ravi Singh
2021-09-08 11:32 ` Johannes Weiner
@ 2021-09-10 15:33 ` Peter Zijlstra
1 sibling, 0 replies; 6+ messages in thread
From: Peter Zijlstra @ 2021-09-10 15:33 UTC (permalink / raw)
To: Ravi Singh; +Cc: hannes, mingo, linux-kernel, a.sahrawat, v.narang, vishal.goel
On Mon, Sep 06, 2021 at 05:55:24PM +0530, Ravi Singh wrote:
> psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case
> where window_us is larger than 4294967, the result of an
> multiplication overflows an unsigned int/long(4 bytes on 32 bit
> system).
>
> For example, this can happen when the window_us is 5000000 so 5000000
> * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than
> UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in
> t->win.size instead of 5000000000. Now psi will be monitoring the
> window size of 705 msecs instead of 5 secs as expected by user.
>
> Fix this by type casting the first term of the mutiply to a u64.
>
> Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type
> long which is 8 bytes on 64 bit systems.
>
> Signed-off-by: Ravi Singh <ravi.singh1@samsung.com>
> Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
That's not a valid SoB chain.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems
2021-09-06 12:25 ` Ravi Singh
@ 2021-09-08 11:32 ` Johannes Weiner
2021-09-10 15:33 ` Peter Zijlstra
1 sibling, 0 replies; 6+ messages in thread
From: Johannes Weiner @ 2021-09-08 11:32 UTC (permalink / raw)
To: Ravi Singh
Cc: mingo, peterz, linux-kernel, a.sahrawat, v.narang, vishal.goel,
Suren Baghdasaryan
CC Suren
On Mon, Sep 06, 2021 at 05:55:24PM +0530, Ravi Singh wrote:
> psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case
> where window_us is larger than 4294967, the result of an
> multiplication overflows an unsigned int/long(4 bytes on 32 bit
> system).
>
> For example, this can happen when the window_us is 5000000 so 5000000
> * 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than
> UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in
> t->win.size instead of 5000000000. Now psi will be monitoring the
> window size of 705 msecs instead of 5 secs as expected by user.
>
> Fix this by type casting the first term of the mutiply to a u64.
>
> Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type
> long which is 8 bytes on 64 bit systems.
>
> Signed-off-by: Ravi Singh <ravi.singh1@samsung.com>
> Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
> ---
> kernel/sched/psi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
> index 1652f2bb5..a2cc33dc2 100644
> --- a/kernel/sched/psi.c
> +++ b/kernel/sched/psi.c
> @@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group,
> t->group = group;
> t->state = state;
> t->threshold = threshold_us * NSEC_PER_USEC;
> - t->win.size = window_us * NSEC_PER_USEC;
> + t->win.size = (u64)window_us * NSEC_PER_USEC;
> window_reset(&t->win, 0, 0, 0);
>
> t->event = 0;
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems
[not found] <CGME20210906122653epcas5p19c46576f0be4d4a101f851a751addde8@epcas5p1.samsung.com>
@ 2021-09-06 12:25 ` Ravi Singh
2021-09-08 11:32 ` Johannes Weiner
2021-09-10 15:33 ` Peter Zijlstra
0 siblings, 2 replies; 6+ messages in thread
From: Ravi Singh @ 2021-09-06 12:25 UTC (permalink / raw)
To: hannes, mingo, peterz, linux-kernel
Cc: a.sahrawat, v.narang, vishal.goel, Ravi Singh
psi accepts window sizes upto WINDOW_MAX_US(10000000). In the case
where window_us is larger than 4294967, the result of an
multiplication overflows an unsigned int/long(4 bytes on 32 bit
system).
For example, this can happen when the window_us is 5000000 so 5000000
* 1000 (NSEC_PER_USEC) will result in 5000000000 which is greater than
UINT_MAX(4294967295). Due to this overflow, 705032704 is stored in
t->win.size instead of 5000000000. Now psi will be monitoring the
window size of 705 msecs instead of 5 secs as expected by user.
Fix this by type casting the first term of the mutiply to a u64.
Issue doesnot occur on 64 bit systems because NSEC_PER_USEC is of type
long which is 8 bytes on 64 bit systems.
Signed-off-by: Ravi Singh <ravi.singh1@samsung.com>
Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
---
kernel/sched/psi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
index 1652f2bb5..a2cc33dc2 100644
--- a/kernel/sched/psi.c
+++ b/kernel/sched/psi.c
@@ -1145,7 +1145,7 @@ struct psi_trigger *psi_trigger_create(struct psi_group *group,
t->group = group;
t->state = state;
t->threshold = threshold_us * NSEC_PER_USEC;
- t->win.size = window_us * NSEC_PER_USEC;
+ t->win.size = (u64)window_us * NSEC_PER_USEC;
window_reset(&t->win, 0, 0, 0);
t->event = 0;
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-11-04 23:11 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CGME20210913085226epcas5p2b516f0f591926c927faa9c60d211bf44@epcas5p2.samsung.com>
2021-09-13 8:51 ` [PATCH] psi: fix integer overflow on unsigned int multiply on 32 bit systems Ravi Singh
2021-11-04 16:55 ` Johannes Weiner
2021-11-04 23:11 ` Suren Baghdasaryan
[not found] <CGME20210906122653epcas5p19c46576f0be4d4a101f851a751addde8@epcas5p1.samsung.com>
2021-09-06 12:25 ` Ravi Singh
2021-09-08 11:32 ` Johannes Weiner
2021-09-10 15:33 ` Peter Zijlstra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).