[PATCH] memcg: avoid "free" overflow in memcg_hierarchical_free_pages()

[PATCH] memcg: avoid "free" overflow in memcg_hierarchical_free_pages()

[Greg Thelen]

memcg limit and usage values are stored in res_counter, as 64-bit
numbers, even on 32-bit machines.  The "free" variable in
memcg_hierarchical_free_pages() stores the difference between two
64-bit numbers (limit - current_usage), and thus should be stored
in a 64-bit local rather than a machine defined unsigned long.

Reported-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: Greg Thelen <gthelen@google.com>
---
 mm/memcontrol.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 35870f9..d8a06d6 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -1343,7 +1343,8 @@ static long mem_cgroup_local_page_stat(struct mem_cgroup *mem,
 static unsigned long
 memcg_hierarchical_free_pages(struct mem_cgroup *mem)
 {
-	unsigned long free, min_free;
+	u64 free;
+	unsigned long min_free;
 
 	min_free = global_page_state(NR_FREE_PAGES);
 
@@ -1351,7 +1352,7 @@ memcg_hierarchical_free_pages(struct mem_cgroup *mem)
 		free = (res_counter_read_u64(&mem->res, RES_LIMIT) -
 			res_counter_read_u64(&mem->res, RES_USAGE)) >>
 			PAGE_SHIFT;
-		min_free = min(min_free, free);
+		min_free = min((u64)min_free, free);
 		mem = parent_mem_cgroup(mem);
 	}
 
-- 
1.7.3.1

Re: [PATCH] memcg: avoid "free" overflow in memcg_hierarchical_free_pages()

[Johannes Weiner]

On Tue, Nov 09, 2010 at 12:54:13AM -0800, Greg Thelen wrote:
> memcg limit and usage values are stored in res_counter, as 64-bit
> numbers, even on 32-bit machines.  The "free" variable in
> memcg_hierarchical_free_pages() stores the difference between two
> 64-bit numbers (limit - current_usage), and thus should be stored
> in a 64-bit local rather than a machine defined unsigned long.

It is converted to pages before the assignment, but even that might
overflow on 32-bit if the difference is sufficiently large (> 1<<44).

> Reported-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
> Signed-off-by: Greg Thelen <gthelen@google.com>

Reviewed-by: Johannes Weiner <hannes@cmpxchg.org>

Re: [PATCH] memcg: avoid "free" overflow in memcg_hierarchical_free_pages()

[KAMEZAWA Hiroyuki]

On Tue,  9 Nov 2010 00:54:13 -0800
Greg Thelen <gthelen@google.com> wrote:

> memcg limit and usage values are stored in res_counter, as 64-bit
> numbers, even on 32-bit machines.  The "free" variable in
> memcg_hierarchical_free_pages() stores the difference between two
> 64-bit numbers (limit - current_usage), and thus should be stored
> in a 64-bit local rather than a machine defined unsigned long.
> 
> Reported-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
> Signed-off-by: Greg Thelen <gthelen@google.com>

Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>