From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Wen Yang <wenyang@linux.alibaba.com>,
Andrew Morton <akpm@linux-foundation.org>, Qian Cai <cai@lca.pw>,
Tejun Heo <tj@kernel.org>, Jens Axboe <axboe@kernel.dk>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.19 046/103] mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
Date: Wed, 22 Jan 2020 10:29:02 +0100 [thread overview]
Message-ID: <20200122092810.734690455@linuxfoundation.org> (raw)
In-Reply-To: <20200122092803.587683021@linuxfoundation.org>
From: Wen Yang <wenyang@linux.alibaba.com>
commit 6d9e8c651dd979aa666bee15f086745f3ea9c4b3 upstream.
Patch series "use div64_ul() instead of div_u64() if the divisor is
unsigned long".
We were first inspired by commit b0ab99e7736a ("sched: Fix possible divide
by zero in avg_atom () calculation"), then refer to the recently analyzed
mm code, we found this suspicious place.
201 if (min) {
202 min *= this_bw;
203 do_div(min, tot_bw);
204 }
And we also disassembled and confirmed it:
/usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 201
0xffffffff811c37da <__wb_calc_thresh+234>: xor %r10d,%r10d
0xffffffff811c37dd <__wb_calc_thresh+237>: test %rax,%rax
0xffffffff811c37e0 <__wb_calc_thresh+240>: je 0xffffffff811c3800 <__wb_calc_thresh+272>
/usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 202
0xffffffff811c37e2 <__wb_calc_thresh+242>: imul %r8,%rax
/usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 203
0xffffffff811c37e6 <__wb_calc_thresh+246>: mov %r9d,%r10d ---> truncates it to 32 bits here
0xffffffff811c37e9 <__wb_calc_thresh+249>: xor %edx,%edx
0xffffffff811c37eb <__wb_calc_thresh+251>: div %r10
0xffffffff811c37ee <__wb_calc_thresh+254>: imul %rbx,%rax
0xffffffff811c37f2 <__wb_calc_thresh+258>: shr $0x2,%rax
0xffffffff811c37f6 <__wb_calc_thresh+262>: mul %rcx
0xffffffff811c37f9 <__wb_calc_thresh+265>: shr $0x2,%rdx
0xffffffff811c37fd <__wb_calc_thresh+269>: mov %rdx,%r10
This series uses div64_ul() instead of div_u64() if the divisor is
unsigned long, to avoid truncation to 32-bit on 64-bit platforms.
This patch (of 3):
The variables 'min' and 'max' are unsigned long and do_div truncates
them to 32 bits, which means it can test non-zero and be truncated to
zero for division. Fix this issue by using div64_ul() instead.
Link: http://lkml.kernel.org/r/20200102081442.8273-2-wenyang@linux.alibaba.com
Fixes: 693108a8a667 ("writeback: make bdi->min/max_ratio handling cgroup writeback aware")
Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Qian Cai <cai@lca.pw>
Cc: Tejun Heo <tj@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page-writeback.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -200,11 +200,11 @@ static void wb_min_max_ratio(struct bdi_
if (this_bw < tot_bw) {
if (min) {
min *= this_bw;
- do_div(min, tot_bw);
+ min = div64_ul(min, tot_bw);
}
if (max < 100) {
max *= this_bw;
- do_div(max, tot_bw);
+ max = div64_ul(max, tot_bw);
}
}
next prev parent reply other threads:[~2020-01-22 9:41 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-22 9:28 [PATCH 4.19 000/103] 4.19.98-stable review Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 001/103] ARM: dts: meson8: fix the size of the PMU registers Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 002/103] clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 003/103] dt-bindings: reset: meson8b: fix duplicate reset IDs Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 004/103] ARM: dts: imx6q-dhcom: fix rtc compatible Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 005/103] clk: Dont try to enable critical clocks if prepare failed Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 006/103] ASoC: msm8916-wcd-digital: Reset RX interpolation path after use Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 007/103] iio: buffer: align the size of scan bytes to size of the largest element Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 008/103] USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 009/103] USB: serial: option: Add support for Quectel RM500Q Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 010/103] USB: serial: opticon: fix control-message timeouts Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 011/103] USB: serial: option: add support for Quectel RM500Q in QDL mode Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 012/103] USB: serial: suppress driver bind attributes Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 013/103] USB: serial: ch341: handle unbound port at reset_resume Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 014/103] USB: serial: io_edgeport: handle unbound ports on URB completion Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 015/103] USB: serial: io_edgeport: add missing active-port sanity check Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 016/103] USB: serial: keyspan: handle unbound ports Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 017/103] USB: serial: quatech2: " Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 018/103] scsi: fnic: fix invalid stack access Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 019/103] scsi: mptfusion: Fix double fetch bug in ioctl Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 020/103] ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 021/103] ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1 Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 022/103] ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 023/103] ALSA: dice: fix fallback from protocol extension into limited functionality Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 024/103] ALSA: seq: Fix racy access for queue timer in proc read Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 025/103] ALSA: usb-audio: fix sync-ep altsetting sanity check Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 026/103] arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 027/103] Fix built-in early-load Intel microcode alignment Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 028/103] block: fix an integer overflow in logical block size Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 029/103] ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 030/103] LSM: generalize flag passing to security_capable Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 031/103] ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 032/103] usb: core: hub: Improved device recognition on remote wakeup Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 033/103] x86/resctrl: Fix an imbalance in domain_remove_cpu() Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 034/103] x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 035/103] x86/efistub: Disable paging at mixed mode entry Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 036/103] drm/i915: Add missing include file <linux/math64.h> Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 037/103] x86/resctrl: Fix potential memory leak Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 038/103] perf hists: Fix variable names inconsistency in hists__for_each() macro Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 039/103] perf report: Fix incorrectly added dimensions as switch perf data file Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 040/103] mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 041/103] mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 042/103] btrfs: rework arguments of btrfs_unlink_subvol Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 043/103] btrfs: fix invalid removal of root ref Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 044/103] btrfs: do not delete mismatched root refs Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 045/103] btrfs: fix memory leak in qgroup accounting Greg Kroah-Hartman
2020-01-22 9:29 ` Greg Kroah-Hartman [this message]
2020-01-22 9:29 ` [PATCH 4.19 047/103] ARM: dts: imx6qdl: Add Engicam i.Core 1.5 MX6 Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 048/103] ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 049/103] ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 050/103] net: stmmac: 16KB buffer must be 16 byte aligned Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 051/103] net: stmmac: Enable 16KB buffer size Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 052/103] mm/huge_memory.c: make __thp_get_unmapped_area static Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 053/103] mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 054/103] arm64: dts: agilex/stratix10: fix pmu interrupt numbers Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 055/103] bpf: Fix incorrect verifier simulation of ARSH under ALU32 Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 056/103] cfg80211: fix deadlocks in autodisconnect work Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 057/103] cfg80211: fix memory leak in cfg80211_cqm_rssi_update Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 058/103] cfg80211: fix page refcount issue in A-MSDU decap Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 059/103] netfilter: fix a use-after-free in mtype_destroy() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 060/103] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 061/103] netfilter: nft_tunnel: fix null-attribute check Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 062/103] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 063/103] netfilter: nf_tables: store transaction list locally while requesting module Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 064/103] netfilter: nf_tables: fix flowtable list del corruption Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 065/103] NFC: pn533: fix bulk-message timeout Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 066/103] batman-adv: Fix DAT candidate selection on little endian systems Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 067/103] macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 068/103] hv_netvsc: Fix memory leak when removing rndis device Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 069/103] net: dsa: tag_qca: fix doubled Tx statistics Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 070/103] net: hns: fix soft lockup when there is not enough memory Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 071/103] net: usb: lan78xx: limit size of local TSO packets Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 072/103] net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 073/103] ptp: free ptp device pin descriptors properly Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 074/103] r8152: add missing endpoint sanity check Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 075/103] tcp: fix marked lost packets not being retransmitted Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 076/103] sh_eth: check sh_eth_cpu_data::dual_port when dumping registers Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 077/103] mlxsw: spectrum: Wipe xstats.backlog of down ports Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 078/103] mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 079/103] xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 080/103] tcp: refine rule to allow EPOLLOUT generation under mem pressure Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 081/103] irqchip: Place CONFIG_SIFIVE_PLIC into the menu Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 082/103] cw1200: Fix a signedness bug in cw1200_load_firmware() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 083/103] arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 084/103] cfg80211: check for set_wiphy_params Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 085/103] tick/sched: Annotate lockless access to last_jiffies_update Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 086/103] arm64: dts: marvell: Fix CP110 NAND controller node multi-line comment alignment Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 087/103] Revert "arm64: dts: juno: add dma-ranges property" Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 088/103] mtd: devices: fix mchp23k256 read and write Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 089/103] drm/nouveau/bar/nv50: check bar1 vmm return value Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 090/103] drm/nouveau/bar/gf100: ensure BAR is mapped Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 091/103] drm/nouveau/mmu: qualify vmm during dtor Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 092/103] reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 093/103] scsi: esas2r: unlock on error in esas2r_nvram_read_direct() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 094/103] scsi: qla4xxx: fix double free bug Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 095/103] scsi: bnx2i: fix potential use after free Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 096/103] scsi: target: core: Fix a pr_debug() argument Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 097/103] scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 098/103] scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 099/103] scsi: core: scsi_trace: Use get_unaligned_be*() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 100/103] perf probe: Fix wrong address verification Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 101/103] clk: sprd: Use IS_ERR() to validate the return value of syscon_regmap_lookup_by_phandle() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 102/103] regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 103/103] hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call Greg Kroah-Hartman
2020-01-22 14:58 ` [PATCH 4.19 000/103] 4.19.98-stable review Jon Hunter
2020-01-22 17:03 ` Naresh Kamboju
2020-01-22 19:00 ` Guenter Roeck
2020-01-22 20:53 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200122092810.734690455@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=cai@lca.pw \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wenyang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).