The variables 'window_interval' is u64 and do_div()
truncates it to 32 bits, which means it can test
non-zero and be truncated to zero for division.
The unit of window_interval is nanoseconds,
so its lower 32-bit is relatively easy to exceed.
Fix this issue by using div64_u64() instead.
Fixes: 7298de9cd725 ("sch_cake: Add ingress mode")
Signed-off-by: Wen Yang <[email protected]>
Cc: Kevin Darbyshire-Bryant <[email protected]>
Cc: Toke Høiland-Jørgensen <[email protected]>
Cc: David S. Miller <[email protected]>
Cc: Cong Wang <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
---
net/sched/sch_cake.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c
index 6cc3ab1..90ef7cc 100644
--- a/net/sched/sch_cake.c
+++ b/net/sched/sch_cake.c
@@ -1768,7 +1768,7 @@ static s32 cake_enqueue(struct sk_buff *skb, struct Qdisc *sch,
q->avg_window_begin));
u64 b = q->avg_window_bytes * (u64)NSEC_PER_SEC;
- do_div(b, window_interval);
+ b = div64_u64(b, window_interval);
q->avg_peak_bandwidth =
cake_ewma(q->avg_peak_bandwidth, b,
b > q->avg_peak_bandwidth ? 2 : 8);
--
1.8.3.1
> On 2 Jan, 2020, at 11:21 am, Wen Yang <[email protected]> wrote:
>
> The variables 'window_interval' is u64 and do_div()
> truncates it to 32 bits, which means it can test
> non-zero and be truncated to zero for division.
> The unit of window_interval is nanoseconds,
> so its lower 32-bit is relatively easy to exceed.
> Fix this issue by using div64_u64() instead.
That might actually explain a few things. I approve.
Honestly the *correct* fix is for the compiler to implement division in a way that doesn't require substituting it with function calls. As this shows, it's error-prone to do this manually.
- Jonathan Morton
Wen Yang <[email protected]> writes:
> The variables 'window_interval' is u64 and do_div()
> truncates it to 32 bits, which means it can test
> non-zero and be truncated to zero for division.
> The unit of window_interval is nanoseconds,
> so its lower 32-bit is relatively easy to exceed.
> Fix this issue by using div64_u64() instead.
>
> Fixes: 7298de9cd725 ("sch_cake: Add ingress mode")
> Signed-off-by: Wen Yang <[email protected]>
> Cc: Kevin Darbyshire-Bryant <[email protected]>
> Cc: Toke Høiland-Jørgensen <[email protected]>
> Cc: David S. Miller <[email protected]>
> Cc: Cong Wang <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
Acked-by: Toke Høiland-Jørgensen <[email protected]>
From: Wen Yang <[email protected]>
Date: Thu, 2 Jan 2020 17:21:43 +0800
> The variables 'window_interval' is u64 and do_div()
> truncates it to 32 bits, which means it can test
> non-zero and be truncated to zero for division.
> The unit of window_interval is nanoseconds,
> so its lower 32-bit is relatively easy to exceed.
> Fix this issue by using div64_u64() instead.
>
> Fixes: 7298de9cd725 ("sch_cake: Add ingress mode")
> Signed-off-by: Wen Yang <[email protected]>
Applied and queued up for -stable.