Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752755AbbBQTCY (ORCPT <rfc822;w@1wt.eu>);
	Tue, 17 Feb 2015 14:02:24 -0500
Received: from mout.gmx.net ([212.227.15.18]:54227 "EHLO mout.gmx.net"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751654AbbBQTCX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 17 Feb 2015 14:02:23 -0500
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>, Oleg Nesterov <oleg@redhat.com>,
        Rik van Riel <riel@redhat.com>,
        Vladimir Davydov <vdavydov@parallels.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        David Rientjes <rientjes@google.com>,
        Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org,
        Guenter Roeck <linux@roeck-us.net>,
        Heinrich Schuchardt <xypron.glpk@gmx.de>
Subject: [PATCH 1/1 v2] kernel/fork.c: avoid division by zero
Date: Tue, 17 Feb 2015 20:01:38 +0100
Message-Id: <1424199698-7607-1-git-send-email-xypron.glpk@gmx.de>
X-Mailer: git-send-email 2.1.4
X-Provags-ID: V03:K0:wguklldVBzWJgd4vNs2lQFQ3xPiRTYztx5J8h5mvQj0Bu/b9Cmd
 z858JcljCEcd2RFk/pzEJWmNE0n1CQirIPBYlOfl9mR+8h8AzkFa0aTmj7dT8mWsZFkWTZe
 cixwQOCW24B1MxI4vPHV7erLwtSBxjFIhE70Oe1rkQA72Gf9N9nlD9tKUS3MIdW/PWjDCDu
 E6ySRNQuHii+V2YYxL91w==
X-UI-Out-Filterresults: notjunk:1;
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1846
Lines: 66

PAGE_SIZE is not guaranteed to be equal to or less than 8 times the
THREAD_SIZE.

E.g. architecture hexagon may have page size 1M and thread size 4096.

This would lead to a division by zero.

The futex implementation assumes that tids fit into the FUTEX_TID_MASK.
This limits the number of allowable threads.

version 2:
  * use div64_u64
  * check against FUTEX_TID_MASK

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 kernel/fork.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/kernel/fork.c b/kernel/fork.c
index cf65139..1449923 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -74,6 +74,7 @@
 #include <linux/uprobes.h>
 #include <linux/aio.h>
 #include <linux/compiler.h>
+#include <linux/math64.h>
 
 #include <asm/pgtable.h>
 #include <asm/pgalloc.h>
@@ -255,6 +256,8 @@ void __init __weak arch_task_cache_init(void) { }
 
 void __init fork_init(unsigned long mempages)
 {
+	u64 temp;
+
 #ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR
 #ifndef ARCH_MIN_TASKALIGN
 #define ARCH_MIN_TASKALIGN	L1_CACHE_BYTES
@@ -273,7 +276,16 @@ void __init fork_init(unsigned long mempages)
 	 * value: the thread structures can take up at most half
 	 * of memory.
 	 */
-	max_threads = mempages / (8 * THREAD_SIZE / PAGE_SIZE);
+	temp = div64_u64((u64) mempages * (u64) PAGE_SIZE,
+			 (u64) THREAD_SIZE * 8UL);
+
+	/*
+	 * The futex code assumes that tids fit into the FUTEX_TID_MASK.
+	 */
+	if (temp < FUTEX_TID_MASK)
+		max_threads = temp;
+	else
+		max_threads = FUTEX_TID_MASK;
 
 	/*
 	 * we need to allow at least 20 threads to boot a system
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/