Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751647AbbLKR6J (ORCPT ); Fri, 11 Dec 2015 12:58:09 -0500 Received: from mail-pa0-f54.google.com ([209.85.220.54]:34490 "EHLO mail-pa0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750748AbbLKR6I (ORCPT ); Fri, 11 Dec 2015 12:58:08 -0500 From: bsegall@google.com To: Andrey Ryabinin Cc: Peter Zijlstra , , , , Morten Rasmussen , Paul Turner Subject: Re: [PATCH] sched/fair: fix mul overflow on 32-bit systems References: <1449838518-26543-1-git-send-email-aryabinin@virtuozzo.com> <20151211132551.GO6356@twins.programming.kicks-ass.net> <20151211133612.GG6373@twins.programming.kicks-ass.net> <566AD6E1.2070005@virtuozzo.com> Date: Fri, 11 Dec 2015 09:58:03 -0800 In-Reply-To: <566AD6E1.2070005@virtuozzo.com> (Andrey Ryabinin's message of "Fri, 11 Dec 2015 17:00:01 +0300") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2927 Lines: 70 Andrey Ryabinin writes: > On 12/11/2015 04:36 PM, Peter Zijlstra wrote: >> On Fri, Dec 11, 2015 at 02:25:51PM +0100, Peter Zijlstra wrote: >>> On Fri, Dec 11, 2015 at 03:55:18PM +0300, Andrey Ryabinin wrote: >>>> Make 'r' 64-bit type to avoid overflow in 'r * LOAD_AVG_MAX' >>>> on 32-bit systems: >>>> UBSAN: Undefined behaviour in kernel/sched/fair.c:2785:18 >>>> signed integer overflow: >>>> 87950 * 47742 cannot be represented in type 'int' >>>> >>>> Fixes: 9d89c257dfb9 ("sched/fair: Rewrite runnable load and utilization average tracking") >>>> Signed-off-by: Andrey Ryabinin >>>> --- >>>> kernel/sched/fair.c | 4 ++-- >>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c >>>> index e3266eb..733f0b8 100644 >>>> --- a/kernel/sched/fair.c >>>> +++ b/kernel/sched/fair.c >>>> @@ -2780,14 +2780,14 @@ static inline int update_cfs_rq_load_avg(u64 now, struct cfs_rq *cfs_rq) >>>> int decayed, removed = 0; >>>> >>>> if (atomic_long_read(&cfs_rq->removed_load_avg)) { >>>> - long r = atomic_long_xchg(&cfs_rq->removed_load_avg, 0); >>>> + s64 r = atomic_long_xchg(&cfs_rq->removed_load_avg, 0); >>>> sa->load_avg = max_t(long, sa->load_avg - r, 0); >>>> sa->load_sum = max_t(s64, sa->load_sum - r * LOAD_AVG_MAX, 0); >>> >>> This makes sense, because sched_avg::load_sum is u64. >>> >>>> removed = 1; >>>> } >>>> >>>> if (atomic_long_read(&cfs_rq->removed_util_avg)) { >>>> - long r = atomic_long_xchg(&cfs_rq->removed_util_avg, 0); >>>> + s64 r = atomic_long_xchg(&cfs_rq->removed_util_avg, 0); >>>> sa->util_avg = max_t(long, sa->util_avg - r, 0); >>>> sa->util_sum = max_t(s32, sa->util_sum - r * LOAD_AVG_MAX, 0); >>>> } >>> >>> However sched_avg::util_sum is u32, so this is still wrecked. >> >> I seems to have wrecked that in: >> >> 006cdf025a33 ("sched/fair: Optimize per entity utilization tracking") >> >> maybe just make util_load u64 too? >> > > Is there any guarantee that the final result of expression 'util_sum - r * LOAD_AVG_MAX' always can be represented by s32? > > If yes, than we could just do this: > max_t(s32, (u64)sa->util_sum - r * LOAD_AVG_MAX, 0) Well, the (original) intent was that util_sum was always 32-bit, since it is at most LOAD_AVG_MAX times a fixed point math fraction from arch_scale_cpu_capacity(), which is probably 4096 or 1024 or something like that (and LOAD_AVG_MAX is < 2**16, so it's not even close to overflow). I'm not 100% sure this hasn't been broken, but unless it has been, the second hunk is completely unnecessary (the first hunk looks correct and necessary). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/