Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp1385083pxy; Thu, 29 Apr 2021 06:08:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1h8ZbUGw92zMXkdfVdDzCj4vNtq4zfn0LQdhRrK+FpFU4R/U51L8kC3U94q1khDOFNn2J X-Received: by 2002:a17:906:4098:: with SMTP id u24mr16118086ejj.228.1619701711889; Thu, 29 Apr 2021 06:08:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619701711; cv=none; d=google.com; s=arc-20160816; b=HLmC5BfifOhcHPdWdIDNliXh+Qh/NOPIrt0PA+WcfpXCbD43n/dc/oDLU9+qTj6Vmq 8Aq4QC3jaceIf7hhLOuzSNGduALinvOe1mkmJYTSd3tqoKPxLRKqoApjt0t8bVDJWa3H h1nbMjTS3VKlA7JksDcSo30oDTLRd4ChiK2w99J7qXm0QXuhi2HrVnj89a1QTDa7IqNS pGJnK38aYph7+WuL58UKbo5wg1Izsnv8fL9atJFo2YJbZ9ddEBajiqjDqLWT9jN2mQ+a gkaRKyMhimaLj6o6tYtcS6ByXaLKzG2fsZe7A41r8RkGr0ToG+i5WOd9w85fPNc5t0SO J84g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date :dkim-signature; bh=dBDPUd6OEZUbveW3fcmwIajvKcq5g8Z72TTKCSfESO0=; b=gxUz1DcArEvcdo/aycYVrpkFUUw39Xg9zIem54tSMiQPgqcujS5z1fsOIjnd21vMzA budoQh2cvvum1Et7kELlTuVGRyBO+j8PDZeYWhm67DFT7MuxGQbVDTM5Kdq6F0ztMLcJ N92gDCBrsIzGsEsjpoZzvDcLRDoO0oJcGykql1QZm5/diadLj2xvp/q0rC3yf0/gly6E s1oCRLtmdW52Z30lnDEXTFJ+bv8YkR1Q7bPsde1XGEPPhTK14RqQENFdpVpIAkp/2kEw pYNeewnUPvgt2j1DRlw2uxg1VmA+XjeMrbIFT9yaXKrHnHB3nkFfuDftiWzoqi8FEV0z 7IXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=nRh86q6+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y11si2630761edv.309.2021.04.29.06.07.44; Thu, 29 Apr 2021 06:08:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=nRh86q6+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237315AbhD2NGK (ORCPT + 99 others); Thu, 29 Apr 2021 09:06:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234147AbhD2NGJ (ORCPT ); Thu, 29 Apr 2021 09:06:09 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2072C06138B for ; Thu, 29 Apr 2021 06:05:21 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id l17-20020a25ad510000b02904ee2dd236d5so9617118ybe.18 for ; Thu, 29 Apr 2021 06:05:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=dBDPUd6OEZUbveW3fcmwIajvKcq5g8Z72TTKCSfESO0=; b=nRh86q6+YSD5vdlfgm97OOyL3sWvNGVQZuU5Fp4lJkrtv8saGQ537qpzdPmQ6mzJN9 W+wyyUPl1emjGz5Sce2KO1DNGkXGVECrq6hgD9uelgFh81LrPnc7C+ukhgsV9lfNlOdr N5br/ybBGs+90Kg0AQK76eExLy8eZCBNb3p7wVqDE7rw73TkGMKF4Iny6vETrv1o/9wl 8JJFUA6PpqOHobLIkG2cNZrJptP0Jxl3bDTkYUAkRO+Fg33dO5qCAdJDmY5NRMuU/tGU FZlvUPZJk/C/VlLDXCrGzsDkRmqIsnwiNXwhVAz2Or2ZYju8ZS7taBx6ne4pDe6YmvS1 aiTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=dBDPUd6OEZUbveW3fcmwIajvKcq5g8Z72TTKCSfESO0=; b=InUpIsTR9yaPU8Ss+LmEVKMosCkVE0+fW9TSEC6q0S1rsQRB07dJzWU3EqCxlpIZ/I ueVHlf/BxbA98P78YbGMmizLdNfbf1XvIGtoUlppejJr0TzHxXv2/Mlv71qm177eWlgT JDoQhRzDW1kZAAiOcrH6wkiXrFmFae1vK+dffTyTS4tDehT6PVpr1dQBGYjR+ZkGonMX mctAWX/tazHzweD1xVKx2Juiwx9HnQ+U4F5DbxwgR5HAb7CbJRJoUKgUjsGX6UtdFAUt MEUW5/dU9yftFJzRttWJvdnpBPzChDlO9Uhkj2QqF8wunoBHrRm9ZbjXws62KHbtO05b dVmQ== X-Gm-Message-State: AOAM532vcWnS44vuC25y5N/pBuPPSv9w1UPmPxCX64Ba+vSafxAVW4Ub Kxtu/JSC4hOnwQ0DFIGx2OjxqVn1gUdnZg== X-Received: from beeg.c.googlers.com ([fda3:e722:ac3:10:28:9cb1:c0a8:11db]) (user=jackmanb job=sendgmr) by 2002:a05:6902:4e2:: with SMTP id w2mr17353469ybs.79.1619701520798; Thu, 29 Apr 2021 06:05:20 -0700 (PDT) Date: Thu, 29 Apr 2021 13:05:10 +0000 Message-Id: <20210429130510.1621665-1-jackmanb@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.31.1.498.g6c1eba8ee3d-goog Subject: [PATCH v2 bpf-next] libbpf: Fix signed overflow in ringbuf_process_ring From: Brendan Jackman To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, linux-kernel@vger.kernel.org, kpsingh@kernel.org, revest@chromium.org, Brendan Jackman Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org One of our benchmarks running in (Google-internal) CI pushes data through the ringbuf faster htan than userspace is able to consume it. In this case it seems we're actually able to get >INT_MAX entries in a single ringbuf_buffer__consume call. ASAN detected that cnt overflows in this case. Fix by using 64-bit counter internally and then capping the result to INT_MAX before converting to the int return type. Fixes: bf99c936f947 (libbpf: Add BPF ring buffer support) Signed-off-by: Brendan Jackman --- diff v1->v2: Now we don't break the loop at INT_MAX, we just cap the reported entry count. Note: I feel a bit guilty about the fact that this makes the reader think about implicit conversions. Nobody likes thinking about that. But explicit casts don't really help with clarity: return (int)min(cnt, (int64_t)INT_MAX); // ugh shrug.. tools/lib/bpf/ringbuf.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tools/lib/bpf/ringbuf.c b/tools/lib/bpf/ringbuf.c index e7a8d847161f..2e114c2d0047 100644 --- a/tools/lib/bpf/ringbuf.c +++ b/tools/lib/bpf/ringbuf.c @@ -204,7 +204,9 @@ static inline int roundup_len(__u32 len) static int ringbuf_process_ring(struct ring* r) { - int *len_ptr, len, err, cnt = 0; + int *len_ptr, len, err; + /* 64-bit to avoid overflow in case of extreme application behavior */ + int64_t cnt = 0; unsigned long cons_pos, prod_pos; bool got_new_data; void *sample; @@ -240,7 +242,7 @@ static int ringbuf_process_ring(struct ring* r) } } while (got_new_data); done: - return cnt; + return min(cnt, INT_MAX); } /* Consume available ring buffer(s) data without event polling. @@ -263,8 +265,8 @@ int ring_buffer__consume(struct ring_buffer *rb) } /* Poll for available data and consume records, if any are available. - * Returns number of records consumed, or negative number, if any of the - * registered callbacks returned error. + * Returns number of records consumed (or INT_MAX, whichever is less), or + * negative number, if any of the registered callbacks returned error. */ int ring_buffer__poll(struct ring_buffer *rb, int timeout_ms) { -- 2.31.1.498.g6c1eba8ee3d-goog