Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp319176rwb;
        Mon, 28 Nov 2022 21:43:54 -0800 (PST)
X-Google-Smtp-Source: AA0mqf4gkfrHZyMZfNFF4fQG1+tOa4zDdJ/x77GAqP7FfpF5YCBXMdIxZLO9GIZyBazoXQVAdxF5
X-Received: by 2002:a17:906:95c3:b0:78e:975:5e8 with SMTP id n3-20020a17090695c300b0078e097505e8mr30326072ejy.82.1669700634330;
        Mon, 28 Nov 2022 21:43:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669700634; cv=none;
        d=google.com; s=arc-20160816;
        b=omOfpPdaGccQglaOpThbHURP1bTZHSbyl+tIhQJ1l4/uvP0pOhrahJ1iDVCJnaivEg
         ea6ne9SivNUugAFbbke8w2Tl16l4Gky3rhwJEE4XHCQmk8MQTGq5EoedHI1St+c8Ga3P
         nbRfO5aFoCJVyXE87rxZAhs0SEFJli1FVHWz7BUBiPjXw+OxibALg6/vNoZl3o7w+49G
         GzfqXzHFHGivcUTz7C9aJkSL5hJJaGsNWZk04Spfoq+IFGMGN8N1l1GK+OJEnH5Z8m3O
         +0cSsJwpQ213vsDXpy5tRE1ufHejl5HAa/ufO/Mm+vjF8o1xSf7umvKom0uM7JGuZOmv
         AiPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:subject:user-agent:mime-version:date:message-id;
        bh=p+fJrIFqS7umQcQrFZcoGKAcyEzxDMu5rQHhVANwNjI=;
        b=UJodXXquRM7+ztVHg4wPRMe0wJJdR+1C8aw+5yLARwvlKod4lIVJuJ73HHf9EPvSr/
         3Ge1AzqYPGkNQKVtra1di75Qf4Y3zE+YUqU0hmJ3P2LaMfbJZJmTBLOo+a9shcab5qt4
         ZFK4uhSfkgMFXs8C2TMNK91jd0/HOBLGlJF4AAkfYbv68bRTTG502m82oiHatVyMbiIM
         fXC3SpbxypcrUSROIuPUQW6UnU+pNv8ndS+dY5ewRMf2EXsBeCLIExMslWdDDEM2p7Kk
         5z4Bvea/wwyFmjWLV12wJVVEmQwvd4u4VbFewSro0WcFF4Ai6IkXuBaE6sj7vRQx9mlX
         elBQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id xj14-20020a170906db0e00b007b284329e36si11943824ejb.131.2022.11.28.21.43.14;
        Mon, 28 Nov 2022 21:43:54 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235425AbiK2Ewx (ORCPT <rfc822;41i3n8@gmail.com> + 82 others);
        Mon, 28 Nov 2022 23:52:53 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35190 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234251AbiK2Ews (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 Nov 2022 23:52:48 -0500
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EFA756440;
        Mon, 28 Nov 2022 20:52:43 -0800 (PST)
Received: from canpemm500008.china.huawei.com (unknown [172.30.72.53])
        by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4NLqgl0VP7zRpSZ;
        Tue, 29 Nov 2022 12:52:03 +0800 (CST)
Received: from [10.174.179.2] (10.174.179.2) by canpemm500008.china.huawei.com
 (7.192.105.151) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 29 Nov
 2022 12:52:41 +0800
Message-ID: <7b447dcb-6009-31e1-8bf6-05b1cdb28b01@huawei.com>
Date:   Tue, 29 Nov 2022 12:52:40 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.1.1
Subject: Re: [PATCH v2] blk-iocost: fix shift-out-of-bounds in
 iocg_hick_delay()
To:     Yu Kuai <yukuai1@huaweicloud.com>, Tejun Heo <tj@kernel.org>
CC:     <josef@toxicpanda.com>, <axboe@kernel.dk>,
        <cgroups@vger.kernel.org>, <linux-block@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <liuzhiqiang26@huawei.com>,
        "yukuai (C)" <yukuai3@huawei.com>
References: <20221128030413.882998-1-lijinlin3@huawei.com>
 <Y4US2vFmR4pnw08Z@slm.duckdns.org>
 <bbc5e21f-9e77-41bb-5763-36bd905b52a0@huaweicloud.com>
 <2830bd58-0f53-fa54-58e5-e87225b1fdf1@huawei.com>
 <5489e3c5-30ad-d7af-c329-40c93d9a1b62@huaweicloud.com>
From:   Li Jinlin <lijinlin3@huawei.com>
In-Reply-To: <5489e3c5-30ad-d7af-c329-40c93d9a1b62@huaweicloud.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.174.179.2]
X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To
 canpemm500008.china.huawei.com (7.192.105.151)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,NICE_REPLY_A,
        RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 2022/11/29 10:59, Yu Kuai wrote:
> Hi,
> 
> 在 2022/11/29 10:49, Li Jinlin 写道:
>>
>>
>> On 2022/11/29 9:14, Yu Kuai wrote:
>>> Hi,
>>>
>>> 在 2022/11/29 3:58, Tejun Heo 写道:
>>>> On Mon, Nov 28, 2022 at 11:04:13AM +0800, Li Jinlin wrote:
>>>>>        /* calculate the current delay in effect - 1/2 every second */
>>>>>        tdelta = now->now - iocg->delay_at;
>>>>>        if (iocg->delay)
>>>>> -        delay = iocg->delay >> div64_u64(tdelta, USEC_PER_SEC);
>>>>> +        delay = iocg->delay >>
>>>>> +            min_t(u64, div64_u64(tdelta, USEC_PER_SEC), 63);
>>>>
>>>> I replied earlier but the right thing to do here is setting delay to 0 if
>>>> the shift is >= 64.
>>>
>>> Perhaps following change will make more sense?
>>>
>>> @@ -1322,18 +1323,19 @@ static bool iocg_kick_delay(struct ioc_gq *iocg, struct ioc_now *now)
>>>   {
>>>          struct ioc *ioc = iocg->ioc;
>>>          struct blkcg_gq *blkg = iocg_to_blkg(iocg);
>>> -       u64 tdelta, delay, new_delay;
>>> +       u64 delay = 0;
>>> +       u64 new_delay;
>>>          s64 vover, vover_pct;
>>>          u32 hwa;
>>>
>>>          lockdep_assert_held(&iocg->waitq.lock);
>>>
>>>          /* calculate the current delay in effect - 1/2 every second */
>>> -       tdelta = now->now - iocg->delay_at;
>>> -       if (iocg->delay)
>>> +       if (iocg->delay && now->now > iocg->delay_at) {
>>> +               u64 tdelta = now->now - iocg->delay_at;
>>> +
>>>                  delay = iocg->delay >> div64_u64(tdelta, USEC_PER_SEC);
>>> -       else
>>> -               delay = 0;
>>> +       }
>>>
>> I think "now->now > iocg->delay_at" is unnecessary, it is almost inevitable.
> 
> From what I see, following can only happen if now->now < iocg->delay_at:
> 
> "shift exponent 18446744073709"
> 
You are right. 

But I didn't see any ubsan reported at now->now - iocg->delay_at. 
Need to confirm this.

Jinlin
Thanks.

> Or something else triggers it?
> 
> Thanks,
> Kuai
>