Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp812622lqt; Fri, 19 Apr 2024 11:05:22 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWfAm/KcVXrtBocmtRSki/bQ1Rt24/c6XJ29iISoC7xdxEpsDaW8tyXYeNt98rADQOSZA8Dc24nc302YgXXKKu/0iHUNXkL88fisms1lQ== X-Google-Smtp-Source: AGHT+IHmLtEki3XIuhlG1ZdsT/TCn2XSfdcXAQG7qkykUn0BDUBbqrsEg8/VsoQOf8fvHY15QORz X-Received: by 2002:ac8:5804:0:b0:437:b3f2:db93 with SMTP id g4-20020ac85804000000b00437b3f2db93mr5538788qtg.2.1713549921884; Fri, 19 Apr 2024 11:05:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713549921; cv=pass; d=google.com; s=arc-20160816; b=zqWdqjD4uR6Ec39AK30VVtoJHU4y0+UWpMGkNA7PzDb648YWr8PRb6hv4wnsnLbmwG kmqGr6VGyc9I+rFZmg9opvz4B48mfcDg7G7ZSGQ6lNPlg9oPRL/9AWFIdOy9Z5/NGN1L bNcFXj9j3R60OKQKaSnTsLx0KZSAnbnPt89zBDksFjfJFU7HFTeio5d/h+jA1klxOoNK yVO5fsALtW3XZ35tH+rjYi6nQTAwrW28I/1tq9IAHnV2CYi+GvTAVX5mhlrAknacSCSL 3butQgKNpbk1aZq9YPMF9kB7C62ycFoJReruty74jywivq2O50fHr6zoSH38WqBkUOyg wlSA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=HmgSdIOaBGzF1wIJwZyCqHKWiUO1epUovMBrXDSKd70=; fh=q3SDEA7j1AeVbGu3rIGo5vhh0kIGPwiSuPgkinheO4I=; b=bUZUG/isjtnkpxTOcoAcU/NFtH8z3KXqqFK5bUKmuzUusP1LI0Ou1PNd9SbyX4Kk/F txxwfXwITpDQTnzOcJl231X5Xd+29HQ7AW0yfLIp9UFU9VDKrIq3BFmKUrmIo5di4hvN kfFHF6OHX4DvuxPiutA+cQtsGj5vNIcPrhlK221LuQQHSgCWdT3jRAJhZgDjDVckat6h A+MhnCWZ0rvolr5m+MAW+9AIebLpwUxsj4d1Ig42YZU4/E3Hi65GuNl69lBb6dj2ZzMy 8Z2HJmyVakN0S6A0rQKt7vINtqCZu+347mkUwiLl3KnyqMCt2Sg/7TW5xGIVQ5xOzGGk d4Zg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=d2HcSxa5; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-151850-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151850-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id a16-20020a05622a065000b00436929e81a3si4503311qtb.108.2024.04.19.11.05.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 11:05:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-151850-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=d2HcSxa5; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-151850-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151850-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 89A191C21EB0 for ; Fri, 19 Apr 2024 18:05:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B4D9E13B5A9; Fri, 19 Apr 2024 18:05:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="d2HcSxa5" Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com [209.85.208.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29F9F130AC4 for ; Fri, 19 Apr 2024 18:05:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713549912; cv=none; b=glGkTFwSykQI8isCqRc5qODD610mXM1hIOj4Lp43Gl9R3juc7TDDdXTfzkLHnV8AAz+TFYyVBrswTQ68UOx43JnDLUTGDaEZ9otfGq3vzeziq/Bp/qS4Vy4ADSUU0pA/wOvhV7xPEV+PA1dqqSxJozD8fZXW9JCBHAmidi53Oeo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713549912; c=relaxed/simple; bh=F4cNOrYwM4Aq4Iiy4jYOyWYoKlDnc4rZFnYqfqmTWJk=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=pHMmeL/1n9InM0VnYiOCGXVYG8iw+v2ltNnZ5EMZMXoSmiwME36MtjHRvF96a+rKzycitqSzYFUS5lzgGHKfF+h5ovuQ+UgYCztBaDHqT0o9tNlXWvmgHYGNcMdUyQyf7EayB4wuA+AuE3S4DESXM0dKibEJdVhisUvwbJ8WgaY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=d2HcSxa5; arc=none smtp.client-ip=209.85.208.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-ed1-f46.google.com with SMTP id 4fb4d7f45d1cf-571e13cd856so2172a12.0 for ; Fri, 19 Apr 2024 11:05:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713549909; x=1714154709; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=HmgSdIOaBGzF1wIJwZyCqHKWiUO1epUovMBrXDSKd70=; b=d2HcSxa5F65+eScAfEpAhoKksIvRGfuZBpJXIMiBC+K8a1+k0S+cqd8ygzEmehsf4n ZASPZIwM0OIrSYlcj1htbfPP8tq0S48Ne/V+lVdca2+OYl12fRNDVyCJJ6Id9+Jr9Mn+ mC2FZDTP9LxUpjTz7PqGFcDIVbWHSC/VjQ6a889ixUFByjOEw4xt+ZzjWiTAZMV4MBCz Vy4c5kzHexzU4EEy2IB6YStLSmGO5DHkripX3mxg6vok+Wzn6Mb1lzEVfF6fGrIwHzz/ EFkOQkmiLwau4BTUcjXYHMmuG+HVLdUYDeFIvyg89EumIaEZbCpGYfL8ezqXe0ypG92P 1C+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713549909; x=1714154709; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HmgSdIOaBGzF1wIJwZyCqHKWiUO1epUovMBrXDSKd70=; b=HX5S3acHJgo9NQlw87E9Ugza/yis6V/MJst2bj3/1H/9xTSM+DaivZdYc/40kZewT7 XkNOvhCzzGiioqgVhulTcov0QGvCDZElRzyHORiPLK68s4JI3RWRZieun0oD/85XPz5g A6HTAjTEdwJCw0kxJOaq3KUeozyYE8HynAqgCbDkZy6//RYV417VAhz97DyGL4C4wakh vvApqgnrwTGXU1YIzl95Cshfb1Tqj8Y0HUg7ETUGOB8En5QIsrLRMCyi8Akeyblk9l5z nWUHqxg1a7YEryJvfp4If9Pf5wC9JUeAss4kH8wDlQuaSNiHLdzEUL9Et10XMAkLTXis QY/g== X-Forwarded-Encrypted: i=1; AJvYcCWoCiFDLjocaNzrAkdNos3GIGqfaXTzF6jKhyoDIqeEK8auCQrYD4mjNhLmI9KFal83N+y7T+aueMFpRJ2ItWNIlrDacymCWURClvuI X-Gm-Message-State: AOJu0YzjsySScS/HtR/LpsX/EKNgkKdVl6ou8chveZN5DNPzTWOMo6ZC uv2Az8wirXUn672VhDxv9ceHKml5dpPdOe8r4O9peX5yyu07BTwKHmMFeBpUTfC5j27XBuL/x8+ 9kJxqB3xU/O8YiBrslxiAVHMvRRxvU7xpD0pK X-Received: by 2002:a50:fc08:0:b0:571:b9c7:2804 with SMTP id i8-20020a50fc08000000b00571b9c72804mr5894edr.5.1713549908902; Fri, 19 Apr 2024 11:05:08 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240118181954.1415197-1-zokeefe@google.com> <20240417111001.fa2eg5gp6t2wiwco@quack3> <20240418110434.g5bx5ntp2m4433eo@quack3> In-Reply-To: <20240418110434.g5bx5ntp2m4433eo@quack3> From: "Zach O'Keefe" Date: Fri, 19 Apr 2024 11:04:31 -0700 Message-ID: Subject: Re: [PATCH] mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again To: Jan Kara Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Maxim Patlasov , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Apr 18, 2024 at 4:04=E2=80=AFAM Jan Kara wrote: > > On Wed 17-04-24 12:33:39, Zach O'Keefe wrote: > > On Wed, Apr 17, 2024 at 4:10=E2=80=AFAM Jan Kara wrote: > > > > diff --git a/mm/page-writeback.c b/mm/page-writeback.c > > > > index cd4e4ae77c40a..02147b61712bc 100644 > > > > --- a/mm/page-writeback.c > > > > +++ b/mm/page-writeback.c > > > > @@ -1638,7 +1638,7 @@ static inline void wb_dirty_limits(struct dir= ty_throttle_control *dtc) > > > > */ > > > > dtc->wb_thresh =3D __wb_calc_thresh(dtc); > > > > dtc->wb_bg_thresh =3D dtc->thresh ? > > > > - div_u64((u64)dtc->wb_thresh * dtc->bg_thresh, dtc->th= resh) : 0; > > > > + div64_u64(dtc->wb_thresh * dtc->bg_thresh, dtc->thres= h) : 0; > ... > > > Thirdly, if thresholds are larger than 1<<32 pages, then dirty balanc= ing is > > > going to blow up in many other spectacular ways - consider only the > > > multiplication on this line - it will not necessarily fit into u64 an= ymore. > > > The whole dirty limiting code is interspersed with assumptions that l= imits > > > are actually within u32 and we do our calculations in unsigned longs = to > > > avoid worrying about overflows (with occasional typing to u64 to make= it > > > more interesting because people expected those entities to overflow 3= 2 bits > > > even on 32-bit archs). Which is lame I agree but so far people don't = seem > > > to be setting limits to 16TB or more. And I'm not really worried abou= t > > > security here since this is global-root-only tunable and that has muc= h > > > better ways to DoS the system. > > > > > > So overall I'm all for cleaning up this code but in a sensible way pl= ease. > > > E.g. for these overflow issues at least do it one function at a time = so > > > that we can sensibly review it. > > > > > > Andrew, can you please revert this patch until we have a better fix? = So far > > > it does more harm than good... Thanks! > > > > Shall we just roll-forward with a suitable fix? I think all the > > original code actually "needed" was to cast the ternary predicate, > > like: > > > > ---8<--- > > diff --git a/mm/page-writeback.c b/mm/page-writeback.c > > index fba324e1a010..ca1bfc0c9bdd 100644 > > --- a/mm/page-writeback.c > > +++ b/mm/page-writeback.c > > @@ -1637,8 +1637,8 @@ static inline void wb_dirty_limits(struct > > dirty_throttle_control *dtc) > > * at some rate <=3D (write_bw / 2) for bringing down wb_dirt= y. > > */ > > dtc->wb_thresh =3D __wb_calc_thresh(dtc); > > - dtc->wb_bg_thresh =3D dtc->thresh ? > > - div64_u64(dtc->wb_thresh * dtc->bg_thresh, dtc->thresh)= : 0; > > + dtc->wb_bg_thresh =3D (u32)dtc->thresh ? > > + div_u64((u64)dtc->wb_thresh * dtc->bg_thresh, dtc->thre= sh) : 0; > > Well, this would fix the division by 0 but when you read the code you > really start wondering what's going on :) [..] Ya, this was definitely a local fix in an area of code I know very little abit. I stumbled across it in a rather contrived way -- made easier by internal patches -- and felt its existence still warranted a local fix. > [..] And as I wrote above when > thresholds pass UINT_MAX, the dirty limitting code breaks down anyway so = I > don't think the machine will be more usable after your fix. Would you be = up > for a challenge to modify mm/page-writeback.c so that such huge limits > cannot be set instead? That would be actually a useful fix... :) I can't say my schedule affords me much time to take on any significant unplanned work. Perhaps as a Friday afternoon exercise I'll come back to scope this out, driven by some sense of responsibility garnered from starting down this path ; but ... my TODO list is long. Have a great rest of your day / weekend, Zach > Honza > > > > > /* > > * In order to avoid the stacked BDI deadlock we need > > ---8<--- > > > > Thanks, and apologize for the inconvenience > > > > Zach > > > > > Honza > > > -- > > > Jan Kara > > > SUSE Labs, CR > > > -- > Jan Kara > SUSE Labs, CR