Type conversion in encode_comp_t() may look a bit problematic.
Zheng Yejian (2):
acct: Fix accuracy loss for input value of encode_comp_t()
acct: Fix potential integer overflow in encode_comp_t()
kernel/acct.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--
2.17.1
See calculation of ac_{u,s}time in fill_ac():
> ac->ac_utime = encode_comp_t(nsec_to_AHZ(pacct->ac_utime));
> ac->ac_stime = encode_comp_t(nsec_to_AHZ(pacct->ac_stime));
Return value of nsec_to_AHZ() is always type of 'u64', but it is
handled as type of 'unsigned long' in encode_comp_t, and accuracy
loss would happen on 32-bit platform when 'unsigned long' value
is 32-bit-width.
So 'u64' value of encode_comp_t() may look better.
Signed-off-by: Zheng Yejian <[email protected]>
---
kernel/acct.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/acct.c b/kernel/acct.c
index a64102be2bb0..9e143ed5b5d0 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -301,7 +301,7 @@ void acct_exit_ns(struct pid_namespace *ns)
}
/*
- * encode an unsigned long into a comp_t
+ * encode an u64 into a comp_t
*
* This routine has been adopted from the encode_comp_t() function in
* the kern_acct.c file of the FreeBSD operating system. The encoding
@@ -312,7 +312,7 @@ void acct_exit_ns(struct pid_namespace *ns)
#define EXPSIZE 3 /* Base 8 (3 bit) exponent. */
#define MAXFRACT ((1 << MANTSIZE) - 1) /* Maximum fractional value. */
-static comp_t encode_comp_t(unsigned long value)
+static comp_t encode_comp_t(u64 value)
{
int exp, rnd;
--
2.17.1
The integer overflow is descripted with following codes:
> 317 static comp_t encode_comp_t(u64 value)
> 318 {
> 319 int exp, rnd;
......
> 341 exp <<= MANTSIZE;
> 342 exp += value;
> 343 return exp;
> 344 }
Currently comp_t is defined as type of '__u16', but the
variable 'exp' is type of 'int', so overflow would happen
when variable 'exp' in line 343 is greater than 65535.
Signed-off-by: Zheng Yejian <[email protected]>
---
kernel/acct.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/acct.c b/kernel/acct.c
index 9e143ed5b5d0..4182b92cf3df 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -331,6 +331,8 @@ static comp_t encode_comp_t(u64 value)
exp++;
}
+ if (exp > (((comp_t) ~0U) >> MANTSIZE))
+ return (comp_t) ~0U;
/*
* Clean it up and polish it off.
*/
--
2.17.1
On Wed, 2 Nov 2022 5:36:11 +0800, Andrew Morton <[email protected]> wrote:
> On Sat, 15 May 2021 22:06:29 +0800 Zheng Yejian <[email protected]> wrote:
>
> > Type conversion in encode_comp_t() may look a bit problematic.
> >
>
> It took me a while, but these patches seem OK to me. Is your May 2021
> series still all good to apply?
Yes, they are still good to apply, I have re-checked them in:
https://lore.kernel.org/lkml/[email protected]/
Those problems seems existed since 1da177e4c3f4 ("Linux-2.6.12-rc2").
-- Best regards, Zheng Yejian
>
> Thanks,