arm64: kvm: avoid overflow in integer division

Message ID	20230517202352.793673-1-arnd@kernel.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> From: Arnd Bergmann <arnd@kernel.org> To: Marc Zyngier <maz@kernel.org>, Oliver Upton <oliver.upton@linux.dev>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Shaoqin Huang <shahuang@redhat.com>, Ricardo Koller <ricarkol@google.com>, Gavin Shan <gshan@redhat.com> Cc: Arnd Bergmann <arnd@arndb.de>, James Morse <james.morse@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Zenghui Yu <yuzenghui@huawei.com>, Cornelia Huck <cohuck@redhat.com>, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: [PATCH] arm64: kvm: avoid overflow in integer division Date: Wed, 17 May 2023 22:23:39 +0200 Message-Id: <20230517202352.793673-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	arm64: kvm: avoid overflow in integer division \| expand arm64: kvm: avoid overflow in integer division

Message ID

20230517202352.793673-1-arnd@kernel.org (mailing list archive)

State

New, archived

Headers

From: Arnd Bergmann <arnd@kernel.org>
To: Marc Zyngier <maz@kernel.org>,
	Oliver Upton <oliver.upton@linux.dev>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>,
	Shaoqin Huang <shahuang@redhat.com>,
	Ricardo Koller <ricarkol@google.com>,
	Gavin Shan <gshan@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>,
	James Morse <james.morse@arm.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Zenghui Yu <yuzenghui@huawei.com>,
	Cornelia Huck <cohuck@redhat.com>,
	linux-arm-kernel@lists.infradead.org,
	kvmarm@lists.linux.dev,
	linux-kernel@vger.kernel.org
Subject: [PATCH] arm64: kvm: avoid overflow in integer division
Date: Wed, 17 May 2023 22:23:39 +0200
Message-Id: <20230517202352.793673-1-arnd@kernel.org>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

arm64: kvm: avoid overflow in integer division | expand

Commit Message

Arnd Bergmann May 17, 2023, 8:23 p.m. UTC

From: Arnd Bergmann <arnd@arndb.de>

The newly added kvm_mmu_split_nr_page_tables() function uses DIV_ROUND_DOWN_ULL()
to divide 64-bit addresses, but this requires a 32-bit divisior, and PUD_SIZE
may exceed that when 64KB pages are used:

arch/arm64/kvm/mmu.c: In function 'kvm_mmu_split_nr_page_tables':
include/linux/math.h:42:64: error: conversion from 'long unsigned int' to 'u32' {aka 'unsigned int'} changes value from '68719476736' to '0' [-Werror=overflow]
   42 |         DIV_ROUND_DOWN_ULL((unsigned long long)(ll) + (d) - 1, (d))
      |                                                                ^~~
include/linux/math.h:39:47: note: in definition of macro 'DIV_ROUND_DOWN_ULL'
   39 | #define DIV_ROUND_DOWN_ULL(ll, d) div_u64(ll, d)
      |                                               ^
arch/arm64/kvm/mmu.c:95:22: note: in expansion of macro 'DIV_ROUND_UP_ULL'
   95 |                 n += DIV_ROUND_UP_ULL(range, PUD_SIZE);
      |                      ^~~~~~~~~~~~~~~~

Since this code is only used on 64-bit targets, DIV_ROUND_UP() can deal with this
more easily, as it already takes 64-bit arguments.

Fixes: e7bf7a490c68 ("KVM: arm64: Split huge pages when dirty logging is enabled")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 arch/arm64/kvm/mmu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Marc Zyngier May 18, 2023, 7:30 a.m. UTC | #1

On Wed, 17 May 2023 21:23:39 +0100,
Arnd Bergmann <arnd@kernel.org> wrote:
> 
> From: Arnd Bergmann <arnd@arndb.de>
> 
> The newly added kvm_mmu_split_nr_page_tables() function uses DIV_ROUND_DOWN_ULL()
> to divide 64-bit addresses, but this requires a 32-bit divisior, and PUD_SIZE
> may exceed that when 64KB pages are used:
> 
> arch/arm64/kvm/mmu.c: In function 'kvm_mmu_split_nr_page_tables':
> include/linux/math.h:42:64: error: conversion from 'long unsigned int' to 'u32' {aka 'unsigned int'} changes value from '68719476736' to '0' [-Werror=overflow]
>    42 |         DIV_ROUND_DOWN_ULL((unsigned long long)(ll) + (d) - 1, (d))
>       |                                                                ^~~
> include/linux/math.h:39:47: note: in definition of macro 'DIV_ROUND_DOWN_ULL'
>    39 | #define DIV_ROUND_DOWN_ULL(ll, d) div_u64(ll, d)
>       |                                               ^
> arch/arm64/kvm/mmu.c:95:22: note: in expansion of macro 'DIV_ROUND_UP_ULL'
>    95 |                 n += DIV_ROUND_UP_ULL(range, PUD_SIZE);
>       |                      ^~~~~~~~~~~~~~~~
> 
> Since this code is only used on 64-bit targets, DIV_ROUND_UP() can deal with this
> more easily, as it already takes 64-bit arguments.
> 
> Fixes: e7bf7a490c68 ("KVM: arm64: Split huge pages when dirty logging is enabled")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  arch/arm64/kvm/mmu.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
> index 3386bd28d267..6db9ef288ec3 100644
> --- a/arch/arm64/kvm/mmu.c
> +++ b/arch/arm64/kvm/mmu.c
> @@ -92,8 +92,8 @@ static int kvm_mmu_split_nr_page_tables(u64 range)
>  	int n = 0;
>  
>  	if (KVM_PGTABLE_MIN_BLOCK_LEVEL < 2)
> -		n += DIV_ROUND_UP_ULL(range, PUD_SIZE);
> -	n += DIV_ROUND_UP_ULL(range, PMD_SIZE);
> +		n += DIV_ROUND_UP(range, PUD_SIZE);
> +	n += DIV_ROUND_UP(range, PMD_SIZE);
>  	return n;
>  }

This is against -next, right? Oliver, I assume you'll take this as a
fix for Ricardo's series?

Thanks,

	M.

Arnd Bergmann May 18, 2023, 12:14 p.m. UTC | #2

On Thu, May 18, 2023, at 09:30, Marc Zyngier wrote:
> On Wed, 17 May 2023 21:23:39 +0100,
> Arnd Bergmann <arnd@kernel.org> wrote:
>> diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
>> index 3386bd28d267..6db9ef288ec3 100644
>> --- a/arch/arm64/kvm/mmu.c
>> +++ b/arch/arm64/kvm/mmu.c
>> @@ -92,8 +92,8 @@ static int kvm_mmu_split_nr_page_tables(u64 range)
>>  	int n = 0;
>>  
>>  	if (KVM_PGTABLE_MIN_BLOCK_LEVEL < 2)
>> -		n += DIV_ROUND_UP_ULL(range, PUD_SIZE);
>> -	n += DIV_ROUND_UP_ULL(range, PMD_SIZE);
>> +		n += DIV_ROUND_UP(range, PUD_SIZE);
>> +	n += DIV_ROUND_UP(range, PMD_SIZE);
>>  	return n;
>>  }
>
> This is against -next, right? Oliver, I assume you'll take this as a
> fix for Ricardo's series?

Yes, correct, I saw it after rebasing my tree from 6.4-rc2 to the
latest -next.

     Arnd

Oliver Upton May 18, 2023, 5:45 p.m. UTC | #3

On Wed, 17 May 2023 22:23:39 +0200, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
> 
> The newly added kvm_mmu_split_nr_page_tables() function uses DIV_ROUND_DOWN_ULL()
> to divide 64-bit addresses, but this requires a 32-bit divisior, and PUD_SIZE
> may exceed that when 64KB pages are used:
> 
> arch/arm64/kvm/mmu.c: In function 'kvm_mmu_split_nr_page_tables':
> include/linux/math.h:42:64: error: conversion from 'long unsigned int' to 'u32' {aka 'unsigned int'} changes value from '68719476736' to '0' [-Werror=overflow]
>    42 |         DIV_ROUND_DOWN_ULL((unsigned long long)(ll) + (d) - 1, (d))
>       |                                                                ^~~
> include/linux/math.h:39:47: note: in definition of macro 'DIV_ROUND_DOWN_ULL'
>    39 | #define DIV_ROUND_DOWN_ULL(ll, d) div_u64(ll, d)
>       |                                               ^
> arch/arm64/kvm/mmu.c:95:22: note: in expansion of macro 'DIV_ROUND_UP_ULL'
>    95 |                 n += DIV_ROUND_UP_ULL(range, PUD_SIZE);
>       |                      ^~~~~~~~~~~~~~~~
> 
> [...]

Applied to kvmarm/next, thanks!

[1/1] arm64: kvm: avoid overflow in integer division
      https://git.kernel.org/kvmarm/kvmarm/c/14c3555f055d

--
Best,
Oliver

diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 3386bd28d267..6db9ef288ec3 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -92,8 +92,8 @@  static int kvm_mmu_split_nr_page_tables(u64 range)
 	int n = 0;
 
 	if (KVM_PGTABLE_MIN_BLOCK_LEVEL < 2)
-		n += DIV_ROUND_UP_ULL(range, PUD_SIZE);
-	n += DIV_ROUND_UP_ULL(range, PMD_SIZE);
+		n += DIV_ROUND_UP(range, PUD_SIZE);
+	n += DIV_ROUND_UP(range, PMD_SIZE);
 	return n;
 }

arm64: kvm: avoid overflow in integer division

Commit Message

Comments

Patch