From patchwork Thu Nov 16 00:38:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10060535 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6005960230 for ; Thu, 16 Nov 2017 00:40:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A52D2A3E4 for ; Thu, 16 Nov 2017 00:40:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3F0FD237A5; Thu, 16 Nov 2017 00:40:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1E5A72A3E1 for ; Thu, 16 Nov 2017 00:40:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7B81F62E82; Thu, 16 Nov 2017 00:40:27 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B0EB86046E; Thu, 16 Nov 2017 00:40:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 145F21800BD3; Thu, 16 Nov 2017 00:40:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id vAG0dOUS004237 for ; Wed, 15 Nov 2017 19:39:24 -0500 Received: by smtp.corp.redhat.com (Postfix) id 416AA6047B; Thu, 16 Nov 2017 00:39:24 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com [10.5.110.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3B92060176 for ; Thu, 16 Nov 2017 00:39:20 +0000 (UTC) Received: from mail-it0-f66.google.com (mail-it0-f66.google.com [209.85.214.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A08FC1A4069 for ; Thu, 16 Nov 2017 00:39:19 +0000 (UTC) Received: by mail-it0-f66.google.com with SMTP id m191so3912203itg.2 for ; Wed, 15 Nov 2017 16:39:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=m5LjU57yFDMLzkOKRbji8jPjwGz1avmlWueSnB5jjs8=; b=r2eDCBU4DLkqMLambi0nBDhrDpb8fp5APdwT6q52dwXTB/LwLoOSZOyzzVNLwSY2Um 3+eyQMJFbLfGWY39KLGQHnUu/MFYT2yfqtcy7q9Hsv/OqqMv0cknPciAPljK4yNZCXjs AmB7GFCmfrvic3bofcCAg08FPs8CNoyB7zDwWYgKFJsuMrL8VQ4QP57mEOFe8LCojwnD aMO34IR2WgWp1R3kbStneCv3qxuqC8dP0NGEq4oX/Baa5UppFYf+7CNx57pBTmaM3qxa VU2Hx+drijJzkZBdksmMMbhtgDH3gU+05Oa9ZY4e3eN2JPlzYILjADSq9epFBNgp11HS Nf6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=m5LjU57yFDMLzkOKRbji8jPjwGz1avmlWueSnB5jjs8=; b=sifHQpBsogTFfi+F15OGMILEi5kG0Y6igZYZf7sUVnAvTthQKR04VX10LC3X+/iW/h BYv9hJwQQOAcQRNBmWbtdxtS7Gmp1UN9wIMqf5HLXA7w5wV0iU6NWR3pD625ixIBJ2BQ k+3T291fGxxrcoTntLA0wi8OKnLsJTyDNfvym9GDn9frnR8YKyMZ3AY5/1oN57TSP5SZ EN2NjmhKzs3uZVCWPZX4cboCWKl5Gutd5piLmWHJKEZfQTh47ZmWF6xpsNMMJBRLnb8v Zyx3qSiyOd0kzXF9kAR53W4YYnb98tdFcYKfod+LsEi9wjLXRSboBXrABZ7pRvvqZD67 fQ7A== X-Gm-Message-State: AJaThX6jJPQZWyNK8VoqvhNER76faWzb6mOmkxaq+rKTFX0j/IzoWrAv BlHYZm9V+wozpSzo5rNrkfb/5UJZPJ8= X-Google-Smtp-Source: AGs4zMaCnzEJWZl/mWxmZHCyqjJcwm3eIPQSFiGLBOlz0bNtvKYKRFm2PdJadn14D0dq8qEILne0bA== X-Received: by 10.36.162.76 with SMTP id o12mr347783iti.76.1510792758276; Wed, 15 Nov 2017 16:39:18 -0800 (PST) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.175.88]) by smtp.gmail.com with ESMTPSA id y198sm10284894iod.50.2017.11.15.16.39.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 15 Nov 2017 16:39:16 -0800 (PST) From: Eric Biggers To: dm-devel@redhat.com Date: Wed, 15 Nov 2017 16:38:09 -0800 Message-Id: <20171116003809.28767-1-ebiggers@google.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 16 Nov 2017 00:39:19 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 16 Nov 2017 00:39:19 +0000 (UTC) for IP:'209.85.214.66' DOMAIN:'mail-it0-f66.google.com' HELO:'mail-it0-f66.google.com' FROM:'ebiggers@google.com' RCPT:'' X-RedHat-Spam-Score: -0.132 (DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RP_MATCHES_RCVD, SPF_PASS) 209.85.214.66 mail-it0-f66.google.com 209.85.214.66 mail-it0-f66.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: dm-devel@redhat.com Cc: Will Drewry , Mike Snitzer , Eric Biggers , Michael Halcrow , stable@vger.kernel.org, Mikulas Patocka , Sami Tolvanen , Alasdair Kergon Subject: [dm-devel] [PATCH] dm bufio: fix integer overflow when limiting maximum cache size X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 16 Nov 2017 00:40:28 +0000 (UTC) X-Virus-Scanned: ClamAV using ClamSMTP The default max_cache_size_bytes for dm-bufio is meant to be the lesser of 25% of the size of the vmalloc area and 2% of the size of lowmem. However, on 32-bit systems the intermediate result in the expression (VMALLOC_END - VMALLOC_START) * DM_BUFIO_VMALLOC_PERCENT / 100 overflows, causing the wrong result to be computed. For example, on a 32-bit system where the vmalloc area is 520093696 bytes, the result is 1174405 rather than the expected 130023424, which makes the maximum cache size much too small (far less than 2% of lowmem). This causes severe performance problems for dm-verity users on affected systems. Fix this by using mult_frac() to correctly multiply by a percentage. Do this for all places in dm-bufio that multiply by a percentage. Also replace (VMALLOC_END - VMALLOC_START) with VMALLOC_TOTAL, which contrary to the comment is now defined in include/linux/vmalloc.h. Fixes: 95d402f057f2 ("dm: add bufio") Cc: # v3.2+ Signed-off-by: Eric Biggers --- drivers/md/dm-bufio.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 33bb074d6941..b8ac591aaaa7 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -974,7 +974,8 @@ static void __get_memory_limit(struct dm_bufio_client *c, buffers = c->minimum_buffers; *limit_buffers = buffers; - *threshold_buffers = buffers * DM_BUFIO_WRITEBACK_PERCENT / 100; + *threshold_buffers = mult_frac(buffers, + DM_BUFIO_WRITEBACK_PERCENT, 100); } /* @@ -1910,19 +1911,15 @@ static int __init dm_bufio_init(void) memset(&dm_bufio_caches, 0, sizeof dm_bufio_caches); memset(&dm_bufio_cache_names, 0, sizeof dm_bufio_cache_names); - mem = (__u64)((totalram_pages - totalhigh_pages) * - DM_BUFIO_MEMORY_PERCENT / 100) << PAGE_SHIFT; + mem = (__u64)mult_frac(totalram_pages - totalhigh_pages, + DM_BUFIO_MEMORY_PERCENT, 100) << PAGE_SHIFT; if (mem > ULONG_MAX) mem = ULONG_MAX; #ifdef CONFIG_MMU - /* - * Get the size of vmalloc space the same way as VMALLOC_TOTAL - * in fs/proc/internal.h - */ - if (mem > (VMALLOC_END - VMALLOC_START) * DM_BUFIO_VMALLOC_PERCENT / 100) - mem = (VMALLOC_END - VMALLOC_START) * DM_BUFIO_VMALLOC_PERCENT / 100; + if (mem > mult_frac(VMALLOC_TOTAL, DM_BUFIO_VMALLOC_PERCENT, 100)) + mem = mult_frac(VMALLOC_TOTAL, DM_BUFIO_VMALLOC_PERCENT, 100); #endif dm_bufio_default_cache_size = mem;