From patchwork Fri Jun 21 14:42:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 13707710 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43453C2BA1A for ; Fri, 21 Jun 2024 14:42:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7A8966B0518; Fri, 21 Jun 2024 10:42:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 757C96B051A; Fri, 21 Jun 2024 10:42:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4313E6B051C; Fri, 21 Jun 2024 10:42:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 151DD6B0518 for ; Fri, 21 Jun 2024 10:42:54 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 919D9A0FE9 for ; Fri, 21 Jun 2024 14:42:53 +0000 (UTC) X-FDA: 82255162626.30.E840987 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf03.hostedemail.com (Postfix) with ESMTP id B06982001A for ; Fri, 21 Jun 2024 14:42:49 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=CGgGfbbP; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=7n7W9uL4; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=3MwmW0kZ; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=4UclTcqg; spf=pass (imf03.hostedemail.com: domain of jack@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=jack@suse.cz; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1718980964; a=rsa-sha256; cv=none; b=07UnPihm7R0SOREP9z0nsUktmEaaAeRS/mEzsrtRn48T9y7psGhFhnPDuUsFpO2zj0YODG rgStUdiDXeVMMU2AAS68EaRwtl1Hn7heq89xX1N2d7bIm05VchsTnEST7wZGZJNNOwTNUc VWQCSj3wNBZ3VZcJY5zLsP4I3XT9RWU= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=CGgGfbbP; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=7n7W9uL4; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=3MwmW0kZ; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=4UclTcqg; spf=pass (imf03.hostedemail.com: domain of jack@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=jack@suse.cz; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1718980964; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dqyr0RnJbJELV3zUJDpwC0MLM3pwEIlgqTYPmWwusLQ=; b=hSLR9oT1kG6WJVLTFlcgM1P130RfyiU5msME9sJtStSQsAMHoqEsLykCyztoAybuqAxJxm qwwZVUq/rtX7j6QxH6rodt4/T4315QBJ/2OO7cwfS4CAAo2vStdMd2y1Ug3lBbJTqNec9O 5EXQDVI0CqJ+4h/UC+sB31PQLRqBfuM= Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id BAEC621B22; Fri, 21 Jun 2024 14:42:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1718980968; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dqyr0RnJbJELV3zUJDpwC0MLM3pwEIlgqTYPmWwusLQ=; b=CGgGfbbPChCd8y/7GSSaz7DZIQCFRDc/9GlzIfI2xEzAkoVYUvUXeB0A9ZZ4GhlFkmLxwt azwcxI6OUQMz6UOZaNsDesNsEAb4tf66O98AnAEhB6EjzhrE3TwNyJnf/UULTx8j8JtL6P 3xK/WuSPVsG7ZQrdgKSxVBn036KwLNw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1718980968; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dqyr0RnJbJELV3zUJDpwC0MLM3pwEIlgqTYPmWwusLQ=; b=7n7W9uL4eF+l3Nr33q++tRL692RiB9kasHXLuo1PymJEWF2LnCFtJnHeLD703ZLlS7egsE z/mkViTI+7LBusDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1718980966; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dqyr0RnJbJELV3zUJDpwC0MLM3pwEIlgqTYPmWwusLQ=; b=3MwmW0kZcf3W8Pda8g0IoaPQZr0uEX/Lr/SlgxheU9YfeIhUYTRPuO7t/PLkerWMSLRBpD UaKzs5mPJU+gV/nU3xAdDTfmMVmlviZY+Itutjfjbw5JEY0vfnsbAWZrM1c2fit2sFYfjS v9FXvyqkijagWJgfgsqGYPh3q/KRQY4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1718980966; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dqyr0RnJbJELV3zUJDpwC0MLM3pwEIlgqTYPmWwusLQ=; b=4UclTcqgE3nwYJ4MQieFWoVYYl6y+aKtT2DdnO0PnaOBmx8HxpEnIliGuludmCiOxYTpMb 9IF3T0KDC4OrF4Dw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id AAC5713ABD; Fri, 21 Jun 2024 14:42:46 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id RoBlKWaRdWY1LgAAD6G6ig (envelope-from ); Fri, 21 Jun 2024 14:42:46 +0000 Received: by quack3.suse.cz (Postfix, from userid 1000) id 505B6A088C; Fri, 21 Jun 2024 16:42:46 +0200 (CEST) From: Jan Kara To: Andrew Morton Cc: , , Jan Kara , Zach O'Keefe Subject: [PATCH 2/2] mm: Avoid overflows in dirty throttling logic Date: Fri, 21 Jun 2024 16:42:38 +0200 Message-Id: <20240621144246.11148-2-jack@suse.cz> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20240621144017.30993-1-jack@suse.cz> References: <20240621144017.30993-1-jack@suse.cz> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3212; i=jack@suse.cz; h=from:subject; bh=PGQ9eidZxl5PPmsdmaSvP6Cbz/TS6SEJbHpwpDbqIXg=; b=owEBbQGS/pANAwAIAZydqgc/ZEDZAcsmYgBmdZFe1cqxh1W5xSHP5qGjzvsdKdp2/ceQRROd4IDx Z1STypOJATMEAAEIAB0WIQSrWdEr1p4yirVVKBycnaoHP2RA2QUCZnWRXgAKCRCcnaoHP2RA2bh6B/ 4o3zS6c3ozgcIrmDXXjjNGDIosNSTgXsSgX4g9ID690j3es5QwCpDRSmzjA1SffZzkmIPLnQEFUfT6 /toeZ8EzycoWui6oDT9S5dS1K/6xi8fsuW78oshqhRJ09rZzpaoudk4WZmvFitgu3JzNktKpZThGTm eRM3h11/VL6VNyK0DQia1x6YU+cPq1CvJwrZfkaRA73wnN8nSuZf7Wiwwkxyr45LJzIFg4Ssefd2zS jaTOQjWKUWfpZiANeTf4ANaOEu0ZvXhiLOpp1fOUeefDqhkg9vZHbfsw9unh4PEeRdNrAKvuT3FJa/ jogccdAbXvip097M0iREZpEqvawD/h X-Developer-Key: i=jack@suse.cz; a=openpgp; fpr=93C6099A142276A28BBE35D815BC833443038D8C X-Stat-Signature: tg43g7ygxyy9exbpf7db4n4wyk57pi8y X-Rspamd-Queue-Id: B06982001A X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1718980969-957981 X-HE-Meta: U2FsdGVkX19ymuGQeD0cLFeoJm2Iz3c+MO2EZ3uvLGD9Tol3qnL1V5KSAX4TtssqdoYItVH6ftxDoXLVeRTGiPZcYrKxR+cP7y1VVNDSIQMJze/Z+z0LduqG0FVfgbEt5uWyEAjaL3iStleWFoKXmIKPqgZ7qks4aZIWhPlNZ1hx7HO1VfigPmhdFcxZSgYEbuWCfGyrjG4tDAX7XOxa40soKFGBH0RJVYKewyELIMXLsNG6dPkzi45u7kbVWl3wgIVvjqKGQAfNMC9H7XGD2LSlzgyVu2KurVgOGZ4/HbTwydlmqvu+FXzV83kULLXhrMM7Dwaaq3hzjYSIMTKNLeiduCpVbCb+3+YF66C43xoKTcOWnybxfPyZP3d/zOYxqyFyx4fEZ9BkMW+zWpxksF4Wd1xz0JHuNGES2cOrYgRv/V5jdElKIEWQAIbgCD3wovEvIqPIVFiTJZedaTmCqlyHQm0r1+RYzj8sCswM1SpSW1zb2LOmGI1jp0eCFyBVhwPi1oJRFJyUg3SJO7WqIB+Szp5VRlPrMEaA78epj80IvSWjhtV9CoML2LdcvwLyIFiPsWE+JHqpW1Ju2IZYFiI5ifn8WnlEa/BxEI6yvoJKmT7l9D4/1I6V/yFLfIPROPkmBdK6Bgu4xje5E3HTXRR3CUI//32f+P6MILD4+o5MWdPqewCGgUT4yakFufRDLFkZN1NUjH/13Yu2+f4xol4uWojVcdSsU0UAbbD6MXb1VK2hLfW2KHjH4RERCgGNnjEy9kaZo/pwd6XcZl3MvyJRuMlOw1CfyvtiAEhtD9+MIPXuf6IZEyE2qxQ9ytezXLXR+UjlvEZuRf1EUsr3HwLZQt480FUS9U59lO8zBAI2mjyV/uyTOd9eCm8N1P+DO2W/MUrztWS6MaKBiVQAbviRXwqfjJCM0rxnbVK+4C59sX+TRykwoRkqBMkfN/fwXSGDxnZZ/zHJ9A1uSDO oM4drB4B Z81a2qIpnu3DXo3a4RED/VYIDlJ8RSP1PGRbRlmekraesh6HM71sHAse0G5kxy/fPSW4d3euFbAdDymO8i2JAUs7/8CqlCLNcXrI0fThlZQCG+1N1GWpcYHageWVYiWarZPPRJ1LAp+7dfgBcXpX8f+cVcjOJYBFlnDDc8OHIxZucqay7qdhgpKW3ORq5DKuksdlWe5pOFM1lFctvU2GV1gYm7JIuWRyEAfZL5LVtc1v+PEw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. Reported-by: Zach O'Keefe Signed-off-by: Jan Kara Reviewed-By: Zach O'Keefe --- mm/page-writeback.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 2573e2d504af..8a1c92090129 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -415,13 +415,20 @@ static void domain_dirty_limits(struct dirty_throttle_control *dtc) else bg_thresh = (bg_ratio * available_memory) / PAGE_SIZE; - if (bg_thresh >= thresh) - bg_thresh = thresh / 2; tsk = current; if (rt_task(tsk)) { bg_thresh += bg_thresh / 4 + global_wb_domain.dirty_limit / 32; thresh += thresh / 4 + global_wb_domain.dirty_limit / 32; } + /* + * Dirty throttling logic assumes the limits in page units fit into + * 32-bits. This gives 16TB dirty limits max which is hopefully enough. + */ + if (thresh > UINT_MAX) + thresh = UINT_MAX; + /* This makes sure bg_thresh is within 32-bits as well */ + if (bg_thresh >= thresh) + bg_thresh = thresh / 2; dtc->thresh = thresh; dtc->bg_thresh = bg_thresh; @@ -471,7 +478,11 @@ static unsigned long node_dirty_limit(struct pglist_data *pgdat) if (rt_task(tsk)) dirty += dirty / 4; - return dirty; + /* + * Dirty throttling logic assumes the limits in page units fit into + * 32-bits. This gives 16TB dirty limits max which is hopefully enough. + */ + return min_t(unsigned long, dirty, UINT_MAX); } /** @@ -508,10 +519,17 @@ static int dirty_background_bytes_handler(struct ctl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos) { int ret; + unsigned long old_bytes = dirty_background_bytes; ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos); - if (ret == 0 && write) + if (ret == 0 && write) { + if (DIV_ROUND_UP(dirty_background_bytes, PAGE_SIZE) > + UINT_MAX) { + dirty_background_bytes = old_bytes; + return -ERANGE; + } dirty_background_ratio = 0; + } return ret; } @@ -537,6 +555,10 @@ static int dirty_bytes_handler(struct ctl_table *table, int write, ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos); if (ret == 0 && write && vm_dirty_bytes != old_bytes) { + if (DIV_ROUND_UP(vm_dirty_bytes, PAGE_SIZE) > UINT_MAX) { + vm_dirty_bytes = old_bytes; + return -ERANGE; + } writeback_set_ratelimit(); vm_dirty_ratio = 0; }