On Tue, May 7, 2013 at 10:04 PM, Michal Hocko <mhocko@xxxxxxx> wrote:
> On Sun 05-05-13 23:43:10, Sha Zhengju wrote:
>> Since PAGE_ALIGN is aligning up(the next page boundary), this can
>> prevent input values wrapped to 0 and cause strange result to user.
>
> I guess you wanted to say that it can cause an overflow, right?
> "
> Since PAGE_ALIGN is aligning up (to the next page boundary), this can
> cause an overflow to 0 if >= ULLONG_MAX-4094 value is given in the
> buffer.
> "
Yes!
>>
>> This patch also rename the second arg of
>> res_counter_memparse_write_strategy() to 'resp' and add a local
>> variable 'res' to save the too often dereferences. Thanks Andrew
>> for pointing it out!
>
> Again, it would be nicer to have this cleanup in a separate patch.
Okay.
>
>> Signed-off-by: Sha Zhengju <handai.szj@xxxxxxxxxx>
>> Reported-by: Li Wenpeng <xingke.lwp@xxxxxxxxxx>
>
> Acked-by: Michal Hocko <mhocko@xxxxxxx>
>
> We have this bug since ever and nobody has noticed so nobody seems to
> use
Yeah, that's rarely occur, but we happened to run into it.
Thank you for the comments!
>
>> ---
>> kernel/res_counter.c | 18 ++++++++++++------
>> 1 file changed, 12 insertions(+), 6 deletions(-)
>>
>> diff --git a/kernel/res_counter.c b/kernel/res_counter.c
>> index 3f0417f..be8ddda 100644
>> --- a/kernel/res_counter.c
>> +++ b/kernel/res_counter.c
>> @@ -178,23 +178,29 @@ u64 res_counter_read_u64(struct res_counter *counter, int member)
>> #endif
>>
>> int res_counter_memparse_write_strategy(const char *buf,
>> - unsigned long long *res)
>> + unsigned long long *resp)
>> {
>> char *end;
>> + unsigned long long res;
>>
>> /* return RES_COUNTER_MAX(unlimited) if "-1" is specified */
>> if (*buf == '-') {
>> - *res = simple_strtoull(buf + 1, &end, 10);
>> - if (*res != 1 || *end != '\0')
>> + res = simple_strtoull(buf + 1, &end, 10);
>> + if (res != 1 || *end != '\0')
>> return -EINVAL;
>> - *res = RES_COUNTER_MAX;
>> + *resp = RES_COUNTER_MAX;
>> return 0;
>> }
>>
>> - *res = memparse(buf, &end);
>> + res = memparse(buf, &end);
>> if (*end != '\0')
>> return -EINVAL;
>>
>> - *res = PAGE_ALIGN(*res);
>> + if (PAGE_ALIGN(res) >= res)
>> + res = PAGE_ALIGN(res);
>> + else
>> + res = RES_COUNTER_MAX; /* avoid PAGE_ALIGN wrapping to zero */
>> +
>> + *resp = res;
>> return 0;
>> }
>> --
>> 1.7.9.5
>>
>
> --
> Michal Hocko
> SUSE Labs
--
Thanks,
Sha
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>