The patch titled
Subject: ipc/msg: avoid negative value by overflow in msginfo
has been added to the -mm mm-nonmm-unstable branch. Its filename is
ipc-msg-mitigate-the-lock-contention-with-percpu-counter-fix.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/ipc-msg-mitigate-the-lock-contention-with-percpu-counter-fix.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Jiebin Sun <jiebin.sun@xxxxxxxxx>
Subject: ipc/msg: avoid negative value by overflow in msginfo
Date: Tue, 20 Sep 2022 23:08:09 +0800
The 32-bit value in msginfo struct could be negative if we get it from
signed 64-bit. Clamping it to INT_MAX helps to avoid the negative value
by overflow.
Link: https://lkml.kernel.org/r/20220920150809.4014944-1-jiebin.sun@xxxxxxxxx
Signed-off-by: Jiebin Sun <jiebin.sun@xxxxxxxxx>
Reviewed-by: Manfred Spraul <manfred@xxxxxxxxxxxxxxx>
Reviewed-by: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
--- a/ipc/msg.c~ipc-msg-mitigate-the-lock-contention-with-percpu-counter-fix
+++ a/ipc/msg.c
@@ -501,8 +501,8 @@ static int msgctl_info(struct ipc_namesp
max_idx = ipc_get_maxidx(&msg_ids(ns));
up_read(&msg_ids(ns).rwsem);
if (cmd == MSG_INFO) {
- msginfo->msgmap = percpu_counter_sum(&ns->percpu_msg_hdrs);
- msginfo->msgtql = percpu_counter_sum(&ns->percpu_msg_bytes);
+ msginfo->msgmap = min(percpu_counter_sum(&ns->percpu_msg_hdrs), INT_MAX);
+ msginfo->msgtql = min(percpu_counter_sum(&ns->percpu_msg_bytes), INT_MAX);
} else {
msginfo->msgmap = MSGMAP;
msginfo->msgpool = MSGPOOL;
_
Patches currently in -mm which might be from jiebin.sun@xxxxxxxxx are
percpu-add-percpu_counter_add_local-and-percpu_counter_sub_local.patch
ipc-msg-mitigate-the-lock-contention-with-percpu-counter.patch
ipc-msg-mitigate-the-lock-contention-with-percpu-counter-fix.patch
