[RFC,1/3] fs/pipe: Limit the slots in pipe_resize_ring()

Message ID	20250306113924.20004-2-kprateek.nayak@amd.com (mailing list archive)
State	New
Headers	show Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2056.outbound.protection.outlook.com [40.107.236.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4777220D4F6; Thu, 6 Mar 2025 11:40:14 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: K Prateek Nayak <kprateek.nayak@amd.com> To: Linus Torvalds <torvalds@linux-foundation.org>, Oleg Nesterov <oleg@redhat.com>, Miklos Szeredi <miklos@szeredi.hu>, Alexander Viro <viro@zeniv.linux.org.uk>, Christian Brauner <brauner@kernel.org>, "Andrew Morton" <akpm@linux-foundation.org>, Hugh Dickins <hughd@google.com>, <linux-fsdevel@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-mm@kvack.org> CC: Jan Kara <jack@suse.cz>, "Matthew Wilcox (Oracle)" <willy@infradead.org>, Mateusz Guzik <mjguzik@gmail.com>, "Gautham R. Shenoy" <gautham.shenoy@amd.com>, Rasmus Villemoes <ravi@prevas.dk>, <Neeraj.Upadhyay@amd.com>, <Ananth.narayan@amd.com>, Swapnil Sapkal <swapnil.sapkal@amd.com>, K Prateek Nayak <kprateek.nayak@amd.com> Subject: [RFC PATCH 1/3] fs/pipe: Limit the slots in pipe_resize_ring() Date: Thu, 6 Mar 2025 11:39:22 +0000 Message-ID: <20250306113924.20004-2-kprateek.nayak@amd.com> In-Reply-To: <20250306113924.20004-1-kprateek.nayak@amd.com> References: <CAHk-=wjyHsGLx=rxg6PKYBNkPYAejgo7=CbyL3=HGLZLsAaJFQ@mail.gmail.com> <20250306113924.20004-1-kprateek.nayak@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	pipe: Convert pipe->{head,tail} to unsigned short \| expand [RFC,0/3] pipe: Convert pipe->{head,tail} to unsigned short [RFC,1/3] fs/pipe: Limit the slots in pipe_resize_ring() [RFC,2/3] fs/splice: Atomically read pipe->{head,tail} in opipe_prep() [RFC,3/3] treewide: pipe: Convert all references to pipe->{head,tail,max_usage,ring_size} to unsign…

Message ID

20250306113924.20004-2-kprateek.nayak@amd.com (mailing list archive)

State

New

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: K Prateek Nayak <kprateek.nayak@amd.com>
To: Linus Torvalds <torvalds@linux-foundation.org>, Oleg Nesterov
	<oleg@redhat.com>, Miklos Szeredi <miklos@szeredi.hu>, Alexander Viro
	<viro@zeniv.linux.org.uk>, Christian Brauner <brauner@kernel.org>, "Andrew
 Morton" <akpm@linux-foundation.org>, Hugh Dickins <hughd@google.com>,
	<linux-fsdevel@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<linux-mm@kvack.org>
CC: Jan Kara <jack@suse.cz>, "Matthew Wilcox (Oracle)" <willy@infradead.org>,
	Mateusz Guzik <mjguzik@gmail.com>, "Gautham R. Shenoy"
	<gautham.shenoy@amd.com>, Rasmus Villemoes <ravi@prevas.dk>,
	<Neeraj.Upadhyay@amd.com>, <Ananth.narayan@amd.com>, Swapnil Sapkal
	<swapnil.sapkal@amd.com>, K Prateek Nayak <kprateek.nayak@amd.com>
Subject: [RFC PATCH 1/3] fs/pipe: Limit the slots in pipe_resize_ring()
Date: Thu, 6 Mar 2025 11:39:22 +0000
Message-ID: <20250306113924.20004-2-kprateek.nayak@amd.com>
In-Reply-To: <20250306113924.20004-1-kprateek.nayak@amd.com>
References: 
 <CAHk-=wjyHsGLx=rxg6PKYBNkPYAejgo7=CbyL3=HGLZLsAaJFQ@mail.gmail.com>
 <20250306113924.20004-1-kprateek.nayak@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2025 11:40:06.0329
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 a0e95e4b-797a-41b0-d0f3-08dd5ca3a449
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	CY4PEPF0000E9DC.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8707

Series

pipe: Convert pipe->{head,tail} to unsigned short | expand

Commit Message

K Prateek Nayak March 6, 2025, 11:39 a.m. UTC

Limit the number of slots in pipe_resize_ring() to the maximum value
representable by pipe->{head,tail}. Values beyond the max limit can
lead to incorrect pipe_occupancy() calculations where the pipe will
never appear full.

Since nr_slots is always a power of 2 and the maximum size of
pipe_index_t is 32 bits, BIT() is sufficient to represent the maximum
value possible for nr_slots.

Signed-off-by: K Prateek Nayak <kprateek.nayak@amd.com>
---
 fs/pipe.c | 4 ++++
 1 file changed, 4 insertions(+)


base-commit: 848e076317446f9c663771ddec142d7c2eb4cb43

Comments

Oleg Nesterov March 6, 2025, 12:28 p.m. UTC | #1

On 03/06, K Prateek Nayak wrote:
>
> @@ -1272,6 +1272,10 @@ int pipe_resize_ring(struct pipe_inode_info *pipe, unsigned int nr_slots)
>  	struct pipe_buffer *bufs;
>  	unsigned int head, tail, mask, n;
>
> +	/* nr_slots larger than limits of pipe->{head,tail} */
> +	if (unlikely(nr_slots > BIT(BITS_PER_TYPE(pipe_index_t) - 1)))

Hmm, perhaps

	if (nr_slots > (pipe_index_t)-1u)

is more clear?

Oleg.

K Prateek Nayak March 6, 2025, 3:26 p.m. UTC | #2

Hello Oleg,

On 3/6/2025 5:58 PM, Oleg Nesterov wrote:
> On 03/06, K Prateek Nayak wrote:
>>
>> @@ -1272,6 +1272,10 @@ int pipe_resize_ring(struct pipe_inode_info *pipe, unsigned int nr_slots)
>>   	struct pipe_buffer *bufs;
>>   	unsigned int head, tail, mask, n;
>>
>> +	/* nr_slots larger than limits of pipe->{head,tail} */
>> +	if (unlikely(nr_slots > BIT(BITS_PER_TYPE(pipe_index_t) - 1)))
> 
> Hmm, perhaps
> 
> 	if (nr_slots > (pipe_index_t)-1u)
> 
> is more clear?

Indeed it is. I didn't even know we could do that! Thank you for
pointing it out.

> 
> Oleg.
>

diff --git a/fs/pipe.c b/fs/pipe.c
index e8e6698f3698..3ca3103e1de7 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -1272,6 +1272,10 @@  int pipe_resize_ring(struct pipe_inode_info *pipe, unsigned int nr_slots)
 	struct pipe_buffer *bufs;
 	unsigned int head, tail, mask, n;
 
+	/* nr_slots larger than limits of pipe->{head,tail} */
+	if (unlikely(nr_slots > BIT(BITS_PER_TYPE(pipe_index_t) - 1)))
+		return -EINVAL;
+
 	bufs = kcalloc(nr_slots, sizeof(*bufs),
 		       GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
 	if (unlikely(!bufs))

[RFC,1/3] fs/pipe: Limit the slots in pipe_resize_ring()

Commit Message

Comments

Patch