| Message ID | 20250109063411.6591-1-shr@devkernel.io (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v3] mm: fix div by zero in bdi_ratio_from_pages | expand |
On 09.01.25 07:34, Stefan Roesch wrote: > During testing it has been detected, that it is possible to get div by > zero error in bdi_set_min_bytes. The error is caused by the function > bdi_ratio_from_pages(). bdi_ratio_from_pages() calls > global_dirty_limits. If the dirty threshold is 0, the div by zero is > raised. This can happen if the root user is setting: > > echo 0 > /proc/sys/vm/dirty_ratio > > The following is a test case: > > echo 0 > /proc/sys/vm/dirty_ratio > cd /sys/class/bdi/<device> > echo 1 > strict_limit > echo 8192 > min_bytes > > ==> error is raised. > > The problem is addressed by returning -EINVAL if dirty_ratio or > dirty_bytes is set to 0. > > Reported-by: cheung wall <zzqq0103.hey@gmail.com> > Closes: https://lore.kernel.org/linux-mm/87pll35yd0.fsf@devkernel.io/T/#t > Signed-off-by: Stefan Roesch <shr@devkernel.io> > > --- > Changes in V3: > - Used long instead of unsigned long for min_ratio / max_ratio > > Changes in V2: > - check for -EINVAL in bdi_set_min_bytes() > - check for -EINVAL in bdi_set_max_bytes() > --- > mm/page-writeback.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/mm/page-writeback.c b/mm/page-writeback.c > index d213ead95675..d9861e42b2bd 100644 > --- a/mm/page-writeback.c > +++ b/mm/page-writeback.c > @@ -692,6 +692,8 @@ static unsigned long bdi_ratio_from_pages(unsigned long pages) Note that I suggested returning "long" here, but it should also work as is. Acked-by: David Hildenbrand <david@redhat.com>
diff --git a/mm/page-writeback.c b/mm/page-writeback.c index d213ead95675..d9861e42b2bd 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -692,6 +692,8 @@ static unsigned long bdi_ratio_from_pages(unsigned long pages) unsigned long ratio; global_dirty_limits(&background_thresh, &dirty_thresh); + if (!dirty_thresh) + return -EINVAL; ratio = div64_u64(pages * 100ULL * BDI_RATIO_SCALE, dirty_thresh); return ratio; @@ -790,13 +792,15 @@ int bdi_set_min_bytes(struct backing_dev_info *bdi, u64 min_bytes) { int ret; unsigned long pages = min_bytes >> PAGE_SHIFT; - unsigned long min_ratio; + long min_ratio; ret = bdi_check_pages_limit(pages); if (ret) return ret; min_ratio = bdi_ratio_from_pages(pages); + if (min_ratio < 0) + return min_ratio; return __bdi_set_min_ratio(bdi, min_ratio); } @@ -809,13 +813,15 @@ int bdi_set_max_bytes(struct backing_dev_info *bdi, u64 max_bytes) { int ret; unsigned long pages = max_bytes >> PAGE_SHIFT; - unsigned long max_ratio; + long max_ratio; ret = bdi_check_pages_limit(pages); if (ret) return ret; max_ratio = bdi_ratio_from_pages(pages); + if (max_ratio < 0) + return max_ratio; return __bdi_set_max_ratio(bdi, max_ratio); }
During testing it has been detected, that it is possible to get div by zero error in bdi_set_min_bytes. The error is caused by the function bdi_ratio_from_pages(). bdi_ratio_from_pages() calls global_dirty_limits. If the dirty threshold is 0, the div by zero is raised. This can happen if the root user is setting: echo 0 > /proc/sys/vm/dirty_ratio The following is a test case: echo 0 > /proc/sys/vm/dirty_ratio cd /sys/class/bdi/<device> echo 1 > strict_limit echo 8192 > min_bytes ==> error is raised. The problem is addressed by returning -EINVAL if dirty_ratio or dirty_bytes is set to 0. Reported-by: cheung wall <zzqq0103.hey@gmail.com> Closes: https://lore.kernel.org/linux-mm/87pll35yd0.fsf@devkernel.io/T/#t Signed-off-by: Stefan Roesch <shr@devkernel.io> --- Changes in V3: - Used long instead of unsigned long for min_ratio / max_ratio Changes in V2: - check for -EINVAL in bdi_set_min_bytes() - check for -EINVAL in bdi_set_max_bytes() --- mm/page-writeback.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) base-commit: fbfd64d25c7af3b8695201ebc85efe90be28c5a3