diff options
| author | Tejun Heo <tj@kernel.org> | 2015-04-21 16:49:13 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-05-17 09:55:07 -0700 |
| commit | ae2aafcf1a7132e268c8568627a6721fec6f3d98 (patch) | |
| tree | 32492edfbc3e2d9e93ead7ff5ede3ba600ebefa3 /tools/perf/util/scripting-engines/trace-event-perl.c | |
| parent | 335d3678d60de9af4f75d4d11d0689b535b271e8 (diff) | |
writeback: use |1 instead of +1 to protect against div by zero
commit 464d1387acb94dc43ba772b35242345e3d2ead1b upstream.
mm/page-writeback.c has several places where 1 is added to the divisor
to prevent division by zero exceptions; however, if the original
divisor is equivalent to -1, adding 1 leads to division by zero.
There are three places where +1 is used for this purpose - one in
pos_ratio_polynom() and two in bdi_position_ratio(). The second one
in bdi_position_ratio() actually triggered div-by-zero oops on a
machine running a 3.10 kernel. The divisor is
x_intercept - bdi_setpoint + 1 == span + 1
span is confirmed to be (u32)-1. It isn't clear how it ended up that
but it could be from write bandwidth calculation underflow fixed by
c72efb658f7c ("writeback: fix possible underflow in write bandwidth
calculation").
At any rate, +1 isn't a proper protection against div-by-zero. This
patch converts all +1 protections to |1. Note that
bdi_update_dirty_ratelimit() was already using |1 before this patch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'tools/perf/util/scripting-engines/trace-event-perl.c')
0 files changed, 0 insertions, 0 deletions