From: Jan Kara Date: Tue, 25 Sep 2012 00:17:35 +0000 (-0700) Subject: lib/flex_proportions.c: fix corruption of denominator in flexible proportions X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=b5bd6a0e5fa8c0376d9746c566fe3daaa51ec825;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git lib/flex_proportions.c: fix corruption of denominator in flexible proportions When racing with CPU hotplug, percpu_counter_sum() can return negative values for the number of observed events. This confuses fprop_new_period(), which uses unsigned type and as a result number of events is set to big *positive* number. From that moment on, things go pear shaped and can result e.g. in division by zero as denominator is later truncated to 32-bits. This bug causes a divide-by-zero oops in bdi_dirty_limit() in Borislav's 3.6.0-rc6 based kernel. Fix the issue by using a signed type in fprop_new_period(). That makes us bail out from the function without doing anything (mistakenly) thinking there are no events to age. That makes aging somewhat inaccurate but getting accurate data would be rather hard. Signed-off-by: Jan Kara Reported-by: Borislav Petkov Reported-by: Srivatsa S. Bhat Cc: Wu Fengguang Cc: Peter Zijlstra Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/lib/flex_proportions.c b/lib/flex_proportions.c index c785554f952..ebf3bac460b 100644 --- a/lib/flex_proportions.c +++ b/lib/flex_proportions.c @@ -62,7 +62,7 @@ void fprop_global_destroy(struct fprop_global *p) */ bool fprop_new_period(struct fprop_global *p, int periods) { - u64 events; + s64 events; unsigned long flags; local_irq_save(flags);