• Tejun Heo's avatar
    writeback: use |1 instead of +1 to protect against div by zero · ccdb53aa
    Tejun Heo authored
    commit 464d1387 upstream.
    
    mm/page-writeback.c has several places where 1 is added to the divisor
    to prevent division by zero exceptions; however, if the original
    divisor is equivalent to -1, adding 1 leads to division by zero.
    
    There are three places where +1 is used for this purpose - one in
    pos_ratio_polynom() and two in bdi_position_ratio().  The second one
    in bdi_position_ratio() actually triggered div-by-zero oops on a
    machine running a 3.10 kernel.  The divisor is
    
      x_intercept - bdi_setpoint + 1 == span + 1
    
    span is confirmed to be (u32)-1.  It isn't clear how it ended up that
    but it could be from write bandwidth calculation underflow fixed by
    c72efb65 ("writeback: fix possible underflow in write bandwidth
    calculation").
    
    At any rate, +1 isn't a proper protection against div-by-zero.  This
    patch converts all +1 protections to |1.  Note that
    bdi_update_dirty_ratelimit() was already using |1 before this patch.
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    Reviewed-by: default avatarJan Kara <jack@suse.cz>
    Signed-off-by: default avatarJens Axboe <axboe@fb.com>
    Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
    ccdb53aa
page-writeback.c 74.8 KB