From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B9FF1C7EE2C
	for <linux-mm@archiver.kernel.org>; Sat, 27 May 2023 01:15:11 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 25E2B280001; Fri, 26 May 2023 21:15:11 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 20E0E900003; Fri, 26 May 2023 21:15:11 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 08877280001; Fri, 26 May 2023 21:15:11 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id EC180900003
	for <linux-mm@kvack.org>; Fri, 26 May 2023 21:15:10 -0400 (EDT)
Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id BCD2E80FC5
	for <linux-mm@kvack.org>; Sat, 27 May 2023 01:15:10 +0000 (UTC)
X-FDA: 80834266380.23.C29B7E8
Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189])
	by imf14.hostedemail.com (Postfix) with ESMTP id 6180410000E
	for <linux-mm@kvack.org>; Sat, 27 May 2023 01:15:06 +0000 (UTC)
Authentication-Results: imf14.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf14.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.189 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1685150109;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=JoHxXZ9HWvyfBhUEZc8baeTh/7e51IZ6p7Ix+uTzPk8=;
	b=gMzg1VrYTf6B5mt9r0nyxd83+BuZLRu9MZmycPjVOGWUU+g1585WqAHFNUedaRa2eGC9f7
	ODmbrl8WBvhmNHyMKIkbcbZP4ajnXcLkjmu/Hbkbjj9gQr7UfM7ckJ7ZMT2DPlj/ZkU37W
	32jy0VWtyMnxfd9PAz6WkYaS9PRpd7U=
ARC-Authentication-Results: i=1;
	imf14.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf14.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.189 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1685150109; a=rsa-sha256;
	cv=none;
	b=jXoheHZ/aJIPlIYz/GHUHQtoth1+WMLx850dgl9r4jNQYvNJUnMNXvTp/bOLhLLr8pz+nL
	4H/dcMdD32GfAtgW5U2R0GvCga1uZnH1hVXDqow4OmovgzvqZo5KTyw1qLOPDwi5ToUB54
	uyVFXhScpHxSa8aQclnFRGXQK3dPFss=
Received: from dggpemm500001.china.huawei.com (unknown [172.30.72.53])
	by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4QSkLz6scHzLmSB;
	Sat, 27 May 2023 09:13:31 +0800 (CST)
Received: from [10.174.177.243] (10.174.177.243) by
 dggpemm500001.china.huawei.com (7.185.36.107) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.23; Sat, 27 May 2023 09:15:02 +0800
Message-ID: <c18dc1e9-1805-f366-9d16-30e9628ac14e@huawei.com>
Date: Sat, 27 May 2023 09:15:01 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.1
Subject: Re: [syzbot] [damon?] divide error in damon_set_attrs
Content-Language: en-US
To: SeongJae Park <sj@kernel.org>
CC: syzbot <syzbot+841a46899768ec7bec67@syzkaller.appspotmail.com>,
	<akpm@linux-foundation.org>, <damon@lists.linux.dev>,
	<linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>,
	<syzkaller-bugs@googlegroups.com>
References: <20230526185409.92039-1-sj@kernel.org>
From: Kefeng Wang <wangkefeng.wang@huawei.com>
In-Reply-To: <20230526185409.92039-1-sj@kernel.org>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.174.177.243]
X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To
 dggpemm500001.china.huawei.com (7.185.36.107)
X-CFilter-Loop: Reflected
X-Rspamd-Server: rspam09
X-Rspamd-Queue-Id: 6180410000E
X-Stat-Signature: gcdgxbo9aorawptgsob89d5mc53nyhg5
X-Rspam-User: 
X-HE-Tag: 1685150106-562480
X-HE-Meta: U2FsdGVkX18bN/14VGZj2WjLXN9HO9D+e70DcwqiIGiFu0F59V2gEbhDCZ16wg16egX1rImvPIO9YL2GgoiKKsqJt7FhGFnjbQFYhYCuhzEC2+b0hfUqkRvLXqtC6seYoRHNmgm8r/eMvBgWa3esRTUgAYaKzuY7wrRcb7lQLI2+qMk83arerIaMhTaKfo/2uD4H0ht2g2jDfTovGO+sIdOO5WURcRSlgL44ZAgqjOnzpcruLj9P/W1GFFarJTM7dMqz5kl0or9oeRhSi7Pqr19DdA1LdkxPNJde7K8ATWAxcPPG1CQFdOGM3/iV7KgrDm9oeQD2EeYXETy1q0TIPgJxh+IKMqQxbjXWlFRYcJakOTfNvbZBS9KMQUgkUjZlpCV3aDAUd4eeKZWQc+ADRiGZjbcfHV1pzPYiNvKjtFw8DW1ifc/JBjOqdqigXdf3PmqYsTrzpPrGgqejsktfWcn11CLwNi/DyCWOhpaUwPf/Rp+Xw0OoHf2lxk9Wl+GagAplN8uyUA0ybI5y1wWOS0Y79AP0lHOcQnj7cuVQuV74J2RBpN+cbmX/1TNSkYFcKnYHEueHeEfVYxTeU4PPcWx7vRZYlgKXL3Pbh9RQq/jdiOx3nT54z7ORHw9rNj5yhZ27fpglYRnnslQHC3753rrlEhfz+QmJ0+iUjAyi2YuFumi+RO8A173l77MhQ25/LX29hzLO4AVBqdVr+mGvW1e7ar5fygVEeL+h9fLhr2S4Pb8rTAQ+erNeMr9suJw5mnuGKzm4jt4j1oBX2l65f2wM0vsz6cBcF45G5mNkuBeKmD6kfRwKUl4UF/6kJfbfsF3b7q1yU1JwGPPupGmvB5cCFJQLY/lueolHBVKcsWVwnYGIqS3qeXhHTERggLMcYNBEYQGjc1EEcN2fhFq2daHJM3IbttxSrpZ0S+W28JpOrV5sMM2obA9mEI8mmlfedeUFytVQBN8Zzc1pYWK
 ZXVsOJTD
 xO9whc7hO8ArkoGTS1VvjtYYa+jKxfW5Wl+PS62MFLPZD4XJWxYJo44YIZJjwsAHIp1K9rMQrp7tiWVoPYVvRwCesaBV50+0M839ht7FCZKwVrGyrwvwK2GyIHTWFhdeJGu9/61kLxtGaqbvBYnSG2ZnC3ejugrU0C2eFPh4HsUwb+XLdBQ/8FNTULxfpnAhVGpCf/6O39tVCvzRia/my48NZXhvU7yC7ozx2vNxx29CQNKHqJgRffzYUQqLoV8mnkxGRWlZ19kr6HhuT3NKgwmv31mUrez33fQAEHD9spJyTBnqSn1YXTsZUhfzBQZ2bqJMwgKG2RZB8WerBIQpLAH/bK+Yt44dnkT9DFvjcu1ek2yGcRqEwm5jUPZQR6URBEBB7PqAuj4j+w9FxTWRGZ60Q8wc1ySj/WKFmHf8je8nNj5I7xMHLRtgTIiHTIURsLCpGwIY16Ngrx9SEP16TBazLnm1qAqrs++nGShnSeUurzxcFWiZYb3O5n2xWWblgXw/D4dDdZkjwuj1lckhIdP1+x0VF8HmOXatLNnQb9AaHt64nmtAH2nXXz2Tt1Q+Ha/Vnx2GFHJUTaQgSq4h8nvUw4okJwYeu/GT4AxkaF6bpszh2LM4Hh/QoTquwqtrfDLeYcb7iXrmOPMelVl+8Xq/He2Hn4n8Z+ADzzvClh+WlypXUvnDeWfqlZx6VrrcLESRGjO08kPxSSwixSv3jvwiCKysW0dd+HXcPW2liiov4Y4n6jvG8oMXFhNEGxEh2ukv9PhkL4/zS8nII5E+h4M4QGQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>



On 2023/5/27 2:54, SeongJae Park wrote:
> Hi Kefeng and syzbot,
> 
> On Fri, 26 May 2023 20:59:12 +0800 Kefeng Wang <wangkefeng.wang@huawei.com> wrote:
> 
>>
>>
>> On 2023/5/26 19:51, syzbot wrote:
>>> Hello,
>>>
>>> syzbot found the following issue on:
>>>
>>> HEAD commit:    44c026a73be8 Linux 6.4-rc3
>>> git tree:       upstream
>>> console output: https://syzkaller.appspot.com/x/log.txt?x=13a92b31280000
>>> kernel config:  https://syzkaller.appspot.com/x/.config?x=f389ffdf4e9ba3f0
>>> dashboard link: https://syzkaller.appspot.com/bug?extid=841a46899768ec7bec67
>>> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>>> userspace arch: i386
>>>
>>> Unfortunately, I don't have any reproducer for this issue yet.
>>>
>>> Downloadable assets:
>>> disk image: https://storage.googleapis.com/syzbot-assets/35f16ee05df7/disk-44c026a7.raw.xz
>>> vmlinux: https://storage.googleapis.com/syzbot-assets/10399498a570/vmlinux-44c026a7.xz
>>> kernel image: https://storage.googleapis.com/syzbot-assets/5c72201ea4ba/bzImage-44c026a7.xz
>>>
>>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>>> Reported-by: syzbot+841a46899768ec7bec67@syzkaller.appspotmail.com
>>>
>>> divide error: 0000 [#1] PREEMPT SMP KASAN
>>> CPU: 1 PID: 13527 Comm: syz-executor.1 Not tainted 6.4.0-rc3-syzkaller #0
>>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
>>> RIP: 0010:damon_nr_accesses_to_accesses_bp mm/damon/core.c:491 [inline]
>>> RIP: 0010:damon_nr_accesses_for_new_attrs mm/damon/core.c:497 [inline]
>>> RIP: 0010:damon_update_monitoring_result mm/damon/core.c:506 [inline]
>>> RIP: 0010:damon_update_monitoring_results mm/damon/core.c:534 [inline]
>>> RIP: 0010:damon_set_attrs+0x224/0x460 mm/damon/core.c:555
> 
> Thank you for finding and reporting this bug!
> 
> The code of the problem is as below:
> 
>      /* convert nr_accesses to access ratio in bp (per 10,000) */
>      static unsigned int damon_nr_accesses_to_accesses_bp(
>                      unsigned int nr_accesses, struct damon_attrs *attrs)
>      {
>              unsigned int max_nr_accesses =
>                      attrs->aggr_interval / attrs->sample_interval;
>      
>              return nr_accesses * 10000 / max_nr_accesses;
>      }
> 
> The problem can happen when 'aggr_interval' is smaller than 'sample_interval',
> because 'max_nr_accesses' becomes zero in the case, and resulting in divide by
> zero.
> 
> Same problem is in damon_accesses_bp_to_nr_accesses().
> 
>>
>> make aggr_interval great than or equal sample_interval?
>>
>> diff --git a/mm/damon/core.c b/mm/damon/core.c
>> index d9ef62047bf5..6fe1960f3d6b 100644
>> --- a/mm/damon/core.c
>> +++ b/mm/damon/core.c
>> @@ -525,8 +525,8 @@ static void damon_update_monitoring_results(struct
>> damon_ctx *ctx,
>>
>>           /* if any interval is zero, simply forgive conversion */
>>           if (!old_attrs->sample_interval || !old_attrs->aggr_interval ||
>> -                       !new_attrs->sample_interval ||
>> -                       !new_attrs->aggr_interval)
>> +           !new_attrs->sample_interval || !new_attrs->aggr_interval ||
>> +           new_attrs->aggr_interval < new_attrs->sample_interval)
>>                   return;
> 
> Nice and effective fix!  Nevertheless, I think aggregation interval smaller
> than sample interval is just a wrong input.  How about adding the check in
> damon_set_attrs()'s already existing attributes validation, like below?

Yes, move the check into damon_set_attrs() is better, and it seems that
we could move all the check into it, and drop the old_attrs check in
damon_update_monitoring_results(), what's you option?


diff --git a/mm/damon/core.c b/mm/damon/core.c
index d9ef62047bf5..1647f7f1f708 100644
--- a/mm/damon/core.c
+++ b/mm/damon/core.c
@@ -523,12 +523,6 @@ static void damon_update_monitoring_results(struct 
damon_ctx *ctx,
         struct damon_target *t;
         struct damon_region *r;

-       /* if any interval is zero, simply forgive conversion */
-       if (!old_attrs->sample_interval || !old_attrs->aggr_interval ||
-                       !new_attrs->sample_interval ||
-                       !new_attrs->aggr_interval)
-               return;
-
         damon_for_each_target(t, ctx)
                 damon_for_each_region(r, t)
                         damon_update_monitoring_result(
@@ -551,6 +545,10 @@ int damon_set_attrs(struct damon_ctx *ctx, struct 
damon_attrs *attrs)
                 return -EINVAL;
         if (attrs->min_nr_regions > attrs->max_nr_regions)
                 return -EINVAL;
+       if (attrs->sample_interval > attrs->aggr_interval)
+               return -EINVAL;
+       if (!attrs->sample_interval || !attrs->aggr_interval)
+               return -EINVAL;



> 
> --- a/mm/damon/core.c
> +++ b/mm/damon/core.c
> @@ -580,6 +580,8 @@ int damon_set_attrs(struct damon_ctx *ctx, struct damon_attrs *attrs)
>                  return -EINVAL;
>          if (attrs->min_nr_regions > attrs->max_nr_regions)
>                  return -EINVAL;
> +       if (attrs->aggr_interval < attrs->sample_interval)
> +               return -EINVAL;
> 
>          damon_update_monitoring_results(ctx, attrs);
>          ctx->attrs = *attrs;
> 
> Thanks,
> SJ