block: prevent an integer overflow in bvec_try_merge_hw_page

[platform/kernel/linux-starfive.git] / block / blk-throttle.c

diff --git a/block/blk-throttle.c b/block/blk-throttle.c
index 69a9941..16f5766 100644 (file)
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -723,14 +723,21 @@ static unsigned int calculate_io_allowed(u32 iops_limit,
 
 static u64 calculate_bytes_allowed(u64 bps_limit, unsigned long jiffy_elapsed)
 {
+       /*
+        * Can result be wider than 64 bits?
+        * We check against 62, not 64, due to ilog2 truncation.
+        */
+       if (ilog2(bps_limit) + ilog2(jiffy_elapsed) - ilog2(HZ) > 62)
+               return U64_MAX;
        return mul_u64_u64_div_u64(bps_limit, (u64)jiffy_elapsed, (u64)HZ);
 }
 
 /* Trim the used slices and adjust slice start accordingly */
 static inline void throtl_trim_slice(struct throtl_grp *tg, bool rw)
 {
-       unsigned long time_elapsed, io_trim;
-       u64 bytes_trim;
+       unsigned long time_elapsed;
+       long long bytes_trim;
+       int io_trim;
 
        BUG_ON(time_before(tg->slice_end[rw], tg->slice_start[rw]));
 
@@ -758,17 +765,21 @@ static inline void throtl_trim_slice(struct throtl_grp *tg, bool rw)
                return;
 
        bytes_trim = calculate_bytes_allowed(tg_bps_limit(tg, rw),
-                                            time_elapsed);
-       io_trim = calculate_io_allowed(tg_iops_limit(tg, rw), time_elapsed);
-       if (!bytes_trim && !io_trim)
+                                            time_elapsed) +
+                    tg->carryover_bytes[rw];
+       io_trim = calculate_io_allowed(tg_iops_limit(tg, rw), time_elapsed) +
+                 tg->carryover_ios[rw];
+       if (bytes_trim <= 0 && io_trim <= 0)
                return;
 
-       if (tg->bytes_disp[rw] >= bytes_trim)
+       tg->carryover_bytes[rw] = 0;
+       if ((long long)tg->bytes_disp[rw] >= bytes_trim)
                tg->bytes_disp[rw] -= bytes_trim;
        else
                tg->bytes_disp[rw] = 0;
 
-       if (tg->io_disp[rw] >= io_trim)
+       tg->carryover_ios[rw] = 0;
+       if ((int)tg->io_disp[rw] >= io_trim)
                tg->io_disp[rw] -= io_trim;
        else
                tg->io_disp[rw] = 0;
@@ -776,7 +787,7 @@ static inline void throtl_trim_slice(struct throtl_grp *tg, bool rw)
        tg->slice_start[rw] += time_elapsed;
 
        throtl_log(&tg->service_queue,
-                  "[%c] trim slice nr=%lu bytes=%llu io=%lu start=%lu end=%lu jiffies=%lu",
+                  "[%c] trim slice nr=%lu bytes=%lld io=%d start=%lu end=%lu jiffies=%lu",
                   rw == READ ? 'R' : 'W', time_elapsed / tg->td->throtl_slice,
                   bytes_trim, io_trim, tg->slice_start[rw], tg->slice_end[rw],
                   jiffies);
@@ -1309,6 +1320,7 @@ static void tg_conf_updated(struct throtl_grp *tg, bool global)
                   tg_bps_limit(tg, READ), tg_bps_limit(tg, WRITE),
                   tg_iops_limit(tg, READ), tg_iops_limit(tg, WRITE));
 
+       rcu_read_lock();
        /*
         * Update has_rules[] flags for the updated tg's subtree.  A tg is
         * considered to have rules if either the tg itself or any of its
@@ -1336,6 +1348,7 @@ static void tg_conf_updated(struct throtl_grp *tg, bool global)
                this_tg->latency_target = max(this_tg->latency_target,
                                parent_tg->latency_target);
        }
+       rcu_read_unlock();
 
        /*
         * We're already holding queue_lock and know @tg is valid.  Let's