Date: Fri, 02 Nov 2018 17:51:30 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 232914] Integer overflow in function calcru1 Message-ID: <bug-232914-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232914 Bug ID: 232914 Summary: Integer overflow in function calcru1 Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: msl0000023508@gmail.com The issue is from following code in function calcru1: su =3D (tu * st) / tt; the 'tu * st' is overflowed in my system, causing the 'p_rux.rux_su' is no longer growing for that process. For example, running ps(1) shows that 'systime' is no longer growing, but 'time' is not yet overflowed and keep growing $ ps -p 17087 -o comm,time,systime COMMAND TIME SYSTIME VBoxHeadless 8951:24.70 6339:45.52 $ ps -p 17087 -o comm,time,systime COMMAND TIME SYSTIME VBoxHeadless 8951:25.72 6339:45.52 $ ps -p 17087 -o comm,time,systime COMMAND TIME SYSTIME VBoxHeadless 8951:26.54 6339:45.52 $ ps -p 17087 -o comm,time,systime COMMAND TIME SYSTIME VBoxHeadless 8951:27.60 6339:45.52 Running kgdb(1) shows an overflow is occurred when 'cputick2usec(ruxp->rux_runtime)' multiplying '$p->p_rux.rux_sticks' (kgdb) p $p $3949 =3D (struct proc *) 0xfffff800464f5000 (kgdb) p $p->p_pid $3950 =3D 17087 (kgdb) p $p->p_comm $3951 =3D "VBoxHeadless\000\000\000\000\000\000\000" (kgdb) p $p->p_rux $3952 =3D {rux_runtime =3D 1888763265150967, rux_uticks =3D 866405, rux_sti= cks =3D 66653750, rux_iticks =3D 0, rux_uu =3D 6893394017,=20 rux_su =3D 380385524075, rux_tu =3D 537211849594} (kgdb) p $p->p_rux $3953 =3D {rux_runtime =3D 1888767209058083, rux_uticks =3D 866408, rux_sti= cks =3D 66653898, rux_iticks =3D 0, rux_uu =3D 6893416864,=20 rux_su =3D 380385524075, rux_tu =3D 537212971341} (kgdb) p $p->p_rux $3954 =3D {rux_runtime =3D 1888773035929970, rux_uticks =3D 866411, rux_sti= cks =3D 66654106, rux_iticks =3D 0, rux_uu =3D 6893440457,=20 rux_su =3D 380385524075, rux_tu =3D 537214628650} (kgdb) p ((uint64_t)$p->p_rux.rux_runtime * 1000ll / ((cpu_ticks =3D=3D tc_cpu_ticks ? timehands->th_counter->tc_frequency : cpu_tick_frequency) / 1000ll)) $3955 =3D 537220825631 (kgdb) p ((uint64_t)$p->p_rux.rux_runtime * 1000ll / ((cpu_ticks =3D=3D tc_cpu_ticks ? timehands->th_counter->tc_frequency : cpu_tick_frequency) / 1000ll)) * $p->p_rux.rux_sticks / ($p->p_rux.rux_uticks + $p->p_rux.rux_sti= cks + $p->p_rux.rux_iticks) $3956 =3D 257136383464 (kgdb) p ((uint64_t)$p->p_rux.rux_runtime * 1000ll / ((cpu_ticks =3D=3D tc_cpu_ticks ? timehands->th_counter->tc_frequency : cpu_tick_frequency) / 1000ll)) $3959 =3D 537288008712 (kgdb) p $p->p_rux.rux_sticks=20 $3960 =3D 66663850 (kgdb) p ((uint64_t)$p->p_rux.rux_runtime * 1000ll / ((cpu_ticks =3D=3D tc_cpu_ticks ? timehands->th_counter->tc_frequency : cpu_tick_frequency) / 1000ll)) * $p->p_rux.rux_sticks $3961 =3D 17371417884613589424 Showing the correct result of 'tu * st' in python(1): >>> 537288008712*66663850 35817687219575461200L This result is actually greater than ULLONG_MAX. Tested on kernel version 10.3-RELEASE-p20 and 11.1-RELEASE. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-232914-227>