diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2014-05-17 20:56:38 +0900 |
|---|---|---|
| committer | Jiri Slaby <jslaby@suse.cz> | 2014-11-13 19:02:09 +0100 |
| commit | b44a6e3363bd7f61502207c53537ce98c2818070 (patch) | |
| tree | 1760a92370466b6d1603d856f43c04c10c1757b8 | |
| parent | b99b3db3dd136f694fced42552c4b927b5364f2f (diff) | |
| download | lwn-b44a6e3363bd7f61502207c53537ce98c2818070.tar.gz lwn-b44a6e3363bd7f61502207c53537ce98c2818070.zip | |
fs: Fix theoretical division by 0 in super_cache_scan().
commit 475d0db742e3755c6b267f48577ff7cbb7dfda0d upstream.
total_objects could be 0 and is used as a denom.
While total_objects is a "long", total_objects == 0 unlikely happens for
3.12 and later kernels because 32-bit architectures would not be able to
hold (1 << 32) objects. However, total_objects == 0 may happen for kernels
between 3.1 and 3.11 because total_objects in prune_super() was an "int"
and (e.g.) x86_64 architecture might be able to hold (1 << 32) objects.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
| -rw-r--r-- | fs/super.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/super.c b/fs/super.c index fb68a4c90c98..3e39572b2f51 100644 --- a/fs/super.c +++ b/fs/super.c @@ -81,6 +81,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink, inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid); dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid); total_objects = dentries + inodes + fs_objects + 1; + if (!total_objects) + total_objects = 1; /* proportion the scan between the caches */ dentries = mult_frac(sc->nr_to_scan, dentries, total_objects); |