Commit 61a3dc50 authored May 27, 2024 by Roman Smirnov Committed by Li Nan May 27, 2024

block: prevent division by zero in blk_rq_stat_sum()

stable inclusion
from stable-v5.10.215
commit b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9QGM9
CVE: CVE-2024-35925

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c



--------------------------------

The expression dst->nr_samples + src->nr_samples may
have zero value on overflow. It is necessary to add
a check to avoid division by zero.

Found by Linux Verification Center (linuxtesting.org) with Svace.

Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Link: https://lore.kernel.org/r/20240305134509.23108-1-r.smirnov@omp.ru


Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Li Nan <linan122@huawei.com>

parent f300accf

block/blk-stat.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -28,7 +28,7 @@ void blk_rq_stat_init(struct blk_rq_stat *stat)
		/* src is a per-cpu stat, mean isn't initialized */
		void blk_rq_stat_sum(struct blk_rq_stat dst, struct blk_rq_stat src)
		{
		if (!src->nr_samples)
		if (dst->nr_samples + src->nr_samples <= dst->nr_samples)
		return;

		dst->min = min(dst->min, src->min);