[PATCH v2] sched: check user input value of sysctl_sched_time_avg

Ethan Zhao <ethan.zhao@xxxxxxxxxx> · Sat, 2 Sep 2017 14:57:32 +0800

System will hang if user set sysctl_sched_time_avg to 0 by

[root@XXX ~]# sysctl kernel.sched_time_avg_ms=0

Stack traceback for pid 0
0xffff883f6406c600 0 0 1 3 R 0xffff883f6406cf50 *swapper/3
ffff883f7ccc3ae8 0000000000000018 ffffffff810c4dd0 0000000000000000
0000000000017800 ffff883f7ccc3d78 0000000000000003 ffff883f7ccc3bf8
ffffffff810c4fc9 ffff883f7ccc3c08 00000000810c5043 ffff883f7ccc3c08
Call Trace:
<IRQ> [<ffffffff810c4dd0>] ? update_group_capacity+0x110/0x200
[<ffffffff810c4fc9>] ? update_sd_lb_stats+0x109/0x600
[<ffffffff810c5507>] ? find_busiest_group+0x47/0x530
[<ffffffff810c5b84>] ? load_balance+0x194/0x900
[<ffffffff810ad5ca>] ? update_rq_clock.part.83+0x1a/0xe0
[<ffffffff810c6d42>] ? rebalance_domains+0x152/0x290
[<ffffffff810c6f5c>] ? run_rebalance_domains+0xdc/0x1d0
[<ffffffff8108a75b>] ? __do_softirq+0xfb/0x320
[<ffffffff8108ac85>] ? irq_exit+0x125/0x130
[<ffffffff810b3a17>] ? scheduler_ipi+0x97/0x160
[<ffffffff81052709>] ? smp_reschedule_interrupt+0x29/0x30
[<ffffffff8173a1be>] ? reschedule_interrupt+0x6e/0x80
 <EOI> [<ffffffff815bc83c>] ? cpuidle_enter_state+0xcc/0x230
[<ffffffff815bc80c>] ? cpuidle_enter_state+0x9c/0x230
[<ffffffff815bc9d7>] ? cpuidle_enter+0x17/0x20
[<ffffffff810cd6dc>] ? cpu_startup_entry+0x38c/0x420
[<ffffffff81053373>] ? start_secondary+0x173/0x1e0

Because divide-by-zero error happens in function

update_group_capacity()
  update_cpu_capacity()
    scale_rt_capacity()
    {
        ...
        total = sched_avg_period() + delta;
        used = div_u64(avg, total);
        ...
    }

Seems this issue could be reproduced on all I tried stable 4.1 - last
kernel.

To fix this issue, check user input value of sysctl_sched_time_avg, keep
it unchanged when hit invalid input.

Reported-by: James Puthukattukaran <james.puthukattukaran@xxxxxxxxxx>
Signed-off-by: Ethan Zhao <ethan.zhao@xxxxxxxxxx>
---
 v2: check it in sysctl table (input side) as Peter suggested.
 Tested on stable 4.1, applied on stable 4.13-rc5 okay.

 include/linux/sched/sysctl.h |  3 +++
 kernel/sched/fair.c          | 26 ++++++++++++++++++++++++++
 kernel/sysctl.c              |  2 +-
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/include/linux/sched/sysctl.h b/include/linux/sched/sysctl.h
index 0f5ecd4..cc25807 100644
--- a/include/linux/sched/sysctl.h
+++ b/include/linux/sched/sysctl.h
@@ -44,6 +44,9 @@ enum sched_tunable_scaling {
 int sched_proc_update_handler(struct ctl_table *table, int write,
 		void __user *buffer, size_t *length,
 		loff_t *ppos);
+int sched_time_avg_handler(struct ctl_table *table, int write,
+		void __user *buffer, size_t *lenp,
+		loff_t *ppos);
 #endif
 
 /*
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index c95880e..61155dc 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -650,6 +650,32 @@ int sched_proc_update_handler(struct ctl_table *table, int write,
 
 	return 0;
 }
+
+int sched_time_avg_handler(struct ctl_table *table, int write,
+		void __user *buffer, size_t *lenp,
+		loff_t *ppos)
+{
+	struct ctl_table tbl;
+	int new_value, ret;
+
+	memset(&tbl, 0, sizeof(struct ctl_table));
+	tbl.maxlen = sizeof(unsigned int);
+
+	if (write)
+		tbl.data = &new_value;
+	else
+		tbl.data = &sysctl_sched_time_avg;
+
+	ret = proc_dointvec(&tbl, write, buffer, lenp, ppos);
+	if (write && ret == 0) {
+		if (new_value <= 0)
+			ret =  -EINVAL;
+		else
+			sysctl_sched_time_avg = new_value;
+	}
+
+	return ret;
+}
 #endif
 
 /*
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 6648fbb..609bed2 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -367,7 +367,7 @@ static int sysrq_sysctl_handler(struct ctl_table *table, int write,
 		.data		= &sysctl_sched_time_avg,
 		.maxlen		= sizeof(unsigned int),
 		.mode		= 0644,
-		.proc_handler	= proc_dointvec,
+		.proc_handler	= sched_time_avg_handler,
 	},
 #ifdef CONFIG_SCHEDSTATS
 	{
-- 
1.8.3.1







