This is a note to let you know that I've just added the patch titled
sched/rt: Disallow writing invalid values to sched_rt_period_us
to the 4.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
sched-rt-disallow-writing-invalid-values-to-sched_rt_period_us.patch
and it can be found in the queue-4.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From stable+bounces-23367-greg=kroah.com@xxxxxxxxxxxxxxx Thu Feb 22 18:06:34 2024
From: Petr Vorel <pvorel@xxxxxxx>
Date: Thu, 22 Feb 2024 18:05:40 +0100
Subject: sched/rt: Disallow writing invalid values to sched_rt_period_us
To: stable@xxxxxxxxxxxxxxx
Cc: Cyril Hrubis <chrubis@xxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Sasha Levin <sashal@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Petr Vorel <pvorel@xxxxxxx>
Message-ID: <20240222170540.1375962-3-pvorel@xxxxxxx>
From: Cyril Hrubis <chrubis@xxxxxxx>
[ Upstream commit 079be8fc630943d9fc70a97807feb73d169ee3fc ]
The validation of the value written to sched_rt_period_us was broken
because:
- the sysclt_sched_rt_period is declared as unsigned int
- parsed by proc_do_intvec()
- the range is asserted after the value parsed by proc_do_intvec()
Because of this negative values written to the file were written into a
unsigned integer that were later on interpreted as large positive
integers which did passed the check:
if (sysclt_sched_rt_period <= 0)
return EINVAL;
This commit fixes the parsing by setting explicit range for both
perid_us and runtime_us into the sched_rt_sysctls table and processes
the values with proc_dointvec_minmax() instead.
Alternatively if we wanted to use full range of unsigned int for the
period value we would have to split the proc_handler and use
proc_douintvec() for it however even the
Documentation/scheduller/sched-rt-group.rst describes the range as 1 to
INT_MAX.
As far as I can tell the only problem this causes is that the sysctl
file allows writing negative values which when read back may confuse
userspace.
There is also a LTP test being submitted for these sysctl files at:
http://patchwork.ozlabs.org/project/ltp/patch/20230901144433.2526-1-chrubis@xxxxxxx/
Signed-off-by: Cyril Hrubis <chrubis@xxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20231002115553.3007-2-chrubis@xxxxxxx
[ pvorel: rebased for 4.19 ]
Reviewed-by: Petr Vorel <pvorel@xxxxxxx>
Signed-off-by: Petr Vorel <pvorel@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
kernel/sched/rt.c | 5 +----
kernel/sysctl.c | 5 +++++
2 files changed, 6 insertions(+), 4 deletions(-)
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -2658,9 +2658,6 @@ static int sched_rt_global_constraints(v
static int sched_rt_global_validate(void)
{
- if (sysctl_sched_rt_period <= 0)
- return -EINVAL;
-
if ((sysctl_sched_rt_runtime != RUNTIME_INF) &&
(sysctl_sched_rt_runtime > sysctl_sched_rt_period))
return -EINVAL;
@@ -2690,7 +2687,7 @@ int sched_rt_handler(struct ctl_table *t
old_period = sysctl_sched_rt_period;
old_runtime = sysctl_sched_rt_runtime;
- ret = proc_dointvec(table, write, buffer, lenp, ppos);
+ ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
if (!ret && write) {
ret = sched_rt_global_validate();
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -127,6 +127,7 @@ static int zero;
static int __maybe_unused one = 1;
static int __maybe_unused two = 2;
static int __maybe_unused four = 4;
+static int int_max = INT_MAX;
static unsigned long zero_ul;
static unsigned long one_ul = 1;
static unsigned long long_max = LONG_MAX;
@@ -464,6 +465,8 @@ static struct ctl_table kern_table[] = {
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = sched_rt_handler,
+ .extra1 = &one,
+ .extra2 = &int_max,
},
{
.procname = "sched_rt_runtime_us",
@@ -471,6 +474,8 @@ static struct ctl_table kern_table[] = {
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = sched_rt_handler,
+ .extra1 = &neg_one,
+ .extra2 = &int_max,
},
{
.procname = "sched_rr_timeslice_ms",
Patches currently in stable-queue which might be from kroah.com@xxxxxxxxxxxxxxx are
queue-4.19/sched-rt-disallow-writing-invalid-values-to-sched_rt_period_us.patch
queue-4.19/sched-rt-fix-sysctl_sched_rr_timeslice-intial-value.patch
queue-4.19/sched-rt-sysctl_sched_rr_timeslice-show-default-timeslice-after-reset.patch
