Patch "sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()" has been added to the 6.8-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     sched-eevdf-prevent-vlag-from-going-out-of-bounds-in.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit a98a8cef234711a816f453aa7a837adcab0dd12e
Author: Xuewen Yan <xuewen.yan@xxxxxxxxxx>
Date:   Mon Apr 22 16:22:38 2024 +0800

    sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
    
    [ Upstream commit 1560d1f6eb6b398bddd80c16676776c0325fe5fe ]
    
    It was possible to have pick_eevdf() return NULL, which then causes a
    NULL-deref. This turned out to be due to entity_eligible() returning
    falsely negative because of a s64 multiplcation overflow.
    
    Specifically, reweight_eevdf() computes the vlag without considering
    the limit placed upon vlag as update_entity_lag() does, and then the
    scaling multiplication (remember that weight is 20bit fixed point) can
    overflow. This then leads to the new vruntime being weird which then
    causes the above entity_eligible() to go side-ways and claim nothing
    is eligible.
    
    Thus limit the range of vlag accordingly.
    
    All this was quite rare, but fatal when it does happen.
    
    Closes: https://lore.kernel.org/all/ZhuYyrh3mweP_Kd8@xxxxxxx/
    Closes: https://lore.kernel.org/all/CA+9S74ih+45M_2TPUY_mPPVDhNvyYfy1J1ftSix+KjiTVxg8nw@xxxxxxxxxxxxxx/
    Closes: https://lore.kernel.org/lkml/202401301012.2ed95df0-oliver.sang@xxxxxxxxx/
    Fixes: eab03c23c2a1 ("sched/eevdf: Fix vruntime adjustment on reweight")
    Reported-by: Sergei Trofimovich <slyich@xxxxxxxxx>
    Reported-by: Igor Raits <igor@xxxxxxxxxxxx>
    Reported-by: Breno Leitao <leitao@xxxxxxxxxx>
    Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
    Reported-by: Yujie Liu <yujie.liu@xxxxxxxxx>
    Signed-off-by: Xuewen Yan <xuewen.yan@xxxxxxxxxx>
    Reviewed-and-tested-by: Chen Yu <yu.c.chen@xxxxxxxxx>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240422082238.5784-1-xuewen.yan@xxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index b9ee4397b484a..aee5e7a70170c 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -696,15 +696,21 @@ u64 avg_vruntime(struct cfs_rq *cfs_rq)
  *
  * XXX could add max_slice to the augmented data to track this.
  */
-static void update_entity_lag(struct cfs_rq *cfs_rq, struct sched_entity *se)
+static s64 entity_lag(u64 avruntime, struct sched_entity *se)
 {
-	s64 lag, limit;
+	s64 vlag, limit;
+
+	vlag = avruntime - se->vruntime;
+	limit = calc_delta_fair(max_t(u64, 2*se->slice, TICK_NSEC), se);
+
+	return clamp(vlag, -limit, limit);
+}
 
+static void update_entity_lag(struct cfs_rq *cfs_rq, struct sched_entity *se)
+{
 	SCHED_WARN_ON(!se->on_rq);
-	lag = avg_vruntime(cfs_rq) - se->vruntime;
 
-	limit = calc_delta_fair(max_t(u64, 2*se->slice, TICK_NSEC), se);
-	se->vlag = clamp(lag, -limit, limit);
+	se->vlag = entity_lag(avg_vruntime(cfs_rq), se);
 }
 
 /*
@@ -3754,7 +3760,7 @@ static void reweight_eevdf(struct sched_entity *se, u64 avruntime,
 	 *	   = V  - vl'
 	 */
 	if (avruntime != se->vruntime) {
-		vlag = (s64)(avruntime - se->vruntime);
+		vlag = entity_lag(avruntime, se);
 		vlag = div_s64(vlag * old_weight, weight);
 		se->vruntime = avruntime - vlag;
 	}




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux