Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp109072ybg; Mon, 8 Jun 2020 17:51:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwX3liaHwd7b0tY216bz5RCodkeUMZo/FO/wmjn8r+Gl5KxzJTQJMWM3V8P8lcdj0F4JQ/9 X-Received: by 2002:a05:6402:1481:: with SMTP id e1mr24449964edv.113.1591663875094; Mon, 08 Jun 2020 17:51:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591663875; cv=none; d=google.com; s=arc-20160816; b=llyd+gQvpnpkDlVFxwx6sH7I7kyEdYTVK7NcT32ne5l1rz1FRTjUtC9HhDF6AmfGuG uJ19gCAIXO7qB6qlLbgZiWPuS0RO6ZrbJu0eXS1QGEKGGpz1sMXafQuXKA9sDgsSiHpT MG42VUpYaim0ZK9UkSktLsRLptZ4Lsvfn7hO4omlmJCYTWSr+qk8Ucqdg+ozXK4YSAVu houiDgvowZ142QRmeBPCObmUpkp+gYVRabW71omjGJNoRXkBTFoMf+gOKLsYPc/VtVc8 4fP1189iqR611kT8pZIYtAp5Fvbxq/pF9adJLP6JA0hQHjz5Z/dMPXEpiqDw8sSSa3Kt aKVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WjjOOS0WyTksmSt/uUKrHjNwRVFlwPvkN9oVDWA53sI=; b=RV9pKse6PJcoBiUriJBtFOTwovIvXlOxAo0uu327q7RVgHZ14VnhV25VLNstRAI1K0 qSvEBxleyo+tBbRlebv24wk7OMCIVwu7uZRt08NdL/w3CmYeEy2QVh07vp62xLGvMbTl XN3XfnzOA9Sc9CjSp+MxlEtf3vSReecYsRtotY6/k/EOSS3TEet9930nShMFv54WFh0G YU271ErLJj+l6SNJlBR5cQ3VBhwOOI2s+8m2/peQpYRs9HfaW+lM5cw8ptuXAW6OXhCq cR3g0mphZ+YIpfzXGSYq26FSJ38cobNiHNbxR7S47PmfN1BXXJRrYwogLdRNWzgb9eGB PsJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1E6owgM8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h1si9344326edq.86.2020.06.08.17.50.51; Mon, 08 Jun 2020 17:51:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1E6owgM8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729287AbgFIAtG (ORCPT + 99 others); Mon, 8 Jun 2020 20:49:06 -0400 Received: from mail.kernel.org ([198.145.29.99]:57240 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728048AbgFHXKu (ORCPT ); Mon, 8 Jun 2020 19:10:50 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C64A7208C7; Mon, 8 Jun 2020 23:10:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591657849; bh=Loi2gZDSbCrROCbcd1K6A4WD/voItVzsRtt0yXur1NA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1E6owgM8CFu4BVrfqMfNwKpYtI2LnpUAeUBupYRG43OS374qsOgi0P5QzUbTPhSHA 0TviYxSv133O8z5LScWYlHrzXCiI1QLw2qV2lpXq0UrXAtmaFQAsvdS81Xif0bSQKv mGoSR/tjl8bX1f+Mv6xBTxTO84LD5BcvGDv9Shn8= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Huaixin Chang , Peter Zijlstra , Ben Segall , Sasha Levin Subject: [PATCH AUTOSEL 5.7 215/274] sched: Defend cfs and rt bandwidth quota against overflow Date: Mon, 8 Jun 2020 19:05:08 -0400 Message-Id: <20200608230607.3361041-215-sashal@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200608230607.3361041-1-sashal@kernel.org> References: <20200608230607.3361041-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Huaixin Chang [ Upstream commit d505b8af58912ae1e1a211fabc9995b19bd40828 ] When users write some huge number into cpu.cfs_quota_us or cpu.rt_runtime_us, overflow might happen during to_ratio() shifts of schedulable checks. to_ratio() could be altered to avoid unnecessary internal overflow, but min_cfs_quota_period is less than 1 << BW_SHIFT, so a cutoff would still be needed. Set a cap MAX_BW for cfs_quota_us and rt_runtime_us to prevent overflow. Signed-off-by: Huaixin Chang Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Ben Segall Link: https://lkml.kernel.org/r/20200425105248.60093-1-changhuaixin@linux.alibaba.com Signed-off-by: Sasha Levin --- kernel/sched/core.c | 8 ++++++++ kernel/sched/rt.c | 12 +++++++++++- kernel/sched/sched.h | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 0bbf387d0f19..5eccfb816d23 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -7386,6 +7386,8 @@ static DEFINE_MUTEX(cfs_constraints_mutex); const u64 max_cfs_quota_period = 1 * NSEC_PER_SEC; /* 1s */ static const u64 min_cfs_quota_period = 1 * NSEC_PER_MSEC; /* 1ms */ +/* More than 203 days if BW_SHIFT equals 20. */ +static const u64 max_cfs_runtime = MAX_BW * NSEC_PER_USEC; static int __cfs_schedulable(struct task_group *tg, u64 period, u64 runtime); @@ -7413,6 +7415,12 @@ static int tg_set_cfs_bandwidth(struct task_group *tg, u64 period, u64 quota) if (period > max_cfs_quota_period) return -EINVAL; + /* + * Bound quota to defend quota against overflow during bandwidth shift. + */ + if (quota != RUNTIME_INF && quota > max_cfs_runtime) + return -EINVAL; + /* * Prevent race between setting of cfs_rq->runtime_enabled and * unthrottle_offline_cfs_rqs(). diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index df11d88c9895..6d60ba21ed29 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -9,6 +9,8 @@ int sched_rr_timeslice = RR_TIMESLICE; int sysctl_sched_rr_timeslice = (MSEC_PER_SEC / HZ) * RR_TIMESLICE; +/* More than 4 hours if BW_SHIFT equals 20. */ +static const u64 max_rt_runtime = MAX_BW; static int do_sched_rt_period_timer(struct rt_bandwidth *rt_b, int overrun); @@ -2585,6 +2587,12 @@ static int tg_set_rt_bandwidth(struct task_group *tg, if (rt_period == 0) return -EINVAL; + /* + * Bound quota to defend quota against overflow during bandwidth shift. + */ + if (rt_runtime != RUNTIME_INF && rt_runtime > max_rt_runtime) + return -EINVAL; + mutex_lock(&rt_constraints_mutex); err = __rt_schedulable(tg, rt_period, rt_runtime); if (err) @@ -2702,7 +2710,9 @@ static int sched_rt_global_validate(void) return -EINVAL; if ((sysctl_sched_rt_runtime != RUNTIME_INF) && - (sysctl_sched_rt_runtime > sysctl_sched_rt_period)) + ((sysctl_sched_rt_runtime > sysctl_sched_rt_period) || + ((u64)sysctl_sched_rt_runtime * + NSEC_PER_USEC > max_rt_runtime))) return -EINVAL; return 0; diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index db3a57675ccf..1f58677a8f23 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -1918,6 +1918,8 @@ extern void init_dl_inactive_task_timer(struct sched_dl_entity *dl_se); #define BW_SHIFT 20 #define BW_UNIT (1 << BW_SHIFT) #define RATIO_SHIFT 8 +#define MAX_BW_BITS (64 - BW_SHIFT) +#define MAX_BW ((1ULL << MAX_BW_BITS) - 1) unsigned long to_ratio(u64 period, u64 runtime); extern void init_entity_runnable_average(struct sched_entity *se); -- 2.25.1