sched/fair: sanitize vruntime of entity being placed

mainline inclusion from mainline-v6.3-rc4 commit 829c1651 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6TE76 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=829c1651e9c4a6f78398d3e67651cef9bb6b42cc -------------------------------- When a scheduling entity is placed onto cfs_rq, its vruntime is pulled to the base level (around cfs_rq->min_vruntime), so that the entity doesn't gain extra boost when placed backwards. However, if the entity being placed wasn't executed for a long time, its vruntime may get too far behind (e.g. while cfs_rq was executing a low-weight hog), which can inverse the vruntime comparison due to s64 overflow. This results in the entity being placed with its original vruntime way forwards, so that it will effectively never get to the cpu. To prevent that, ignore the vruntime of the entity being placed if it didn't execute for much longer than the characteristic sheduler time scale. [rkagan: formatted, adjusted commit log, comments, cutoff value] Signed-off-by: N Zhang Qiao <zhangqiao22@huawei.com> Co-developed-by: N Roman Kagan <rkagan@amazon.de> Signed-off-by: N Roman Kagan <rkagan@amazon.de> Signed-off-by: N Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20230130122216.3555094-1-rkagan@amazon.deSigned-off-by: N Songping Yu <yusongping@huawei.com> Reviewed-by: N Zhang Qiao <zhangqiao22@huawei.com> Reviewed-by: N chenhui <judy.chenhui@huawei.com> Signed-off-by: N Yongqiang Liu <liuyongqiang13@huawei.com>

sched/fair: sanitize vruntime of entity being placed
mainline inclusion from mainline-v6.3-rc4 commit 829c1651 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6TE76 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=829c1651e9c4a6f78398d3e67651cef9bb6b42cc -------------------------------- When a scheduling entity is placed onto cfs_rq, its vruntime is pulled to the base level (around cfs_rq->min_vruntime), so that the entity doesn't gain extra boost when placed backwards. However, if the entity being placed wasn't executed for a long time, its vruntime may get too far behind (e.g. while cfs_rq was executing a low-weight hog), which can inverse the vruntime comparison due to s64 overflow. This results in the entity being placed with its original vruntime way forwards, so that it will effectively never get to the cpu. To prevent that, ignore the vruntime of the entity being placed if it didn't execute for much longer than the characteristic sheduler time scale. [rkagan: formatted, adjusted commit log, comments, cutoff value] Signed-off-by: N Zhang Qiao <zhangqiao22@huawei.com> Co-developed-by: N Roman Kagan <rkagan@amazon.de> Signed-off-by: N Roman Kagan <rkagan@amazon.de> Signed-off-by: N Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20230130122216.3555094-1-rkagan@amazon.deSigned-off-by: N Songping Yu <yusongping@huawei.com> Reviewed-by: N Zhang Qiao <zhangqiao22@huawei.com> Reviewed-by: N chenhui <judy.chenhui@huawei.com> Signed-off-by: N Yongqiang Liu <liuyongqiang13@huawei.com>
9b35c87f · Zhang Qiao · Yongqiang Liu · c0f17a99 · 9b35c87f
隐藏空白更改
内联并排

Showing with 13 addition and 2 deletion

kernel/sched/fair.c kernel/sched/fair.c +13 -2

未找到文件。
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -3953,6 +3953,7 @@ static void
 place_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int initial)
 {
 	u64 vruntime = cfs_rq->min_vruntime;
+	u64 sleep_time;

 	/*
 	 * The 'current' period is already promised to the current tasks,
@@ -3977,8 +3978,18 @@ place_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int initial)
 		vruntime -= thresh;
 	}

-	/* ensure we never gain time by being placed backwards. */
-	se->vruntime = max_vruntime(se->vruntime, vruntime);
+	/*
+	 * Pull vruntime of the entity being placed to the base level of
+	 * cfs_rq, to prevent boosting it if placed backwards.  If the entity
+	 * slept for a long time, don't even try to compare its vruntime with
+	 * the base as it may be too far off and the comparison may get
+	 * inversed due to s64 overflow.
+	 */
+	sleep_time = rq_clock_task(rq_of(cfs_rq)) - se->exec_start;
+	if ((s64)sleep_time > 60LL * NSEC_PER_SEC)
+		se->vruntime = vruntime;
+	else
+		se->vruntime = max_vruntime(se->vruntime, vruntime);
 }

 static void check_enqueue_throttle(struct cfs_rq *cfs_rq);