sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
It was possible to have pick_eevdf() return NULL, which then causes a
NULL-deref. This turned out to be due to entity_eligible() returning
falsely negative because of a s64 multiplcation overflow.
Specifically, reweight_eevdf() computes the vlag without considering
the limit placed upon vlag as update_entity_lag() does, and then the
scaling multiplication (remember that weight is 20bit fixed point) can
overflow. This then leads to the new vruntime being weird which then
causes the above entity_eligible() to go side-ways and claim nothing
is eligible.
Thus limit the range of vlag accordingly.
All this was quite rare, but fatal when it does happen.
Closes: https://lore.kernel.org/all/ZhuYyrh3mweP_Kd8@nz.home/
Closes: https://lore.kernel.org/all/CA+9S74ih+45M_2TPUY_mPPVDhNvyYfy1J1ftSix+KjiTVxg8nw@mail.gmail.com/
Closes: https://lore.kernel.org/lkml/202401301012.2ed95df0-oliver.sang@intel.com/
Fixes: eab03c23c2
("sched/eevdf: Fix vruntime adjustment on reweight")
Reported-by: Sergei Trofimovich <slyich@gmail.com>
Reported-by: Igor Raits <igor@gooddata.com>
Reported-by: Breno Leitao <leitao@debian.org>
Reported-by: kernel test robot <oliver.sang@intel.com>
Reported-by: Yujie Liu <yujie.liu@intel.com>
Signed-off-by: Xuewen Yan <xuewen.yan@unisoc.com>
Reviewed-and-tested-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20240422082238.5784-1-xuewen.yan@unisoc.com
This commit is contained in:
parent
afae8002b4
commit
1560d1f6eb
|
@ -696,15 +696,21 @@ u64 avg_vruntime(struct cfs_rq *cfs_rq)
|
||||||
*
|
*
|
||||||
* XXX could add max_slice to the augmented data to track this.
|
* XXX could add max_slice to the augmented data to track this.
|
||||||
*/
|
*/
|
||||||
|
static s64 entity_lag(u64 avruntime, struct sched_entity *se)
|
||||||
|
{
|
||||||
|
s64 vlag, limit;
|
||||||
|
|
||||||
|
vlag = avruntime - se->vruntime;
|
||||||
|
limit = calc_delta_fair(max_t(u64, 2*se->slice, TICK_NSEC), se);
|
||||||
|
|
||||||
|
return clamp(vlag, -limit, limit);
|
||||||
|
}
|
||||||
|
|
||||||
static void update_entity_lag(struct cfs_rq *cfs_rq, struct sched_entity *se)
|
static void update_entity_lag(struct cfs_rq *cfs_rq, struct sched_entity *se)
|
||||||
{
|
{
|
||||||
s64 lag, limit;
|
|
||||||
|
|
||||||
SCHED_WARN_ON(!se->on_rq);
|
SCHED_WARN_ON(!se->on_rq);
|
||||||
lag = avg_vruntime(cfs_rq) - se->vruntime;
|
|
||||||
|
|
||||||
limit = calc_delta_fair(max_t(u64, 2*se->slice, TICK_NSEC), se);
|
se->vlag = entity_lag(avg_vruntime(cfs_rq), se);
|
||||||
se->vlag = clamp(lag, -limit, limit);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -3760,7 +3766,7 @@ static void reweight_eevdf(struct sched_entity *se, u64 avruntime,
|
||||||
* = V - vl'
|
* = V - vl'
|
||||||
*/
|
*/
|
||||||
if (avruntime != se->vruntime) {
|
if (avruntime != se->vruntime) {
|
||||||
vlag = (s64)(avruntime - se->vruntime);
|
vlag = entity_lag(avruntime, se);
|
||||||
vlag = div_s64(vlag * old_weight, weight);
|
vlag = div_s64(vlag * old_weight, weight);
|
||||||
se->vruntime = avruntime - vlag;
|
se->vruntime = avruntime - vlag;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue