Re: [local DoS] Re: Linux 2.6.24-rc4

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Ingo Molnar

Subject: Re: [local DoS] Re: Linux 2.6.24-rc4

Date: Tuesday, December 4, 2007 - 9:08 am

* Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br> wrote:

quoted text> | The problem is on SMP: if sched_rr_get_interval() gets a task from 
> | an otherwise idle runqueue, then rq->load.weight is 0. Normally 
> | sched_slice() is only used on a busy runqueue. So the correct fixup 
> | site is not in sched_slice() but in sys_sched_rr_get_interval() - 
> | i'm working on the right fix, i hope to be able to send a pull 
> | request in a few minutes.
> 
>  Ingo, I can reproduce this w/o SMP support as well.

hm, if you run this as an RT task, right? Or can you trigger it via pure 
SCHED_OTHER tasks as well? Below is my candidate fix.

	Ingo

--------------->
Subject: sched: fix crash in sys_sched_rr_get_interval()
From: Ingo Molnar <mingo@elte.hu>

Luiz Fernando N. Capitulino reported that sched_rr_get_interval()
crashes for SCHED_OTHER tasks that are on an idle runqueue.

The fix is to return a 0 timeslice for tasks that are on an idle
runqueue. (and which are not running, obviously)

Reported-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
 kernel/sched.c |   14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

Index: linux/kernel/sched.c
===================================================================
--- linux.orig/kernel/sched.c
+++ linux/kernel/sched.c
@@ -4850,17 +4850,21 @@ long sys_sched_rr_get_interval(pid_t pid
 	if (retval)
 		goto out_unlock;
 
-	if (p->policy == SCHED_FIFO)
-		time_slice = 0;
-	else if (p->policy == SCHED_RR)
+	/*
+	 * Time slice is 0 for SCHED_FIFO tasks and for SCHED_OTHER
+	 * tasks that are on an otherwise idle runqueue:
+	 */
+	time_slice = 0;
+	if (p->policy == SCHED_RR) {
 		time_slice = DEF_TIMESLICE;
-	else {
+	} else {
 		struct sched_entity *se = &p->se;
 		unsigned long flags;
 		struct rq *rq;
 
 		rq = task_rq_lock(p, &flags);
-		time_slice = NS_TO_JIFFIES(sched_slice(cfs_rq_of(se), se));
+		if (rq->cfs.load.weight)
+			time_slice = NS_TO_JIFFIES(sched_slice(&rq->cfs, se));
 		task_rq_unlock(rq, &flags);
 	}
 	read_unlock(&tasklist_lock);
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Linux 2.6.24-rc4, Linus Torvalds, (Mon Dec 3, 10:08 pm)

[build failure] Re: Linux 2.6.24-rc4 on S390x, Kamalesh Babulal, (Tue Dec 4, 3:23 am)

Re: [build failure] Re: Linux 2.6.24-rc4 on S390x, Martin Schwidefsky, (Tue Dec 4, 3:31 am)

Re: [build failure] Re: Linux 2.6.24-rc4 on S390x, Ingo Molnar, (Tue Dec 4, 3:32 am)

Re: Linux 2.6.24-rc4, Nicolas Pitre, (Tue Dec 4, 6:22 am)

[local DoS] Re: Linux 2.6.24-rc4, Luiz Fernando N. Cap ..., (Tue Dec 4, 7:07 am)

Re: [local DoS] Re: Linux 2.6.24-rc4, Linus Torvalds, (Tue Dec 4, 8:56 am)

Re: Linux 2.6.24-rc4, Jeff Garzik, (Tue Dec 4, 9:04 am)

Re: [local DoS] Re: Linux 2.6.24-rc4, Luiz Fernando N. Cap ..., (Tue Dec 4, 9:04 am)

Re: [local DoS] Re: Linux 2.6.24-rc4, Ingo Molnar, (Tue Dec 4, 9:08 am)

[git pull] scheduler fixes, Ingo Molnar, (Tue Dec 4, 9:18 am)

Re: [git pull] scheduler fixes, Luiz Fernando N. Cap ..., (Tue Dec 4, 9:40 am)

Re: [git pull] scheduler fixes, Greg KH, (Tue Dec 4, 11:28 am)

Re: [git pull] scheduler fixes, Luiz Fernando N. Cap ..., (Tue Dec 4, 11:41 am)

Re: Linux 2.6.24-rc4, Diego Calleja, (Tue Dec 4, 5:23 pm)


linux-kernel:
Tejun Heo	Re: your mail
Ingo Molnar	Re: [patch] e1000=y && e1000e=m regression fix
Robert Richter	Re: [PATCH] oprofile: Implement Intel architectural perfmon support
Eli Cohen	Re: LRO num of frags limit
Pavel Machek	min_free_kbytes documentation, /proc/sys/vm docs
git:
Bill Lear	cpio command not found
Gary Yang	fatal: did you run git update-server-info on the server? mv post-update.sample pos...
Ben Schmidt	Getting the path right for git over SSH
Fredrik Kuivinen	Re: fatal: unable to create '.git/index': File exists
Laflen, Brandon (GE, Research)	RE: fatal: Unable to find remote helper for 'http'
linux-netdev:
Sage Weil	Re: [2/3] POHMELFS: Documentation.
Patrick McHardy	Re: [ANNOUNCE]: First release of nftables
Frans Pop	svc: failed to register lockdv1 RPC service (errno 97).
Sage Weil	Re: [2/3] POHMELFS: Documentation.
Eric Dumazet	Re: [PATCH] ipv4/route.c: respect prefsrc for local routes
openbsd-misc:
Paul M	Corrupted RAIDFrame device
nixlists	Re: OpenSMTPd actual development and integration
Steve Shockley	Re: Blocking Teamviewer
David Newman	Re: 4.2 and 4.3 BIND: masters_list does not work with masters option
Anders Langworthy	Re: What does your environment look like?
git-commits-head:
Linux Kernel Mailing List	Remove empty comment in acpi/power.c
Linux Kernel Mailing List	Linux 2.6.34-rc4
Linux Kernel Mailing List	swiotlb: replace architecture-specific swiotlb.h with linux/swiotlb.h
Linux Kernel Mailing List	x86 boot: only pick up additional EFI memmap if add_efi_memmap flag
Linux Kernel Mailing List	[ARM] 5269/1: ARMv7: Use -march=armv7-a as compiler flag