Two fixes for the time/timers subsystem:
- Invert the inverted fastpath decision in check_tick_dependency(), which
prevents NOHZ full to stop the tick. That's a regression introduced in
the 7.0 merge window.
- Prevent a unpriviledged DoS in the clockevents code, where user space
can starve the timer interrupt by arming a timerfd or posix interval
timer in a tight loop with an absolute expiry time in the past. The
fix turned out to be incomplete and was was amended yesterday to make
it work on some 20 years old AMD machines as well. All issues with it
have been confirmed to be resolved by various reporters.
-----BEGIN PGP SIGNATURE-----
iQJEBAABCgAuFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAmnboPYQHHRnbHhAa2Vy
bmVsLm9yZwAKCRCmGPVMDXSYocEDD/4+aEut3QsitcZliE5KTpD4QFVo70Ky5MMe
XvQgOJyvSJeUBjOW3UVROEZvBWxpb0bYRbXGTs37pCKK4DwjOmodAaY6OI5W/atb
13lnVWSiCKkZoRLs3+G+PCxCD3WuS2HhZc27fiFJmXNyLGfaLBVC2trNnheEBmUs
m3DleuJYiuL3tNbQqlKJ2nIXJFp9qpHSkZ241gxinTvFhBz6QhhAkegMbq9DmHTR
dps4xc3dtNm1poEcTKFeZesfpqlgJaX5LoDydtOFtDomKbXX2SzD82nvCBritUty
ICcd99kIpAgREEn+aer7hokV8X3eAOBRrzPe8tqWl2mc55jcjQJHxD8dE3zIAv5a
AkcnIsiItfHLCPB3iP95inUQoeBCvAX7jCWaLFH8EZCz8QfLALSetjn6HSbWeN/6
ANqFsWlKhK7b1+VcdSL8LVdPtEsE2ILEIHR8dF9GqkVXzs1OPEJJHQoqQxUfDhpa
BdAahPCybY+7lcvZko+WJYJ2Xj0TPRbvav9Ol1o8c8xLF3itFDTCL+E2VMoLdpUn
F8SRDo2FUwysO4NVjHzR7YRTBhlF1pC3MgvPCL2kCekPv2TDUgacHjygnd/QGQ8m
cEOZlD/FlCVE+MNSaLYOUFYJ2a7QwO4qCXOhjy6OFMtO3ezJnol9plqCRCJfhkgy
towg2pGIaQ==
=cnPC
-----END PGP SIGNATURE-----
Merge tag 'timers-urgent-2026-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fixes from Thomas Gleixner:
"Two fixes for the time/timers subsystem:
- Invert the inverted fastpath decision in check_tick_dependency(),
which prevents NOHZ full to stop the tick. That's a regression
introduced in the 7.0 merge window.
- Prevent a unpriviledged DoS in the clockevents code, where user
space can starve the timer interrupt by arming a timerfd or posix
interval timer in a tight loop with an absolute expiry time in the
past. The fix turned out to be incomplete and was was amended
yesterday to make it work on some 20 years old AMD machines as
well. All issues with it have been confirmed to be resolved by
various reporters"
* tag 'timers-urgent-2026-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
clockevents: Prevent timer interrupt starvation
tick/nohz: Fix inverted return value in check_tick_dependency() fast path
master
Linus Torvalds
commit
ab3dee2640
|
|
@ -80,6 +80,7 @@ enum clock_event_state {
|
|||
* @shift: nanoseconds to cycles divisor (power of two)
|
||||
* @state_use_accessors:current state of the device, assigned by the core code
|
||||
* @features: features
|
||||
* @next_event_forced: True if the last programming was a forced event
|
||||
* @retries: number of forced programming retries
|
||||
* @set_state_periodic: switch state to periodic
|
||||
* @set_state_oneshot: switch state to oneshot
|
||||
|
|
@ -108,6 +109,7 @@ struct clock_event_device {
|
|||
u32 shift;
|
||||
enum clock_event_state state_use_accessors;
|
||||
unsigned int features;
|
||||
unsigned int next_event_forced;
|
||||
unsigned long retries;
|
||||
|
||||
int (*set_state_periodic)(struct clock_event_device *);
|
||||
|
|
|
|||
|
|
@ -172,6 +172,7 @@ void clockevents_shutdown(struct clock_event_device *dev)
|
|||
{
|
||||
clockevents_switch_state(dev, CLOCK_EVT_STATE_SHUTDOWN);
|
||||
dev->next_event = KTIME_MAX;
|
||||
dev->next_event_forced = 0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -305,7 +306,6 @@ int clockevents_program_event(struct clock_event_device *dev, ktime_t expires,
|
|||
{
|
||||
unsigned long long clc;
|
||||
int64_t delta;
|
||||
int rc;
|
||||
|
||||
if (WARN_ON_ONCE(expires < 0))
|
||||
return -ETIME;
|
||||
|
|
@ -324,16 +324,27 @@ int clockevents_program_event(struct clock_event_device *dev, ktime_t expires,
|
|||
return dev->set_next_ktime(expires, dev);
|
||||
|
||||
delta = ktime_to_ns(ktime_sub(expires, ktime_get()));
|
||||
if (delta <= 0)
|
||||
return force ? clockevents_program_min_delta(dev) : -ETIME;
|
||||
|
||||
delta = min(delta, (int64_t) dev->max_delta_ns);
|
||||
delta = max(delta, (int64_t) dev->min_delta_ns);
|
||||
/* Required for tick_periodic() during early boot */
|
||||
if (delta <= 0 && !force)
|
||||
return -ETIME;
|
||||
|
||||
clc = ((unsigned long long) delta * dev->mult) >> dev->shift;
|
||||
rc = dev->set_next_event((unsigned long) clc, dev);
|
||||
if (delta > (int64_t)dev->min_delta_ns) {
|
||||
delta = min(delta, (int64_t) dev->max_delta_ns);
|
||||
clc = ((unsigned long long) delta * dev->mult) >> dev->shift;
|
||||
if (!dev->set_next_event((unsigned long) clc, dev))
|
||||
return 0;
|
||||
}
|
||||
|
||||
return (rc && force) ? clockevents_program_min_delta(dev) : rc;
|
||||
if (dev->next_event_forced)
|
||||
return 0;
|
||||
|
||||
if (dev->set_next_event(dev->min_delta_ticks, dev)) {
|
||||
if (!force || clockevents_program_min_delta(dev))
|
||||
return -ETIME;
|
||||
}
|
||||
dev->next_event_forced = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -1888,6 +1888,7 @@ void hrtimer_interrupt(struct clock_event_device *dev)
|
|||
BUG_ON(!cpu_base->hres_active);
|
||||
cpu_base->nr_events++;
|
||||
dev->next_event = KTIME_MAX;
|
||||
dev->next_event_forced = 0;
|
||||
|
||||
raw_spin_lock_irqsave(&cpu_base->lock, flags);
|
||||
entry_time = now = hrtimer_update_base(cpu_base);
|
||||
|
|
|
|||
|
|
@ -76,8 +76,10 @@ const struct clock_event_device *tick_get_wakeup_device(int cpu)
|
|||
*/
|
||||
static void tick_broadcast_start_periodic(struct clock_event_device *bc)
|
||||
{
|
||||
if (bc)
|
||||
if (bc) {
|
||||
bc->next_event_forced = 0;
|
||||
tick_setup_periodic(bc, 1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -403,6 +405,7 @@ static void tick_handle_periodic_broadcast(struct clock_event_device *dev)
|
|||
bool bc_local;
|
||||
|
||||
raw_spin_lock(&tick_broadcast_lock);
|
||||
tick_broadcast_device.evtdev->next_event_forced = 0;
|
||||
|
||||
/* Handle spurious interrupts gracefully */
|
||||
if (clockevent_state_shutdown(tick_broadcast_device.evtdev)) {
|
||||
|
|
@ -696,6 +699,7 @@ static void tick_handle_oneshot_broadcast(struct clock_event_device *dev)
|
|||
|
||||
raw_spin_lock(&tick_broadcast_lock);
|
||||
dev->next_event = KTIME_MAX;
|
||||
tick_broadcast_device.evtdev->next_event_forced = 0;
|
||||
next_event = KTIME_MAX;
|
||||
cpumask_clear(tmpmask);
|
||||
now = ktime_get();
|
||||
|
|
@ -1063,6 +1067,7 @@ static void tick_broadcast_setup_oneshot(struct clock_event_device *bc,
|
|||
|
||||
|
||||
bc->event_handler = tick_handle_oneshot_broadcast;
|
||||
bc->next_event_forced = 0;
|
||||
bc->next_event = KTIME_MAX;
|
||||
|
||||
/*
|
||||
|
|
@ -1175,6 +1180,7 @@ void hotplug_cpu__broadcast_tick_pull(int deadcpu)
|
|||
}
|
||||
|
||||
/* This moves the broadcast assignment to this CPU: */
|
||||
bc->next_event_forced = 0;
|
||||
clockevents_program_event(bc, bc->next_event, 1);
|
||||
}
|
||||
raw_spin_unlock_irqrestore(&tick_broadcast_lock, flags);
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ void tick_handle_periodic(struct clock_event_device *dev)
|
|||
int cpu = smp_processor_id();
|
||||
ktime_t next = dev->next_event;
|
||||
|
||||
dev->next_event_forced = 0;
|
||||
tick_periodic(cpu);
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -345,7 +345,7 @@ static bool check_tick_dependency(atomic_t *dep)
|
|||
int val = atomic_read(dep);
|
||||
|
||||
if (likely(!tracepoint_enabled(tick_stop)))
|
||||
return !val;
|
||||
return !!val;
|
||||
|
||||
if (val & TICK_DEP_MASK_POSIX_TIMER) {
|
||||
trace_tick_stop(0, TICK_DEP_MASK_POSIX_TIMER);
|
||||
|
|
@ -1513,6 +1513,7 @@ static void tick_nohz_lowres_handler(struct clock_event_device *dev)
|
|||
struct tick_sched *ts = this_cpu_ptr(&tick_cpu_sched);
|
||||
|
||||
dev->next_event = KTIME_MAX;
|
||||
dev->next_event_forced = 0;
|
||||
|
||||
if (likely(tick_nohz_handler(&ts->sched_timer) == HRTIMER_RESTART))
|
||||
tick_program_event(hrtimer_get_expires(&ts->sched_timer), 1);
|
||||
|
|
|
|||
Loading…
Reference in New Issue