1. Patchew
  2. Xen
  3. View series

[PATCH] xen/sched: validate RTDS putinfo period and budget

Oleksii Moisieiev posted 1 patch 1 week, 1 day ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/1a235cca6f37ee3d3f03132675247edfc19953cd.1774431761.git.oleksii._5Fmoisieiev@epam.com
There is a newer version of this series
xen/common/sched/rt.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
[PATCH] xen/sched: validate RTDS putinfo period and budget
Posted by Oleksii Moisieiev 1 week, 1 day ago 
The RTDS domain-wide XEN_DOMCTL_SCHEDOP_putinfo path only checks for
zero values before applying period and budget to all vCPUs in the
domain.

This is weaker than the per-vCPU XEN_DOMCTL_SCHEDOP_putvcpuinfo path,
which already rejects values below the minimum, above the maximum, and
cases where budget exceeds period.

Use the same validation rules for putinfo as for putvcpuinfo, so
invalid domain-wide updates are rejected with -EINVAL instead of being
applied inconsistently.

Signed-off-by: Oleksii Moisieiev <oleksii_moisieiev@epam.com>
---

 xen/common/sched/rt.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c
index 7b1f64a779..62188f37c6 100644
--- a/xen/common/sched/rt.c
+++ b/xen/common/sched/rt.c
@@ -1388,7 +1388,10 @@ rt_dom_cntl(
         op->u.rtds.budget = RTDS_DEFAULT_BUDGET / MICROSECS(1);
         break;
     case XEN_DOMCTL_SCHEDOP_putinfo:
-        if ( op->u.rtds.period == 0 || op->u.rtds.budget == 0 )
+        if ( op->u.rtds.period > RTDS_MAX_PERIOD ||
+            op->u.rtds.budget < RTDS_MIN_BUDGET ||
+            op->u.rtds.budget > op->u.rtds.period ||
+            op->u.rtds.period < RTDS_MIN_PERIOD )
         {
             rc = -EINVAL;
             break;
-- 
2.43.0

base-commit: a7bf8ff218ca05eb3674fdfd2817f6cff471e96a
branch: amoi_rtds_SCHEDOP_putinfo
Re: [PATCH] xen/sched: validate RTDS putinfo period and budget
Posted by Jan Beulich 1 week, 1 day ago 
On 25.03.2026 10:43, Oleksii Moisieiev wrote:
> The RTDS domain-wide XEN_DOMCTL_SCHEDOP_putinfo path only checks for
> zero values before applying period and budget to all vCPUs in the
> domain.
> 
> This is weaker than the per-vCPU XEN_DOMCTL_SCHEDOP_putvcpuinfo path,
> which already rejects values below the minimum, above the maximum, and
> cases where budget exceeds period.
> 
> Use the same validation rules for putinfo as for putvcpuinfo, so
> invalid domain-wide updates are rejected with -EINVAL instead of being
> applied inconsistently.
> 
> Signed-off-by: Oleksii Moisieiev <oleksii_moisieiev@epam.com>
> ---
> 
>  xen/common/sched/rt.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c
> index 7b1f64a779..62188f37c6 100644
> --- a/xen/common/sched/rt.c
> +++ b/xen/common/sched/rt.c
> @@ -1388,7 +1388,10 @@ rt_dom_cntl(
>          op->u.rtds.budget = RTDS_DEFAULT_BUDGET / MICROSECS(1);
>          break;
>      case XEN_DOMCTL_SCHEDOP_putinfo:
> -        if ( op->u.rtds.period == 0 || op->u.rtds.budget == 0 )
> +        if ( op->u.rtds.period > RTDS_MAX_PERIOD ||
> +            op->u.rtds.budget < RTDS_MIN_BUDGET ||
> +            op->u.rtds.budget > op->u.rtds.period ||
> +            op->u.rtds.period < RTDS_MIN_PERIOD )

Besides there being an indentation issue here, are the inputs of putinfo
really in different units than those of putvcpuinfo? The latter first
applies MICROSECS() before comparing against bounds. Assuming they are
using identical units (actually, they do, as putinfo uses MICROSECS()
when storing the values into the internal structure), I guess you'd best
make a small helper function used by both.

Jan
Re: [PATCH] xen/sched: validate RTDS putinfo period and budget
Posted by Oleksii Moisieiev 1 week, 1 day ago 
Hi Jan,

On 25/03/2026 13:50, Jan Beulich wrote:
> On 25.03.2026 10:43, Oleksii Moisieiev wrote:
>> The RTDS domain-wide XEN_DOMCTL_SCHEDOP_putinfo path only checks for
>> zero values before applying period and budget to all vCPUs in the
>> domain.
>>
>> This is weaker than the per-vCPU XEN_DOMCTL_SCHEDOP_putvcpuinfo path,
>> which already rejects values below the minimum, above the maximum, and
>> cases where budget exceeds period.
>>
>> Use the same validation rules for putinfo as for putvcpuinfo, so
>> invalid domain-wide updates are rejected with -EINVAL instead of being
>> applied inconsistently.
>>
>> Signed-off-by: Oleksii Moisieiev <oleksii_moisieiev@epam.com>
>> ---
>>
>>   xen/common/sched/rt.c | 5 ++++-
>>   1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c
>> index 7b1f64a779..62188f37c6 100644
>> --- a/xen/common/sched/rt.c
>> +++ b/xen/common/sched/rt.c
>> @@ -1388,7 +1388,10 @@ rt_dom_cntl(
>>           op->u.rtds.budget = RTDS_DEFAULT_BUDGET / MICROSECS(1);
>>           break;
>>       case XEN_DOMCTL_SCHEDOP_putinfo:
>> -        if ( op->u.rtds.period == 0 || op->u.rtds.budget == 0 )
>> +        if ( op->u.rtds.period > RTDS_MAX_PERIOD ||
>> +            op->u.rtds.budget < RTDS_MIN_BUDGET ||
>> +            op->u.rtds.budget > op->u.rtds.period ||
>> +            op->u.rtds.period < RTDS_MIN_PERIOD )
> Besides there being an indentation issue here, are the inputs of putinfo
> really in different units than those of putvcpuinfo? The latter first
> applies MICROSECS() before comparing against bounds. Assuming they are
> using identical units (actually, they do, as putinfo uses MICROSECS()
> when storing the values into the internal structure), I guess you'd best
> make a small helper function used by both.
That's a good point. thank you. And sorry for the intendation. will fix.
> Jan

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.