From nobody Tue Jun 16 02:37:02 2026 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3AFD333DEF9 for ; Wed, 15 Apr 2026 14:58:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776265085; cv=none; b=OWxuHob8EJ6OKd3WxReH3uv1bpds/T4V3xReKXmnkSHWpA7hFcJjpnWSE0o3edGcsy+oTuWhA/68dyLpuMAXa7LuAZLNpDcDhVmMP48fTh0QsMnRCY5/g9FUFqWPQspC2RsO7zHdhaGS9lsmzJheOeIxHoHORDa3zdLvU65ZRXA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776265085; c=relaxed/simple; bh=mChek9St6fBJN3lk+F0mkbaDpjPe7z8MpI+wvKJrdgg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=HGYeQVfNin+1iZh8myWOpEGGVuVEOYqRQEAuAo7KL9puih/T4BSRpSxqHTXFY/kgCtg0AX/k7kiywnzsCJlRMNCbTS6ayS4eNoekI9li0Domppb2VsPZuUuMnAReNwiOt4MC9B2cgmEosRZ3QpF6AwHdKteKO9XTE/ZQS83qDj8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZPA0PA0K; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZPA0PA0K" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2b2503753efso59776065ad.0 for ; Wed, 15 Apr 2026 07:58:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776265082; x=1776869882; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=HTbzzdumjaTKX4osffWcXpbVg2d+g6SX+iA3gwG8ld0=; b=ZPA0PA0KdfQOBunTJxQnygNOf5uLDaCdRD/yFKkIuPAOw0HYf+ePKPQjUyXYjuf/q0 fkGNmu5Pk8OCh7mDaBYVX8MIPYHAJcnwp4A2pu5M9tV2kNoT3pTcBgJ1BPlbv6to1K28 aWe5skZEhnER++HKSaFMFxV6ZqlbvdtPDVxFgvGDDAgI3bywFXsOaGjXRMfmnFsUTG8c hvjLA1jXZQeBagBV4GwXbIOxYoOFZi0Up2+7qKgVeLaWzDfdyszo4Sj9ozDsOHFOzqzN t8CZInXDImyylNAFk6lpSPDGrkOJp/dq5My5YV8TMYJXjC1jBx/9DxEavcNaDE5Q7mdm FxjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776265082; x=1776869882; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=HTbzzdumjaTKX4osffWcXpbVg2d+g6SX+iA3gwG8ld0=; b=YdPPNAACNsooJAQJJA+J07gZQwCdq8mP31FQEOgC0S+uifNzHdB6Z5qCIujxjfmHeb sDLi3pPKXSd45pKGS6y4Hgcwu6M5uQbaV6o+FDvLo7U8iXUYA0g2ZIaNVf7g1oklk0UZ 7UoeKuBgOE1qC03Xwq7csjYiZTDpi4bAasi1Yy3Vbmheh+1HdAEjUCoW+tTl3k27kaRA Rz6+uy97YhUShIGImNHKKgo9wmiStjJ8iubH6oe3uvz5oLMgNWOFmxS6+VAE0N1ncF5r b1Tl1ITwNMThRloTbGxARIM43A/uIiiIgq+LOsgVOQvyfSfQ0VuQkcyrCI7l15zANrEV vV0w== X-Gm-Message-State: AOJu0Yz9RkfCRLCdeTrQjy8zpK3XGfkD1e9l2wVnaRO5fWraujfT9VBr dwp0Y4E57Jb7RF8RWh5KGj8U74ffFw9+OgLDL8/KsKn+7PJpODWMq+sX X-Gm-Gg: AeBDietTTu6kNaiEMWHA0cAuRdSBgJ+yF5ON3eT1yLhQMByUV33Eh642RdOcsYx7Al5 cBuJoTR7oowiFfHxNIo7pRUdc1SobF7UWbG0LXc37BQGot9ElqBLkraNT9eKMBkwJi+TCOjuD3o Ti/ErKI3RSPWPqJUNz/JlCd4HOS+wefETvJY5RzKxDO30LR1/9Hq38lZFp8LVaWkEaXpho8LD3I Bc6rVAN64LNrUF+7z1nG/vypIGZjG2O1BrdH/MSQ11273nKax9fJTlPf5+s2Gdn4HEC4fVfmbHp m7R8xsPEL7++AxoNy6hYCyPPW6zZuDCS7GAlMn1QJYRHB0YeBQa3qlJCRpT0h13TyK26jeOLy7m eDbNCMJT5Qzv4bslyBdw+1+e0KvJstnNhT+MfTJQBfS7HIKte9V0V+SLEK6HyF+VpzPMhhBmfBn 5AENrr4QXBQ688conc1O/mLqKNCdsmULjgM1b6WkPs0dBZbgs= X-Received: by 2002:a17:903:b0e:b0:2b4:5cea:f61c with SMTP id d9443c01a7336-2b45ceaf83emr133494635ad.4.1776265082200; Wed, 15 Apr 2026 07:58:02 -0700 (PDT) Received: from DESKTOP-MOQC9AF.mioffice.cn ([43.224.245.179]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b4782cb32csm26611085ad.79.2026.04.15.07.58.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Apr 2026 07:58:01 -0700 (PDT) From: Zhan Xusheng X-Google-Original-From: Zhan Xusheng To: Peter Zijlstra Cc: linux-kernel@vger.kernel.org, Zhan Xusheng Subject: [PATCH] sched/fair: Fix overflow in vruntime_eligible() Date: Wed, 15 Apr 2026 22:57:42 +0800 Message-ID: <20260415145742.10359-1-zhanxusheng@xiaomi.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" After commit 556146ce5e94 ("sched/fair: Avoid overflow in enqueue_entity()"), place_entity() can shift cfs_rq->zero_vruntime towards a newly enqueued heavy entity. This can make (vruntime - zero_vruntime) very large for other entities and cause key * load in vruntime_eligible() to overflow s64, flipping the eligibility result. Use check_mul_overflow() for the multiplication and fall back to a sign-based result on overflow. Fixes: 556146ce5e94 ("sched/fair: Avoid overflow in enqueue_entity()") Signed-off-by: Zhan Xusheng --- kernel/sched/fair.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 69361c63353a..9c186c34b2a8 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -891,6 +891,7 @@ static int vruntime_eligible(struct cfs_rq *cfs_rq, u64= vruntime) struct sched_entity *curr =3D cfs_rq->curr; s64 avg =3D cfs_rq->sum_w_vruntime; long load =3D cfs_rq->sum_weight; + s64 key, rhs; =20 if (curr && curr->on_rq) { unsigned long weight =3D avg_vruntime_weight(cfs_rq, curr->load.weight); @@ -899,7 +900,21 @@ static int vruntime_eligible(struct cfs_rq *cfs_rq, u6= 4 vruntime) load +=3D weight; } =20 - return avg >=3D vruntime_op(vruntime, "-", cfs_rq->zero_vruntime) * load; + key =3D vruntime_op(vruntime, "-", cfs_rq->zero_vruntime); + + /* + * The multiplication key * load can overflow s64 when a heavy entity + * enqueue shifts zero_vruntime far from lighter entities (see the + * weight > load condition in place_entity()). + * + * On overflow, the sign of key tells us the correct answer: a large + * positive key means vruntime >> V, so not eligible; a large negative + * key means vruntime << V, so eligible. + */ + if (check_mul_overflow(key, (s64)load, &rhs)) + return key <=3D 0; + + return avg >=3D rhs; } =20 int entity_eligible(struct cfs_rq *cfs_rq, struct sched_entity *se) --=20 2.43.0