From nobody Wed Jun 17 02:52:25 2026 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68F83238D54 for ; Tue, 28 Apr 2026 14:49:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777387801; cv=none; b=SnDImMeoJVvYJbBKuCewMbWDm4xqnQztSJ5TnKP8dKV5/z2IAwa7esDk5KcNT8WVt34LRWKkSM+hiHPDWAChahAeDb7fpDMz8BMESTa5gOe1/AkIVhgdjbptrhWDpJpGeWKkhJ2BlLTp38GJ5XOZXZfSXktvETkzeeIi8lyS+r4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777387801; c=relaxed/simple; bh=mChek9St6fBJN3lk+F0mkbaDpjPe7z8MpI+wvKJrdgg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mMz368pPGSMgEVHVxX5I/eKWqgZ2riuSLhUexTtyx676Tf/hBkNzm//VV7AI4jhYFRLZOIjficbgU3uEgaHjjEi+8u2X6B06xSBoBJRZLw957/Yv4bo34yzcchFOaLX73KeSjC0JiZwwv18RRXhJdBPtC8NsKZS/Uzf5e+vOMGU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=EN5runtX; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="EN5runtX" Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-2ab39b111b9so47547185ad.1 for ; Tue, 28 Apr 2026 07:49:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777387799; x=1777992599; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HTbzzdumjaTKX4osffWcXpbVg2d+g6SX+iA3gwG8ld0=; b=EN5runtXWKSuiuU5UXh4XunKCJVxlPGcHaTLVNnvblDsvhhfHz5lzxkZZfS7eDr0cG ZJxPBnMogS41VkmMMl4wrihXxVVoXt//WC+bliiCOMm0hBeJs7ldBkOWLURZHY3abCyT NzPKO1EBxVWS/fugrMe7CAUVKqMzMxgO+yNxkP0Gzxy9wvWfK5amUH3+DsOt84Rb+dEc ZK9dQaH3ntMNfFAkoTSJM45a6DvaIy8s1JnKiVlsjiw1CKaHA7QZJjRtSEsSSGkfWv6J 2JqMfhx2N+5byVcFgvU5fQPTmdz3YR+C6WLq7JDJy7j0AzWOFQdxdngV1B6TNi90OTYX BSMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777387799; x=1777992599; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=HTbzzdumjaTKX4osffWcXpbVg2d+g6SX+iA3gwG8ld0=; b=ndpm683Ta19+dMt/B62GuDgQEE7VXTkUyafCUZ2ZQ5WFK/c9EjaOIClPiG9q5mFErp 2DHjXQ0tpOwUuNtT7XkehOWql2PSorwGs04t7KS33Ed2CUHGgvY+7ytZVbKccvvYpOzd eiGq1DkaDoawunCz53dgred1oqCA91DrC38rVFt/josmuBQdFo0KJWNlVGzhQYDMuTAT ay2ohcapNXGpF9fGS0E+PFgMpVMGni0e8b4nGSTew4H3Hi+TweWF33jhFoTVnzIIk2rT 1zGLx/SVt5XRRJXHJsnlmUBULueJe6nIwvrGEvM3YD7YEnE4+Mbl9UeDPCk5o7HlSG+5 OP5Q== X-Forwarded-Encrypted: i=1; AFNElJ98RJStwIRQpts9FSjX7YzgSrqcAsLhG0EV787crEvK5DQ+HTcFBUyTMLMcUpRBbluo/RFHqTEBoQanEwQ=@vger.kernel.org X-Gm-Message-State: AOJu0YyfJc9WD1KMrFj2evPL05k3AmHfASfgSyvtt0CK4WakVX8Tzj9I Z/iHN/Ej0ewnqvugk98WItXNRzDjxWR2oF0izokS1qUm3hknMjONyr4+ X-Gm-Gg: AeBDievZlAxv16Ecv9yWDkSwpGovNew/l8QpCPStjuwLK69FCgH8eqjwboz3pVc45oi WFpxxcAzuRQHzW3W/1JcR2DchFMALJDunRewZFoab3ON7adKwbRJRTMtdiKY3VF28sYzT4aT6Om uG/mS1F21XP3w8eAqJ8LsjHMRktxJrtfJTamVqgQVRCzF7FGcOwzE/e9V9/6dpVqV4bGB2SifEh 3gi+5QdSg4sgX45hf1yn+KS+wDn+8HgyXPiTSt3jneYXqubQ4/xGyjG82L2E3G2k5h9Bq1aiWSS MzQlm43Ne+6HsaTe4nT4uSLzBrVlBsO3Y6SMqp5s9bhymTk/s4xqU1zT3g2VfgPTMROIbB4as/k g4nNdu1HjqsXEYQAzXqnUG+DhiFs0jUO+CRJBlCJr+8xDl0GZF3/xFlIRuKQIvv9HnXUMuM/UdZ Zx6IYG2VchmnKYEa78Y5meNgOWOME4ZcnC+qSKKWrfEeavDZEcMMetwu94TA== X-Received: by 2002:a17:903:3c23:b0:2ad:9b86:ddc2 with SMTP id d9443c01a7336-2b97c4b2701mr36322555ad.22.1777387798158; Tue, 28 Apr 2026 07:49:58 -0700 (PDT) Received: from DESKTOP-MOQC9AF.mioffice.cn ([43.224.245.246]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b97ac8ca97sm28432535ad.55.2026.04.28.07.49.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Apr 2026 07:49:57 -0700 (PDT) From: Zhan Xusheng X-Google-Original-From: Zhan Xusheng To: Peter Zijlstra , Ingo Molnar Cc: K Prateek Nayak , linux-kernel@vger.kernel.org, Zhan Xusheng Subject: [PATCH RESEND] sched/fair: Fix overflow in vruntime_eligible() Date: Tue, 28 Apr 2026 22:49:51 +0800 Message-ID: <20260428144951.121765-1-zhanxusheng@xiaomi.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260415145742.10359-1-zhanxusheng@xiaomi.com> References: <20260415145742.10359-1-zhanxusheng@xiaomi.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" After commit 556146ce5e94 ("sched/fair: Avoid overflow in enqueue_entity()"), place_entity() can shift cfs_rq->zero_vruntime towards a newly enqueued heavy entity. This can make (vruntime - zero_vruntime) very large for other entities and cause key * load in vruntime_eligible() to overflow s64, flipping the eligibility result. Use check_mul_overflow() for the multiplication and fall back to a sign-based result on overflow. Fixes: 556146ce5e94 ("sched/fair: Avoid overflow in enqueue_entity()") Signed-off-by: Zhan Xusheng Reported-by: Zhan Xusheng --- kernel/sched/fair.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 69361c63353a..9c186c34b2a8 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -891,6 +891,7 @@ static int vruntime_eligible(struct cfs_rq *cfs_rq, u64= vruntime) struct sched_entity *curr =3D cfs_rq->curr; s64 avg =3D cfs_rq->sum_w_vruntime; long load =3D cfs_rq->sum_weight; + s64 key, rhs; =20 if (curr && curr->on_rq) { unsigned long weight =3D avg_vruntime_weight(cfs_rq, curr->load.weight); @@ -899,7 +900,21 @@ static int vruntime_eligible(struct cfs_rq *cfs_rq, u6= 4 vruntime) load +=3D weight; } =20 - return avg >=3D vruntime_op(vruntime, "-", cfs_rq->zero_vruntime) * load; + key =3D vruntime_op(vruntime, "-", cfs_rq->zero_vruntime); + + /* + * The multiplication key * load can overflow s64 when a heavy entity + * enqueue shifts zero_vruntime far from lighter entities (see the + * weight > load condition in place_entity()). + * + * On overflow, the sign of key tells us the correct answer: a large + * positive key means vruntime >> V, so not eligible; a large negative + * key means vruntime << V, so eligible. + */ + if (check_mul_overflow(key, (s64)load, &rhs)) + return key <=3D 0; + + return avg >=3D rhs; } =20 int entity_eligible(struct cfs_rq *cfs_rq, struct sched_entity *se) --=20 2.43.0