releases/5.1.6/sched-core-check-quota-and-period-overflow-at-usec-t.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From b66d90b50b2fb988e3a4a9cceced6120b954cbb1 Mon Sep 17 00:00:00 2001
 From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
 Date: Wed, 27 Feb 2019 11:10:20 +0300
 Subject: sched/core: Check quota and period overflow at usec to nsec
  conversion

 [ Upstream commit 1a8b4540db732ca16c9e43ac7c08b1b8f0b252d8 ]

 Large values could overflow u64 and pass following sanity checks.

  # echo 18446744073750000 > cpu.cfs_period_us
  # cat cpu.cfs_period_us
  40448

  # echo 18446744073750000 > cpu.cfs_quota_us
  # cat cpu.cfs_quota_us
  40448

 After this patch they will fail with -EINVAL.

 Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
 Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
 Cc: Linus Torvalds <torvalds@linux-foundation.org>
 Cc: Peter Zijlstra <peterz@infradead.org>
 Cc: Thomas Gleixner <tglx@linutronix.de>
 Link: http://lkml.kernel.org/r/155125502079.293431.3947497929372138600.stgit@buzz
 Signed-off-by: Ingo Molnar <mingo@kernel.org>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  kernel/sched/core.c | 7 ++++++-
  1 file changed, 6 insertions(+), 1 deletion(-)

 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
 index 4778c48a7fda4..89c9c1d7d22c5 100644
 --- a/kernel/sched/core.c
 +++ b/kernel/sched/core.c
 @@ -6661,8 +6661,10 @@ int tg_set_cfs_quota(struct task_group *tg, long cfs_quota_us)
  	period = ktime_to_ns(tg->cfs_bandwidth.period);
  	if (cfs_quota_us < 0)
  		quota = RUNTIME_INF;
 -	else
 +	else if ((u64)cfs_quota_us <= U64_MAX / NSEC_PER_USEC)
  		quota = (u64)cfs_quota_us * NSEC_PER_USEC;
 +	else
 +		return -EINVAL;

  	return tg_set_cfs_bandwidth(tg, period, quota);
  }
 @@ -6684,6 +6686,9 @@ int tg_set_cfs_period(struct task_group *tg, long cfs_period_us)
  {
  	u64 quota, period;

 +	if ((u64)cfs_period_us > U64_MAX / NSEC_PER_USEC)
 +		return -EINVAL;
 +
  	period = (u64)cfs_period_us * NSEC_PER_USEC;
  	quota = tg->cfs_bandwidth.quota;

 --
 2.20.1
	From b66d90b50b2fb988e3a4a9cceced6120b954cbb1 Mon Sep 17 00:00:00 2001
	From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
	Date: Wed, 27 Feb 2019 11:10:20 +0300
	Subject: sched/core: Check quota and period overflow at usec to nsec
	conversion

	[ Upstream commit 1a8b4540db732ca16c9e43ac7c08b1b8f0b252d8 ]

	Large values could overflow u64 and pass following sanity checks.

	# echo 18446744073750000 > cpu.cfs_period_us
	# cat cpu.cfs_period_us
	40448

	# echo 18446744073750000 > cpu.cfs_quota_us
	# cat cpu.cfs_quota_us
	40448

	After this patch they will fail with -EINVAL.

	Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
	Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	Cc: Peter Zijlstra <peterz@infradead.org>
	Cc: Thomas Gleixner <tglx@linutronix.de>
	Link: http://lkml.kernel.org/r/155125502079.293431.3947497929372138600.stgit@buzz
	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	kernel/sched/core.c \| 7 ++++++-
	1 file changed, 6 insertions(+), 1 deletion(-)

	diff --git a/kernel/sched/core.c b/kernel/sched/core.c
	index 4778c48a7fda4..89c9c1d7d22c5 100644
	--- a/kernel/sched/core.c
	+++ b/kernel/sched/core.c
	@@ -6661,8 +6661,10 @@ int tg_set_cfs_quota(struct task_group *tg, long cfs_quota_us)
	period = ktime_to_ns(tg->cfs_bandwidth.period);
	if (cfs_quota_us < 0)
	quota = RUNTIME_INF;
	- else
	+ else if ((u64)cfs_quota_us <= U64_MAX / NSEC_PER_USEC)
	quota = (u64)cfs_quota_us * NSEC_PER_USEC;
	+ else
	+ return -EINVAL;

	return tg_set_cfs_bandwidth(tg, period, quota);
	}
	@@ -6684,6 +6686,9 @@ int tg_set_cfs_period(struct task_group *tg, long cfs_period_us)
	{
	u64 quota, period;

	+ if ((u64)cfs_period_us > U64_MAX / NSEC_PER_USEC)
	+ return -EINVAL;
	+
	period = (u64)cfs_period_us * NSEC_PER_USEC;
	quota = tg->cfs_bandwidth.quota;

	--
	2.20.1