From patchwork Sat Feb 18 23:42:25 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Gleixner <tglx@linutronix.de>
X-Patchwork-Id: 59054
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp604024wrn;
        Sat, 18 Feb 2023 15:54:07 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set+vznqAfKlPQYlO4ZWXaxCAEuZ8ltWek61bVA2OyxCUcBla8B+iRNhYIa8W0K21Thnp3ikZ
X-Received: by 2002:a05:6402:43c6:b0:4ab:1715:2858 with SMTP id
 p6-20020a05640243c600b004ab17152858mr1550497edc.11.1676764447343;
        Sat, 18 Feb 2023 15:54:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1676764447; cv=none;
        d=google.com; s=arc-20160816;
        b=I9UlHXy+/NVzJF/xMTnm/ALWbticHvcONPDGEpGXaGBiny0jKR4owiB5NdsfR4mUsg
         xmv+Mx/nhU6D7cna3LY1KazJ8HJwRhLQR+qQAFovlYlQhHshNzzQGW7X++429bHe0B7d
         cp54okSX5/UFR0BO8ml9uCT7JLJ8bDmgs7XFudYn52DMSzNv0fbSPNR9iK7GFafuNtLx
         cZr58ZxsKPgSXtpADtnp9mhbZ2iyic0djEok5EH12vO9q6uhJgJBoNQ3vIvptQhalsx2
         nVk1Ismtyk57PqrXGXYn7l4Oa3v6lsCP3fpPsWBO+3WHLWBml/DeR70rsrdwZBcJ5E3f
         Ng6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:date:mime-version:content-transfer-encoding
         :message-id:references:subject:cc:to:dkim-signature:dkim-signature
         :from;
        bh=192d4j78BdgD8dV3Oaf5bDl5lKhXH9kNsVC6xEfm6Vo=;
        b=LbpEu6RpV/V0Pv7PpH1W1Wb5jeVZG8xhXQPKaa0URX6BJx6w4G9zufA4DxnAjTaC2B
         hY56zU3ydBAEpSoPupwURRPVG1H5OtV+Zt4ZNh6fydnJPiSPNOnJzzf4bbi6iPmiWWA5
         Ht45Z74wWarXbDNWbjZQ2LpnOTjKZuNVy30HmwethPQcti+Ae2TmDMN4s0JJLYj3yDmT
         kYfGxsAMDY8oCEmnQCgV92JxgShrSRB4bg+/4+W1Menor3X8yU5UzuEyamYuGt1GiRPg
         8HNKXLwqGqk8qM1FsvWyF196/tTA0En5CwixdaLYUaF8HdMMJYgVCHmL6z1coYVc/Tft
         ZtqA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=fhYiysIA;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 j29-20020a170906105d00b008b1417a763dsi13240738ejj.796.2023.02.18.15.53.44;
        Sat, 18 Feb 2023 15:54:07 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=fhYiysIA;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229710AbjBRXma (ORCPT <rfc822;nanshango2@gmail.com> + 99 others);
        Sat, 18 Feb 2023 18:42:30 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57712 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229701AbjBRXm2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 18 Feb 2023 18:42:28 -0500
Received: from galois.linutronix.de (Galois.linutronix.de
 [IPv6:2a0a:51c0:0:12e:550::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 542C313D69
        for <linux-kernel@vger.kernel.org>;
 Sat, 18 Feb 2023 15:42:27 -0800 (PST)
From: Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1676763745;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
  references:references;
        bh=192d4j78BdgD8dV3Oaf5bDl5lKhXH9kNsVC6xEfm6Vo=;
        b=fhYiysIAwJSLoB0R85KulOIPH1YXYmwhKJvbcG3pmvg7vDWnztuvIb4uOEWbLDftomTbSm
        eqvSPs3tGtx36TWFRSoPxZn0IJw/ioyk21lCFh19FWYuXFJpzvFeLVAPCpT7mk3aT7x7EH
        9/xok3f6uEDagq81H0b6vcbDrv6QDBC3vfmCJKcCag101ISk8TNNAxu3e1TplfYOr1C6Ii
        dsLEq1zqt7rzuxx8EogHe24BPA2Wl1EfqTW9INEFH8v21Dw9X2bOid+yKooiMMoL5plyPP
        mmtzBYgdhmhUQ4rrq0CbDP/fq4my7JsHpxEabhzQnXe1BSvZTe4xOvpmZK3/8w==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1676763745;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
  references:references;
        bh=192d4j78BdgD8dV3Oaf5bDl5lKhXH9kNsVC6xEfm6Vo=;
        b=FBjwFGx52gYluHJtqRyLXJPxt+tBrRP53imHX1O2SrbZDl9irQYUmUKINKpXpOLTTs7Vkp
        Zr4xi9aIgL+m6gCg==
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org
Subject: [GIT pull] timers/urgent for v6.2
References: <167676366161.269954.1941292974323519398.tglx@xen13>
Message-ID: <167676366307.269954.6868386581301990072.tglx@xen13>
MIME-Version: 1.0
Date: Sun, 19 Feb 2023 00:42:25 +0100 (CET)
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1758214957046209306?=
X-GMAIL-MSGID: =?utf-8?q?1758214957046209306?=

Linus,

please pull the latest timers/urgent branch from:

   git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git timers-urgent-2023-02-19

up to:  d125d1349abe: alarmtimer: Prevent starvation by small intervals and SIG_IGN


A fix for a long standing issue in the alarmtimer code:

 Posix-timers armed with a short interval with an ignored signal result
 in an unpriviledged DoS. Due to the ignored signal the timer switches
 into self rearm mode. This issue had been "fixed" before but a rework of
 the alarmtimer code 5 years ago lost that workaround.

 There is no real good solution for this issue, which is also worked around
 in the core posix-timer code in the same way, but it certainly moved way
 up on the ever growing todo list.

Thanks,

	tglx

------------------>
Thomas Gleixner (1):
      alarmtimer: Prevent starvation by small intervals and SIG_IGN


 kernel/time/alarmtimer.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
index 5897828b9d7e..7e5dff602585 100644
--- a/kernel/time/alarmtimer.c
+++ b/kernel/time/alarmtimer.c
@@ -470,11 +470,35 @@ u64 alarm_forward(struct alarm *alarm, ktime_t now, ktime_t interval)
 }
 EXPORT_SYMBOL_GPL(alarm_forward);
 
-u64 alarm_forward_now(struct alarm *alarm, ktime_t interval)
+static u64 __alarm_forward_now(struct alarm *alarm, ktime_t interval, bool throttle)
 {
 	struct alarm_base *base = &alarm_bases[alarm->type];
+	ktime_t now = base->get_ktime();
+
+	if (IS_ENABLED(CONFIG_HIGH_RES_TIMERS) && throttle) {
+		/*
+		 * Same issue as with posix_timer_fn(). Timers which are
+		 * periodic but the signal is ignored can starve the system
+		 * with a very small interval. The real fix which was
+		 * promised in the context of posix_timer_fn() never
+		 * materialized, but someone should really work on it.
+		 *
+		 * To prevent DOS fake @now to be 1 jiffie out which keeps
+		 * the overrun accounting correct but creates an
+		 * inconsistency vs. timer_gettime(2).
+		 */
+		ktime_t kj = NSEC_PER_SEC / HZ;
+
+		if (interval < kj)
+			now = ktime_add(now, kj);
+	}
+
+	return alarm_forward(alarm, now, interval);
+}
 
-	return alarm_forward(alarm, base->get_ktime(), interval);
+u64 alarm_forward_now(struct alarm *alarm, ktime_t interval)
+{
+	return __alarm_forward_now(alarm, interval, false);
 }
 EXPORT_SYMBOL_GPL(alarm_forward_now);
 
@@ -551,9 +575,10 @@ static enum alarmtimer_restart alarm_handle_timer(struct alarm *alarm,
 	if (posix_timer_event(ptr, si_private) && ptr->it_interval) {
 		/*
 		 * Handle ignored signals and rearm the timer. This will go
-		 * away once we handle ignored signals proper.
+		 * away once we handle ignored signals proper. Ensure that
+		 * small intervals cannot starve the system.
 		 */
-		ptr->it_overrun += alarm_forward_now(alarm, ptr->it_interval);
+		ptr->it_overrun += __alarm_forward_now(alarm, ptr->it_interval, true);
 		++ptr->it_requeue_pending;
 		ptr->it_active = 1;
 		result = ALARMTIMER_RESTART;