[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/sched: rtds: prevent extratime priority_level wraparound

  • To: Jürgen Groß <jgross@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Oleksii Moisieiev <oleksii_moisieiev@xxxxxxxx>
  • Date: Tue, 31 Mar 2026 17:26:08 +0300
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=auX/H+5seOgdVHUx8+R81Sw6la45rzIhpNlEQUvT/1Q=; b=Ub/yuJcRUXHPbEZfaY9y5k45H2izHyUoYYZi6lqe9SpHZuOwvVVbbRTWXOSSEneWbUywlh6NVd0z/J/pEe5WAz7BDbXrX4g+hTQoQT6bFCS2LdQVWnOo/Az0wluxdj0VNOUPb3ukTC3q13pUgrdB29MWQivLbPpimcurbxDK1L/pMC2gLcEavRkYu3N6d0WXZnWEiTNiqHk2AnVX9NAxAN7mxYWDTWUMlfXjyYLpFhhSiaV+5Wv6WB+b42fzicqXhw6UZQHkv1sr0eiRrAfBOu2VaL7+RqpiuKtd68fUQoTCK1lo6aZ3IMFUtwWEt5k0S7QfCFmy6ZaxgBIYbo99sg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=coNpm1XGlqV6/Mx2EkC2n3wpvCtPuFQrhM88y5BfZYDwwLMJaNIVUqXK4sujwpQCWjqm4NkaZHsGQKI72L0UD7N9XJI0R2g7Asb1dkLeT2plTbIYroXaecC+nZkyJci/jcLe5AzbQ4ge+zWhtgenTJ/WjfmBp/vrbm4Kf1dXBBEay/EvRAUSr7kv22HA8grCDVFeXF1j+aYdEoZ6ojcmSSyK1V+S4uS7k0bXngLQR7f7RlrMLQj5W8EgIjEJ6nhl+KWOqv414rt58miWbQkAnRYIAlmcAl2CgtKwyLD1cFDkCj3Wn7TDgsy/YVbXEJzgB+AtPL+C47OSfAA/C8Qfgw==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=epam.com header.i="@epam.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Dario Faggioli <dfaggioli@xxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>, Meng Xu <mengxu@xxxxxxxxxxxxx>
  • Delivery-date: Tue, 31 Mar 2026 14:26:30 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 31/03/2026 11:23, Jürgen Groß wrote:

On 31.03.26 09:54, Oleksii Moisieiev wrote:

In RTDS, burn_budget() increments priority_level for extratime units
whenever cur_budget is exhausted. As priority_level is unsigned and was
unbounded, it could eventually overflow to 0.

A wrapped value of 0 is the highest RTDS priority, so an extratime unit
could unexpectedly regain top priority and preempt units with active
real-time reservations, violating EDF intent.

Fix this by saturating priority_level at RTDS_MAX_PRIORITY_LEVEL instead
of incrementing unconditionally. Budget refill semantics are unchanged.

Normal behavior is unchanged. Once saturated, priority_level remains at
the lowest priority until the next period update resets it.

Signed-off-by: Oleksii Moisieiev <oleksii_moisieiev@xxxxxxxx>


Reviewed-by: Juergen Gross <jgross@xxxxxxxx>

with one note: overflowing priority_level would require extremely long
scheduling periods (probably at least several days), so this bug is
more a theoretical one. Anyone configuring the rtds scheduler in such
a way would probably deserve to experience the fallout from this bug. :-)


Juergen


Hi Juergen,

Thank you for the review and R-b.
I understand that this bug is more theoretical but it still needs to be fixed for the certification. 

--

Oleksii


---

  xen/common/sched/rt.c | 10 +++++++++-
  1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c
index 7b1f64a779..9c1027c388 100644
--- a/xen/common/sched/rt.c
+++ b/xen/common/sched/rt.c
@@ -110,6 +110,12 @@
   */
  #define RTDS_MIN_BUDGET     (MICROSECS(10))
  +/*
+ * Maximum extratime demotion level. Saturating at this value avoids
+ * unsigned wraparound back to 0 (highest scheduling priority).
+ */
+#define RTDS_MAX_PRIORITY_LEVEL (~0U)
+
  /*
   * UPDATE_LIMIT_SHIFT: a constant used in rt_update_deadline(). When finding    * the next deadline, performing addition could be faster if the difference @@ -976,7 +982,9 @@ burn_budget(const struct scheduler *ops, struct rt_unit *svc, s_time_t now) 
      {
          if ( has_extratime(svc) )
          {
-            svc->priority_level++;
+            if ( svc->priority_level < RTDS_MAX_PRIORITY_LEVEL )
+                svc->priority_level++;
+
              svc->cur_budget = svc->budget;
          }
          else

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.