Re: [RFC][PATCH 01/13] sched/deadline: Impose global limits on sched_attr::sched_period
From: Peter Zijlstra
Date: Mon Sep 02 2019 - 05:16:54 EST
On Sat, Aug 31, 2019 at 03:41:17PM +0100, Alessio Balsini wrote:
> Right!
>
> Verified that sysctl_sched_dl_period_max and sysctl_sched_dl_period_min values
> are now always consistent.
>
> I spent some time in trying to figure out if not having any mutex in
> __checkparam_dl() is safe. There can surely happen that "max < min", e.g.:
>
> | | periods
> User1 | User2 | checkparam_dl() | sysctl_sched_dl_*
> ----------|--------------|------------------|-------------------
> | | | [x, x]
> p_min = 5 | | |
> | | | [5, x]
> p_max = 5 | | |
> | | | [5, 5]
> | setattr(p=8) | |
> | | p = 8 |
> | | [x, 5] |
> p_max = 9 | | |
> | | | [5, 9]
> p_min = 6 | | |
> | | | [6, 9]
> | | [6, 5] |
> ----------|--------------|------------------|-------------------
>
> Sharing my thoughts, a "BUG_ON(max < min)" in __checkparam_dl() is then a
> guaranteed source of explosions, but the good news is that "if (period < min ||
> period > max" in __checkparam_dl() surely fails if "max < min". Also the fact
> that, when we are writing the new sysctl_sched_dl_* values, only one is
> actually changed at a time, that surely helps to preserve the consistency.
>
> But is that enough?
Strictly speaking, no, I suppose it is not. We can have two changes in
between the two READ_ONCE()s and then we'd be able to observe a
violation.
The easy way to fix that is do something like:
+ synchronize_rcu();
mutex_unlock(&mutex);
in sched_dl_period_handler(). And do:
+ preempt_disable();
max = (u64)READ_ONCE(sysctl_sched_dl_period_max) * NSEC_PER_USEC;
min = (u64)READ_ONCE(sysctl_sched_dl_period_min) * NSEC_PER_USEC;
+ preempt_enable();
in __checkparam_dl().
That would prohibit we see two changes, and seeing only the single
change is safe.