| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250827123427.1229183-1-xiafukun@huawei.com>
Date: Wed, 27 Aug 2025 12:34:27 +0000
From: Xia Fukun <xiafukun@...wei.com>
To: <mingo@...hat.com>, <peterz@...radead.org>, <juri.lelli@...hat.com>,
<vincent.guittot@...aro.org>, <mgorman@...e.de>, <riel@...hat.com>
CC: <dietmar.eggemann@....com>, <rostedt@...dmis.org>, <bsegall@...gle.com>,
<vschneid@...hat.com>, <linux-kernel@...r.kernel.org>, <xiafukun@...wei.com>
Subject: [PATCH] sched/fair: Fix division-by-zero error in task_scan_max()
The error can be reproduced by following these steps:
First, set sysctl_numa_balancing_scan_size to 0:
echo 0 > /sys/kernel/debug/sched/numa_balancing/scan_size_mb
Then trigger the clone system call, for example, by using
pthread_create to create a new thread.
Oops: divide error: 0000 [#1] SMP NOPTI
CPU: 11 UID: 0 PID: 1 Comm: systemd Tainted: G S 6.17.0xfk_v2 #6
Tainted: [S]=CPU_OUT_OF_SPEC
Hardware name: SuperCloud R5210 G12/X12DPi-N6, BIOS 1.1c 08/30/2021
RIP: 0010:task_scan_max+0x24/0x190
RSP: 0018:ff56485a001ebc98 EFLAGS: 00010246
...
Call Trace:
<TASK>
init_numa_balancing+0xdb/0x1e0
__sched_fork+0x110/0x180
sched_fork+0xd/0x170
copy_process+0x821/0x1aa0
kernel_clone+0xbc/0x400
__do_sys_clone3+0xde/0x120
do_syscall_64+0xa4/0x260
entry_SYSCALL_64_after_hwframe+0x77/0x7f
This patch fixes the issue by ensuring that the relevant value in
task_scan_max() is at least 1.
Fixes: 598f0ec0bc99 ("sched/numa: Set the scan rate proportional to the memory usage of the task being scanned")
Signed-off-by: Xia Fukun <xiafukun@...wei.com>
---
kernel/sched/fair.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index b173a059315c..ea962e3bcb13 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -1496,6 +1496,7 @@ static unsigned int task_nr_scan_windows(struct task_struct *p)
* on resident pages
*/
nr_scan_pages = sysctl_numa_balancing_scan_size << (20 - PAGE_SHIFT);
+ nr_scan_pages = max_t(unsigned long, nr_scan_pages, 1UL << (20 - PAGE_SHIFT));
rss = get_mm_rss(p->mm);
if (!rss)
rss = nr_scan_pages;
@@ -1510,6 +1511,7 @@ static unsigned int task_nr_scan_windows(struct task_struct *p)
static unsigned int task_scan_min(struct task_struct *p)
{
unsigned int scan_size = READ_ONCE(sysctl_numa_balancing_scan_size);
+ scan_size = max_t(unsigned int, scan_size, 1);
unsigned int scan, floor;
unsigned int windows = 1;
--
2.34.1
Powered by blists - more mailing lists