From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82DC73E3154; Fri, 8 May 2026 13:17:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246235; cv=none; b=M8esSJuLJaqVGiemc1hrFurQqsxzHvOi5dMpqwLkaugxjwkLh87lWWQnfyN9R/e3yE3k4xxqhsnndrkV96e8l2nrnS+h+o6dzuqcEqTHtNcfcvwfEux9JpiNsaqParvY9iEe+TfnYvi7lqohEGQZ7AToTu/b0EM+N+a60ii5nnE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246235; c=relaxed/simple; bh=auNYKADD05SLlsp/9RYz5+LVvmnhMqjrsvSp8Ju4hXc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qdLuT8nVzI1ySg9IAL8x4snqHQktb/dSmRsWoIc1nRbLGYekCRJAi0VDNyNuW+LHP3xvr/l35/92yQyv1zzf93RTAZlANT8zNUqpIF371HRXknsH0474yMnPB+YdHXI+N3wPrIoh3tcaijgBmF1f5ONqkDGcuCatu86cEZXFMRU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NmqMd9nq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NmqMd9nq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2F370C2BCB8; Fri, 8 May 2026 13:17:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1778246235; bh=auNYKADD05SLlsp/9RYz5+LVvmnhMqjrsvSp8Ju4hXc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NmqMd9nq7hn4woGsz+DEgaq28CUB6LJXpklLRcwhPyjO9vgeTr1+3cmtj3FWbKsV/ 5TkXkZ+SdTaVAeNvXcOr8pfQw8K+krvr+81SLj/aHPs1GBL86UBk6hNkLpoY9IQKVI nqFmsdeDcLO7sT7j26IJRNUZLe00M2AP6Qwnt4NfZt4l0DiBRrc755lwhpMlN4YCqs Vgj7bYiyp0bzNJFH7HcZnUprszddIl9TLq0FmW2TNdWYt/dAIwOxui9fbXYMdFTiBQ CJza4ccWbDGNwRDTCbBGx5b4BrcZ2ee5GPDcut1s1ZlRnZbRF3z6sEfXsXIe26hbaM LKiMXzlugQm9w== From: Frederic Weisbecker To: LKML Cc: Frederic Weisbecker , "Christophe Leroy (CS GROUP)" , "Rafael J. Wysocki" , Alexander Gordeev , Anna-Maria Behnsen , Ben Segall , Boqun Feng , Christian Borntraeger , Dietmar Eggemann , Heiko Carstens , Ingo Molnar , Ingo Molnar , Jan Kiszka , Joel Fernandes , Juri Lelli , Kieran Bingham , Madhavan Srinivasan , Mel Gorman , Michael Ellerman , Neeraj Upadhyay , Nicholas Piggin , "Paul E . McKenney" , Peter Zijlstra , Sashiko, Shrikanth Hegde , Steven Rostedt , Sven Schnelle , Thomas Gleixner , Uladzislau Rezki , Valentin Schneider , Vasily Gorbik , Vincent Guittot , Viresh Kumar , Xin Zhao , linux-pm@vger.kernel.org, linux-s390@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Subject: [PATCH 01/15] tick/sched: Fix TOCTOU in nohz idle time fetch Date: Fri, 8 May 2026 15:16:33 +0200 Message-ID: <20260508131647.43868-2-frederic@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260508131647.43868-1-frederic@kernel.org> References: <20260508131647.43868-1-frederic@kernel.org> Precedence: bulk X-Mailing-List: linux-pm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When the nohz idle time is fetched, the current clock timestamp is taken outside the seqcount, which can result in such a race as reported by Sashiko: get_cpu_sleep_time_us() tick_nohz_start_idle() ----------------------- --------------------- now = ktime_get() write_seqcount_begin(idle_sleeptime_seq); idle_entrytime = ktime_get() tick_sched_flag_set(ts, TS_FLAG_IDLE_ACTIVE); write_seqcount_end(&ts->idle_sleeptime_seq); read_seqcount_begin(idle_sleeptime_seq) delta = now - idle_entrytime); //!! But now < idle_entrytime idle = *sleeptime + delta; read_seqcount_retry(&ts->idle_sleeptime_seq, seq) Here the read side fetches the timestamp before the write side and its update. As a result the time delta computed on the read side is negative (ktime_t is signed) and breaks the cputime monotonicity guarantee. This could possibly be fixed with reading the current clock timestamp inside the seqcount but the reader overhead might then increase. Also simply checking that the current timestamp is above the idle entry time is enough to prevent any issue of the like. Reported-by: Sashiko Fixes: 620a30fa0bd1 ("timers/nohz: Protect idle/iowait sleep time under seqcount") Signed-off-by: Frederic Weisbecker --- kernel/time/tick-sched.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c index cbbb87a0c6e7..171393367b5c 100644 --- a/kernel/time/tick-sched.c +++ b/kernel/time/tick-sched.c @@ -797,15 +797,16 @@ static u64 get_cpu_sleep_time_us(struct tick_sched *ts, ktime_t *sleeptime, *last_update_time = ktime_to_us(now); do { + ktime_t delta = 0; + seq = read_seqcount_begin(&ts->idle_sleeptime_seq); if (tick_sched_flag_test(ts, TS_FLAG_IDLE_ACTIVE) && compute_delta) { - ktime_t delta = ktime_sub(now, ts->idle_entrytime); - - idle = ktime_add(*sleeptime, delta); - } else { - idle = *sleeptime; + if (now > ts->idle_entrytime) + delta = ktime_sub(now, ts->idle_entrytime); } + + idle = ktime_add(*sleeptime, delta); } while (read_seqcount_retry(&ts->idle_sleeptime_seq, seq)); return ktime_to_us(idle); -- 2.53.0