From: Ingo Molnar <mingo@kernel.org>
To: Zhan Xusheng <zhanxusheng1024@gmail.com>
Cc: Thomas Gleixner <tglx@kernel.org>,
Anna-Maria Behnsen <anna-maria@linutronix.de>,
Frederic Weisbecker <frederic@kernel.org>,
linux-kernel@vger.kernel.org,
Zhan Xusheng <zhanxusheng@xiaomi.com>
Subject: Re: [PATCH] posix-cpu-timers: use u64 multiplication in update_rlimit_cpu()
Date: Tue, 16 Jun 2026 14:53:39 +0200 [thread overview]
Message-ID: <ajFHUwMKPu4v8ELf@gmail.com> (raw)
In-Reply-To: <20260616112017.1681372-1-zhanxusheng@xiaomi.com>
* Zhan Xusheng <zhanxusheng1024@gmail.com> wrote:
> update_rlimit_cpu() converts the RLIMIT_CPU value to nanoseconds with
>
> u64 nsecs = rlim_new * NSEC_PER_SEC;
>
> On 32-bit kernels both rlim_new (unsigned long) and NSEC_PER_SEC
> (1000000000L) are 32-bit, so the multiplication is performed in
> unsigned long and truncated for rlim_new > 4 before being widened to
> u64.
>
> The same file already casts to u64 for the matching computation in
> check_process_timers():
>
> u64 softns = (u64)soft * NSEC_PER_SEC;
>
> As a result, the truncated value is installed into the CPUCLOCK_PROF
> expiry cache (nextevt), causing the process CPU timer to be programmed
> to fire prematurely for any RLIMIT_CPU soft limit >= 5 seconds. The
> actual SIGXCPU/SIGKILL decision in check_process_timers() already casts
> to u64 and is therefore correct, so limit enforcement is not broken;
> only the expiry-cache programming is wrong. Apply the same cast here so
> both paths convert rlim_cur identically.
>
> 64-bit kernels are unaffected.
>
> Fixes: 858cf3a8c599 ("timers/itimer: Convert internal cputime_t units to nsec")
> Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com>
> ---
> kernel/time/posix-cpu-timers.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c
> index 74775b94d11b..5e633d8750d1 100644
> --- a/kernel/time/posix-cpu-timers.c
> +++ b/kernel/time/posix-cpu-timers.c
> @@ -41,7 +41,7 @@ void posix_cputimers_group_init(struct posix_cputimers *pct, u64 cpu_limit)
> */
> int update_rlimit_cpu(struct task_struct *task, unsigned long rlim_new)
> {
> - u64 nsecs = rlim_new * NSEC_PER_SEC;
> + u64 nsecs = (u64)rlim_new * NSEC_PER_SEC;
Wouldn't it be more robust to define NSEC_PER_SEC not
as 1000000000L, but 1000000000LL? (Together with sorting
out the inevitable side effects.)
Ie. in any logic that uses NSEC_PER_SEC multiplication we
should default to 64-bit arithmetics and not silent
truncation to 32-bit width.
With that we could remove a number of '(u64)' forced
type conversions as well.
Thanks,
Ingo
next prev parent reply other threads:[~2026-06-16 12:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-16 11:20 [PATCH] posix-cpu-timers: use u64 multiplication in update_rlimit_cpu() Zhan Xusheng
2026-06-16 12:53 ` Ingo Molnar [this message]
[not found] <REPLACE-WITH-INGO-MESSAGE-ID>
2026-06-16 15:43 ` Zhan Xusheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajFHUwMKPu4v8ELf@gmail.com \
--to=mingo@kernel.org \
--cc=anna-maria@linutronix.de \
--cc=frederic@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@kernel.org \
--cc=zhanxusheng1024@gmail.com \
--cc=zhanxusheng@xiaomi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox