From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64AE333EA; Tue, 11 Mar 2025 15:24:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741706675; cv=none; b=WHo0Sww1K+RjLg0r3NPKQfa9cX9nzOKbNO25AUyeFrPoT0LFYLMbWsLycfL2JTWtLUpfijxIkShAXxtj2odOpBhnPqi0M8usDCN/kTQwaPWMr7idcpJnMMOJbJR7efmuMPhmP1HTnWL53JYvP/CQi502gkdXXDMOThop3Kt9LkU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741706675; c=relaxed/simple; bh=GKYHwXtPOvqYCIP9v2P/j0zkL4YzK9AAaO7SFupgJ7A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nKJhgIH7yals7eb/rFahSHj3GR8lB04Rx87qH0utKuyqp09qkImECGwkmFooZflKJsBwcyVJCcnVsgjF0JBtRjHeyazB0ymWgotbcWV4nFLJnzlp23fcrD2jZ/WKoi4G0AvBoVkdb2+e/ZdNewobnKu2w5oaqw+5kr/ufpYhqpw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=ZiGk8lZP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="ZiGk8lZP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D5CD9C4CEE9; Tue, 11 Mar 2025 15:24:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1741706675; bh=GKYHwXtPOvqYCIP9v2P/j0zkL4YzK9AAaO7SFupgJ7A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZiGk8lZP95uwR1lvnXzsL2WXXhFXDdQVHSN0qTDLnW71Vbz3jFzbT0W+Mwj38OHok mNOyk5f9azBbVuP6fhKQd0GNRy1roiB5CJYnRqzwAn5Hrlrj3STfalKaIL8GRS/506 OyEIHNOCgtC2UY32u0lE4tWxhheckXZXAm9GPddk= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Suleiman Souhlal , "Peter Zijlstra (Intel)" , Sasha Levin Subject: [PATCH 5.10 128/462] sched: Dont try to catch up excess steal time. Date: Tue, 11 Mar 2025 15:56:34 +0100 Message-ID: <20250311145803.416394955@linuxfoundation.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250311145758.343076290@linuxfoundation.org> References: <20250311145758.343076290@linuxfoundation.org> User-Agent: quilt/0.68 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 5.10-stable review patch. If anyone has any objections, please let me know. ------------------ From: Suleiman Souhlal [ Upstream commit 108ad0999085df2366dd9ef437573955cb3f5586 ] When steal time exceeds the measured delta when updating clock_task, we currently try to catch up the excess in future updates. However, this results in inaccurate run times for the future things using clock_task, in some situations, as they end up getting additional steal time that did not actually happen. This is because there is a window between reading the elapsed time in update_rq_clock() and sampling the steal time in update_rq_clock_task(). If the VCPU gets preempted between those two points, any additional steal time is accounted to the outgoing task even though the calculated delta did not actually contain any of that "stolen" time. When this race happens, we can end up with steal time that exceeds the calculated delta, and the previous code would try to catch up that excess steal time in future clock updates, which is given to the next, incoming task, even though it did not actually have any time stolen. This behavior is particularly bad when steal time can be very long, which we've seen when trying to extend steal time to contain the duration that the host was suspended [0]. When this happens, clock_task stays frozen, during which the running task stays running for the whole duration, since its run time doesn't increase. However the race can happen even under normal operation. Ideally we would read the elapsed cpu time and the steal time atomically, to prevent this race from happening in the first place, but doing so is non-trivial. Since the time between those two points isn't otherwise accounted anywhere, neither to the outgoing task nor the incoming task (because the "end of outgoing task" and "start of incoming task" timestamps are the same), I would argue that the right thing to do is to simply drop any excess steal time, in order to prevent these issues. [0] https://lore.kernel.org/kvm/20240820043543.837914-1-suleiman@google.com/ Signed-off-by: Suleiman Souhlal Signed-off-by: Peter Zijlstra (Intel) Link: https://lore.kernel.org/r/20241118043745.1857272-1-suleiman@google.com Signed-off-by: Sasha Levin --- kernel/sched/core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 7cf45d506688c..42dad8c8d6f28 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -279,13 +279,15 @@ static void update_rq_clock_task(struct rq *rq, s64 delta) #endif #ifdef CONFIG_PARAVIRT_TIME_ACCOUNTING if (static_key_false((¶virt_steal_rq_enabled))) { - steal = paravirt_steal_clock(cpu_of(rq)); + u64 prev_steal; + + steal = prev_steal = paravirt_steal_clock(cpu_of(rq)); steal -= rq->prev_steal_time_rq; if (unlikely(steal > delta)) steal = delta; - rq->prev_steal_time_rq += steal; + rq->prev_steal_time_rq = prev_steal; delta -= steal; } #endif -- 2.39.5