From nobody@FreeBSD.org  Sat Jul  9 16:28:07 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 884C016A41C
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  9 Jul 2005 16:28:07 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6142643D46
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  9 Jul 2005 16:28:07 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j69GS7LC070294
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 9 Jul 2005 16:28:07 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j69GS7rD070292;
	Sat, 9 Jul 2005 16:28:07 GMT
	(envelope-from nobody)
Message-Id: <200507091628.j69GS7rD070292@www.freebsd.org>
Date: Sat, 9 Jul 2005 16:28:07 GMT
From: Maciej Zawadzinski <mzawadzinski@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject:

>Number:         83192
>Category:       kern
>Synopsis:       [kernel] [patch] Kernel allows processes to run 1 second over the cpu time limit
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    jhb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jul 09 16:30:17 GMT 2005
>Closed-Date:    Mon Dec 05 20:15:18 GMT 2005
>Last-Modified:  Mon Dec 05 20:15:18 GMT 2005
>Originator:     Maciej Zawadzinski
>Release:        5.4
>Organization:
>Environment:
FreeBSD x86.one.pl 5.4-STABLE FreeBSD 5.4-STABLE #14: Sat Jul  8 00:50:14 CEST 2005     mauser@x86.one.pl:/usr/obj/usr/src/sys/BETA  i386

>Description:
 Kernel allows processes to run 1 second over the cpu time limit ( set by setrlimit(RLIMIT_CPU,..); ). 
>How-To-Repeat:
Set RLIMIT_CPU for the process, measure cpu time used and compare ;)
>Fix:
--- kern_synch.c.orig	Fri Jul  8 22:07:20 2005
+++ kern_synch.c	Fri Jul  8 22:07:47 2005
@@ -322,7 +322,7 @@
 	 * over max, arrange to kill the process in ast().
 	 */
 	if (p->p_cpulimit != RLIM_INFINITY &&
-	    p->p_runtime.sec > p->p_cpulimit) {
+	    p->p_runtime.sec >= p->p_cpulimit) {
 		p->p_sflag |= PS_XCPU;
 		td->td_flags |= TDF_ASTPENDING;
 	}
>Release-Note:
>Audit-Trail:

From: Bruce Evans <bde@zeta.org.au>
To: Maciej Zawadzinski <mzawadzinski@gmail.com>
Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: kern/83192: 
Date: Sun, 10 Jul 2005 11:05:00 +1000 (EST)

 On Sat, 9 Jul 2005, Maciej Zawadzinski wrote:
 
 >> Fix:
 > --- kern_synch.c.orig	Fri Jul  8 22:07:20 2005
 > +++ kern_synch.c	Fri Jul  8 22:07:47 2005
 > @@ -322,7 +322,7 @@
 > 	 * over max, arrange to kill the process in ast().
 > 	 */
 > 	if (p->p_cpulimit != RLIM_INFINITY &&
 > -	    p->p_runtime.sec > p->p_cpulimit) {
 > +	    p->p_runtime.sec >= p->p_cpulimit) {
 > 		p->p_sflag |= PS_XCPU;
 > 		td->td_flags |= TDF_ASTPENDING;
 > 	}
 
 This seems to be correct, except it changes the code back to not matching
 the comment.  p->p_cpulimit a max, not a limit despite its name, since
 it is an alias for the corresponding rlimit which is also a max, not a
 limit despite _its_ name.  Doing something when a max is reached but
 not exceeded is normally wrong, but here we know that when the max in
 seconds is reached, the max in a significantly higher resolution is
 exceeded.
 
 The bug was smaller (< 1 usec, thus not observable) when it was
 originally implemented in rev.1.58 of kern_synch.c, since p_cpulimit
 was in microseconds then.  Then the comparision of seconds still used
 ">=", but was only reached if the comparison of microseconds gave ">".
 
 Related bug: sys/resource.h says that RLIMIT_CPU gives the "cpu time in
 milliseconds", but it actually gives the _maximum_ CPU time in _seconds_.
 The man page and POSIX agree that it is in seconds but don't say if the
 comparison must or can be done at a higher resolution.
 
 Bruce
Responsible-Changed-From-To: freebsd-bugs->jhb 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Wed Nov 16 15:58:51 GMT 2005 
Responsible-Changed-Why:  
'cvs blame' says that John should review this PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83192 

From: John Baldwin <jhb@freebsd.org>
To: bug-followup@freebsd.org, mzawadzinski@gmail.com
Cc:  
Subject: Re: kern/83192: [kernel] [patch] Kernel allows processes to run 1 second over the cpu time limit
Date: Wed, 16 Nov 2005 13:25:00 -0500

 Bruce,
 
 I just got assigned this PR and I've updated the description of RLIMIT_CPU in 
 sys/resource.h.  I guess the problem is that we don't currently fail unless 
 you've actually used up n + 1 seconds?  Would it be ok to check the 
 fractional part of p_runtime similar to the millisecond check?  This would 
 give a patch along the lines of:
 
 Index: kern_synch.c
 ===================================================================
 RCS file: /usr/cvs/src/sys/kern/kern_synch.c,v
 retrieving revision 1.270
 diff -u -r1.270 kern_synch.c
 --- kern_synch.c        23 May 2005 23:01:52 -0000      1.270
 +++ kern_synch.c        16 Nov 2005 18:23:42 -0000
 @@ -323,7 +323,9 @@
          * over max, arrange to kill the process in ast().
          */
         if (p->p_cpulimit != RLIM_INFINITY &&
 -           p->p_rux.rux_runtime.sec > p->p_cpulimit) {
 +           (p->p_rux.rux_runtime.sec > p->p_cpulimit ||
 +           p->p_rux.rux_runtime.sec == p->p_cpulimit &&
 +           p->p_rux.rux_runtime.frac > 0)) {
                 p->p_sflag |= PS_XCPU;
                 td->td_flags |= TDF_ASTPENDING;
         }
 
 (On 5.x you would s/p_rux.rux_runtime/p_runtime/g.)
 
 -- 
 John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
 "Power Users Use the Power to Serve"  =  http://www.FreeBSD.org

From: John Baldwin <jhb@freebsd.org>
To: bug-followup@freebsd.org, mzawadzinski@gmail.com
Cc: bde@freebsd.org
Subject: Re: kern/83192: [kernel] [patch] Kernel allows processes to run 1 second over the cpu time limit
Date: Wed, 23 Nov 2005 13:26:02 -0500

 Actually, the overhead of the previous patch to get the edge case isn't worth 
 it, so how about this change which is the submitter's original patch with an 
 expanded comment explaining the rationale:
 
 Index: kern_synch.c
 ===================================================================
 RCS file: /usr/cvs/src/sys/kern/kern_synch.c,v
 retrieving revision 1.270
 diff -u -r1.270 kern_synch.c
 --- kern_synch.c        23 May 2005 23:01:52 -0000      1.270
 +++ kern_synch.c        22 Nov 2005 22:40:28 -0000
 @@ -320,10 +320,16 @@
 
         /*
          * Check if the process exceeds its cpu resource allocation.  If
 -        * over max, arrange to kill the process in ast().
 +        * over max, arrange to kill the process in ast().  Technically,
 +        * if p->p_rux.rux_runtime.sec == p->p_pcpulimit and
 +        * p->p_rux.rux_runtime.frac == 0, the process hasn't exceeded
 +        * the limit yet.  However, it isn't worth the extra complexity
 +        * or overhead to handle that edge case, so instead we go ahead
 +        * and kill the process as soon as rux_runtime.sec is equal to
 +        * the limit.
          */
         if (p->p_cpulimit != RLIM_INFINITY &&
 -           p->p_rux.rux_runtime.sec > p->p_cpulimit) {
 +           p->p_rux.rux_runtime.sec >= p->p_cpulimit) {
                 p->p_sflag |= PS_XCPU;
                 td->td_flags |= TDF_ASTPENDING;
         }
 
 -- 
 John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
 "Power Users Use the Power to Serve"  =  http://www.FreeBSD.org
State-Changed-From-To: open->patched 
State-Changed-By: jhb 
State-Changed-When: Mon Nov 28 19:09:15 GMT 2005 
State-Changed-Why:  
Committed to head, will MFC in a week or so.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83192 
State-Changed-From-To: patched->closed 
State-Changed-By: jhb 
State-Changed-When: Mon Dec 5 20:15:03 GMT 2005 
State-Changed-Why:  
Fix merged to 5.x and 6.x. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83192 
>Unformatted:
