[Bug 287667] epoch: et_old_priority tru ncates td_priority values ≥ 256 due to uint 8_t type

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 287667] epoch: et_old_priority tru ncates td_priority values ≥ 256 due to uint 8_t type"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 287667] epoch: et_old_priority tru ncates td_priority values ≥ 256 due to uint 8_t type"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 19 Jun 2025 22:51:50 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287667

            Bug ID: 287667
           Summary: epoch: et_old_priority truncates td_priority values ≥
                    256 due to uint8_t type
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: nakayamakenjiro@gmail.com

Created attachment 261419
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=261419&action=edit
Patch to change et_old_priority from uint8_t to u_short to prevent truncation
of thread priorities ≥ 256.

In the struct epoch_tracker, the et_old_priority field is currently defined as
a uint8_t. However, the td->td_priority value can exceed 255 under certain
conditions - for example, when priority elevation occurs.

Because uint8_t is limited to 8 bits (0-255), assigning a td_priority value of
256 or higher results in truncation to zero. This causes incorrect comparisons
later in epoch_exit_preempt():

```
if (__predict_false(et->et_old_priority != td->td_priority))
    epoch_adjust_prio(td, et->et_old_priority);
```

If et_old_priority was truncated to 0, and td_priority is still 256, the above
condition falsely triggers, leading to incorrect priority restoration and
potential scheduling anomalies.

-- 
You are receiving this mail because:
You are the assignee for the bug.