service: do fine-grained validation of CPUSchedulingPriority= at execution time

The precise bounds of the scheduling priority depend on the scheduling policy,
so depending on the order in which the two settings are specified the
validation might pass or fail.
When checking the setting only validate the outer range (valid values in general are 0 to 99),
and let the execution fail later if the priority does not match the
specified policy (1 to 99 for RR/FIFO, 0 for the rest).

Fixes https://github.com/systemd/systemd/issues/20320

diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index fd73c7bcb77f03e31741876f641be39ca3de7c50..c5a51bf5cd8d388b72345dce5615f8cb49d79d69 100644 (file)
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -2718,15 +2718,15 @@ int bus_exec_context_set_transient_property(
                 return 1;
 
         } else if (streq(name, "CPUSchedulingPriority")) {
-                int32_t p, min, max;
+                int32_t p;
 
                 r = sd_bus_message_read(message, "i", &p);
                 if (r < 0)
                         return r;
 
-                min = sched_get_priority_min(c->cpu_sched_policy);
-                max = sched_get_priority_max(c->cpu_sched_policy);
-                if (p < min || p > max)
+                /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0. Policy might be set
+                 * later so we do not check the precise range, but only the generic outer bounds. */
+                if (p < 0 || p > 99)
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid CPU scheduling priority: %i", p);
 
                 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index b39cb8cdff8757d1501f2e9dbf10458d48bad35d..1a5895346d96633561d2a624068b91871e193386 100644 (file)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1599,7 +1599,7 @@ int config_parse_exec_cpu_sched_prio(const char *unit,
                                      void *userdata) {
 
         ExecContext *c = ASSERT_PTR(data);
-        int i, min, max, r;
+        int i, r;
 
         assert(filename);
         assert(lvalue);
@@ -1611,11 +1611,9 @@ int config_parse_exec_cpu_sched_prio(const char *unit,
                 return 0;
         }
 
-        /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
-        min = sched_get_priority_min(c->cpu_sched_policy);
-        max = sched_get_priority_max(c->cpu_sched_policy);
-
-        if (i < min || i > max) {
+        /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0. Policy might be set later so
+         * we do not check the precise range, but only the generic outer bounds. */
+        if (i < 0 || i > 99) {
                 log_syntax(unit, LOG_WARNING, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
                 return 0;
         }

diff --git a/test/units/sched_rr_bad.service b/test/units/sched_rr_bad.service
index c112fdf7cccb9ec8b33ee023cc3c5b34a761b6d9..b51b868c2a98695d434cf69f6cb8b572ffc32e87 100644 (file)
--- a/test/units/sched_rr_bad.service
+++ b/test/units/sched_rr_bad.service
@@ -4,6 +4,6 @@ Description=Bad sched priority for RR
 
 [Service]
 ExecStart=/bin/true
-CPUSchedulingPolicy=rr
-CPUSchedulingPriority=0
+CPUSchedulingPriority=-1
 CPUSchedulingPriority=100
+CPUSchedulingPolicy=rr

diff --git a/test/units/sched_rr_change.service b/test/units/sched_rr_change.service
index dad7e9bbdf1f4f433add4fdddd73fc422bb7a156..6ae1febc8fd6f33577df051acdf7b472dbbc499a 100644 (file)
--- a/test/units/sched_rr_change.service
+++ b/test/units/sched_rr_change.service
@@ -4,7 +4,7 @@ Description=Change prio
 
 [Service]
 ExecStart=/bin/true
-CPUSchedulingPolicy=rr
 CPUSchedulingPriority=1
 CPUSchedulingPriority=2
 CPUSchedulingPriority=99
+CPUSchedulingPolicy=rr