| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 May 2015 09:43:52 +0200 From: Mike Galbraith <umgwanakikbuti@...il.com> To: Peter Zijlstra <peterz@...radead.org> Cc: LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu> Subject: sched_setscheduler() vs idle_balance() race Hi Peter, I'm not seeing what prevents pull_task() from yanking a task out from under __sched_setscheduler(). A box sprinkling smoldering 3.0 kernel wreckage all over my bugzilla mbox isn't seeing it either ;-) Scenario: rt task forks, wakes child to CPU foo, immediately tries to change child to fair class, calls switched_from_rt(), that leads to pull_rt_task() -> double_lock_balance() which momentarily drops child's rq->lock, letting some prick doing idle balancing over on CPU bar in to migrate the child. Rt parent then calls switched_to_fair(), and box explodes when we use the passed rq as if the child still lived there. I sent a patchlet to verify that the diagnosis is really really correct (can_migrate_task() says no if ->pi_lock is held), but I think it is, the 8x10 color glossy with circles and arrows clearly shows both tasks with their grubby mitts on that child at the same time, each thinking it has that child locked down tight. Not seeing what should prevent that in mainline either, I'll just ask while I wait to (hopefully) hear "yup, all better". -Mike -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists