lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <lsq.1456263723.929307020@decadent.org.uk>
Date:	Tue, 23 Feb 2016 21:42:03 +0000
From:	Ben Hutchings <ben@...adent.org.uk>
To:	linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC:	akpm@...ux-foundation.org,
	"Byungchul Park" <byungchul.park@....com>,
	"Mike Galbraith" <umgwanakikbuti@...il.com>,
	"Peter Zijlstra" <peterz@...radead.org>, "Willy Tarreau" <w@....eu>
Subject: [PATCH 3.2 67/67] sched: fix __sched_setscheduler() vs load
 balancing race

3.2.78-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Mike Galbraith <umgwanakikbuti@...il.com>

__sched_setscheduler() may release rq->lock in pull_rt_task() as a task is
being changed rt -> fair class.  load balancing may sneak in, move the task
behind __sched_setscheduler()'s back, which explodes in switched_to_fair()
when the passed but no longer valid rq is used.  Tell can_migrate_task() to
say no if ->pi_lock is held.

@stable: Kernels that predate SCHED_DEADLINE can use this simple (and tested)
check in lieu of backport of the full 18 patch mainline treatment.

Signed-off-by: Mike Galbraith <umgwanakikbuti@...il.com>
[bwh: Backported to 3.2:
 - Adjust numbering in the comment
 - Adjust filename]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
Cc: Byungchul Park <byungchul.park@....com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Willy Tarreau <w@....eu>
---
 kernel/sched/fair.c |    9 +++++++++
 1 file changed, 9 insertions(+)

--- a/kernel/sched_fair.c
+++ b/kernel/sched_fair.c
@@ -2791,6 +2791,7 @@ int can_migrate_task(struct task_struct
 	 * 1) running (obviously), or
 	 * 2) cannot be migrated to this CPU due to cpus_allowed, or
 	 * 3) are cache-hot on their current CPU.
+	 * 4) p->pi_lock is held.
 	 */
 	if (!cpumask_test_cpu(this_cpu, tsk_cpus_allowed(p))) {
 		schedstat_inc(p, se.statistics.nr_failed_migrations_affine);
@@ -2804,6 +2805,14 @@ int can_migrate_task(struct task_struct
 	}
 
 	/*
+	 * rt -> fair class change may be in progress.  If we sneak in should
+	 * double_lock_balance() release rq->lock, and move the task, we will
+	 * cause switched_to_fair() to meet a passed but no longer valid rq.
+	 */
+	if (raw_spin_is_locked(&p->pi_lock))
+		return 0;
+
+	/*
 	 * Aggressive migration if:
 	 * 1) task is cache cold, or
 	 * 2) too many balance attempts have failed.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ