| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260206-upstream-fix-deadline-piboost-b4-v1-1-14043567b89c@redhat.com>
Date: Fri, 06 Feb 2026 14:25:52 +0100
From: Juri Lelli <juri.lelli@...hat.com>
To: Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>,
Vincent Guittot <vincent.guittot@...aro.org>,
Dietmar Eggemann <dietmar.eggemann@....com>,
Steven Rostedt <rostedt@...dmis.org>, Ben Segall <bsegall@...gle.com>,
Mel Gorman <mgorman@...e.de>, Valentin Schneider <vschneid@...hat.com>
Cc: Philip Auld <pauld@...hat.com>, Gabriele Monaco <gmonaco@...hat.com>,
linux-kernel@...r.kernel.org, Bruno Goncalves <bgoncalv@...hat.com>,
Juri Lelli <juri.lelli@...hat.com>
Subject: [PATCH] sched/deadline: Fix missing ENQUEUE_REPLENISH during PI
de-boosting
Running stress-ng --schedpolicy 0 on an RT kernel on a big machine
might lead to the following WARNINGs (edited).
sched: DL de-boosted task PID 22725: REPLENISH flag missing
WARNING: CPU: 93 PID: 0 at kernel/sched/deadline.c:239 dequeue_task_dl+0x15c/0x1f8
... (running_bw underflow)
Call trace:
dequeue_task_dl+0x15c/0x1f8 (P)
dequeue_task+0x80/0x168
deactivate_task+0x24/0x50
push_dl_task+0x264/0x2e0
dl_task_timer+0x1b0/0x228
__hrtimer_run_queues+0x188/0x378
hrtimer_interrupt+0xfc/0x260
arch_timer_handler_phys+0x34/0x60
handle_percpu_devid_irq+0xa4/0x230
generic_handle_domain_irq+0x34/0x60
__gic_handle_irq_from_irqson.isra.0+0x158/0x298
gic_handle_irq+0x28/0x80
call_on_irq_stack+0x30/0x48
do_interrupt_handler+0xdc/0xe8
el1_interrupt+0x44/0xc0
el1h_64_irq_handler+0x18/0x28
el1h_64_irq+0x80/0x88
cpuidle_enter_state+0xc4/0x520 (P)
cpuidle_enter+0x40/0x60
cpuidle_idle_call+0x13c/0x220
do_idle+0xa4/0x120
cpu_startup_entry+0x40/0x50
secondary_start_kernel+0xe4/0x128
__secondary_switched+0xc0/0xc8
The problem is that when a SCHED_DEADLINE task (lock holder) is
changed to a lower priority class via sched_setscheduler(), it may
fail to properly inherit the parameters of potential DEADLINE donors
if it didn't already inherit them in the past (shorter deadline than
donor's at that time). This might lead to bandwidth accounting
corruption, as enqueue_task_dl() won't recognize the lock holder as
boosted.
The scenario occurs when:
1. A DEADLINE task (donor) blocks on a PI mutex held by another
DEADLINE task (holder), but the holder doesn't inherit parameters
(e.g., it already has a shorter deadline)
2. sched_setscheduler() changes the holder from DEADLINE to a lower
class while still holding the mutex
3. The holder should now inherit DEADLINE parameters from the donor
and be enqueued with ENQUEUE_REPLENISH, but this doesn't happen
Fix the issue by introducing __setscheduler_dl(), which detects when
a task's normal priority class differs from its PI-boosted class.
When a (now!) non-DEADLINE task (normal_prio) is being boosted by a
DEADLINE pi_task (effective prio), it inherits the DEADLINE
parameters (pi_se) and sets the ENQUEUE_REPLENISH flag to ensure
proper bandwidth accounting during the next enqueue operation.
Reported-by: Bruno Goncalves <bgoncalv@...hat.com>
Signed-off-by: Juri Lelli <juri.lelli@...hat.com>
---
Hello,
The underlying big(ger) issue is that PI is broken for DEADLINE. We know
this, proxy exec is progressing well and will hopefully soon replace all
this. In the meantime, here it comes another piece of duck tape trying
to fix the issue described in the changelog.
The issue was discovered by Bruno Goncalves while running stress-ng
--schedpolicy 0 on RT kernels on large systems (I believe lots of CPUs
and PI enabled in-kernel mutexes makes it easier to trigger). Later on a
simpler and more focused reproducer was created (with Claude Code help)
and is available at
https://github.com/jlelli/sched-deadline-tests/blob/master/test_dl_replenish_bug.c
Fix also available from
git@...hub.com:jlelli/linux.git upstream/fix-deadline-piboost
---
kernel/sched/syscalls.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/kernel/sched/syscalls.c b/kernel/sched/syscalls.c
index 6f10db3646e7f..369e47b4ea863 100644
--- a/kernel/sched/syscalls.c
+++ b/kernel/sched/syscalls.c
@@ -7,6 +7,7 @@
* Copyright (C) 1991-2002 Linus Torvalds
* Copyright (C) 1998-2024 Ingo Molnar, Red Hat
*/
+#include "linux/sched/rt.h"
#include <linux/sched.h>
#include <linux/cpuset.h>
#include <linux/sched/debug.h>
@@ -284,6 +285,33 @@ static bool check_same_owner(struct task_struct *p)
uid_eq(cred->euid, pcred->uid));
}
+#ifdef CONFIG_RT_MUTEXES
+static void __setscheduler_dl(struct task_struct *p,
+ struct sched_change_ctx *scope)
+{
+ struct task_struct *pi_task = rt_mutex_get_top_task(p);
+
+ /*
+ * In case a former DEADLINE task (either proper or boosted) gets
+ * setscheduled to a lower priority class, check if it neeeds to
+ * inherit parameters from a potential pi_task. In that case make
+ * sure replenishment happens with the next enqueue.
+ */
+ if (!dl_prio(p->normal_prio) &&
+ (pi_task && dl_prio(pi_task->prio))) {
+ p->dl.pi_se = pi_task->dl.pi_se;
+
+ if (scope && scope->queued)
+ scope->flags |= ENQUEUE_REPLENISH;
+ }
+}
+#else /* !CONFIG_RT_MUTEXES */
+static void __setscheduler_dl(struct task_struct *p,
+ struct sched_change_ctx *scope)
+{
+}
+#endif /* !CONFIG_RT_MUTEXES */
+
#ifdef CONFIG_UCLAMP_TASK
static int uclamp_validate(struct task_struct *p,
@@ -657,6 +685,7 @@ int __sched_setscheduler(struct task_struct *p,
p->prio = newprio;
}
__setscheduler_uclamp(p, attr);
+ __setscheduler_dl(p, scope);
if (scope->queued) {
/*
---
base-commit: e34881c84c255bc300f24d9fe685324be20da3d1
change-id: 20260205-upstream-fix-deadline-piboost-b4-2d924be17182
Best regards,
--
Juri Lelli <juri.lelli@...hat.com>
Powered by blists - more mailing lists