[PATCH OLK-6.6] sched/deadline.c: pick and check task if double_lock_balance() unlock the rq - Kernel

5 Feb 2024

From: Li Bin huawei.libin@huawei.com
hulk inclusion
category: bugfix
bugzilla: 47435
CVE: NA
---------------------------
push_dl_task() pick the first pushable task and find an eligible
lowest_rq, then double_lock_balance(rq, lowest_rq). So if
double_lock_balance() unlock the rq (when double_lock_balance() return
1), we have to check if this task is still on the rq.
The problem is that the check conditions are not sufficient:
if (unlikely(task_rq(task) != rq ||
             !cpumask_test_cpu(later_rq->cpu, &task->cpus_allowed) ||
             task_running(rq, task) ||
             !dl_task(task) ||
             !task_on_rq_queued(task))) {
cpu2                                cpu1                    cpu0
push_dl_task(rq1)
  pick task_A on rq1
  find rq0
    double_lock_balance(rq1, rq0)
      unlock(rq1)
                            rq1 __schedule
                              pick task_A run
                            task_A sleep (dequeued)
      lock(rq0)
      lock(rq1)
    do_above_check(task_A)
      task_rq(task_A) == rq1
      cpus_allowed unchanged
      task_running == false
      dl_task(task_A) == true
                                                    try_to_wake_up(task_A)
                                                      select_cpu = cpu3
                                                      enqueue(rq3,
task_A)
                                                      task_A->on_rq = 1
      task_on_rq_queued(task_A)
    above_check passed, return rq0
    ...
    migrate task_A from rq1 to rq0
So we can't rely on these checks of task_A to make sure the task_A is
still on the rq1, even though we hold the rq1->lock. This patch will
repick the first pushable task to be sure the task is still on the rq.
Signed-off-by: Li Bin huawei.libin@huawei.com
Acked-by: Peter Zijlstra (Intel) peterz@infradead.org
Reviewed-by: Steven Rostedt (VMware) rostedt@goodmis.org
[XQ:
  - backport to 4.4, adjusted context,
  - use tsk_cpus_allowed() instead of task->cpus_allowed]
Link: https://lkml.org/lkml/2017/9/11/26
Link: https://lkml.org/lkml/2018/4/12/246
Signed-off-by: Xie XiuQi xiexiuqi@huawei.com
Signed-off-by: zhangyi (F) yi.zhang@huawei.com
Reviewed-by: Hanjun Guo guohanjun@huawei.com
(cherry picked from commit bf781024558706a7097840a18ca246f29506c89a)
Signed-off-by: Li Ming limingming.li@huawei.com
Conflicts:
    kernel/sched/deadline.c
Acked-by: Xie XiuQi xiexiuqi@huawei.com
Signed-off-by: Zhao Wenhui zhaowenhui8@huawei.com
---
 kernel/sched/deadline.c | 55 ++++++++++++++++++++++-------------------
 1 file changed, 30 insertions(+), 25 deletions(-)

diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
index d78f2e8769fb..4e0aec982884 100644
--- a/kernel/sched/deadline.c
+++ b/kernel/sched/deadline.c
@@ -2206,6 +2206,26 @@ static int find_later_rq(struct task_struct *task)
    return -1;
 }
+static struct task_struct *pick_next_pushable_dl_task(struct rq *rq)
+{
+	struct task_struct *p;
+
+	if (!has_pushable_dl_tasks(rq))
+		return NULL;
+
+	p = rb_entry(rq->dl.pushable_dl_tasks_root.rb_leftmost,
+		     struct task_struct, pushable_dl_tasks);
+
+	BUG_ON(rq->cpu != task_cpu(p));
+	BUG_ON(task_current(rq, p));
+	BUG_ON(p->nr_cpus_allowed <= 1);
+
+	BUG_ON(!task_on_rq_queued(p));
+	BUG_ON(!dl_task(p));
+
+	return p;
+}
+
 /* Locks the rq it finds */
 static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq)
 {
@@ -2233,12 +2253,16 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq)
/* Retry if something changed. */
    	if (double_lock_balance(rq, later_rq)) {
-			if (unlikely(task_rq(task) != rq ||
-				     !cpumask_test_cpu(later_rq->cpu, &task->cpus_mask) ||
-				     task_on_cpu(rq, task) ||
-				     !dl_task(task) ||
-				     is_migration_disabled(task) ||
-				     !task_on_rq_queued(task))) {
+			struct task_struct *next_task;
+			/*
+			 * We had to unlock the run queue. In
+			 * the mean time, task could have
+			 * migrated already or had its affinity changed.
+			 * Also make sure that it wasn't scheduled on its rq.
+			 */
+			next_task = pick_next_pushable_dl_task(rq);
+			if (unlikely(next_task != task ||
+						!cpumask_test_cpu(later_rq->cpu, task->cpus_ptr))) {
    			double_unlock_balance(rq, later_rq);
    			later_rq = NULL;
    			break;
@@ -2261,25 +2285,6 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq)
    return later_rq;
 }
-static struct task_struct *pick_next_pushable_dl_task(struct rq *rq)
-{
-	struct task_struct *p;
-
-	if (!has_pushable_dl_tasks(rq))
-		return NULL;
-
-	p = __node_2_pdl(rb_first_cached(&rq->dl.pushable_dl_tasks_root));
-
-	WARN_ON_ONCE(rq->cpu != task_cpu(p));
-	WARN_ON_ONCE(task_current(rq, p));
-	WARN_ON_ONCE(p->nr_cpus_allowed <= 1);
-
-	WARN_ON_ONCE(!task_on_rq_queued(p));
-	WARN_ON_ONCE(!dl_task(p));
-
-	return p;
-}
-
 /*
  * See if the non running -deadline tasks on this rq
  * can be sent to some other CPU where they can preempt
-- 
2.34.1


    