• X
    sched/rtmutex/deadline: Fix a PI crash for deadline tasks · e96a7705
    Xunlei Pang 提交于
    A crash happened while I was playing with deadline PI rtmutex.
    
        BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
        IP: [<ffffffff810eeb8f>] rt_mutex_get_top_task+0x1f/0x30
        PGD 232a75067 PUD 230947067 PMD 0
        Oops: 0000 [#1] SMP
        CPU: 1 PID: 10994 Comm: a.out Not tainted
    
        Call Trace:
        [<ffffffff810b658c>] enqueue_task+0x2c/0x80
        [<ffffffff810ba763>] activate_task+0x23/0x30
        [<ffffffff810d0ab5>] pull_dl_task+0x1d5/0x260
        [<ffffffff810d0be6>] pre_schedule_dl+0x16/0x20
        [<ffffffff8164e783>] __schedule+0xd3/0x900
        [<ffffffff8164efd9>] schedule+0x29/0x70
        [<ffffffff8165035b>] __rt_mutex_slowlock+0x4b/0xc0
        [<ffffffff81650501>] rt_mutex_slowlock+0xd1/0x190
        [<ffffffff810eeb33>] rt_mutex_timed_lock+0x53/0x60
        [<ffffffff810ecbfc>] futex_lock_pi.isra.18+0x28c/0x390
        [<ffffffff810ed8b0>] do_futex+0x190/0x5b0
        [<ffffffff810edd50>] SyS_futex+0x80/0x180
    
    This is because rt_mutex_enqueue_pi() and rt_mutex_dequeue_pi()
    are only protected by pi_lock when operating pi waiters, while
    rt_mutex_get_top_task(), will access them with rq lock held but
    not holding pi_lock.
    
    In order to tackle it, we introduce new "pi_top_task" pointer
    cached in task_struct, and add new rt_mutex_update_top_task()
    to update its value, it can be called by rt_mutex_setprio()
    which held both owner's pi_lock and rq lock. Thus "pi_top_task"
    can be safely accessed by enqueue_task_dl() under rq lock.
    
    Originally-From: Peter Zijlstra <peterz@infradead.org>
    Signed-off-by: NXunlei Pang <xlpang@redhat.com>
    Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
    Acked-by: NSteven Rostedt <rostedt@goodmis.org>
    Reviewed-by: NThomas Gleixner <tglx@linutronix.de>
    Cc: juri.lelli@arm.com
    Cc: bigeasy@linutronix.de
    Cc: mathieu.desnoyers@efficios.com
    Cc: jdesfossez@efficios.com
    Cc: bristot@redhat.com
    Link: http://lkml.kernel.org/r/20170323150216.157682758@infradead.orgSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
    e96a7705
init_task.h 7.7 KB