forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/kernel/sched
History
KeMeng Shi 46ff0e2f86 sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() 
[ Upstream commit 714e501e16 ]

An oops can be triggered in the scheduler when running qemu on arm64:

 Unable to handle kernel paging request at virtual address ffff000008effe40
 Internal error: Oops: 96000007 [#1] SMP
 Process migration/0 (pid: 12, stack limit = 0x00000000084e3736)
 pstate: 20000085 (nzCv daIf -PAN -UAO)
 pc : __ll_sc___cmpxchg_case_acq_4+0x4/0x20
 lr : move_queued_task.isra.21+0x124/0x298
 ...
 Call trace:
  __ll_sc___cmpxchg_case_acq_4+0x4/0x20
  __migrate_task+0xc8/0xe0
  migration_cpu_stop+0x170/0x180
  cpu_stopper_thread+0xec/0x178
  smpboot_thread_fn+0x1ac/0x1e8
  kthread+0x134/0x138
  ret_from_fork+0x10/0x18

__set_cpus_allowed_ptr() will choose an active dest_cpu in affinity mask to
migrage the process if process is not currently running on any one of the
CPUs specified in affinity mask. __set_cpus_allowed_ptr() will choose an
invalid dest_cpu (dest_cpu >= nr_cpu_ids, 1024 in my virtual machine) if
CPUS in an affinity mask are deactived by cpu_down after cpumask_intersects
check. cpumask_test_cpu() of dest_cpu afterwards is overflown and may pass if
corresponding bit is coincidentally set. As a consequence, kernel will
access an invalid rq address associate with the invalid CPU in
migration_cpu_stop->__migrate_task->move_queued_task and the Oops occurs.

The reproduce the crash:

  1) A process repeatedly binds itself to cpu0 and cpu1 in turn by calling
  sched_setaffinity.

  2) A shell script repeatedly does "echo 0 > /sys/devices/system/cpu/cpu1/online"
  and "echo 1 > /sys/devices/system/cpu/cpu1/online" in turn.

  3) Oops appears if the invalid CPU is set in memory after tested cpumask.

Signed-off-by: KeMeng Shi <shikemeng@huawei.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Valentin Schneider <valentin.schneider@arm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/1568616808-16808-1-git-send-email-shikemeng@huawei.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-10-11 18:21:22 +02:00
..
autogroup.c sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] 2018-05-05 08:34:42 +02:00
autogroup.h sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
clock.c sched/clock: Disable interrupts when calling generic_sched_clock_init() 2018-07-30 19:33:35 +02:00
completion.c sched/Documentation: Update wake_up() & co. memory-barrier guarantees 2018-07-17 09:30:34 +02:00
core.c sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() 2019-10-11 18:21:22 +02:00
cpuacct.c sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
cpudeadline.c sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
cpudeadline.h sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
cpufreq.c sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
cpufreq_schedutil.c sched/cpufreq: Align trace event behavior of fast switching 2019-10-05 13:09:51 +02:00
cpupri.c sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
cpupri.h sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
cputime.c sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
deadline.c sched/deadline: Fix bandwidth accounting at all levels after offline migration 2019-10-05 13:09:36 +02:00
debug.c jump_label: move 'asm goto' support test to Kconfig 2019-06-04 08:02:34 +02:00
fair.c sched/fair: Use rq_lock/unlock in online_fair_sched_group 2019-10-05 13:09:40 +02:00
features.h sched/fair: Update util_est only on util_avg updates 2018-03-20 08:11:09 +01:00
idle.c idle: Prevent late-arriving interrupts from disrupting offline 2019-10-05 13:09:40 +02:00
isolation.c sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
loadavg.c sched/headers: Simplify and clean up header usage in the scheduler 2018-03-04 12:39:29 +01:00
Makefile sched/pelt: Move PELT related code in a dedicated file 2018-07-15 23:51:20 +02:00
membarrier.c sched/membarrier: Fix private expedited registration check 2019-10-11 18:21:22 +02:00
pelt.c sched/pelt: Fix warning and clean up IRQ PELT config 2018-12-19 19:19:49 +01:00
pelt.h sched/pelt: Fix warning and clean up IRQ PELT config 2018-12-19 19:19:49 +01:00
rt.c sched/rt: Check integer overflow at usec to nsec conversion 2019-05-31 06:46:19 -07:00
sched-pelt.h sched/fair: Fix "runnable_avg_yN_inv" not used warnings 2019-07-26 09:14:08 +02:00
sched.h jump_label: move 'asm goto' support test to Kconfig 2019-06-04 08:02:34 +02:00
stats.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
stats.h sched: Clean up and harmonize the coding style of the scheduler code base 2018-03-03 15:50:21 +01:00
stop_task.c sched: Clean up and harmonize the coding style of the scheduler code base 2018-03-03 15:50:21 +01:00
swait.c sched/swait: Rename to exclusive 2018-06-20 11:35:56 +02:00
topology.c sched/topology: Fix percpu data types in struct sd_data & struct s_data 2019-04-05 22:33:09 +02:00
wait.c sched/wait: assert the wait_queue_head lock is held in __wake_up_common 2018-08-22 10:52:47 -07:00
wait_bit.c sched/wait: Improve __var_waitqueue() code generation 2018-03-20 08:23:25 +01:00