Commit2279f54

jlelli

authored and

Peter Zijlstra

committed

sched/deadline: Fix priority inheritance with multiple scheduling classes

Glenn reported that "an application [he developed produces] a BUG indeadline.c when a SCHED_DEADLINE task contends with CFS tasks on nestedPTHREAD_PRIO_INHERIT mutexes. I believe the bug is triggered when a CFStask that was boosted by a SCHED_DEADLINE task boosts another CFS task(nested priority inheritance). ------------[ cut here ]------------ kernel BUG at kernel/sched/deadline.c:1462! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 12 PID: 19171 Comm: dl_boost_bug Tainted: ... Hardware name: ... RIP: 0010:enqueue_task_dl+0x335/0x910 Code: ... RSP: 0018:ffffc9000c2bbc68 EFLAGS: 00010002 RAX: 0000000000000009 RBX: ffff888c0af94c00 RCX: ffffffff81e12500 RDX: 000000000000002e RSI: ffff888c0af94c00 RDI: ffff888c10b22600 RBP: ffffc9000c2bbd08 R08: 0000000000000009 R09: 0000000000000078 R10: ffffffff81e12440 R11: ffffffff81e1236c R12: ffff888bc8932600 R13: ffff888c0af94eb8 R14: ffff888c10b22600 R15: ffff888bc8932600 FS: 00007fa58ac55700(0000) GS:ffff888c10b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa58b523230 CR3: 0000000bf44ab003 CR4: 00000000007606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? intel_pstate_update_util_hwp+0x13/0x170 rt_mutex_setprio+0x1cc/0x4b0 task_blocks_on_rt_mutex+0x225/0x260 rt_spin_lock_slowlock_locked+0xab/0x2d0 rt_spin_lock_slowlock+0x50/0x80 hrtimer_grab_expiry_lock+0x20/0x30 hrtimer_cancel+0x13/0x30 do_nanosleep+0xa0/0x150 hrtimer_nanosleep+0xe1/0x230 ? __hrtimer_init_sleeper+0x60/0x60 __x64_sys_nanosleep+0x8d/0xa0 do_syscall_64+0x4a/0x100 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa58b52330d ... ---[ end trace 0000000000000002 ]—He also provided a simple reproducer creating the situation below: So the execution order of locking steps are the following (N1 and N2 are non-deadline tasks. D1 is a deadline task. M1 and M2 are mutexes that are enabled * with priority inheritance.) Time moves forward as this timeline goes down: N1 N2 D1 | | | | | | Lock(M1) | | | | | | Lock(M2) | | | | | | Lock(M2) | | | | Lock(M1) | | (!!bug triggered!) |Daniel reported a similar situation as well, by just letting ksoftirqdrun with DEADLINE (and eventually block on a mutex).Problem is that boosted entities (Priority Inheritance) use staticDEADLINE parameters of the top priority waiter. However, there might becases where top waiter could be a non-DEADLINE entity that is currentlyboosted by a DEADLINE entity from a different lock chain (i.e., nestedpriority chains involving entities of non-DEADLINE classes). In thiscase, top waiter static DEADLINE parameters could be null (initializedto 0 at fork()) and replenish_dl_entity() would hit a BUG().Fix this by keeping track of the original donor and using its parameterswhen a task is boosted.Reported-by: Glenn Elliott <glenn@aurora.tech>Reported-by: Daniel Bristot de Oliveira <bristot@redhat.com>Signed-off-by: Juri Lelli <juri.lelli@redhat.com>Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>Tested-by: Daniel Bristot de Oliveira <bristot@redhat.com>Link:https://lkml.kernel.org/r/20201117061432.517340-1-juri.lelli@redhat.com

1 parentec618b8 commit2279f54Copy full SHA for 2279f54

File tree

3 files changed

+68

-50

lines changed

include/linux
- sched.h
kernel/sched
- core.c
- deadline.c

3 files changed

+68

-50

lines changed

`‎include/linux/sched.h‎`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -551,7 +551,6 @@ struct sched_dl_entity {`
`551`	`551`	`* overruns.`
`552`	`552`	`*/`
`553`	`553`	`unsignedintdl_throttled :1;`
`554`		`-unsignedintdl_boosted :1;`
`555`	`554`	`unsignedintdl_yielded :1;`
`556`	`555`	`unsignedintdl_non_contending :1;`
`557`	`556`	`unsignedintdl_overrun :1;`
`@@ -570,6 +569,15 @@ struct sched_dl_entity {`
`570`	`569`	`* time.`
`571`	`570`	`*/`
`572`	`571`	`structhrtimerinactive_timer;`
	`572`	`+`
	`573`	`+#ifdefCONFIG_RT_MUTEXES`
	`574`	`+/*`
	`575`	`+ * Priority Inheritance. When a DEADLINE scheduling entity is boosted`
	`576`	`+ * pi_se points to the donor, otherwise points to the dl_se it belongs`
	`577`	`+ * to (the original one/itself).`
	`578`	`+ */`
	`579`	`+structsched_dl_entity*pi_se;`
	`580`	`+#endif`
`573`	`581`	`};`
`574`	`582`
`575`	`583`	`#ifdefCONFIG_UCLAMP_TASK`

`‎kernel/sched/core.c‎`

Lines changed: 6 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -4912,20 +4912,21 @@ void rt_mutex_setprio(struct task_struct p, struct task_struct pi_task)`
`4912`	`4912`	`if (!dl_prio(p->normal_prio)\|\|`
`4913`	`4913`	`(pi_task&&dl_prio(pi_task->prio)&&`
`4914`	`4914`	`dl_entity_preempt(&pi_task->dl,&p->dl))) {`
`4915`		`-p->dl.dl_boosted=1;`
	`4915`	`+p->dl.pi_se=pi_task->dl.pi_se;`
`4916`	`4916`	`queue_flag \|=ENQUEUE_REPLENISH;`
`4917`		`-}else`
`4918`		`-p->dl.dl_boosted=0;`
	`4917`	`+}else {`
	`4918`	`+p->dl.pi_se=&p->dl;`
	`4919`	`+}`
`4919`	`4920`	`p->sched_class=&dl_sched_class;`
`4920`	`4921`	`}elseif (rt_prio(prio)) {`
`4921`	`4922`	`if (dl_prio(oldprio))`
`4922`		`-p->dl.dl_boosted=0;`
	`4923`	`+p->dl.pi_se=&p->dl;`
`4923`	`4924`	`if (oldprio<prio)`
`4924`	`4925`	`queue_flag \|=ENQUEUE_HEAD;`
`4925`	`4926`	`p->sched_class=&rt_sched_class;`
`4926`	`4927`	`}else {`
`4927`	`4928`	`if (dl_prio(oldprio))`
`4928`		`-p->dl.dl_boosted=0;`
	`4929`	`+p->dl.pi_se=&p->dl;`
`4929`	`4930`	`if (rt_prio(oldprio))`
`4930`	`4931`	`p->rt.timeout=0;`
`4931`	`4932`	`p->sched_class=&fair_sched_class;`

`‎kernel/sched/deadline.c‎`

Lines changed: 53 additions & 44 deletions

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,28 @@ static inline int on_dl_rq(struct sched_dl_entity *dl_se)`
`43`	`43`	`return !RB_EMPTY_NODE(&dl_se->rb_node);`
`44`	`44`	`}`
`45`	`45`
	`46`	`+#ifdefCONFIG_RT_MUTEXES`
	`47`	`+staticinlinestructsched_dl_entitypi_of(structsched_dl_entitydl_se)`
	`48`	`+{`
	`49`	`+returndl_se->pi_se;`
	`50`	`+}`
	`51`	`+`
	`52`	`+staticinlineboolis_dl_boosted(structsched_dl_entity*dl_se)`
	`53`	`+{`
	`54`	`+returnpi_of(dl_se)!=dl_se;`
	`55`	`+}`
	`56`	`+#else`
	`57`	`+staticinlinestructsched_dl_entitypi_of(structsched_dl_entitydl_se)`
	`58`	`+{`
	`59`	`+returndl_se;`
	`60`	`+}`
	`61`	`+`
	`62`	`+staticinlineboolis_dl_boosted(structsched_dl_entity*dl_se)`
	`63`	`+{`
	`64`	`+return false;`
	`65`	`+}`
	`66`	`+#endif`
	`67`	`+`
`46`	`68`	`#ifdefCONFIG_SMP`
`47`	`69`	`staticinlinestructdl_bw*dl_bw_of(inti)`
`48`	`70`	`{`
`@@ -698,7 +720,7 @@ static inline void setup_new_dl_entity(struct sched_dl_entity *dl_se)`
`698`	`720`	`structdl_rq*dl_rq=dl_rq_of_se(dl_se);`
`699`	`721`	`structrq*rq=rq_of_dl_rq(dl_rq);`
`700`	`722`
`701`		`-WARN_ON(dl_se->dl_boosted);`
	`723`	`+WARN_ON(is_dl_boosted(dl_se));`
`702`	`724`	`WARN_ON(dl_time_before(rq_clock(rq),dl_se->deadline));`
`703`	`725`
`704`	`726`	`/*`
`@@ -736,21 +758,20 @@ static inline void setup_new_dl_entity(struct sched_dl_entity *dl_se)`
`736`	`758`	`* could happen are, typically, a entity voluntarily trying to overcome its`
`737`	`759`	`* runtime, or it just underestimated it during sched_setattr().`
`738`	`760`	`*/`
`739`		`-staticvoidreplenish_dl_entity(structsched_dl_entity*dl_se,`
`740`		`-structsched_dl_entity*pi_se)`
	`761`	`+staticvoidreplenish_dl_entity(structsched_dl_entity*dl_se)`
`741`	`762`	`{`
`742`	`763`	`structdl_rq*dl_rq=dl_rq_of_se(dl_se);`
`743`	`764`	`structrq*rq=rq_of_dl_rq(dl_rq);`
`744`	`765`
`745`		`-BUG_ON(pi_se->dl_runtime <=0);`
	`766`	`+BUG_ON(pi_of(dl_se)->dl_runtime <=0);`
`746`	`767`
`747`	`768`	`/*`
`748`	`769`	`* This could be the case for a !-dl task that is boosted.`
`749`	`770`	`* Just go with full inherited parameters.`
`750`	`771`	`*/`
`751`	`772`	`if (dl_se->dl_deadline==0) {`
`752`		`-dl_se->deadline=rq_clock(rq)+pi_se->dl_deadline;`
`753`		`-dl_se->runtime=pi_se->dl_runtime;`
	`773`	`+dl_se->deadline=rq_clock(rq)+pi_of(dl_se)->dl_deadline;`
	`774`	`+dl_se->runtime=pi_of(dl_se)->dl_runtime;`
`754`	`775`	`}`
`755`	`776`
`756`	`777`	`if (dl_se->dl_yielded&&dl_se->runtime>0)`
`@@ -763,8 +784,8 @@ static void replenish_dl_entity(struct sched_dl_entity *dl_se,`
`763`	`784`	`* arbitrary large.`
`764`	`785`	`*/`
`765`	`786`	`while (dl_se->runtime <=0) {`
`766`		`-dl_se->deadline+=pi_se->dl_period;`
`767`		`-dl_se->runtime+=pi_se->dl_runtime;`
	`787`	`+dl_se->deadline+=pi_of(dl_se)->dl_period;`
	`788`	`+dl_se->runtime+=pi_of(dl_se)->dl_runtime;`
`768`	`789`	`}`
`769`	`790`
`770`	`791`	`/*`
`@@ -778,8 +799,8 @@ static void replenish_dl_entity(struct sched_dl_entity *dl_se,`
`778`	`799`	`*/`
`779`	`800`	`if (dl_time_before(dl_se->deadline,rq_clock(rq))) {`
`780`	`801`	`printk_deferred_once("sched: DL replenish lagged too much\n");`
`781`		`-dl_se->deadline=rq_clock(rq)+pi_se->dl_deadline;`
`782`		`-dl_se->runtime=pi_se->dl_runtime;`
	`802`	`+dl_se->deadline=rq_clock(rq)+pi_of(dl_se)->dl_deadline;`
	`803`	`+dl_se->runtime=pi_of(dl_se)->dl_runtime;`
`783`	`804`	`}`
`784`	`805`
`785`	`806`	`if (dl_se->dl_yielded)`
`@@ -812,8 +833,7 @@ static void replenish_dl_entity(struct sched_dl_entity *dl_se,`
`812`	`833`	`* task with deadline equal to period this is the same of using`
`813`	`834`	`* dl_period instead of dl_deadline in the equation above.`
`814`	`835`	`*/`
`815`		`-staticbooldl_entity_overflow(structsched_dl_entity*dl_se,`
`816`		`-structsched_dl_entity*pi_se,u64t)`
	`836`	`+staticbooldl_entity_overflow(structsched_dl_entity*dl_se,u64t)`
`817`	`837`	`{`
`818`	`838`	`u64left,right;`
`819`	`839`
`@@ -835,9 +855,9 @@ static bool dl_entity_overflow(struct sched_dl_entity *dl_se,`
`835`	`855`	`* of anything below microseconds resolution is actually fiction`
`836`	`856`	`* (but still we want to give the user that illusion >;).`
`837`	`857`	`*/`
`838`		`-left= (pi_se->dl_deadline >>DL_SCALE)* (dl_se->runtime >>DL_SCALE);`
	`858`	`+left= (pi_of(dl_se)->dl_deadline >>DL_SCALE)* (dl_se->runtime >>DL_SCALE);`
`839`	`859`	`right= ((dl_se->deadline-t) >>DL_SCALE)*`
`840`		`-(pi_se->dl_runtime >>DL_SCALE);`
	`860`	`+(pi_of(dl_se)->dl_runtime >>DL_SCALE);`
`841`	`861`
`842`	`862`	`returndl_time_before(right,left);`
`843`	`863`	`}`
`@@ -922,24 +942,23 @@ static inline bool dl_is_implicit(struct sched_dl_entity *dl_se)`
`922`	`942`	`* Please refer to the comments update_dl_revised_wakeup() function to find`
`923`	`943`	`* more about the Revised CBS rule.`
`924`	`944`	`*/`
`925`		`-staticvoidupdate_dl_entity(structsched_dl_entity*dl_se,`
`926`		`-structsched_dl_entity*pi_se)`
	`945`	`+staticvoidupdate_dl_entity(structsched_dl_entity*dl_se)`
`927`	`946`	`{`
`928`	`947`	`structdl_rq*dl_rq=dl_rq_of_se(dl_se);`
`929`	`948`	`structrq*rq=rq_of_dl_rq(dl_rq);`
`930`	`949`
`931`	`950`	`if (dl_time_before(dl_se->deadline,rq_clock(rq))\|\|`
`932`		`-dl_entity_overflow(dl_se,pi_se,rq_clock(rq))) {`
	`951`	`+dl_entity_overflow(dl_se,rq_clock(rq))) {`
`933`	`952`
`934`	`953`	`if (unlikely(!dl_is_implicit(dl_se)&&`
`935`	`954`	`!dl_time_before(dl_se->deadline,rq_clock(rq))&&`
`936`		`- !dl_se->dl_boosted)){`
	`955`	`+ !is_dl_boosted(dl_se))){`
`937`	`956`	`update_dl_revised_wakeup(dl_se,rq);`
`938`	`957`	`return;`
`939`	`958`	`}`
`940`	`959`
`941`		`-dl_se->deadline=rq_clock(rq)+pi_se->dl_deadline;`
`942`		`-dl_se->runtime=pi_se->dl_runtime;`
	`960`	`+dl_se->deadline=rq_clock(rq)+pi_of(dl_se)->dl_deadline;`
	`961`	`+dl_se->runtime=pi_of(dl_se)->dl_runtime;`
`943`	`962`	`}`
`944`	`963`	`}`
`945`	`964`
`@@ -1038,7 +1057,7 @@ static enum hrtimer_restart dl_task_timer(struct hrtimer *timer)`
`1038`	`1057`	`* The task might have been boosted by someone else and might be in the`
`1039`	`1058`	`* boosting/deboosting path, its not throttled.`
`1040`	`1059`	`*/`
`1041`		`-if (dl_se->dl_boosted)`
	`1060`	`+if (is_dl_boosted(dl_se))`
`1042`	`1061`	`gotounlock;`
`1043`	`1062`
`1044`	`1063`	`/*`
`@@ -1066,7 +1085,7 @@ static enum hrtimer_restart dl_task_timer(struct hrtimer *timer)`
`1066`	`1085`	`* but do not enqueue -- wait for our wakeup to do that.`
`1067`	`1086`	`*/`
`1068`	`1087`	`if (!task_on_rq_queued(p)) {`
`1069`		`-replenish_dl_entity(dl_se,dl_se);`
	`1088`	`+replenish_dl_entity(dl_se);`
`1070`	`1089`	`gotounlock;`
`1071`	`1090`	`}`
`1072`	`1091`
`@@ -1156,7 +1175,7 @@ static inline void dl_check_constrained_dl(struct sched_dl_entity *dl_se)`
`1156`	`1175`
`1157`	`1176`	`if (dl_time_before(dl_se->deadline,rq_clock(rq))&&`
`1158`	`1177`	`dl_time_before(rq_clock(rq),dl_next_period(dl_se))) {`
`1159`		`-if (unlikely(dl_se->dl_boosted\|\| !start_dl_timer(p)))`
	`1178`	`+if (unlikely(is_dl_boosted(dl_se)\|\| !start_dl_timer(p)))`
`1160`	`1179`	`return;`
`1161`	`1180`	`dl_se->dl_throttled=1;`
`1162`	`1181`	`if (dl_se->runtime>0)`
`@@ -1287,7 +1306,7 @@ static void update_curr_dl(struct rq *rq)`
`1287`	`1306`	`dl_se->dl_overrun=1;`
`1288`	`1307`
`1289`	`1308`	`__dequeue_task_dl(rq,curr,0);`
`1290`		`-if (unlikely(dl_se->dl_boosted\|\| !start_dl_timer(curr)))`
	`1309`	`+if (unlikely(is_dl_boosted(dl_se)\|\| !start_dl_timer(curr)))`
`1291`	`1310`	`enqueue_task_dl(rq,curr,ENQUEUE_REPLENISH);`
`1292`	`1311`
`1293`	`1312`	`if (!is_leftmost(curr,&rq->dl))`
`@@ -1481,8 +1500,7 @@ static void __dequeue_dl_entity(struct sched_dl_entity *dl_se)`
`1481`	`1500`	`}`
`1482`	`1501`
`1483`	`1502`	`staticvoid`
`1484`		`-enqueue_dl_entity(structsched_dl_entity*dl_se,`
`1485`		`-structsched_dl_entity*pi_se,intflags)`
	`1503`	`+enqueue_dl_entity(structsched_dl_entity*dl_se,intflags)`
`1486`	`1504`	`{`
`1487`	`1505`	`BUG_ON(on_dl_rq(dl_se));`
`1488`	`1506`
`@@ -1493,9 +1511,9 @@ enqueue_dl_entity(struct sched_dl_entity *dl_se,`
`1493`	`1511`	`*/`
`1494`	`1512`	`if (flags&ENQUEUE_WAKEUP) {`
`1495`	`1513`	`task_contending(dl_se,flags);`
`1496`		`-update_dl_entity(dl_se,pi_se);`
	`1514`	`+update_dl_entity(dl_se);`
`1497`	`1515`	`}elseif (flags&ENQUEUE_REPLENISH) {`
`1498`		`-replenish_dl_entity(dl_se,pi_se);`
	`1516`	`+replenish_dl_entity(dl_se);`
`1499`	`1517`	`}elseif ((flags&ENQUEUE_RESTORE)&&`
`1500`	`1518`	`dl_time_before(dl_se->deadline,`
`1501`	`1519`	`rq_clock(rq_of_dl_rq(dl_rq_of_se(dl_se))))) {`
`@@ -1512,19 +1530,7 @@ static void dequeue_dl_entity(struct sched_dl_entity *dl_se)`
`1512`	`1530`
`1513`	`1531`	`staticvoidenqueue_task_dl(structrqrq,structtask_structp,intflags)`
`1514`	`1532`	`{`
`1515`		`-structtask_struct*pi_task=rt_mutex_get_top_task(p);`
`1516`		`-structsched_dl_entity*pi_se=&p->dl;`
`1517`		`-`
`1518`		`-/*`
`1519`		`- * Use the scheduling parameters of the top pi-waiter task if:`
`1520`		`- * - we have a top pi-waiter which is a SCHED_DEADLINE task AND`
`1521`		`- * - our dl_boosted is set (i.e. the pi-waiter's (absolute) deadline is`
`1522`		`- * smaller than our deadline OR we are a !SCHED_DEADLINE task getting`
`1523`		`- * boosted due to a SCHED_DEADLINE pi-waiter).`
`1524`		`- * Otherwise we keep our runtime and deadline.`
`1525`		`- */`
`1526`		`-if (pi_task&&dl_prio(pi_task->normal_prio)&&p->dl.dl_boosted) {`
`1527`		`-pi_se=&pi_task->dl;`
	`1533`	`+if (is_dl_boosted(&p->dl)) {`
`1528`	`1534`	`/*`
`1529`	`1535`	`* Because of delays in the detection of the overrun of a`
`1530`	`1536`	`* thread's runtime, it might be the case that a thread`
`@@ -1557,7 +1563,7 @@ static void enqueue_task_dl(struct rq rq, struct task_struct p, int flags)`
`1557`	`1563`	`* the throttle.`
`1558`	`1564`	`*/`
`1559`	`1565`	`p->dl.dl_throttled=0;`
`1560`		`-BUG_ON(!p->dl.dl_boosted\|\|flags!=ENQUEUE_REPLENISH);`
	`1566`	`+BUG_ON(!is_dl_boosted(&p->dl)\|\|flags!=ENQUEUE_REPLENISH);`
`1561`	`1567`	`return;`
`1562`	`1568`	`}`
`1563`	`1569`
`@@ -1594,7 +1600,7 @@ static void enqueue_task_dl(struct rq rq, struct task_struct p, int flags)`
`1594`	`1600`	`return;`
`1595`	`1601`	`}`
`1596`	`1602`
`1597`		`-enqueue_dl_entity(&p->dl,pi_se,flags);`
	`1603`	`+enqueue_dl_entity(&p->dl,flags);`
`1598`	`1604`
`1599`	`1605`	`if (!task_current(rq,p)&&p->nr_cpus_allowed>1)`
`1600`	`1606`	`enqueue_pushable_dl_task(rq,p);`
`@@ -2787,11 +2793,14 @@ void __dl_clear_params(struct task_struct *p)`
`2787`	`2793`	`dl_se->dl_bw=0;`
`2788`	`2794`	`dl_se->dl_density=0;`
`2789`	`2795`
`2790`		`-dl_se->dl_boosted=0;`
`2791`	`2796`	`dl_se->dl_throttled=0;`
`2792`	`2797`	`dl_se->dl_yielded=0;`
`2793`	`2798`	`dl_se->dl_non_contending=0;`
`2794`	`2799`	`dl_se->dl_overrun=0;`
	`2800`	`+`
	`2801`	`+#ifdefCONFIG_RT_MUTEXES`
	`2802`	`+dl_se->pi_se=dl_se;`
	`2803`	`+#endif`
`2795`	`2804`	`}`
`2796`	`2805`
`2797`	`2806`	`booldl_param_changed(structtask_structp,conststructsched_attrattr)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2279f54

File tree

3 files changed

3 files changed

`‎include/linux/sched.h‎`

`‎kernel/sched/core.c‎`

`‎kernel/sched/deadline.c‎`

0 commit comments