Commit 56f4b242 authored by John Stultz's avatar John Stultz Committed by Peter Zijlstra
Browse files

sched: Fix modifying donor->blocked on without proper locking 



Introduce an action enum in find_proxy_task() which allows
us to handle work needed to be done outside the mutex.wait_lock
and task.blocked_lock guard scopes.

This ensures proper locking when we clear the donor's blocked_on
pointer in proxy_deactivate(), and the switch statement will be
useful as we add more cases to handle later in this series.

Signed-off-by: default avatarJohn Stultz <jstultz@google.com>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: default avatarK Prateek Nayak <kprateek.nayak@amd.com>
Link: https://patch.msgid.link/20260324191337.1841376-6-jstultz@google.com
parent fa4a1ff8

kernel/sched/core.c

+13 −3
Original line number Diff line number Diff line
@@ -6568,7 +6568,7 @@ static struct task_struct *proxy_deactivate(struct rq *rq, struct task_struct *d 
		 * as unblocked, as we aren't doing proxy-migrations

		 * yet (more logic will be needed then).

		 */

		donor->blocked_on = NULL;

		clear_task_blocked_on(donor, NULL);

	}

	return NULL;

}
@@ -6592,6 +6592,7 @@ static struct task_struct *proxy_deactivate(struct rq *rq, struct task_struct *d 
static struct task_struct *

find_proxy_task(struct rq *rq, struct task_struct *donor, struct rq_flags *rf)

{

	enum { FOUND, DEACTIVATE_DONOR } action = FOUND;

	struct task_struct *owner = NULL;

	int this_cpu = cpu_of(rq);

	struct task_struct *p;
@@ -6625,12 +6626,14 @@ find_proxy_task(struct rq *rq, struct task_struct *donor, struct rq_flags *rf) 


		if (!READ_ONCE(owner->on_rq) || owner->se.sched_delayed) {

			/* XXX Don't handle blocked owners/delayed dequeue yet */

			return proxy_deactivate(rq, donor);

			action = DEACTIVATE_DONOR;

			break;

		}



		if (task_cpu(owner) != this_cpu) {

			/* XXX Don't handle migrations yet */

			return proxy_deactivate(rq, donor);

			action = DEACTIVATE_DONOR;

			break;

		}



		if (task_on_rq_migrating(owner)) {
@@ -6688,6 +6691,13 @@ find_proxy_task(struct rq *rq, struct task_struct *donor, struct rq_flags *rf) 
		 */

	}



	/* Handle actions we need to do outside of the guard() scope */

	switch (action) {

	case DEACTIVATE_DONOR:

		return proxy_deactivate(rq, donor);

	case FOUND:

		/* fallthrough */;

	}

	WARN_ON_ONCE(owner && !owner->on_rq);

	return owner;

}