Commit a0cdd5ba authored Jul 14, 2014 by Steve Muckle

sched: fix race between try_to_wake_up() and move_task()



Until a task's state has been seen as interruptible/uninterruptible
and it is no longer on_cpu, it is possible that the task may move
to another CPU (load balancing may cause this). Here is an example
where the race condition results in incorrect operation:

- cpu 0 calls put_prev_task on task A, task A's state is TASK_RUNNING
- cpu 0 runs task B, which attempts to wake up A
- cpu 0 begins try_to_wake_up(), recording src_cpu for task A as cpu 0
- cpu 1 then pulls task A (perhaps due to idle balance)
- cpu 1 runs task A, which then sleeps, becoming INTERRUPTIBLE
- cpu 0 continues in try_to_wake_up(), thinking task A's previous
  cpu is 0, where it is actually 1
- if select_task_rq returns cpu 0, task A will be woken up on cpu 0
  without properly updating its cpu to 0 in set_task_cpu()

CRs-Fixed: 665958
Change-Id: Icee004cb320bd8edfc772d9f74e670a9d4978a99
Signed-off-by: Steve Muckle <smuckle@codeaurora.org>

parent 8aa4fe35

kernel/sched/core.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -1642,8 +1642,7 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags)
		*/
		smp_mb__before_spinlock();
		raw_spin_lock_irqsave(&p->pi_lock, flags);
		src_cpu = task_cpu(p);
		cpu = src_cpu;
		src_cpu = cpu = task_cpu(p);

		if (!(p->state & state))
		goto out;
		@@ -1672,6 +1671,9 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags)
		p->sched_class->task_waking(p);

		cpu = select_task_rq(p, SD_BALANCE_WAKE, wake_flags);

		/* Refresh src_cpu as it could have changed since we last read it */
		src_cpu = task_cpu(p);
		if (src_cpu != cpu) {
		wake_flags \|= WF_MIGRATED;
		set_task_cpu(p, cpu);