My simple yield DoS don't work anymore. But i found another way.
Running this as SCHED_ISO:
Yep, bad accounting in queue_iso() which relied on p->array == rq->active
This fixes it:
Index: vanilla/kernel/sched.c
===================================================================
--- vanilla.orig/kernel/sched.c 2005-01-20 18:05:59.000000000 +0100
+++ vanilla/kernel/sched.c 2005-01-20 18:41:26.000000000 +0100
@@ -2621,15 +2621,19 @@
static task_t* queue_iso(runqueue_t *rq, prio_array_t *array)
{
task_t *p = list_entry(rq->iso_queue.next, task_t, iso_list);
- if (p->prio == MAX_RT_PRIO)
- goto out;
+ prio_array_t *old_array = p->array;
+
+ old_array->nr_active--;
list_del(&p->run_list);
- if (list_empty(array->queue + p->prio))
- __clear_bit(p->prio, array->bitmap);
+ if (list_empty(old_array->queue + p->prio))
+ __clear_bit(p->prio, old_array->bitmap);
+
p->prio = MAX_RT_PRIO;
list_add_tail(&p->run_list, array->queue + p->prio);
__set_bit(p->prio, array->bitmap);
-out:
+ array->nr_active++;
+ p->array = array;
+
return p;
}
Attachment:
signature.asc
Description: OpenPGP digital signature