[PATCH 0/6] sched: TTWU, IPI, and assorted stuff

From: Peter Zijlstra
Date: Mon Jun 15 2020 - 09:18:59 EST

Next message: Peter Zijlstra: "[PATCH 4/6] smp, irq_work: Continue smp_call_function*() and irq_work*() integration"
Previous message: Peter Zijlstra: "[PATCH 3/6] sched: s/WF_ON_RQ/WQ_ON_CPU/"
Next in thread: Peter Zijlstra: "[PATCH 1/6] sched: Fix ttwu_queue_cond()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

So Paul reported rcutorture hitting a NULL dereference, and patch #1 fixes it.

Now, patch #1 is obviously correct, but I can't explain how exactly it leads to
the observed NULL pointer dereference. The NULL pointer deref happens in
find_matching_se()'s last while() loop when is_same_group() fails even though
both parents are NULL.

The only explanation I have for that is that we just did an activate_task()
while: 'task_cpu(p) != cpu_of(rq)', because then 'p->se.cfs_rq' doesn't match.
However, I can't see how the lack of #1 would lead to that. Never-the-less,
patch #2 adds assertions to warn us of this case.

Patch #3 is a trivial rename that ought to eradicate some confusion.

The last 3 patches is what I ended up with for cleaning up the whole
smp_call_function/irq_work/ttwu thing more.

Next message: Peter Zijlstra: "[PATCH 4/6] smp, irq_work: Continue smp_call_function*() and irq_work*() integration"
Previous message: Peter Zijlstra: "[PATCH 3/6] sched: s/WF_ON_RQ/WQ_ON_CPU/"
Next in thread: Peter Zijlstra: "[PATCH 1/6] sched: Fix ttwu_queue_cond()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]