This is a note to let you know that I've just added the patch titled sched: Simplify set_affinity_pending refcounts to the 5.11-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: sched-simplify-set_affinity_pending-refcounts.patch and it can be found in the queue-5.11 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 50caf9c14b1498c90cf808dbba2ca29bd32ccba4 Mon Sep 17 00:00:00 2001 From: Peter Zijlstra <peterz@xxxxxxxxxxxxx> Date: Wed, 24 Feb 2021 11:42:08 +0100 Subject: sched: Simplify set_affinity_pending refcounts From: Peter Zijlstra <peterz@xxxxxxxxxxxxx> commit 50caf9c14b1498c90cf808dbba2ca29bd32ccba4 upstream. Now that we have set_affinity_pending::stop_pending to indicate if a stopper is in progress, and we have the guarantee that if that stopper exists, it will (eventually) complete our @pending we can simplify the refcount scheme by no longer counting the stopper thread. Fixes: 6d337eab041d ("sched: Fix migrate_disable() vs set_cpus_allowed_ptr()") Cc: stable@xxxxxxxxxx Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx> Reviewed-by: Valentin Schneider <valentin.schneider@xxxxxxx> Link: https://lkml.kernel.org/r/20210224131355.724130207@xxxxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- kernel/sched/core.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1862,6 +1862,10 @@ struct migration_arg { struct set_affinity_pending *pending; }; +/* + * @refs: number of wait_for_completion() + * @stop_pending: is @stop_work in use + */ struct set_affinity_pending { refcount_t refs; unsigned int stop_pending; @@ -1997,10 +2001,6 @@ out: if (complete) complete_all(&pending->done); - /* For pending->{arg,stop_work} */ - if (pending && refcount_dec_and_test(&pending->refs)) - wake_up_var(&pending->refs); - return 0; } @@ -2199,12 +2199,16 @@ static int affine_move_task(struct rq *r push_task = get_task_struct(p); } + /* + * If there are pending waiters, but no pending stop_work, + * then complete now. + */ pending = p->migration_pending; - if (pending) { - refcount_inc(&pending->refs); + if (pending && !pending->stop_pending) { p->migration_pending = NULL; complete = true; } + task_rq_unlock(rq, p, rf); if (push_task) { @@ -2213,7 +2217,7 @@ static int affine_move_task(struct rq *r } if (complete) - goto do_complete; + complete_all(&pending->done); return 0; } @@ -2264,9 +2268,9 @@ static int affine_move_task(struct rq *r if (!stop_pending) pending->stop_pending = true; - refcount_inc(&pending->refs); /* pending->{arg,stop_work} */ if (flags & SCA_MIGRATE_ENABLE) p->migration_flags &= ~MDF_PUSH; + task_rq_unlock(rq, p, rf); if (!stop_pending) { @@ -2282,12 +2286,13 @@ static int affine_move_task(struct rq *r if (task_on_rq_queued(p)) rq = move_queued_task(rq, rf, p, dest_cpu); - p->migration_pending = NULL; - complete = true; + if (!pending->stop_pending) { + p->migration_pending = NULL; + complete = true; + } } task_rq_unlock(rq, p, rf); -do_complete: if (complete) complete_all(&pending->done); } @@ -2295,7 +2300,7 @@ do_complete: wait_for_completion(&pending->done); if (refcount_dec_and_test(&pending->refs)) - wake_up_var(&pending->refs); + wake_up_var(&pending->refs); /* No UaF, just an address */ /* * Block the original owner of &pending until all subsequent callers @@ -2303,6 +2308,9 @@ do_complete: */ wait_var_event(&my_pending.refs, !refcount_read(&my_pending.refs)); + /* ARGH */ + WARN_ON_ONCE(my_pending.stop_pending); + return 0; } Patches currently in stable-queue which might be from peterz@xxxxxxxxxxxxx are queue-5.11/powerpc-perf-fix-handling-of-privilege-level-checks-in-perf-interrupt-context.patch queue-5.11/sched-fix-migration_cpu_stop-requeueing.patch queue-5.11/sched-simplify-set_affinity_pending-refcounts.patch queue-5.11/perf-traceevent-ensure-read-cmdlines-are-null-terminated.patch queue-5.11/perf-core-flush-pmu-internal-buffers-for-per-cpu-eve.patch queue-5.11/sched-simplify-migration_cpu_stop.patch queue-5.11/sched-membarrier-fix-missing-local-execution-of-ipi_sync_rq_state.patch queue-5.11/x86-unwind-orc-disable-kasan-checking-in-the-orc-unwinder-part-2.patch queue-5.11/arm64-perf-fix-64-bit-event-counter-read-truncation.patch queue-5.11/sched-collate-affine_move_task-stoppers.patch queue-5.11/sched-fix-affine_move_task-self-concurrency.patch queue-5.11/stop_machine-mark-helpers-__always_inline.patch queue-5.11/seqlock-lockdep-fix-seqcount_latch_init.patch queue-5.11/sched-optimize-migration_cpu_stop.patch queue-5.11/perf-build-fix-ccache-usage-in-cc-when-generating-arch-errno-table.patch queue-5.11/mm-userfaultfd-fix-memory-corruption-due-to-writeprotect.patch queue-5.11/perf-x86-intel-set-perf_attach_sched_cb-for-large-pe.patch