Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753358AbcDTNAh (ORCPT <rfc822;w@1wt.eu>);
	Wed, 20 Apr 2016 09:00:37 -0400
Received: from mx1.redhat.com ([209.132.183.28]:38914 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751238AbcDTNAg (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 20 Apr 2016 09:00:36 -0400
Reply-To: xlpang@redhat.com
Subject: Re: [PATCH v3 5/6] sched/deadline/rtmutex: Fix unprotected PI access
 in enqueue_task_dl()
References: <1460633827-345-1-git-send-email-xlpang@redhat.com>
 <1460633827-345-6-git-send-email-xlpang@redhat.com>
 <20160414153111.GC2975@worktop.cust.blueprintrf.com>
 <57104ADB.20402@redhat.com> <57104FA0.4090509@redhat.com>
 <20160420122552.GY3430@twins.programming.kicks-ass.net>
To: Peter Zijlstra <peterz@infradead.org>
Cc: linux-kernel@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
        Juri Lelli <juri.lelli@arm.com>, Ingo Molnar <mingo@redhat.com>,
        Steven Rostedt <rostedt@goodmis.org>
From: Xunlei Pang <xpang@redhat.com>
Message-ID: <57177D70.10504@redhat.com>
Date: Wed, 20 Apr 2016 21:00:32 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20160420122552.GY3430@twins.programming.kicks-ass.net>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1119
Lines: 26

On 2016/04/20/ at 20:25, Peter Zijlstra wrote:
> On Fri, Apr 15, 2016 at 10:19:12AM +0800, Xunlei Pang wrote:
>> On 2016/04/15 at 09:58, Xunlei Pang wrote:
>>> On 2016/04/14 at 23:31, Peter Zijlstra wrote:
>>>> On Thu, Apr 14, 2016 at 07:37:06PM +0800, Xunlei Pang wrote:
>>>>> We access @pi_task's data without any lock in enqueue_task_dl(), though
>>>>> checked "dl_prio(pi_task->normal_prio)" condition, that's not enough.
>>>> The proper fix is to ensure that pi_task is guaranteed to be blocked.
>>> Even if pi_task was blocked, its parameters are still allowed to be changed,
>>> so we have to do that. Did I miss something?
>>>
>>> Regards,
>>> Xunlei
>> Fortunately, I just reproduced through an overnight test, so it really happened in reality as I thought.
> But what happens? How is it changed when it is blocked?

The top waiter's policy can be changed by other tasks through sched_setattr() syscall during it was blocked.
I created another thread doing the following thing:
     while (1) {
        change the waiter to cfs
        do something
        change the waiter to deadline
    }

Regards,
Xunlei