Re: [RFC][PATCH 00/16] sched: Core scheduling
From: Tim Chen
Date: Wed Mar 13 2019 - 20:35:16 EST
>>
>> One more NULL pointer dereference:
>>
>> Mar 12 02:24:46 aubrey-ivb kernel: [ 201.916741] core sched enabled
>> [ 201.950203] BUG: unable to handle kernel NULL pointer dereference
>> at 0000000000000008
>> [ 201.950254] ------------[ cut here ]------------
>> [ 201.959045] #PF error: [normal kernel read fault]
>> [ 201.964272] !se->on_rq
>> [ 201.964287] WARNING: CPU: 22 PID: 2965 at kernel/sched/fair.c:6849
>> set_next_buddy+0x52/0x70
>
> A quick workaround below:
>
> diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
> index 1d0dac4fd94f..ef6acfe2cf7d 100644
> --- a/kernel/sched/fair.c
> +++ b/kernel/sched/fair.c
> @@ -6834,7 +6834,7 @@ static void set_last_buddy(struct sched_entity *se)
> return;
>
> for_each_sched_entity(se) {
> - if (SCHED_WARN_ON(!se->on_rq))
> + if (SCHED_WARN_ON(!(se && se->on_rq))
> return;
> cfs_rq_of(se)->last = se;
> }
> @@ -6846,7 +6846,7 @@ static void set_next_buddy(struct sched_entity *se)
> return;
>
> for_each_sched_entity(se) {
> - if (SCHED_WARN_ON(!se->on_rq))
> + if (SCHED_WARN_ON(!(se && se->on_rq))
Shouldn't the for_each_sched_entity(se) skip the code block for !se case
have avoided null pointer access of se?
Since
#define for_each_sched_entity(se) \
for (; se; se = se->parent)
Scratching my head a bit here on how your changes would have made
a difference.
In your original log, I wonder if the !se->on_rq warning on CPU 22 is mixed with the actual OOPs?
Saw also in your original log rb_insert_color. Wonder if that
was actually the source of the Oops?
[ 202.078674] RIP: 0010:set_next_buddy+0x52/0x70
[ 202.090135] Hardware name: Intel Corporation S2600CP/S2600CP, BIOS
SE5C600.86B.99.99.x058.082120120902 08/21/2012
[ 202.090144] RIP: 0010:rb_insert_color+0x17/0x190
[ 202.101623] Code: 48 85 ff 74 10 8b 47 40 85 c0 75 e2 80 3d 9e e5
6a 01 00 74 02 f3 c3 48 c7 c7 5c 05 2c 82 c6 05 8c e5 6a 01 01 e8 2e
bb fb ff <0f> 0b c3 83 bf 04 03 0e
[ 202.113216] Code: f3 c3 31 c0 c3 0f 1f 40 00 66 2e 0f 1f 84 00 00
00 00 00 48 8b 17 48 85 d2 0f 84 4d 01 00 00 48 8b 02 a8 01 0f 85 6d
01 00 00 <48> 8b 48 08 49 89 c0 44
[ 202.118263] RSP: 0018:ffffc9000a5cbbb0 EFLAGS: 00010086
[ 202.129858] RSP: 0018:ffffc9000a463cc0 EFLAGS: 00010046
[ 202.135102] RAX: 0000000000000000 RBX: ffff88980047e800 RCX: 0000000000000000
[ 202.135105] RDX: ffff888be28caa40 RSI: 0000000000000001 RDI: ffffffff8110c3fa
[ 202.156251] RAX: 0000000000000000 RBX: ffff888bfeb80000 RCX: ffff888bfeb80
Thanks.
Tim