Alexander Nyberg wrote:
>>My simple yield DoS don't work anymore. But i found another way.
>>Running this as SCHED_ISO:
> 
> 
> Yep, bad accounting in queue_iso() which relied on p->array == rq->active
> This fixes it:
> 
> 
> Index: vanilla/kernel/sched.c
> ===================================================================
> --- vanilla.orig/kernel/sched.c	2005-01-20 18:05:59.000000000 +0100
> +++ vanilla/kernel/sched.c	2005-01-20 18:41:26.000000000 +0100
> @@ -2621,15 +2621,19 @@
>  static task_t* queue_iso(runqueue_t *rq, prio_array_t *array)
>  {
>  	task_t *p = list_entry(rq->iso_queue.next, task_t, iso_list);
> -	if (p->prio == MAX_RT_PRIO)
> -		goto out;
> +	prio_array_t *old_array = p->array;
> +	
> +	old_array->nr_active--;
>  	list_del(&p->run_list);
> -	if (list_empty(array->queue + p->prio))
> -		__clear_bit(p->prio, array->bitmap);
> +	if (list_empty(old_array->queue + p->prio))
> +		__clear_bit(p->prio, old_array->bitmap);
> +	
>  	p->prio = MAX_RT_PRIO;
>  	list_add_tail(&p->run_list, array->queue + p->prio);
>  	__set_bit(p->prio, array->bitmap);
> -out:
> +	array->nr_active++;
> +	p->array = array;
> +	
>  	return p;
>  }
>  
> 

Excellent pickup, thanks!

Acked-by: Con Kolivas <kernel@kolivas.org>