From: Juri Lelli <juri.lelli@redhat.com>
To: John Stultz <jstultz@google.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Joel Fernandes <joelagnelf@nvidia.com>,
Qais Yousef <qyousef@layalina.io>, Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Vincent Guittot <vincent.guittot@linaro.org>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Valentin Schneider <vschneid@redhat.com>,
Steven Rostedt <rostedt@goodmis.org>,
Ben Segall <bsegall@google.com>,
Zimuzo Ezeozue <zezeozue@google.com>,
Mel Gorman <mgorman@suse.de>, Will Deacon <will@kernel.org>,
Waiman Long <longman@redhat.com>,
Boqun Feng <boqun.feng@gmail.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Metin Kaya <Metin.Kaya@arm.com>,
Xuewen Yan <xuewen.yan94@gmail.com>,
K Prateek Nayak <kprateek.nayak@amd.com>,
Thomas Gleixner <tglx@linutronix.de>,
Daniel Lezcano <daniel.lezcano@linaro.org>,
Suleiman Souhlal <suleiman@google.com>,
kuyo chang <kuyo.chang@mediatek.com>, hupu <hupu.gm@gmail.com>,
kernel-team@android.com
Subject: Re: [PATCH v25 9/9] sched: Handle blocked-waiter migration (and return migration)
Date: Wed, 18 Mar 2026 07:35:21 +0100 [thread overview]
Message-ID: <abpHqZyxCHFE50ir@jlelli-thinkpadt14gen4.remote.csb> (raw)
In-Reply-To: <20260313023022.2902479-10-jstultz@google.com>
Hello,
I couldn't convince myself the below is not potentially racy ...
On 13/03/26 02:30, John Stultz wrote:
...
> +static void proxy_migrate_task(struct rq *rq, struct rq_flags *rf,
> + struct task_struct *p, int target_cpu)
> {
> - if (!__proxy_deactivate(rq, donor)) {
> - /*
> - * XXX: For now, if deactivation failed, set donor
> - * as unblocked, as we aren't doing proxy-migrations
> - * yet (more logic will be needed then).
> - */
> - clear_task_blocked_on(donor, NULL);
> + struct rq *target_rq = cpu_rq(target_cpu);
> +
> + lockdep_assert_rq_held(rq);
> +
> + /*
> + * Since we're going to drop @rq, we have to put(@rq->donor) first,
> + * otherwise we have a reference that no longer belongs to us.
> + *
> + * Additionally, as we put_prev_task(prev) earlier, its possible that
> + * prev will migrate away as soon as we drop the rq lock, however we
> + * still have it marked as rq->curr, as we've not yet switched tasks.
> + *
> + * So call proxy_resched_idle() to let go of the references before
> + * we release the lock.
> + */
> + proxy_resched_idle(rq);
> +
> + WARN_ON(p == rq->curr);
> +
> + deactivate_task(rq, p, DEQUEUE_NOCLOCK);
> + proxy_set_task_cpu(p, target_cpu);
> +
> + /*
> + * We have to zap callbacks before unlocking the rq
> + * as another CPU may jump in and call sched_balance_rq
> + * which can trip the warning in rq_pin_lock() if we
> + * leave callbacks set.
> + */
> + zap_balance_callbacks(rq);
> + rq_unpin_lock(rq, rf);
> + raw_spin_rq_unlock(rq);
> +
> + attach_one_task(target_rq, p);
We release rq lock between deactivate and attach (and we don't hold
neither wait_lock nor blocked_lock as they are out of scope at this
point). Can't something like the following happen?
- Task A: blocked on mutex M, queued on CPU 0
- Task B: owns mutex M, running on CPU 1
CPU 0 (migrating A→CPU 1) CPU 1 (B finishes critical section)
------------------------- ------------------------------------
find_proxy_task(donor=A):
owner = B, owner_cpu = 1
action = MIGRATE
// guard releases wait_lock
proxy_migrate_task(A, cpu=1):
deactivate_task(rq0, A)
→ A->on_rq = 0
proxy_set_task_cpu(A, 1)
→ A->cpu = 1
raw_spin_rq_unlock(rq0)
→ RQ0 LOCK RELEASED
// Task B running
mutex_unlock(M):
lock(&M->wait_lock) // ← Can grab it
A->blocked_on = PROXY_WAKING
unlock(&M->wait_lock)
wake_up_q():
try_to_wake_up(A):
sees A->on_rq == 0
cpu = select_task_rq(A)
→ returns CPU 2
set_task_cpu(A, 2)
ttwu_queue(A, 2)
→ A enqueued on CPU 2
→ A->on_rq = 1, A->cpu = 2
attach_one_task(rq1, A):
attach_task(rq1, A):
WARN_ON_ONCE(task_rq(A) != rq1)
→ Fires! task_rq(A) = rq2
activate_task(rq1, A)
→ Double-enqueue! A->on_rq already = 1
What am I missing? :)
Thanks,
Juri
next prev parent reply other threads:[~2026-03-18 6:35 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-13 2:30 [PATCH v25 0/9] Simple Donor Migration for Proxy Execution John Stultz
2026-03-13 2:30 ` [PATCH v25 1/9] sched: Make class_schedulers avoid pushing current, and get rid of proxy_tag_curr() John Stultz
2026-03-13 13:48 ` Juri Lelli
2026-03-13 17:53 ` John Stultz
2026-03-15 16:26 ` K Prateek Nayak
2026-03-17 4:49 ` John Stultz
2026-03-17 5:41 ` K Prateek Nayak
2026-03-17 6:04 ` John Stultz
2026-03-17 7:52 ` K Prateek Nayak
2026-03-17 18:35 ` John Stultz
2026-03-18 13:36 ` Peter Zijlstra
2026-03-18 13:52 ` Peter Zijlstra
2026-03-18 17:55 ` K Prateek Nayak
2026-03-18 20:30 ` John Stultz
2026-03-18 20:34 ` Peter Zijlstra
2026-03-18 20:35 ` John Stultz
2026-03-18 12:55 ` Peter Zijlstra
2026-03-18 18:01 ` K Prateek Nayak
2026-03-13 2:30 ` [PATCH v25 2/9] sched: Minimise repeated sched_proxy_exec() checking John Stultz
2026-03-15 17:01 ` K Prateek Nayak
2026-03-13 2:30 ` [PATCH v25 3/9] locking: Add task::blocked_lock to serialize blocked_on state John Stultz
2026-03-13 2:30 ` [PATCH v25 4/9] sched: Fix modifying donor->blocked on without proper locking John Stultz
2026-03-13 2:30 ` [PATCH v25 5/9] sched/locking: Add special p->blocked_on==PROXY_WAKING value for proxy return-migration John Stultz
2026-03-13 2:30 ` [PATCH v25 6/9] sched: Add assert_balance_callbacks_empty helper John Stultz
2026-03-13 2:30 ` [PATCH v25 7/9] sched: Add logic to zap balance callbacks if we pick again John Stultz
2026-03-13 2:30 ` [PATCH v25 8/9] sched: Move attach_one_task and attach_task helpers to sched.h John Stultz
2026-03-15 16:34 ` K Prateek Nayak
2026-03-16 23:34 ` John Stultz
2026-03-17 2:29 ` K Prateek Nayak
2026-03-13 2:30 ` [PATCH v25 9/9] sched: Handle blocked-waiter migration (and return migration) John Stultz
2026-03-15 17:38 ` K Prateek Nayak
2026-03-18 19:07 ` John Stultz
2026-03-18 6:35 ` Juri Lelli [this message]
2026-03-18 6:56 ` K Prateek Nayak
2026-03-18 10:16 ` Juri Lelli
2026-03-18 12:59 ` Peter Zijlstra
2026-03-19 12:49 ` Peter Zijlstra
2026-03-19 21:26 ` John Stultz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abpHqZyxCHFE50ir@jlelli-thinkpadt14gen4.remote.csb \
--to=juri.lelli@redhat.com \
--cc=Metin.Kaya@arm.com \
--cc=boqun.feng@gmail.com \
--cc=bsegall@google.com \
--cc=daniel.lezcano@linaro.org \
--cc=dietmar.eggemann@arm.com \
--cc=hupu.gm@gmail.com \
--cc=joelagnelf@nvidia.com \
--cc=jstultz@google.com \
--cc=kernel-team@android.com \
--cc=kprateek.nayak@amd.com \
--cc=kuyo.chang@mediatek.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=qyousef@layalina.io \
--cc=rostedt@goodmis.org \
--cc=suleiman@google.com \
--cc=tglx@linutronix.de \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
--cc=will@kernel.org \
--cc=xuewen.yan94@gmail.com \
--cc=zezeozue@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox