| Message ID | 20190821092409.13225-2-julien.grall@arm.com |
|---|---|
| State | New |
| Headers | show |
| Series | hrtimer: RT fixes for hrtimer_grab_expiry_lock() | expand |
On 2019-08-21 10:24:07 [+0100], Julien Grall wrote: > The update to timer->base is protected by the base->cpu_base->lock(). > However, hrtimer_grab_expirty_lock() does not access it with the lock. > > So it would theorically be possible to have timer->base changed under > our feet. We need to prevent the compiler to refetch timer->base so the > check and the access is performed on the same base. It is not a problem if the timer's bases changes. We get here because we want to help the timer to complete its callback. The base can only change if the timer gets re-armed on another CPU which means is completed callback. In every case we can cancel the timer on the next iteration. Sebastian
On 2019-08-21 15:50:33 [+0200], Thomas Gleixner wrote: > On Wed, 21 Aug 2019, Sebastian Andrzej Siewior wrote: > > > On 2019-08-21 10:24:07 [+0100], Julien Grall wrote: > > > The update to timer->base is protected by the base->cpu_base->lock(). > > > However, hrtimer_grab_expirty_lock() does not access it with the lock. > > > > > > So it would theorically be possible to have timer->base changed under > > > our feet. We need to prevent the compiler to refetch timer->base so the > > > check and the access is performed on the same base. > > > > It is not a problem if the timer's bases changes. We get here because we > > want to help the timer to complete its callback. > > The base can only change if the timer gets re-armed on another CPU which > > means is completed callback. In every case we can cancel the timer on > > the next iteration. > > It _IS_ a problem when the base changes and the compiler reloads > > CPU0 CPU1 > base = timer->base; > > lock(base->....); > switch base > > reload > base = timer->base; > > unlock(base->....); > > See? so read_once() it is then. Sebastian
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 7d7db8802131..b869e816e96a 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -932,7 +932,7 @@ EXPORT_SYMBOL_GPL(hrtimer_forward); void hrtimer_grab_expiry_lock(const struct hrtimer *timer) { - struct hrtimer_clock_base *base = timer->base; + struct hrtimer_clock_base *base = READ_ONCE(timer->base); if (base && base->cpu_base) { spin_lock(&base->cpu_base->softirq_expiry_lock);
The update to timer->base is protected by the base->cpu_base->lock(). However, hrtimer_grab_expirty_lock() does not access it with the lock. So it would theorically be possible to have timer->base changed under our feet. We need to prevent the compiler to refetch timer->base so the check and the access is performed on the same base. Other access of timer->base are either done with a lock or protected with READ_ONCE(). So use READ_ONCE() in hrtimer_grab_expirty_lock(). Signed-off-by: Julien Grall <julien.grall@arm.com> --- This is rather theoritical so far as I don't have a reproducer for this. --- kernel/time/hrtimer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.11.0