From patchwork Wed Aug 21 09:24:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 171938 Delivered-To: patch@linaro.org Received: by 2002:a92:d204:0:0:0:0:0 with SMTP id y4csp706757ily; Wed, 21 Aug 2019 02:24:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqwu3HiiigiKpBwCYrmk1MWmbzcejDu53+fdlmmnqX6Xv2BWIWmCkI8hYAkIjTuPmIh4IbSA X-Received: by 2002:a63:8ac3:: with SMTP id y186mr28337380pgd.13.1566379459215; Wed, 21 Aug 2019 02:24:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566379459; cv=none; d=google.com; s=arc-20160816; b=k39og8FdTy7QodoN3iTZNa16MIEzawU+RE/TbT4fF8zEAVev01sf5m281DDsfwvQ82 QmwXAlhOeoZ1A03JvKa5L1WZ0wj54fafkvR4C0VOg66fvN7k0Sl8lHS460VSquM9YiVi E5YWOtEW384b1O40ctdHV7miJZqcxS7zQ8V0HPOWAj6woLd4+KhNOkyB807lDxrTKHCH p4QGalNknAFbRtzD/0GC1eFHIcP0Ctgw3UvR+iWMCSZhY1KpcL3zfmiIcIKxRKaMSlse RnnFn5BzvWUVo23cZka6B5SfAS23rEo0x6kht+K6K1w4AbRX7zzxl2T7z3T2G4jZ6zV2 Ohjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=rLtCO9zLq+253rBBctzI25rig9xY0QowonHInP78CVI=; b=azMtOzC3PtBk9d8/qYuNhybvayA6Vfm/oxWSD7CrHGnaVqS72aI+JSoZiYLcXPV4WM ByaAlKJ8YuQtn5VbnhkBUUdDdVlQWtfaiSl+922SxWp1qD27CgyiGfT/mqqmUXNSsDXh +fAvZdNmY6wxV4pXLOBp5umy7ym1mhl06VE9jkN6yesnlNaWIa+hB3uNSMi3J6Yanq2d rWG5m/N6zav+8uJd1KMhsg1jnmBpmGtPvRB47560cunj/ojGbVBF/YXU6C1bf0xBZ06h bseWhHEcVIWeOEdT8h7pk0jZvfgKaY+BLwukYSDAzO+UqJB8+7N8po7AsFcuU7GWDSZv 0XBQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k43si1889580pje.59.2019.08.21.02.24.18; Wed, 21 Aug 2019 02:24:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727185AbfHUJYS (ORCPT + 28 others); Wed, 21 Aug 2019 05:24:18 -0400 Received: from foss.arm.com ([217.140.110.172]:55050 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727078AbfHUJYQ (ORCPT ); Wed, 21 Aug 2019 05:24:16 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E2474360; Wed, 21 Aug 2019 02:24:15 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.196.50]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CD8D63F706; Wed, 21 Aug 2019 02:24:14 -0700 (PDT) From: Julien Grall To: linux-rt-users@vger.kernel.org Cc: tglx@linutronix.de, linux-kernel@vger.kernel.org, maz@kernel.org, bigeasy@linutronix.de, rostedt@goodmis.org, Julien Grall Subject: [RT PATCH 1/3] hrtimer: Use READ_ONCE to access timer->base in hrimer_grab_expiry_lock() Date: Wed, 21 Aug 2019 10:24:07 +0100 Message-Id: <20190821092409.13225-2-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190821092409.13225-1-julien.grall@arm.com> References: <20190821092409.13225-1-julien.grall@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The update to timer->base is protected by the base->cpu_base->lock(). However, hrtimer_grab_expirty_lock() does not access it with the lock. So it would theorically be possible to have timer->base changed under our feet. We need to prevent the compiler to refetch timer->base so the check and the access is performed on the same base. Other access of timer->base are either done with a lock or protected with READ_ONCE(). So use READ_ONCE() in hrtimer_grab_expirty_lock(). Signed-off-by: Julien Grall --- This is rather theoritical so far as I don't have a reproducer for this. --- kernel/time/hrtimer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.11.0 diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 7d7db8802131..b869e816e96a 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -932,7 +932,7 @@ EXPORT_SYMBOL_GPL(hrtimer_forward); void hrtimer_grab_expiry_lock(const struct hrtimer *timer) { - struct hrtimer_clock_base *base = timer->base; + struct hrtimer_clock_base *base = READ_ONCE(timer->base); if (base && base->cpu_base) { spin_lock(&base->cpu_base->softirq_expiry_lock); From patchwork Wed Aug 21 09:24:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 171939 Delivered-To: patch@linaro.org Received: by 2002:a92:d204:0:0:0:0:0 with SMTP id y4csp706789ily; Wed, 21 Aug 2019 02:24:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqzDgFyRPafhbEajITBQC3zJ+VT6cRBHh6GfIF6bRLKWTiH4csAqOy71Np2zP+R1G9JEqN6f X-Received: by 2002:a17:90a:d3d4:: with SMTP id d20mr4465326pjw.28.1566379461773; Wed, 21 Aug 2019 02:24:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566379461; cv=none; d=google.com; s=arc-20160816; b=LMimxtVXo86D6Zp9Cvf1weVXRtJvzJbkyoeoozMMnDro9ffpxMw9xnp9J4f3fJunUG sHc14Jhpa/SwMFwCvim78Zxt7mLEh3NAiMOtf9xY0+PN9LnWkVMOF/x36UITdUE0Z5bL jHWZSy2YmDqbn8vWaZy29jIQUW44Scm3OWz3FNATbAksx4G1+Zh9QHSebpU4t6AOrF9q gG/BxrN2i2lEtN+WRTqiUVaqmW029jOYTLyxzZpX7H6+cZTnDTWBGTka07UtbjlPCq3j 9FeT8bVcGglSKuo42dOTdzgYtYyivVn4nsnEHGpgsdZBB0k0VU1mDpcji99LOiQY0kMv ygxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=wvRgBt4v/2O6sWDF51ZaBFKyzglOhhczY6CQARXenf8=; b=eq0mqQ3Dr2a+d8IeftTvdmJS4+63z2hof5q41YUl2ui8eFJ2nN7VIQgBOgCv50pF3k HbJ02/Rw9mp7k3SE8CbTPzFPNgCO9w7uUicSqZ91MeCMhpzOUoxACbtHY6BZ+pP3uGBQ aNptBauAG3GzckhaLaWgwCfSJczo2cut1DnGll96pSvkJMtu8dOksbJW15VzflXBwFg2 BoeOOjQxhmWEbXyxVEVQp3iMqk4h9hDBfTQNfhc+6E8f+DU7deu7cga/BOsId70JMbrb 6Blx0NaDHkSzAsvbnI/e9Jn45w673j2GC471Qmi8z+j4E8SymAxzWmaS7DJklR8ixKfU OSEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k43si1889580pje.59.2019.08.21.02.24.21; Wed, 21 Aug 2019 02:24:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727259AbfHUJYU (ORCPT + 28 others); Wed, 21 Aug 2019 05:24:20 -0400 Received: from foss.arm.com ([217.140.110.172]:55060 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727144AbfHUJYS (ORCPT ); Wed, 21 Aug 2019 05:24:18 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2858B1570; Wed, 21 Aug 2019 02:24:17 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.196.50]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 22AC63F706; Wed, 21 Aug 2019 02:24:16 -0700 (PDT) From: Julien Grall To: linux-rt-users@vger.kernel.org Cc: tglx@linutronix.de, linux-kernel@vger.kernel.org, maz@kernel.org, bigeasy@linutronix.de, rostedt@goodmis.org, Julien Grall Subject: [RT PATCH 2/3] hrtimer: Don't grab the expiry lock for non-soft hrtimer Date: Wed, 21 Aug 2019 10:24:08 +0100 Message-Id: <20190821092409.13225-3-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190821092409.13225-1-julien.grall@arm.com> References: <20190821092409.13225-1-julien.grall@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There are no guarantee the hrtimer_cancel() will be called on the same CPU as the non-soft hrtimer is running on so the following scenario can happen. CPU0 | CPU1 | | hrtimer_interrupt() | raw_spin_lock_irqsave(&cpu_save->lock) hrtimer_cancel() | __run_hrtimer_run_queues() hrtimer_try_to_cancel() | __run_hrtimer() lock_hrtimer_base() | base->running = timer; | raw_spin_unlock_irqrestore(&cpu_save->lock) raw_spin_lock_irqsave(cpu_base->lock) | fn(timer); hrtimer_callback_running() | hrtimer_callback_running() will be returning true as the callback is running somewhere else. This means hrtimer_try_to_cancel() would return -1. Therefore hrtimer_grab_expiry_lock() would be called. non-soft hrtimer may be used when the timer needs to be manipulated from a non-preemptible context. This is for instance the case of KVM Arm timers. The following splat can be seen in the log: [ 157.449545] 000: BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:968 [ 157.449569] 000: in_atomic(): 1, irqs_disabled(): 0, pid: 990, name: kvm-vcpu-1 [ 157.449579] 000: 2 locks held by kvm-vcpu-1/990: [ 157.449592] 000: #0: 00000000c2fc8217 (&vcpu->mutex){+.+.}, at: kvm_vcpu_ioctl+0x70/0xae0 [ 157.449638] 000: #1: 0000000096863801 (&cpu_base->softirq_expiry_lock){+.+.}, at: hrtimer_grab_expiry_lock+0x24/0x40 [ 157.449677] 000: Preemption disabled at: [ 157.449679] 000: [] schedule+0x30/0xd8 [ 157.449702] 000: CPU: 0 PID: 990 Comm: kvm-vcpu-1 Tainted: G W 5.2.0-rt1-00001-gd368139e892f #104 [ 157.449712] 000: Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Jan 23 2017 [ 157.449718] 000: Call trace: [ 157.449722] 000: dump_backtrace+0x0/0x130 [ 157.449730] 000: show_stack+0x14/0x20 [ 157.449738] 000: dump_stack+0xbc/0x104 [ 157.449747] 000: ___might_sleep+0x198/0x238 [ 157.449756] 000: rt_spin_lock+0x5c/0x70 [ 157.449765] 000: hrtimer_grab_expiry_lock+0x24/0x40 [ 157.449773] 000: hrtimer_cancel+0x1c/0x38 [ 157.449780] 000: kvm_timer_vcpu_load+0x78/0x3e0 An hrtimer is always either running in softirq or not. This cannot be changed after it is instantiated. So we can rely on timer->is_soft for checking whether the lock can be grabbed. Signed-off-by: Julien Grall --- kernel/time/hrtimer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.11.0 diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index b869e816e96a..119414a2f59c 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -934,7 +934,7 @@ void hrtimer_grab_expiry_lock(const struct hrtimer *timer) { struct hrtimer_clock_base *base = READ_ONCE(timer->base); - if (base && base->cpu_base) { + if (timer->is_soft && base && base->cpu_base) { spin_lock(&base->cpu_base->softirq_expiry_lock); spin_unlock(&base->cpu_base->softirq_expiry_lock); }