Commit 5d99b32a authored by Sebastian Andrzej Siewior's avatar Sebastian Andrzej Siewior Committed by Thomas Gleixner

posix-timers: Move rcu_head out of it union

Timer deletion on PREEMPT_RT is prone to priority inversion and live
locks. The hrtimer code has a synchronization mechanism for this. Posix CPU
timers will grow one.

But that mechanism cannot be invoked while holding the k_itimer lock
because that can deadlock against the running timer callback. So the lock
must be dropped which allows the timer to be freed.

The timer free can be prevented by taking RCU readlock before dropping the
lock, but because the rcu_head is part of the 'it' union a concurrent free
will overwrite the hrtimer on which the task is trying to synchronize.

Move the rcu_head out of the union to prevent this.

[ tglx: Fixed up kernel-doc. Rewrote changelog ]
Signed-off-by: default avatarSebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Acked-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20190730223828.965541887@linutronix.de
parent 6945e5c2
...@@ -85,7 +85,8 @@ static inline int clockid_to_fd(const clockid_t clk) ...@@ -85,7 +85,8 @@ static inline int clockid_to_fd(const clockid_t clk)
* @it_process: The task to wakeup on clock_nanosleep (CPU timers) * @it_process: The task to wakeup on clock_nanosleep (CPU timers)
* @sigq: Pointer to preallocated sigqueue * @sigq: Pointer to preallocated sigqueue
* @it: Union representing the various posix timer type * @it: Union representing the various posix timer type
* internals. Also used for rcu freeing the timer. * internals.
* @rcu: RCU head for freeing the timer.
*/ */
struct k_itimer { struct k_itimer {
struct list_head list; struct list_head list;
...@@ -114,8 +115,8 @@ struct k_itimer { ...@@ -114,8 +115,8 @@ struct k_itimer {
struct { struct {
struct alarm alarmtimer; struct alarm alarmtimer;
} alarm; } alarm;
struct rcu_head rcu;
} it; } it;
struct rcu_head rcu;
}; };
void run_posix_cpu_timers(struct task_struct *task); void run_posix_cpu_timers(struct task_struct *task);
......
...@@ -442,7 +442,7 @@ static struct k_itimer * alloc_posix_timer(void) ...@@ -442,7 +442,7 @@ static struct k_itimer * alloc_posix_timer(void)
static void k_itimer_rcu_free(struct rcu_head *head) static void k_itimer_rcu_free(struct rcu_head *head)
{ {
struct k_itimer *tmr = container_of(head, struct k_itimer, it.rcu); struct k_itimer *tmr = container_of(head, struct k_itimer, rcu);
kmem_cache_free(posix_timers_cache, tmr); kmem_cache_free(posix_timers_cache, tmr);
} }
...@@ -459,7 +459,7 @@ static void release_posix_timer(struct k_itimer *tmr, int it_id_set) ...@@ -459,7 +459,7 @@ static void release_posix_timer(struct k_itimer *tmr, int it_id_set)
} }
put_pid(tmr->it_pid); put_pid(tmr->it_pid);
sigqueue_free(tmr->sigq); sigqueue_free(tmr->sigq);
call_rcu(&tmr->it.rcu, k_itimer_rcu_free); call_rcu(&tmr->rcu, k_itimer_rcu_free);
} }
static int common_timer_create(struct k_itimer *new_timer) static int common_timer_create(struct k_itimer *new_timer)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment