Commit ff229eee authored by Eric Dumazet's avatar Eric Dumazet Committed by Thomas Gleixner

hrtimer: Annotate lockless access to timer->base

Followup to commit dd2261ed ("hrtimer: Protect lockless access
to timer->base")

lock_hrtimer_base() fetches timer->base without lock exclusion.

Compiler is allowed to read timer->base twice (even if considered dumb)
which could end up trying to lock migration_base and return
&migration_base.

  base = timer->base;
  if (likely(base != &migration_base)) {

       /* compiler reads timer->base again, and now (base == &migration_base)

       raw_spin_lock_irqsave(&base->cpu_base->lock, *flags);
       if (likely(base == timer->base))
            return base; /* == &migration_base ! */

Similarly the write sides must use WRITE_ONCE() to avoid store tearing.
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20191008173204.180879-1-edumazet@google.com
parent 4f5cafb5
...@@ -164,7 +164,7 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, ...@@ -164,7 +164,7 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer,
struct hrtimer_clock_base *base; struct hrtimer_clock_base *base;
for (;;) { for (;;) {
base = timer->base; base = READ_ONCE(timer->base);
if (likely(base != &migration_base)) { if (likely(base != &migration_base)) {
raw_spin_lock_irqsave(&base->cpu_base->lock, *flags); raw_spin_lock_irqsave(&base->cpu_base->lock, *flags);
if (likely(base == timer->base)) if (likely(base == timer->base))
...@@ -244,7 +244,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, ...@@ -244,7 +244,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base,
return base; return base;
/* See the comment in lock_hrtimer_base() */ /* See the comment in lock_hrtimer_base() */
timer->base = &migration_base; WRITE_ONCE(timer->base, &migration_base);
raw_spin_unlock(&base->cpu_base->lock); raw_spin_unlock(&base->cpu_base->lock);
raw_spin_lock(&new_base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock);
...@@ -253,10 +253,10 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, ...@@ -253,10 +253,10 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base,
raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_unlock(&new_base->cpu_base->lock);
raw_spin_lock(&base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock);
new_cpu_base = this_cpu_base; new_cpu_base = this_cpu_base;
timer->base = base; WRITE_ONCE(timer->base, base);
goto again; goto again;
} }
timer->base = new_base; WRITE_ONCE(timer->base, new_base);
} else { } else {
if (new_cpu_base != this_cpu_base && if (new_cpu_base != this_cpu_base &&
hrtimer_check_target(timer, new_base)) { hrtimer_check_target(timer, new_base)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment