diff options
| author | Eric Dumazet <edumazet@google.com> | 2019-10-08 13:32:04 -0400 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2019-10-14 09:51:49 -0400 |
| commit | ff229eee3d897f52bd001c841f2d3cce8853ecdc (patch) | |
| tree | ff2aeaf672e1e411d2054ca722f7d0e84eec72f6 /kernel | |
| parent | 4f5cafb5cb8471e54afdc9054d973535614f7675 (diff) | |
hrtimer: Annotate lockless access to timer->base
Followup to commit dd2261ed45aa ("hrtimer: Protect lockless access
to timer->base")
lock_hrtimer_base() fetches timer->base without lock exclusion.
Compiler is allowed to read timer->base twice (even if considered dumb)
which could end up trying to lock migration_base and return
&migration_base.
base = timer->base;
if (likely(base != &migration_base)) {
/* compiler reads timer->base again, and now (base == &migration_base)
raw_spin_lock_irqsave(&base->cpu_base->lock, *flags);
if (likely(base == timer->base))
return base; /* == &migration_base ! */
Similarly the write sides must use WRITE_ONCE() to avoid store tearing.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20191008173204.180879-1-edumazet@google.com
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/time/hrtimer.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 0d4dc241c0fb..65605530ee34 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c | |||
| @@ -164,7 +164,7 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, | |||
| 164 | struct hrtimer_clock_base *base; | 164 | struct hrtimer_clock_base *base; |
| 165 | 165 | ||
| 166 | for (;;) { | 166 | for (;;) { |
| 167 | base = timer->base; | 167 | base = READ_ONCE(timer->base); |
| 168 | if (likely(base != &migration_base)) { | 168 | if (likely(base != &migration_base)) { |
| 169 | raw_spin_lock_irqsave(&base->cpu_base->lock, *flags); | 169 | raw_spin_lock_irqsave(&base->cpu_base->lock, *flags); |
| 170 | if (likely(base == timer->base)) | 170 | if (likely(base == timer->base)) |
| @@ -244,7 +244,7 @@ again: | |||
| 244 | return base; | 244 | return base; |
| 245 | 245 | ||
| 246 | /* See the comment in lock_hrtimer_base() */ | 246 | /* See the comment in lock_hrtimer_base() */ |
| 247 | timer->base = &migration_base; | 247 | WRITE_ONCE(timer->base, &migration_base); |
| 248 | raw_spin_unlock(&base->cpu_base->lock); | 248 | raw_spin_unlock(&base->cpu_base->lock); |
| 249 | raw_spin_lock(&new_base->cpu_base->lock); | 249 | raw_spin_lock(&new_base->cpu_base->lock); |
| 250 | 250 | ||
| @@ -253,10 +253,10 @@ again: | |||
| 253 | raw_spin_unlock(&new_base->cpu_base->lock); | 253 | raw_spin_unlock(&new_base->cpu_base->lock); |
| 254 | raw_spin_lock(&base->cpu_base->lock); | 254 | raw_spin_lock(&base->cpu_base->lock); |
| 255 | new_cpu_base = this_cpu_base; | 255 | new_cpu_base = this_cpu_base; |
| 256 | timer->base = base; | 256 | WRITE_ONCE(timer->base, base); |
| 257 | goto again; | 257 | goto again; |
| 258 | } | 258 | } |
| 259 | timer->base = new_base; | 259 | WRITE_ONCE(timer->base, new_base); |
| 260 | } else { | 260 | } else { |
| 261 | if (new_cpu_base != this_cpu_base && | 261 | if (new_cpu_base != this_cpu_base && |
| 262 | hrtimer_check_target(timer, new_base)) { | 262 | hrtimer_check_target(timer, new_base)) { |