hrtimer: Prevent stale expiry time in hrtimer_interrupt()

hrtimer_interrupt() has the following subtle issue: hrtimer_interrupt() lock(cpu_base); expires_next = KTIME_MAX; expire_timers(CLOCK_MONOTONIC); expires = get_next_timer(CLOCK_MONOTONIC); if (expires < expires_next) expires_next = expires; expire_timers(CLOCK_REALTIME); unlock(cpu_base); wakeup() hrtimer_start(CLOCK_MONOTONIC, newtimer); lock(cpu_base(); expires = get_next_timer(CLOCK_REALTIME); if (expires < expires_next) expires_next = expires; So because we already evaluated the next expiring timer of CLOCK_MONOTONIC we ignore that the expiry time of newtimer might be earlier than the overall next expiry time in hrtimer_interrupt(). To solve this, remove the caching of the next expiry value from hrtimer_interrupt() and reevaluate all active clock bases for the next expiry value. To avoid another code duplication, create a shared evaluation function and use it for hrtimer_get_next_event(), hrtimer_force_reprogram() and hrtimer_interrupt(). There is another subtlety in this mechanism: While hrtimer_interrupt() is running, we want to avoid to touch the hardware device because we will reprogram it anyway at the end of hrtimer_interrupt(). This works nicely for hrtimers which get rearmed via the HRTIMER_RESTART mechanism, because we drop out when the callback on that CPU is running. But that fails, if a new timer gets enqueued like in the example above. This has another implication: While hrtimer_interrupt() is running we refuse remote enqueueing of timers - see hrtimer_interrupt() and hrtimer_check_target(). hrtimer_interrupt() tries to prevent this by setting cpu_base->expires to KTIME_MAX, but that fails if a new timer gets queued. Prevent both the hardware access and the remote enqueue explicitely. We can loosen the restriction on the remote enqueue now due to reevaluation of the next expiry value, but that needs a seperate patch. Folded in a fix from Vignesh Radhakrishnan. Reported-and-tested-by: Stanislav Fomichev <stfomichev@yandex-team.ru> Based-on-patch-by: Stanislav Fomichev <stfomichev@yandex-team.ru> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: vigneshr@codeaurora.org Cc: john.stultz@linaro.org Cc: viresh.kumar@linaro.org Cc: fweisbec@gmail.com Cc: cl@linux.com Cc: stuart.w.hayes@gmail.com Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1501202049190.5526@nanos Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
author: Thomas Gleixner <tglx@linutronix.de> 2015-01-20 15:24:10 -0500
committer: Thomas Gleixner <tglx@linutronix.de> 2015-01-23 06:13:20 -0500
commit: 9bc7491906b4113b4c5ae442157c7dfc4e10cd14 (patch)
tree: 838a832d8568997b800d80be339eb50339701ce0 /kernel/time
parent: 41fbf3b39d5eca01527338b4d0ee15ee1ae1023c (diff)
1 files changed, 50 insertions, 58 deletions
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
index 37e50aadd471..b663653a5d5b 100644
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
@@ -440,6 +440,37 @@ static inline void debug_deactivate(struct hrtimer *timer)
        trace_hrtimer_cancel(timer);
 }
+#if defined(CONFIG_NO_HZ_COMMON) || defined(CONFIG_HIGH_RES_TIMERS)
+ktime_t __hrtimer_get_next_event(struct hrtimer_cpu_base *cpu_base)
+{
+        struct hrtimer_clock_base *base = cpu_base->clock_base;
+        ktime_t expires, expires_next = { .tv64 = KTIME_MAX };
+        int i;
+        for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++, base++) {
+                struct timerqueue_node *next;
+                struct hrtimer *timer;
+                next = timerqueue_getnext(&base->active);
+                if (!next)
+                        continue;
+                timer = container_of(next, struct hrtimer, node);
+                expires = ktime_sub(hrtimer_get_expires(timer), base->offset);
+                if (expires.tv64 < expires_next.tv64)
+                        expires_next = expires;
+        }
+        /*
+         * clock_was_set() might have changed base->offset of any of
+         * the clock bases so the result might be negative. Fix it up
+         * to prevent a false positive in clockevents_program_event().
+         */
+        if (expires_next.tv64 < 0)
+                expires_next.tv64 = 0;
+        return expires_next;
+}
+#endif
 /* High resolution timer related functions */
 #ifdef CONFIG_HIGH_RES_TIMERS
@@ -488,32 +519,7 @@ static inline int hrtimer_hres_active(void)
 static void
 hrtimer_force_reprogram(struct hrtimer_cpu_base *cpu_base, int skip_equal)
 {
-        int i;
+        ktime_t expires_next = __hrtimer_get_next_event(cpu_base);
-        struct hrtimer_clock_base *base = cpu_base->clock_base;
-        ktime_t expires, expires_next;
-        expires_next.tv64 = KTIME_MAX;
-        for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++, base++) {
-                struct hrtimer *timer;
-                struct timerqueue_node *next;
-                next = timerqueue_getnext(&base->active);
-                if (!next)
-                        continue;
-                timer = container_of(next, struct hrtimer, node);
-                expires = ktime_sub(hrtimer_get_expires(timer), base->offset);
-                /*
-                 * clock_was_set() has changed base->offset so the
-                 * result might be negative. Fix it up to prevent a
-                 * false positive in clockevents_program_event()
-                 */
-                if (expires.tv64 < 0)
-                        expires.tv64 = 0;
-                if (expires.tv64 < expires_next.tv64)
-                        expires_next = expires;
-        }
        if (skip_equal && expires_next.tv64 == cpu_base->expires_next.tv64)
                return;
@@ -587,6 +593,15 @@ static int hrtimer_reprogram(struct hrtimer *timer,
                return 0;
        /*
+         * When the target cpu of the timer is currently executing
+         * hrtimer_interrupt(), then we do not touch the clock event
+         * device. hrtimer_interrupt() will reevaluate all clock bases
+         * before reprogramming the device.
+         */
+        if (cpu_base->in_hrtirq)
+                return 0;
+        /*
         * If a hang was detected in the last timer interrupt then we
         * do not schedule a timer which is earlier than the expiry
         * which we enforced in the hang detection. We want the system
@@ -1104,29 +1119,14 @@ EXPORT_SYMBOL_GPL(hrtimer_get_remaining);
 ktime_t hrtimer_get_next_event(void)
 {
        struct hrtimer_cpu_base *cpu_base = this_cpu_ptr(&hrtimer_bases);
-        struct hrtimer_clock_base *base = cpu_base->clock_base;
+        ktime_t mindelta = { .tv64 = KTIME_MAX };
-        ktime_t delta, mindelta = { .tv64 = KTIME_MAX };
        unsigned long flags;
-        int i;
        raw_spin_lock_irqsave(&cpu_base->lock, flags);
-        if (!hrtimer_hres_active()) {
+        if (!hrtimer_hres_active())
-                for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++, base++) {
+                mindelta = ktime_sub(__hrtimer_get_next_event(cpu_base),
-                        struct hrtimer *timer;
+                                     ktime_get());
-                        struct timerqueue_node *next;
-                        next = timerqueue_getnext(&base->active);
-                        if (!next)
-                                continue;
-                        timer = container_of(next, struct hrtimer, node);
-                        delta.tv64 = hrtimer_get_expires_tv64(timer);
-                        delta = ktime_sub(delta, base->get_time());
-                        if (delta.tv64 < mindelta.tv64)
-                                mindelta.tv64 = delta.tv64;
-                }
-        }
        raw_spin_unlock_irqrestore(&cpu_base->lock, flags);
@@ -1253,7 +1253,7 @@ void hrtimer_interrupt(struct clock_event_device *dev)
        raw_spin_lock(&cpu_base->lock);
        entry_time = now = hrtimer_update_base(cpu_base);
 retry:
-        expires_next.tv64 = KTIME_MAX;
+        cpu_base->in_hrtirq = 1;
        /*
         * We set expires_next to KTIME_MAX here with cpu_base->lock
         * held to prevent that a timer is enqueued in our queue via
@@ -1291,28 +1291,20 @@ retry:
                         * are right-of a not yet expired timer, because that
                         * timer will have to trigger a wakeup anyway.
                         */
+                        if (basenow.tv64 < hrtimer_get_softexpires_tv64(timer))
-                        if (basenow.tv64 < hrtimer_get_softexpires_tv64(timer)) {
-                                ktime_t expires;
-                                expires = ktime_sub(hrtimer_get_expires(timer),
-                                                    base->offset);
-                                if (expires.tv64 < 0)
-                                        expires.tv64 = KTIME_MAX;
-                                if (expires.tv64 < expires_next.tv64)
-                                        expires_next = expires;
                                break;
-                        }
                        __run_hrtimer(timer, &basenow);
                }
        }
+        /* Reevaluate the clock bases for the next expiry */
+        expires_next = __hrtimer_get_next_event(cpu_base);
        /*
         * Store the new expiry value so the migration code can verify
         * against it.
         */
        cpu_base->expires_next = expires_next;
+        cpu_base->in_hrtirq = 0;
        raw_spin_unlock(&cpu_base->lock);
        /* Reprogramming necessary ? */
author	Thomas Gleixner <tglx@linutronix.de>	2015-01-20 15:24:10 -0500
committer	Thomas Gleixner <tglx@linutronix.de>	2015-01-23 06:13:20 -0500
commit	9bc7491906b4113b4c5ae442157c7dfc4e10cd14 (patch)
tree	838a832d8568997b800d80be339eb50339701ce0 /kernel/time
parent	41fbf3b39d5eca01527338b4d0ee15ee1ae1023c (diff)

diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 37e50aadd471..b663653a5d5b 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c
@@ -440,6 +440,37 @@ static inline void debug_deactivate(struct hrtimer *timer)
440	trace_hrtimer_cancel(timer);	440	trace_hrtimer_cancel(timer);
441	}	441	}
442		442
		443	#if defined(CONFIG_NO_HZ_COMMON) \|\| defined(CONFIG_HIGH_RES_TIMERS)
		444	ktime_t __hrtimer_get_next_event(struct hrtimer_cpu_base *cpu_base)
		445	{
		446	struct hrtimer_clock_base *base = cpu_base->clock_base;
		447	ktime_t expires, expires_next = { .tv64 = KTIME_MAX };
		448	int i;
		449
		450	for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++, base++) {
		451	struct timerqueue_node *next;
		452	struct hrtimer *timer;
		453
		454	next = timerqueue_getnext(&base->active);
		455	if (!next)
		456	continue;
		457
		458	timer = container_of(next, struct hrtimer, node);
		459	expires = ktime_sub(hrtimer_get_expires(timer), base->offset);
		460	if (expires.tv64 < expires_next.tv64)
		461	expires_next = expires;
		462	}
		463	/*
		464	* clock_was_set() might have changed base->offset of any of
		465	* the clock bases so the result might be negative. Fix it up
		466	* to prevent a false positive in clockevents_program_event().
		467	*/
		468	if (expires_next.tv64 < 0)
		469	expires_next.tv64 = 0;
		470	return expires_next;
		471	}
		472	#endif
		473
443	/* High resolution timer related functions */	474	/* High resolution timer related functions */
444	#ifdef CONFIG_HIGH_RES_TIMERS	475	#ifdef CONFIG_HIGH_RES_TIMERS
445		476
@@ -488,32 +519,7 @@ static inline int hrtimer_hres_active(void)
488	static void	519	static void
489	hrtimer_force_reprogram(struct hrtimer_cpu_base *cpu_base, int skip_equal)	520	hrtimer_force_reprogram(struct hrtimer_cpu_base *cpu_base, int skip_equal)
490	{	521	{
491	int i;	522	ktime_t expires_next = __hrtimer_get_next_event(cpu_base);
492	struct hrtimer_clock_base *base = cpu_base->clock_base;
493	ktime_t expires, expires_next;
494
495	expires_next.tv64 = KTIME_MAX;
496
497	for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++, base++) {
498	struct hrtimer *timer;
499	struct timerqueue_node *next;
500
501	next = timerqueue_getnext(&base->active);
502	if (!next)
503	continue;
504	timer = container_of(next, struct hrtimer, node);
505
506	expires = ktime_sub(hrtimer_get_expires(timer), base->offset);
507	/*
508	* clock_was_set() has changed base->offset so the
509	* result might be negative. Fix it up to prevent a
510	* false positive in clockevents_program_event()
511	*/
512	if (expires.tv64 < 0)
513	expires.tv64 = 0;
514	if (expires.tv64 < expires_next.tv64)
515	expires_next = expires;
516	}
517		523
518	if (skip_equal && expires_next.tv64 == cpu_base->expires_next.tv64)	524	if (skip_equal && expires_next.tv64 == cpu_base->expires_next.tv64)
519	return;	525	return;
@@ -587,6 +593,15 @@ static int hrtimer_reprogram(struct hrtimer *timer,
587	return 0;	593	return 0;
588		594
589	/*	595	/*
		596	* When the target cpu of the timer is currently executing
		597	* hrtimer_interrupt(), then we do not touch the clock event
		598	* device. hrtimer_interrupt() will reevaluate all clock bases
		599	* before reprogramming the device.
		600	*/
		601	if (cpu_base->in_hrtirq)
		602	return 0;
		603
		604	/*
590	* If a hang was detected in the last timer interrupt then we	605	* If a hang was detected in the last timer interrupt then we
591	* do not schedule a timer which is earlier than the expiry	606	* do not schedule a timer which is earlier than the expiry
592	* which we enforced in the hang detection. We want the system	607	* which we enforced in the hang detection. We want the system
@@ -1104,29 +1119,14 @@ EXPORT_SYMBOL_GPL(hrtimer_get_remaining);
1104	ktime_t hrtimer_get_next_event(void)	1119	ktime_t hrtimer_get_next_event(void)
1105	{	1120	{
1106	struct hrtimer_cpu_base *cpu_base = this_cpu_ptr(&hrtimer_bases);	1121	struct hrtimer_cpu_base *cpu_base = this_cpu_ptr(&hrtimer_bases);
1107	struct hrtimer_clock_base *base = cpu_base->clock_base;	1122	ktime_t mindelta = { .tv64 = KTIME_MAX };
1108	ktime_t delta, mindelta = { .tv64 = KTIME_MAX };
1109	unsigned long flags;	1123	unsigned long flags;
1110	int i;
1111		1124
1112	raw_spin_lock_irqsave(&cpu_base->lock, flags);	1125	raw_spin_lock_irqsave(&cpu_base->lock, flags);
1113		1126
1114	if (!hrtimer_hres_active()) {	1127	if (!hrtimer_hres_active())
1115	for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++, base++) {	1128	mindelta = ktime_sub(__hrtimer_get_next_event(cpu_base),
1116	struct hrtimer *timer;	1129	ktime_get());
1117	struct timerqueue_node *next;
1118
1119	next = timerqueue_getnext(&base->active);
1120	if (!next)
1121	continue;
1122
1123	timer = container_of(next, struct hrtimer, node);
1124	delta.tv64 = hrtimer_get_expires_tv64(timer);
1125	delta = ktime_sub(delta, base->get_time());
1126	if (delta.tv64 < mindelta.tv64)
1127	mindelta.tv64 = delta.tv64;
1128	}
1129	}
1130		1130
1131	raw_spin_unlock_irqrestore(&cpu_base->lock, flags);	1131	raw_spin_unlock_irqrestore(&cpu_base->lock, flags);
1132		1132
@@ -1253,7 +1253,7 @@ void hrtimer_interrupt(struct clock_event_device *dev)
1253	raw_spin_lock(&cpu_base->lock);	1253	raw_spin_lock(&cpu_base->lock);
1254	entry_time = now = hrtimer_update_base(cpu_base);	1254	entry_time = now = hrtimer_update_base(cpu_base);
1255	retry:	1255	retry:
1256	expires_next.tv64 = KTIME_MAX;	1256	cpu_base->in_hrtirq = 1;
1257	/*	1257	/*
1258	* We set expires_next to KTIME_MAX here with cpu_base->lock	1258	* We set expires_next to KTIME_MAX here with cpu_base->lock
1259	* held to prevent that a timer is enqueued in our queue via	1259	* held to prevent that a timer is enqueued in our queue via
@@ -1291,28 +1291,20 @@ retry:
1291	* are right-of a not yet expired timer, because that	1291	* are right-of a not yet expired timer, because that
1292	* timer will have to trigger a wakeup anyway.	1292	* timer will have to trigger a wakeup anyway.
1293	*/	1293	*/
1294		1294	if (basenow.tv64 < hrtimer_get_softexpires_tv64(timer))
1295	if (basenow.tv64 < hrtimer_get_softexpires_tv64(timer)) {
1296	ktime_t expires;
1297
1298	expires = ktime_sub(hrtimer_get_expires(timer),
1299	base->offset);
1300	if (expires.tv64 < 0)
1301	expires.tv64 = KTIME_MAX;
1302	if (expires.tv64 < expires_next.tv64)
1303	expires_next = expires;
1304	break;	1295	break;
1305	}
1306		1296
1307	__run_hrtimer(timer, &basenow);	1297	__run_hrtimer(timer, &basenow);
1308	}	1298	}
1309	}	1299	}
1310		1300	/* Reevaluate the clock bases for the next expiry */
		1301	expires_next = __hrtimer_get_next_event(cpu_base);
1311	/*	1302	/*
1312	* Store the new expiry value so the migration code can verify	1303	* Store the new expiry value so the migration code can verify
1313	* against it.	1304	* against it.
1314	*/	1305	*/
1315	cpu_base->expires_next = expires_next;	1306	cpu_base->expires_next = expires_next;
		1307	cpu_base->in_hrtirq = 0;
1316	raw_spin_unlock(&cpu_base->lock);	1308	raw_spin_unlock(&cpu_base->lock);
1317		1309
1318	/* Reprogramming necessary ? */	1310	/* Reprogramming necessary ? */