rt domain: make sure release heap is not in use before re-init

This fixes a bug observed under G-EDF:
  A task with extremely low wcet budget could get scheduled
  and re-added to its own release heap while the heap was still
  in use in the same timer callback that released the task.
  Havoc, predictably, ensued.

1 files changed, 12 insertions, 0 deletions

diff --git a/litmus/rt_domain.c b/litmus/rt_domain.c
index 0357df5f93..8065a2c0bd 100644
--- a/litmus/rt_domain.c
+++ b/litmus/rt_domain.c
@@ -47,6 +47,8 @@ static enum hrtimer_restart on_release_timer(struct hrtimer *timer)
         long flags;
         struct release_heap* rh;
 
+        TRACE("on_release_timer(0x%p) starts.\n", timer);
+
         TS_RELEASE_START;
 
         rh = container_of(timer, struct release_heap, timer);
@@ -62,6 +64,8 @@ static enum hrtimer_restart on_release_timer(struct hrtimer *timer)
 
         TS_RELEASE_END;
 
+        TRACE("on_release_timer(0x%p) ends.\n", timer);
+
         return  HRTIMER_NORESTART;
 }
 
@@ -124,6 +128,14 @@ static struct release_heap* get_release_heap(rt_domain_t *rt, struct task_struct
                 /* use pre-allocated release heap */
                 rh = tsk_rt(t)->rel_heap;
 
+                /* Make sure it is safe to use.  The timer callback could still
+                 * be executing on another CPU; hrtimer_cancel() will wait
+                 * until the timer callback has completed.  However, under no
+                 * circumstances should the timer be active (= yet to be
+                 * triggered).
+                 */
+                BUG_ON(hrtimer_cancel(&rh->timer));
+
                 /* initialize */
                 rh->release_time = release_time;
                 rh->dom = rt;