Frederic Weisbecker <frede...@kernel.org> writes:
> When a timer is enqueued with a negative delta (ie: expiry is below
> base->clk), it gets added to the wheel as expiring now (base->clk).
>
> Yet the value that gets stored in base->next_expiry, while calling
> trigger_dyntick_cpu(), is the initial timer->expires value. The
> resulting state becomes:
>
> base->next_expiry < base->clk
>
> On the next timer enqueue, forward_timer_base() may accidentally
> rewind base->clk. As a possible outcome, timers may expire way too
> early, the worst case being that the highest wheel levels get spuriously
> processed again.
Bah. Nice catch.
> To prevent from that, make sure that base->next_expiry doesn't get below
> base->clk.
That wants a Fixes: tag and a CC stable.
Thanks,
tglx
