On Fri, Oct 16, 2020 at 1:54 PM Jerome Brunet <jbru...@baylibre.com> wrote: > > > On Fri 16 Oct 2020 at 19:33, Jassi Brar <jassisinghb...@gmail.com> wrote: > > > On Fri, Oct 16, 2020 at 4:00 AM Jerome Brunet <jbru...@baylibre.com> wrote: > >> > >> > >> On Fri 16 Oct 2020 at 10:52, Ionela Voinescu <ionela.voine...@arm.com> > >> wrote: > >> > >> > On Thursday 15 Oct 2020 at 13:45:54 (-0500), Jassi Brar wrote: > >> > [..] > >> >> > >> --- a/drivers/mailbox/mailbox.c > >> >> > >> +++ b/drivers/mailbox/mailbox.c > >> >> > >> @@ -82,9 +82,13 @@ static void msg_submit(struct mbox_chan *chan) > >> >> > >> exit: > >> >> > >> spin_unlock_irqrestore(&chan->lock, flags); > >> >> > >> > >> >> > >> - if (!err && (chan->txdone_method & TXDONE_BY_POLL)) > >> >> > >> - /* kick start the timer immediately to avoid delays */ > >> >> > >> + if (!err && (chan->txdone_method & TXDONE_BY_POLL)) { > >> >> > >> + /* Disable the timer if already active ... */ > >> >> > >> + hrtimer_cancel(&chan->mbox->poll_hrt); > >> >> > >> + > >> >> > >> + /* ... and kick start it immediately to avoid delays > >> >> > >> */ > >> >> > >> hrtimer_start(&chan->mbox->poll_hrt, 0, > >> >> > >> HRTIMER_MODE_REL); > >> >> > >> + } > >> >> > >> } > >> >> > >> > >> >> > >> static void tx_tick(struct mbox_chan *chan, int r) > >> >> > > > >> >> > > I've tracked a regression back to this commit. Details to reproduce: > >> >> > > >> >> > Hi Ionela, > >> >> > > >> >> > I don't have access to your platform and I don't get what is going on > >> >> > from the log below. > >> >> > > >> >> > Could you please give us a bit more details about what is going on ? > >> >> > > >> >> > All this patch does is add hrtimer_cancel(). > >> >> > * It is needed if the timer had already been started, which is > >> >> > appropriate AFAIU > >> >> > * It is a NO-OP is the timer is not active. > >> >> > > >> >> Can you please try using hrtimer_try_to_cancel() instead ? > >> >> > >> > > >> > Yes, using hrtimer_try_to_cancel() instead works for me. But doesn't > >> > this limit how effective this change is? AFAIU, this will possibly only > >> > reduce the chances for the race condition, but not solve it. > >> > > >> > >> It is also my understanding, hrtimer_try_to_cancel() would remove a > >> timer which as not already started but would return withtout doing > >> anything if the callback is already running ... which is the original > >> problem > >> > > If we are running in the callback path, hrtimer_try_to_cancel will > > return -1, in which case we could skip hrtimer_start. > > Anyways, I think simply checking for hrtimer_active should effect the same. > > I have submitted a patch, of course not tested. > > Yes it sloves this race but ... > Thanks for confirmation.
> If a race is possible between a timer callback rescheduling itself (which > is not that uncommon) and another thread trying to cancel it > In our case, we should not be cancelling+restarting the timer in the first place, because txdone_hrtimer will take care of it via hrtimer_forward_now. >, maybe > there is something worth fixing in hrtimer ? Also, mailbox calls > hrtimer_cancel() in unregister ... are we confident this would work ? > Yes. After unregister() every channel is supposed to die and so must its resources. -jassi