Re: [RT PATCH 1/3] hrtimer: Use READ_ONCE to access timer->base in hrimer_grab_expiry_lock()
On 8/21/19 6:50 AM, Thomas Gleixner wrote:
> On Wed, 21 Aug 2019, Sebastian Andrzej Siewior wrote:
>
>> On 2019-08-21 10:24:07 [+0100], Julien Grall wrote:
>>> The update to timer->base is protected by the base->cpu_base->lock().
>>> However, hrtimer_grab_expirty_lock() does not access it with the lock.
>>>
>>> So it would theorically be possible to have timer->base changed under
>>> our feet. We need to prevent the compiler to refetch timer->base so the
>>> check and the access is performed on the same base.
>>
>> It is not a problem if the timer's bases changes. We get here because we
>> want to help the timer to complete its callback.
>> The base can only change if the timer gets re-armed on another CPU which
>> means is completed callback. In every case we can cancel the timer on
>> the next iteration.
>
> It _IS_ a problem when the base changes and the compiler reloads
>
>CPU0 CPU1
>base = timer->base;
>
>lock(base->);
> switch base
>
>reload
> base = timer->base;
>
>unlock(base->);
>
It seems we could hit a similar problem in lock_hrtimer_base()
base = timer->base;
if (likely(base != _base)) {
raw_spin_lock_irqsave(>cpu_base->lock, *flags);
Probably not a big deal, since migration_base-cpu_base->lock can be locked just
fine,
(without lockdep complaining that the lock has not been initialized since we
use raw_ variant),
but this could cause unnecessary false sharing.
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
index
0d4dc241c0fb498036c91a571e65cb00f5d19ba6..fa881c03e0a1a351186a8d8f798dd7471067a951
100644
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
@@ -164,7 +164,7 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct
hrtimer *timer,
struct hrtimer_clock_base *base;
for (;;) {
- base = timer->base;
+ base = READ_ONCE(timer->base);
if (likely(base != _base)) {
raw_spin_lock_irqsave(>cpu_base->lock, *flags);
if (likely(base == timer->base))
Re: [RT PATCH 1/3] hrtimer: Use READ_ONCE to access timer->base in hrimer_grab_expiry_lock()
On 2019-08-21 15:50:33 [+0200], Thomas Gleixner wrote: > On Wed, 21 Aug 2019, Sebastian Andrzej Siewior wrote: > > > On 2019-08-21 10:24:07 [+0100], Julien Grall wrote: > > > The update to timer->base is protected by the base->cpu_base->lock(). > > > However, hrtimer_grab_expirty_lock() does not access it with the lock. > > > > > > So it would theorically be possible to have timer->base changed under > > > our feet. We need to prevent the compiler to refetch timer->base so the > > > check and the access is performed on the same base. > > > > It is not a problem if the timer's bases changes. We get here because we > > want to help the timer to complete its callback. > > The base can only change if the timer gets re-armed on another CPU which > > means is completed callback. In every case we can cancel the timer on > > the next iteration. > > It _IS_ a problem when the base changes and the compiler reloads > >CPU0 CPU1 >base = timer->base; > >lock(base->); > switch base > >reload > base = timer->base; > >unlock(base->); > > See? so read_once() it is then. Sebastian
Re: [RT PATCH 1/3] hrtimer: Use READ_ONCE to access timer->base in hrimer_grab_expiry_lock()
On Wed, 21 Aug 2019, Sebastian Andrzej Siewior wrote: > On 2019-08-21 10:24:07 [+0100], Julien Grall wrote: > > The update to timer->base is protected by the base->cpu_base->lock(). > > However, hrtimer_grab_expirty_lock() does not access it with the lock. > > > > So it would theorically be possible to have timer->base changed under > > our feet. We need to prevent the compiler to refetch timer->base so the > > check and the access is performed on the same base. > > It is not a problem if the timer's bases changes. We get here because we > want to help the timer to complete its callback. > The base can only change if the timer gets re-armed on another CPU which > means is completed callback. In every case we can cancel the timer on > the next iteration. It _IS_ a problem when the base changes and the compiler reloads CPU0 CPU1 base = timer->base; lock(base->); switch base reload base = timer->base; unlock(base->); See?
Re: [RT PATCH 1/3] hrtimer: Use READ_ONCE to access timer->base in hrimer_grab_expiry_lock()
On 2019-08-21 10:24:07 [+0100], Julien Grall wrote: > The update to timer->base is protected by the base->cpu_base->lock(). > However, hrtimer_grab_expirty_lock() does not access it with the lock. > > So it would theorically be possible to have timer->base changed under > our feet. We need to prevent the compiler to refetch timer->base so the > check and the access is performed on the same base. It is not a problem if the timer's bases changes. We get here because we want to help the timer to complete its callback. The base can only change if the timer gets re-armed on another CPU which means is completed callback. In every case we can cancel the timer on the next iteration. Sebastian
[RT PATCH 1/3] hrtimer: Use READ_ONCE to access timer->base in hrimer_grab_expiry_lock()
The update to timer->base is protected by the base->cpu_base->lock().
However, hrtimer_grab_expirty_lock() does not access it with the lock.
So it would theorically be possible to have timer->base changed under
our feet. We need to prevent the compiler to refetch timer->base so the
check and the access is performed on the same base.
Other access of timer->base are either done with a lock or protected
with READ_ONCE(). So use READ_ONCE() in hrtimer_grab_expirty_lock().
Signed-off-by: Julien Grall
---
This is rather theoritical so far as I don't have a reproducer for this.
---
kernel/time/hrtimer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
index 7d7db8802131..b869e816e96a 100644
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
@@ -932,7 +932,7 @@ EXPORT_SYMBOL_GPL(hrtimer_forward);
void hrtimer_grab_expiry_lock(const struct hrtimer *timer)
{
- struct hrtimer_clock_base *base = timer->base;
+ struct hrtimer_clock_base *base = READ_ONCE(timer->base);
if (base && base->cpu_base) {
spin_lock(>cpu_base->softirq_expiry_lock);
--
2.11.0
