hrtimer: Fix hrtimer_is_queued() hole
authorPeter Zijlstra <peterz@infradead.org>
Thu, 11 Jun 2015 12:46:45 +0000 (14:46 +0200)
committerThomas Gleixner <tglx@linutronix.de>
Thu, 18 Jun 2015 22:09:56 +0000 (00:09 +0200)
A queued hrtimer that gets restarted (hrtimer_start*() while
hrtimer_is_queued()) will briefly appear as unqueued/inactive, even
though the timer has always been active, we just moved it.

Close this hole by preserving timer->state in
hrtimer_start_range_ns()'s remove_hrtimer() call.

Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: ktkhai@parallels.com
Cc: rostedt@goodmis.org
Cc: juri.lelli@gmail.com
Cc: pang.xunlei@linaro.org
Cc: wanpeng.li@linux.intel.com
Cc: umgwanakikbuti@gmail.com
Link: http://lkml.kernel.org/r/20150611124743.175989138@infradead.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
kernel/time/hrtimer.c

index b1b795e5e0b107ffec290e950a5e482e03e8167f..1604157374d7a05b4fdfed9ae3ff84e9832b2a4e 100644 (file)
@@ -889,10 +889,10 @@ static void __remove_hrtimer(struct hrtimer *timer,
  * remove hrtimer, called with base lock held
  */
 static inline int
-remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base)
+remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool restart)
 {
        if (hrtimer_is_queued(timer)) {
-               unsigned long state;
+               unsigned long state = timer->state;
                int reprogram;
 
                /*
@@ -906,12 +906,15 @@ remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base)
                debug_deactivate(timer);
                timer_stats_hrtimer_clear_start_info(timer);
                reprogram = base->cpu_base == this_cpu_ptr(&hrtimer_bases);
-               /*
-                * We must preserve the CALLBACK state flag here,
-                * otherwise we could move the timer base in
-                * switch_hrtimer_base.
-                */
-               state = timer->state & HRTIMER_STATE_CALLBACK;
+
+               if (!restart) {
+                       /*
+                        * We must preserve the CALLBACK state flag here,
+                        * otherwise we could move the timer base in
+                        * switch_hrtimer_base.
+                        */
+                       state &= HRTIMER_STATE_CALLBACK;
+               }
                __remove_hrtimer(timer, base, state, reprogram);
                return 1;
        }
@@ -936,7 +939,7 @@ void hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim,
        base = lock_hrtimer_base(timer, &flags);
 
        /* Remove an active timer from the queue: */
-       remove_hrtimer(timer, base);
+       remove_hrtimer(timer, base, true);
 
        if (mode & HRTIMER_MODE_REL) {
                tim = ktime_add_safe(tim, base->get_time());
@@ -1005,7 +1008,7 @@ int hrtimer_try_to_cancel(struct hrtimer *timer)
        base = lock_hrtimer_base(timer, &flags);
 
        if (!hrtimer_callback_running(timer))
-               ret = remove_hrtimer(timer, base);
+               ret = remove_hrtimer(timer, base, false);
 
        unlock_hrtimer_base(timer, &flags);