leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
22b886dd10
linux/kernel/time
History
Tejun Heo 22b886dd10 timers: Use proper base migration in add_timer_on() 
Regardless of the previous CPU a timer was on, add_timer_on()
currently simply sets timer->flags to the new CPU.  As the caller must
be seeing the timer as idle, this is locally fine, but the timer
leaving the old base while unlocked can lead to race conditions as
follows.

Let's say timer was on cpu 0.

  cpu 0					cpu 1
  -----------------------------------------------------------------------------
  del_timer(timer) succeeds
					del_timer(timer)
					  lock_timer_base(timer) locks cpu_0_base
  add_timer_on(timer, 1)
    spin_lock(&cpu_1_base->lock)
    timer->flags set to cpu_1_base
    operates on @timer			  operates on @timer

This triggered with mod_delayed_work_on() which contains
"if (del_timer()) add_timer_on()" sequence eventually leading to the
following oops.

  BUG: unable to handle kernel NULL pointer dereference at           (null)
  IP: [<ffffffff810ca6e9>] detach_if_pending+0x69/0x1a0
  ...
  Workqueue: wqthrash wqthrash_workfunc [wqthrash]
  task: ffff8800172ca680 ti: ffff8800172d0000 task.ti: ffff8800172d0000
  RIP: 0010:[<ffffffff810ca6e9>]  [<ffffffff810ca6e9>] detach_if_pending+0x69/0x1a0
  ...
  Call Trace:
   [<ffffffff810cb0b4>] del_timer+0x44/0x60
   [<ffffffff8106e836>] try_to_grab_pending+0xb6/0x160
   [<ffffffff8106e913>] mod_delayed_work_on+0x33/0x80
   [<ffffffffa0000081>] wqthrash_workfunc+0x61/0x90 [wqthrash]
   [<ffffffff8106dba8>] process_one_work+0x1e8/0x650
   [<ffffffff8106e05e>] worker_thread+0x4e/0x450
   [<ffffffff810746af>] kthread+0xef/0x110
   [<ffffffff8185980f>] ret_from_fork+0x3f/0x70

Fix it by updating add_timer_on() to perform proper migration as
__mod_timer() does.

Reported-and-tested-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Chris Worley <chris.worley@primarydata.com>
Cc: bfields@fieldses.org
Cc: Michael Skralivetsky <michael.skralivetsky@primarydata.com>
Cc: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Shaohua Li <shli@fb.com>
Cc: Jeff Layton <jlayton@poochiereds.net>
Cc: kernel-team@fb.com
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20151029103113.2f893924@tlielax.poochiereds.net
Link: http://lkml.kernel.org/r/20151104171533.GI5749@mtj.duckdns.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2015-11-04 20:23:19 +01:00
..
alarmtimer.c alarmtimer: Get rid of unused return value 2015-04-22 17:06:52 +02:00
clockevents.c clockevents: Remove unused set_mode() callback 2015-09-14 11:00:55 +02:00
clocksource.c Linux 4.3-rc5 2015-10-12 09:51:18 +02:00
hrtimer.c time: Fix spelling in comments 2015-09-22 12:54:23 +02:00
itimer.c
jiffies.c
Kconfig rcu: Drop RCU_USER_QS in favor of NO_HZ_FULL 2015-07-06 13:52:18 -07:00
Makefile time: Remove development rules from Kbuild/Makefile 2015-07-01 09:57:35 +02:00
ntp_internal.h ntp/pps: use timespec64 for hardpps() 2015-10-01 09:57:59 -07:00
ntp.c ntp: use timespec64 in sync_cmos_clock 2015-10-01 09:59:07 -07:00
posix-clock.c
posix-cpu-timers.c posix_cpu_timer: Reduce unnecessary sighand lock contention 2015-10-15 11:23:41 +02:00
posix-timers.c
sched_clock.c
test_udelay.c
tick-broadcast-hrtimer.c kernel: broadcast-hrtimer: Migrate to new 'set-state' interface 2015-08-10 11:41:08 +02:00
tick-broadcast.c tick: Move the export of tick_broadcast_oneshot_control to the proper place 2015-07-14 12:01:04 +02:00
tick-common.c clockevents: Remove unused set_mode() callback 2015-09-14 11:00:55 +02:00
tick-internal.h timer: Minimize nohz off overhead 2015-06-19 15:18:28 +02:00
tick-oneshot.c clockevents: Provide functions to set and get the state 2015-06-02 14:40:47 +02:00
tick-sched.c nohz: Assert existing housekeepers when nohz full enabled 2015-09-02 10:33:22 +02:00
tick-sched.h tick/broadcast: Make idle check independent from mode and config 2015-07-07 18:46:47 +02:00
time.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-09-01 14:04:50 -07:00
timeconst.bc timeconst: Update path in comment 2015-10-26 10:06:06 +09:00
timeconv.c
timecounter.c
timekeeping_debug.c
timekeeping_internal.h
timekeeping.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-11-03 14:13:41 -08:00
timekeeping.h
timer_list.c clockevents: Remove unused set_mode() callback 2015-09-14 11:00:55 +02:00
timer_stats.c timer: Stats: Simplify the flags handling 2015-06-19 15:18:27 +02:00
timer.c timers: Use proper base migration in add_timer_on() 2015-11-04 20:23:19 +01:00