From: Thomas Gleixner <tglx@linutronix.de>
To: Leonid Shatz <leonid.shatz@ravellosystems.com>
Cc: "'Izik Eidus'" <izik.eidus@ravellosystems.com>,
"'Andrea Arcangeli'" <aarcange@redhat.com>,
linux-kernel@vger.kernel.org
Subject: RE: [PATCH] fix hrtimer_enqueue_reprogram race
Date: Tue, 5 Feb 2013 12:15:28 +0100 (CET) [thread overview]
Message-ID: <alpine.LFD.2.02.1302051155350.11905@ionos> (raw)
In-Reply-To: <03b201ce038f$4a2db840$de8928c0$@ravellosystems.com>
Leonid,
On Tue, 5 Feb 2013, Leonid Shatz wrote:
Please stop top posting!
> The explanation were submitted as possible scenario which could explain how
> the bug in kernel could happen and it does not mean that serious designer
> could do exactly that. As I said before, it's also possible that a race
> between hrtimer_cancel and hrtimer_start can trigger the bug. The idea is to
> have kernel more robust.
I'm not against making the kernel more robust and I already applied
the patch.
> There are already locks used inside hrtimer code, so why should
> users of the hrtimer add another layer of locks and get involved in
> the intricacy of which cases are protected by internal hrtimer lock
> and which are not?
Groan. The hrtimer locks are there to protect the internal data
structures of the hrtimer code and to ensure that hrtimer functions
are proper protected against concurrent running callbacks. But that
does not give you any kind of protection versus multiple users of your
hrtimer resource.
Look at the following scenario:
CPU0 CPU1
hrtimer_cancel()
hrtimer_start()
teardown_crap()
hrtimer_callback() runs
That's probably not what you want and magic serialization in the
hrtimer code does not help at all.
There is also no protection against:
CPU0 CPU1
hrtimer_cancel()
hrtimer_start()
hrtimer_forward()
Which leaves the hrtimer enqueued on CPU1 with a wrong expiry value.
So while concurrent hrtimer_start() is protected, other things are
not. So do we need to create a list of functions which can be abused
by a programmer without proper protection of the resource and which
not?
If you want to use any kind of resource (including hrtimers)
concurrently you better have proper serialization in that
code. Everything else is voodoo programming of the worst kind.
Thanks,
tglx
next prev parent reply other threads:[~2013-02-05 11:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-04 12:33 [PATCH] fix hrtimer_enqueue_reprogram race Izik Eidus
2013-02-05 10:44 ` Thomas Gleixner
2013-02-05 10:55 ` Leonid Shatz
2013-02-05 11:15 ` Thomas Gleixner [this message]
2013-02-05 12:36 ` Leonid Shatz
2013-02-05 11:02 ` [tip:timers/core] hrtimer: Prevent " tip-bot for Leonid Shatz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.02.1302051155350.11905@ionos \
--to=tglx@linutronix.de \
--cc=aarcange@redhat.com \
--cc=izik.eidus@ravellosystems.com \
--cc=leonid.shatz@ravellosystems.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox