[PATCH 4.14 88/91] tick/sched: Do not mess with an enqueued hrtimer

From: Greg Kroah-Hartman
Date: Mon Apr 30 2018 - 16:00:00 EST

4.14-stable review patch. If anyone has any objections, please let me know.


From: Thomas Gleixner <tglx@xxxxxxxxxxxxx>

commit 1f71addd34f4c442bec7d7c749acc1beb58126f2 upstream.

Kaike reported that in tests rdma hrtimers occasionaly stopped working. He
did great debugging, which provided enough context to decode the problem.


start sched_timer expires = 712171000000
queue->next = sched_timer
start rdmavt timer. expires = 712172915662
tick = 716767000000 timerqueue_add(tmr)

hrtimer_set_expires(sched_timer, tick);
sched_timer->expires = 716767000000 <---- FAIL
if (tmr->expires < queue->next->expires)
hrtimer_start(sched_timer) queue->next = tmr;

ts->sched_timer is queued and queue->next is pointing to it, but then
ts->sched_timer.expires is modified.

This not only corrupts the ordering of the timerqueue RB tree, it also
makes CPU2 see the new expiry time of timerqueue->next->expires when
checking whether timerqueue->next needs to be updated. So CPU2 sees that
the rdma timer is earlier than timerqueue->next and sets the rdma timer as
new next.

Depending on whether it had also seen the new time at RB tree enqueue, it
might have queued the rdma timer at the wrong place and then after removing
the sched_timer the RB tree is completely hosed.

The problem was introduced with a commit which tried to solve inconsistency
between the hrtimer in the tick_sched data and the underlying hardware
clockevent. It split out hrtimer_set_expires() to store the new tick time
in both the NOHZ and the NOHZ + HIGHRES case, but missed the fact that in
the NOHZ + HIGHRES case the hrtimer might still be queued.

Use hrtimer_start(timer, tick...) for the NOHZ + HIGHRES case which sets
timer->expires after canceling the timer and move the hrtimer_set_expires()
invocation into the NOHZ only code path which is not affected as it merily
uses the hrtimer as next event storage so code pathes can be shared with
the NOHZ + HIGHRES case.

Fixes: d4af6d933ccf ("nohz: Fix spurious warning when hrtimer and clockevent get out of sync")
Reported-by: "Wan Kaike" <kaike.wan@xxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Acked-by: Frederic Weisbecker <frederic@xxxxxxxxxx>
Cc: "Marciniszyn Mike" <mike.marciniszyn@xxxxxxxxx>
Cc: Anna-Maria Gleixner <anna-maria@xxxxxxxxxxxxx>
Cc: linux-rdma@xxxxxxxxxxxxxxx
Cc: "Dalessandro Dennis" <dennis.dalessandro@xxxxxxxxx>
Cc: "Fleck John" <john.fleck@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Frederic Weisbecker <fweisbec@xxxxxxxxx>
Cc: "Weiny Ira" <ira.weiny@xxxxxxxxx>
Cc: "linux-rdma@xxxxxxxxxxxxxxx"
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1804241637390.1679@xxxxxxxxxxxxxxxxxxxxxxx
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1804242119210.1597@xxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

kernel/time/tick-sched.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)

--- a/kernel/time/tick-sched.c
+++ b/kernel/time/tick-sched.c
@@ -820,12 +820,13 @@ static ktime_t tick_nohz_stop_sched_tick
goto out;

- hrtimer_set_expires(&ts->sched_timer, tick);
- if (ts->nohz_mode == NOHZ_MODE_HIGHRES)
- hrtimer_start_expires(&ts->sched_timer, HRTIMER_MODE_ABS_PINNED);
- else
+ if (ts->nohz_mode == NOHZ_MODE_HIGHRES) {
+ hrtimer_start(&ts->sched_timer, tick, HRTIMER_MODE_ABS_PINNED);
+ } else {
+ hrtimer_set_expires(&ts->sched_timer, tick);
tick_program_event(tick, 1);
+ }
* Update the estimated sleep length until the next timer