[PATCH AUTOSEL 4.4 19/38] tick/broadcast: Serialize access to tick_next_period

From: Sasha Levin
Date: Tue Dec 22 2020 - 21:29:15 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 4.4 18/38] ARM: OMAP2+: Fix memleak in omap2xxx_clkt_vps_init"
Previous message: chensong: "[PATCH] staging: comedi: correct spelling mistakes of I/O port base address"
In reply to: Sasha Levin: "[PATCH AUTOSEL 4.4 30/38] x86/mce: Panic for LMCE only if mca_cfg.tolerant < 3"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.4 18/38] ARM: OMAP2+: Fix memleak in omap2xxx_clkt_vps_init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thomas Gleixner <tglx@xxxxxxxxxxxxx>

[ Upstream commit f73f64d5687192bc8eb7f3d9521ca6256b79f224 ]

tick_broadcast_setup_oneshot() accesses tick_next_period twice without any
serialization. This is wrong in two aspects:

- Reading it twice might make the broadcast data inconsistent if the
variable is updated concurrently.

- On 32bit systems the access might see an partial update

Protect it with jiffies_lock. That's safe as none of the callchains leading
up to this function can create a lock ordering violation:

timer interrupt
run_local_timers()
hrtimer_run_queues()
hrtimer_switch_to_hres()
tick_init_highres()
tick_switch_to_oneshot()
tick_broadcast_switch_to_oneshot()
or
tick_check_oneshot_change()
tick_nohz_switch_to_nohz()
tick_switch_to_oneshot()
tick_broadcast_switch_to_oneshot()

Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20201117132006.061341507@xxxxxxxxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
kernel/time/tick-broadcast.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c
index 22d7454b387bc..edb937bfc63c6 100644
--- a/kernel/time/tick-broadcast.c
+++ b/kernel/time/tick-broadcast.c
@@ -872,6 +872,22 @@ static void tick_broadcast_init_next_event(struct cpumask *mask,
}
}

+static inline ktime_t tick_get_next_period(void)
+{
+ ktime_t next;
+
+ /*
+ * Protect against concurrent updates (store /load tearing on
+ * 32bit). It does not matter if the time is already in the
+ * past. The broadcast device which is about to be programmed will
+ * fire in any case.
+ */
+ raw_spin_lock(&jiffies_lock);
+ next = tick_next_period;
+ raw_spin_unlock(&jiffies_lock);
+ return next;
+}
+
/**
* tick_broadcast_setup_oneshot - setup the broadcast device
*/
@@ -900,10 +916,11 @@ void tick_broadcast_setup_oneshot(struct clock_event_device *bc)
tick_broadcast_oneshot_mask, tmpmask);

if (was_periodic && !cpumask_empty(tmpmask)) {
+ ktime_t nextevt = tick_get_next_period();
+
clockevents_switch_state(bc, CLOCK_EVT_STATE_ONESHOT);
- tick_broadcast_init_next_event(tmpmask,
- tick_next_period);
- tick_broadcast_set_event(bc, cpu, tick_next_period);
+ tick_broadcast_init_next_event(tmpmask, nextevt);
+ tick_broadcast_set_event(bc, cpu, nextevt);
} else
bc->next_event.tv64 = KTIME_MAX;
} else {
--
2.27.0

Next message: Sasha Levin: "[PATCH AUTOSEL 4.4 18/38] ARM: OMAP2+: Fix memleak in omap2xxx_clkt_vps_init"
Previous message: chensong: "[PATCH] staging: comedi: correct spelling mistakes of I/O port base address"
In reply to: Sasha Levin: "[PATCH AUTOSEL 4.4 30/38] x86/mce: Panic for LMCE only if mca_cfg.tolerant < 3"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.4 18/38] ARM: OMAP2+: Fix memleak in omap2xxx_clkt_vps_init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]