On Wed, 8 Nov 2017, David Howells wrote:
> Is there a race between the optimisation for networking code in __mod_timer()
> and del_timer() - or, at least, a race that matters?
>
> Consider:
>
> CPU A CPU B
> =============================== ===============================
> [timer X is active]
> ==>__mod_timer(X)
> if (timer_pending(timer))
> [Take the true path]
> -- IRQ -- ==>del_timer(X)
> <==
> if (timer->expires == expires)
> [Take the true path]
> <==return 1
> [timer X is not active]
>
> There's no locking to prevent this, but __mod_timer() returns without
> restarting the timer. I'm not sure this is a problem exactly, however, since
> del_timer() *was* issued, and could've deleted the timer after __mod_timer()
> returned.
Correct, if two CPUs fiddle with the same timer concurrently then there is
no guaranteed outcome.
> A couple of possible alleviations:
>
> (1) Recheck timer_pending() before returning from __mod_timer().
That's just adding more instructions into that code path for a dubious
value.
> (2) Set timer->expires to jiffies in del_timer() - but since there's nothing
> preventing the optimisation in __mod_timer() from occurring concurrently
> with del_timer(), this probably won't help.
Right.
> I think it might just be best to put a note in the comments in __mod_timer().
Agreed.
Thanks,
tglx
