On Tue, Sep 29 2020 at 01:11, Hillf Danton wrote:
> On Mon, 28 Sep 2020 18:13:42 +0200 Thomas Gleixner wrote:
>> So the timer was armed at some point and then the expiry which does the
>> forward races with the ioctl which starts the timer. Lack of
>> serialization or such ...
>
> To make syzbot happy, s/hrtimer_is_queued/hrtimer_active/ can close
> that race but this warning looks benign.
Why only make sysbot happy? It's clearly an issue and the warning is not
benign simply because forwarding a queued timer is an absolute NONO.
timers (both timer_list and hrtimer) need external synchronization.
> --- a/drivers/net/wireless/mac80211_hwsim.c
> +++ b/drivers/net/wireless/mac80211_hwsim.c
> @@ -1698,7 +1698,7 @@ static int mac80211_hwsim_config(struct
>
> if (!data->started || !data->beacon_int)
> hrtimer_cancel(&data->beacon_timer);
> - else if (!hrtimer_is_queued(&data->beacon_timer)) {
> + else if (!hrtimer_active(&data->beacon_timer)) {
> u64 tsf = mac80211_hwsim_get_tsf(hw, NULL);
> u32 bcn_int = data->beacon_int;
> u64 until_tbtt = bcn_int - do_div(tsf, bcn_int);
> @@ -1768,7 +1768,7 @@ static void mac80211_hwsim_bss_info_chan
> info->enable_beacon, info->beacon_int);
> vp->bcn_en = info->enable_beacon;
> if (data->started &&
> - !hrtimer_is_queued(&data->beacon_timer) &&
> + !hrtimer_active(&data->beacon_timer) &&
> info->enable_beacon) {
> u64 tsf, until_tbtt;
> u32 bcn_int;
Looks about right.
Thanks,
tglx
