Skip to content

Commit dd2261e

Browse files
Julien GrallKAGA-KOKO
authored andcommitted
hrtimer: Protect lockless access to timer->base
The update to timer->base is protected by the base->cpu_base->lock(). However, hrtimer_cancel_wait_running() does access it lockless. So the compiler is allowed to refetch timer->base which can cause havoc when the timer base is changed concurrently. Use READ_ONCE() to prevent this. [ tglx: Adapted from a RT patch ] Signed-off-by: Julien Grall <[email protected]> Signed-off-by: Thomas Gleixner <[email protected]> Link: https://lkml.kernel.org/r/[email protected]
1 parent 7cb9a94 commit dd2261e

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

kernel/time/hrtimer.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1214,7 +1214,8 @@ static void hrtimer_sync_wait_running(struct hrtimer_cpu_base *cpu_base,
12141214
*/
12151215
void hrtimer_cancel_wait_running(const struct hrtimer *timer)
12161216
{
1217-
struct hrtimer_clock_base *base = timer->base;
1217+
/* Lockless read. Prevent the compiler from reloading it below */
1218+
struct hrtimer_clock_base *base = READ_ONCE(timer->base);
12181219

12191220
if (!timer->is_soft || !base || !base->cpu_base) {
12201221
cpu_relax();

0 commit comments

Comments
 (0)