| Message ID | 20221104054053.431922658@goodmis.org |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp190968wru;
Thu, 3 Nov 2022 22:51:37 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM6JU4LlF9tT2RBJH5x5YlIJf4SxYpBIrSuVvvcdd0+gEvPuVo5ZWQnwTnjyZKj3OWD+RqfN
X-Received: by 2002:a17:907:2d11:b0:7ae:38b3:b56c with SMTP id
gs17-20020a1709072d1100b007ae38b3b56cmr710266ejc.195.1667541097309;
Thu, 03 Nov 2022 22:51:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1667541097; cv=none;
d=google.com; s=arc-20160816;
b=EROk5LvKSDb7Ej6R0xDlYp6ZePfMu23eHYsk8mj1PM4Cr+Y172zBmXnuAnNSZhDB7q
SuP8bYTvcLoMJ+JD103jaJVfrN7W/4aOdDKDLXxSo/5Z0khrBy7jxIVQNyRtfs/cYqW+
IYzzVKqjmjGlaMInuDgY8pDTFNIvG9JGzin+o9+sBZHMtmQKtvgzIuTeYswZtPo1W9ZL
ZfhM8Yikny0ZsvsjEANEXibBVfXppkvgLVT7D22Z+jbjLRNfAwt0YsoJJ5/e2UDRdQrX
XbLGFl9o8eAFVhX3UjBD0xQsWpQ3a1fSPkPtW0V4JbohvfuyG6lliEVIEYKyO+o6Y6kv
CCqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:subject:cc:to:from:date:user-agent:message-id;
bh=t3bpAuX6c4yC/uqO45tTlp9Sd1O388SKVaKjR1TaPGY=;
b=wpkmqI3piSjkHwxvAlO60QLr6JLDdz5Mju/Px0fPhi78Zp1qJtJktqcA5LfcWdv21Q
RjaSTmLuXGv1oT/kA9465nMZoTD7azIW7KkNPLq6qR5bXR69i7BWCyaCxYVLDAb7Ehrs
nKb2jymTW/yK8EWJLTcnF6qxS57Aiv4CZAXlyy5gyuMbinIsjF9/oujx9zDujP3tpdQV
mxNfyA7F/JSeWz3r6kmv4/KAZLXDI6KhkmcFU9Rx9V57yP6YMH28SsL9cVxkuDTw2JCN
diGfSFZpA+T/4MIb8TDbp2bxkmXfko0E6MejS6R3gDuh9COTvV/M8IdA59BwZGwtb2Od
svrQ==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
q9-20020a056402518900b00453b9f11b56si4566362edd.261.2022.11.03.22.51.14;
Thu, 03 Nov 2022 22:51:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231496AbiKDFtH (ORCPT <rfc822;jimliu8233@gmail.com> + 99 others);
Fri, 4 Nov 2022 01:49:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55654 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231150AbiKDFsu (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 4 Nov 2022 01:48:50 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org
[IPv6:2604:1380:4601:e00::1])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3FBA28E11;
Thu, 3 Nov 2022 22:48:48 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ams.source.kernel.org (Postfix) with ESMTPS id 460CCB82BFA;
Fri, 4 Nov 2022 05:48:47 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B4911C433D6;
Fri, 4 Nov 2022 05:48:45 +0000 (UTC)
Received: from rostedt by gandalf.local.home with local (Exim 4.96)
(envelope-from <rostedt@goodmis.org>)
id 1oqpZo-0070xm-08;
Fri, 04 Nov 2022 01:49:12 -0400
Message-ID: <20221104054053.431922658@goodmis.org>
User-Agent: quilt/0.66
Date: Fri, 04 Nov 2022 01:40:53 -0400
From: Steven Rostedt <rostedt@goodmis.org>
To: linux-kernel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Stephen Boyd <sboyd@kernel.org>,
Guenter Roeck <linux@roeck-us.net>,
Anna-Maria Gleixner <anna-maria@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>, rcu@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-s390@vger.kernel.org, linux-sh@vger.kernel.org,
linux-edac@vger.kernel.org, cgroups@vger.kernel.org,
linux-block@vger.kernel.org, linux-acpi@vger.kernel.org,
linux-atm-general@lists.sourceforge.net, netdev@vger.kernel.org,
linux-pm@vger.kernel.org, drbd-dev@lists.linbit.com,
linux-bluetooth@vger.kernel.org,
openipmi-developer@lists.sourceforge.net,
linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org,
linaro-mm-sig@lists.linaro.org, intel-gfx@lists.freedesktop.org,
linux-input@vger.kernel.org, linux-parisc@vger.kernel.org,
linux-leds@vger.kernel.org, intel-wired-lan@lists.osuosl.org,
linux-usb@vger.kernel.org, linux-wireless@vger.kernel.org,
linux-scsi@vger.kernel.org, linux-staging@lists.linux.dev,
linux-ext4@vger.kernel.org, linux-nilfs@vger.kernel.org,
bridge@lists.linux-foundation.org, netfilter-devel@vger.kernel.org,
coreteam@netfilter.org, lvs-devel@vger.kernel.org,
linux-afs@lists.infradead.org, linux-nfs@vger.kernel.org,
tipc-discussion@lists.sourceforge.net, alsa-devel@alsa-project.org
Subject: [RFC][PATCH v3 00/33] timers: Use timer_shutdown*() before freeing
timers
X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00,
HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1748543573678871240?=
X-GMAIL-MSGID: =?utf-8?q?1748543573678871240?=
|
| Series |
timers: Use timer_shutdown*() before freeing timers
|
|
Message
Steven Rostedt
Nov. 4, 2022, 5:40 a.m. UTC
Back in April, I posted an RFC patch set to help mitigate a common issue
where a timer gets armed just before it is freed, and when the timer
goes off, it crashes in the timer code without any evidence of who the
culprit was. I got side tracked and never finished up on that patch set.
Since this type of crash is still our #1 crash we are seeing in the field,
it has become a priority again to finish it.
This is v3 of that patch set. Thomas Gleixner posted an untested version
that makes timer->function NULL as the flag that it is shutdown. I took that
code, tested it (fixed it up), added more comments, and changed the
name to timer_shutdown_sync(). I also converted it to use WARN_ON_ONCE()
instead of just WARN_ON() as Linus asked for.
I then created a trivial coccinelle script to find where del_timer*()
is called before being freed, and converted them all to timer_shutdown*()
(There was a couple that still used del_timer() instead of del_timer_sync()).
I also updated DEBUG_OBJECTS_TIMERS to check from where the timer is ever
armed, to calling of timer_shutdown_sync(), and it will trigger if a timer
is freed in between. The current way is to only check if the timer is armed,
but that means it only triggers if the race condition is hit, and with
experience, it's not run on enough machines to catch all of them. By triggering
it from the time the timer is armed to the time it is shutdown, it catches
all potential cases even if the race condition is not hit.
I went though the result of the cocinelle script, and updated the locations.
Some locations were caught by DEBUG_OBJECTS_TIMERS as the coccinelle script
only checked for timers being freed in the same function as the del_timer*().
Ideally, I would have the first patch go into this rc cycle, which is mostly
non functional as it will allow the other patches to come in via the respective
subsystems in the next merge window.
Changes since v2: https://lore.kernel.org/all/20221027150525.753064657@goodmis.org/
- Talking with Thomas Gleixner, he wanted a better name space and to remove
the "del_" portion of the API.
- Since there's now a shutdown interface that does not synchronize, to keep
it closer to del_timer() and del_timer_sync(), the API is now:
timer_shutdown() - same as del_timer() but deactivates the timer.
timer_shutdown_sync() - same as del_timer_sync() but deactivates the timer.
- Added a few more locations that got converted.
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
trace/timers
Head SHA1: 25106f0bb7968b3e8c746a7853f44b51840746c3
Steven Rostedt (Google) (33):
timers: Add timer_shutdown_sync() and timer_shutdown() to be called before freeing timers
timers: s390/cmm: Use timer_shutdown_sync() before freeing timer
timers: sh: Use timer_shutdown_sync() before freeing timer
timers: block: Use timer_shutdown_sync() before freeing timer
timers: ACPI: Use timer_shutdown_sync() before freeing timer
timers: atm: Use timer_shutdown_sync() before freeing timer
timers: PM: Use timer_shutdown_sync()
timers: Bluetooth: Use timer_shutdown_sync() before freeing timer
timers: hangcheck: Use timer_shutdown_sync() before freeing timer
timers: ipmi: Use timer_shutdown_sync() before freeing timer
random: use timer_shutdown_sync() before freeing timer
timers: dma-buf: Use timer_shutdown_sync() before freeing timer
timers: drm: Use timer_shutdown_sync() before freeing timer
timers: HID: Use timer_shutdown_sync() before freeing timer
timers: Input: Use timer_shutdown_sync() before freeing timer
timers: mISDN: Use timer_shutdown_sync() before freeing timer
timers: leds: Use timer_shutdown_sync() before freeing timer
timers: media: Use timer_shutdown_sync() before freeing timer
timers: net: Use timer_shutdown_sync() before freeing timer
timers: usb: Use timer_shutdown_sync() before freeing timer
timers: cgroup: Use timer_shutdown_sync() before freeing timer
timers: workqueue: Use timer_shutdown_sync() before freeing timer
timers: nfc: pn533: Use timer_shutdown_sync() before freeing timer
timers: pcmcia: Use timer_shutdown_sync() before freeing timer
timers: scsi: Use timer_shutdown_sync() and timer_shutdown() before freeing timer
timers: tty: Use timer_shutdown_sync() before freeing timer
timers: ext4: Use timer_shutdown_sync() before freeing timer
timers: fs/nilfs2: Use timer_shutdown_sync() before freeing timer
timers: ALSA: Use timer_shutdown_sync() before freeing timer
timers: jbd2: Use timer_shutdown() before freeing timer
timers: sched/psi: Use timer_shutdown_sync() before freeing timer
timers: x86/mce: Use __init_timer() for resetting timers
timers: Expand DEBUG_OBJECTS_TIMER to check if it ever was used
----
.../RCU/Design/Requirements/Requirements.rst | 2 +-
Documentation/core-api/local_ops.rst | 2 +-
Documentation/kernel-hacking/locking.rst | 5 +
arch/s390/mm/cmm.c | 4 +-
arch/sh/drivers/push-switch.c | 2 +-
arch/x86/kernel/cpu/mce/core.c | 14 ++-
block/blk-iocost.c | 2 +-
block/blk-iolatency.c | 2 +-
block/blk-stat.c | 2 +-
block/blk-throttle.c | 2 +-
block/kyber-iosched.c | 2 +-
drivers/acpi/apei/ghes.c | 2 +-
drivers/atm/idt77105.c | 4 +-
drivers/atm/idt77252.c | 4 +-
drivers/atm/iphase.c | 2 +-
drivers/base/power/wakeup.c | 7 +-
drivers/block/drbd/drbd_main.c | 2 +-
drivers/block/loop.c | 2 +-
drivers/block/sunvdc.c | 2 +-
drivers/bluetooth/hci_bcsp.c | 2 +-
drivers/bluetooth/hci_h5.c | 2 +-
drivers/bluetooth/hci_qca.c | 4 +-
drivers/char/hangcheck-timer.c | 4 +-
drivers/char/ipmi/ipmi_msghandler.c | 2 +-
drivers/char/ipmi/ipmi_ssif.c | 4 +-
drivers/char/random.c | 2 +-
drivers/dma-buf/st-dma-fence.c | 2 +-
drivers/gpu/drm/gud/gud_pipe.c | 2 +-
drivers/gpu/drm/i915/i915_sw_fence.c | 2 +-
drivers/hid/hid-wiimote-core.c | 2 +-
drivers/input/keyboard/locomokbd.c | 2 +-
drivers/input/keyboard/omap-keypad.c | 2 +-
drivers/input/mouse/alps.c | 2 +-
drivers/input/serio/hil_mlc.c | 2 +-
drivers/input/serio/hp_sdc.c | 2 +-
drivers/isdn/hardware/mISDN/hfcmulti.c | 6 +-
drivers/isdn/mISDN/l1oip_core.c | 4 +-
drivers/isdn/mISDN/timerdev.c | 4 +-
drivers/leds/trigger/ledtrig-activity.c | 2 +-
drivers/leds/trigger/ledtrig-heartbeat.c | 2 +-
drivers/leds/trigger/ledtrig-pattern.c | 2 +-
drivers/leds/trigger/ledtrig-transient.c | 2 +-
drivers/media/pci/ivtv/ivtv-driver.c | 2 +-
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 18 ++--
drivers/media/usb/s2255/s2255drv.c | 4 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +-
drivers/net/ethernet/marvell/sky2.c | 2 +-
drivers/net/ethernet/sun/sunvnet.c | 2 +-
drivers/net/usb/sierra_net.c | 2 +-
drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 2 +-
drivers/net/wireless/intersil/hostap/hostap_ap.c | 2 +-
drivers/net/wireless/marvell/mwifiex/main.c | 2 +-
drivers/net/wireless/microchip/wilc1000/hif.c | 8 +-
drivers/nfc/pn533/pn533.c | 2 +-
drivers/nfc/pn533/uart.c | 2 +-
drivers/pcmcia/bcm63xx_pcmcia.c | 2 +-
drivers/pcmcia/electra_cf.c | 2 +-
drivers/pcmcia/omap_cf.c | 2 +-
drivers/pcmcia/pd6729.c | 4 +-
drivers/pcmcia/yenta_socket.c | 4 +-
drivers/scsi/qla2xxx/qla_edif.c | 4 +-
drivers/scsi/scsi_lib.c | 1 +
drivers/staging/media/atomisp/i2c/atomisp-lm3554.c | 2 +-
drivers/tty/n_gsm.c | 2 +-
drivers/tty/sysrq.c | 2 +-
drivers/usb/gadget/udc/m66592-udc.c | 2 +-
drivers/usb/serial/garmin_gps.c | 2 +-
drivers/usb/serial/mos7840.c | 2 +-
fs/ext4/super.c | 2 +-
fs/jbd2/journal.c | 2 +
fs/nilfs2/segment.c | 2 +-
include/linux/timer.h | 100 +++++++++++++++++--
include/linux/workqueue.h | 4 +-
kernel/cgroup/cgroup.c | 2 +-
kernel/sched/psi.c | 1 +
kernel/time/timer.c | 106 ++++++++++++++-------
kernel/workqueue.c | 4 +-
net/802/garp.c | 2 +-
net/802/mrp.c | 2 +-
net/bridge/br_multicast.c | 6 +-
net/bridge/br_multicast_eht.c | 4 +-
net/core/gen_estimator.c | 2 +-
net/core/neighbour.c | 2 +
net/ipv4/inet_connection_sock.c | 2 +-
net/ipv4/inet_timewait_sock.c | 3 +-
net/ipv4/ipmr.c | 2 +-
net/ipv6/ip6mr.c | 2 +-
net/mac80211/mesh_pathtbl.c | 2 +-
net/netfilter/ipset/ip_set_list_set.c | 2 +-
net/netfilter/ipvs/ip_vs_lblc.c | 2 +-
net/netfilter/ipvs/ip_vs_lblcr.c | 2 +-
net/netfilter/xt_LED.c | 2 +-
net/rxrpc/conn_object.c | 2 +-
net/sched/cls_flow.c | 2 +-
net/sunrpc/svc.c | 2 +-
net/sunrpc/xprt.c | 2 +-
net/tipc/discover.c | 2 +-
net/tipc/monitor.c | 2 +-
sound/i2c/other/ak4117.c | 2 +-
sound/synth/emux/emux.c | 2 +-
100 files changed, 310 insertions(+), 175 deletions(-)
Comments
[ Once again, quilt fails the MIME coding ] From: "Steven Rostedt (Google)" <rostedt@goodmis.org> Before a timer is freed, timer_shutdown_sync() must be called. Link: https://lore.kernel.org/all/20220407161745.7d6754b3@gandalf.local.home/ Cc: Sumit Semwal <sumit.semwal@linaro.org> Cc: "Christian König" <christian.koenig@amd.com> Cc: linux-media@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Cc: linaro-mm-sig@lists.linaro.org Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> --- drivers/dma-buf/st-dma-fence.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c index fb6e0a6ae2c9..5d3e7b503501 100644 --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -412,7 +412,7 @@ static int test_wait_timeout(void *arg) err = 0; err_free: - del_timer_sync(&wt.timer); + timer_shutdown_sync(&wt.timer); destroy_timer_on_stack(&wt.timer); dma_fence_signal(wt.f); dma_fence_put(wt.f);
[ Once again, quilt fails the MIME coding ] From: "Steven Rostedt (Google)" <rostedt@goodmis.org> Before a timer is freed, timer_shutdown_sync() must be called. Link: https://lore.kernel.org/all/20220407161745.7d6754b3@gandalf.local.home/ Cc: "Noralf Trønnes" <noralf@tronnes.org> Cc: David Airlie <airlied@gmail.com> Cc: Daniel Vetter <daniel@ffwll.ch> Cc: Jani Nikula <jani.nikula@linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com> Cc: dri-devel@lists.freedesktop.org Cc: intel-gfx@lists.freedesktop.org Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> --- drivers/gpu/drm/gud/gud_pipe.c | 2 +- drivers/gpu/drm/i915/i915_sw_fence.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/gud/gud_pipe.c b/drivers/gpu/drm/gud/gud_pipe.c index 7c6dc2bcd14a..08429bdd57cf 100644 --- a/drivers/gpu/drm/gud/gud_pipe.c +++ b/drivers/gpu/drm/gud/gud_pipe.c @@ -272,7 +272,7 @@ static int gud_usb_bulk(struct gud_device *gdrm, size_t len) usb_sg_wait(&ctx.sgr); - if (!del_timer_sync(&ctx.timer)) + if (!timer_shutdown_sync(&ctx.timer)) ret = -ETIMEDOUT; else if (ctx.sgr.status < 0) ret = ctx.sgr.status; diff --git a/drivers/gpu/drm/i915/i915_sw_fence.c b/drivers/gpu/drm/i915/i915_sw_fence.c index 6fc0d1b89690..bfaa9a67dc35 100644 --- a/drivers/gpu/drm/i915/i915_sw_fence.c +++ b/drivers/gpu/drm/i915/i915_sw_fence.c @@ -465,7 +465,7 @@ static void irq_i915_sw_fence_work(struct irq_work *wrk) struct i915_sw_dma_fence_cb_timer *cb = container_of(wrk, typeof(*cb), work); - del_timer_sync(&cb->timer); + timer_shutdown_sync(&cb->timer); dma_fence_put(cb->dma); kfree_rcu(cb, rcu);
[ Once again, quilt fails the MIME coding ] From: "Steven Rostedt (Google)" <rostedt@goodmis.org> Before a timer is freed, timer_shutdown_sync() must be called. Link: https://lore.kernel.org/all/20220407161745.7d6754b3@gandalf.local.home/ Cc: Philipp Reisner <philipp.reisner@linbit.com> Cc: Lars Ellenberg <lars.ellenberg@linbit.com> Cc: "Christoph Böhmwalder" <christoph.boehmwalder@linbit.com> Cc: Jens Axboe <axboe@kernel.dk> Cc: drbd-dev@lists.linbit.com Cc: Tejun Heo <tj@kernel.org> Cc: cgroups@vger.kernel.org Cc: linux-block@vger.kernel.org Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> --- block/blk-iocost.c | 2 +- block/blk-iolatency.c | 2 +- block/blk-stat.c | 2 +- block/blk-throttle.c | 2 +- block/kyber-iosched.c | 2 +- drivers/block/drbd/drbd_main.c | 2 +- drivers/block/loop.c | 2 +- drivers/block/sunvdc.c | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/block/blk-iocost.c b/block/blk-iocost.c index 495396425bad..7edc695b3a3d 100644 --- a/block/blk-iocost.c +++ b/block/blk-iocost.c @@ -2814,7 +2814,7 @@ static void ioc_rqos_exit(struct rq_qos *rqos) ioc->running = IOC_STOP; spin_unlock_irq(&ioc->lock); - del_timer_sync(&ioc->timer); + timer_shutdown_sync(&ioc->timer); free_percpu(ioc->pcpu_stat); kfree(ioc); } diff --git a/block/blk-iolatency.c b/block/blk-iolatency.c index 571fa95aafe9..c7049ab18312 100644 --- a/block/blk-iolatency.c +++ b/block/blk-iolatency.c @@ -645,7 +645,7 @@ static void blkcg_iolatency_exit(struct rq_qos *rqos) { struct blk_iolatency *blkiolat = BLKIOLATENCY(rqos); - del_timer_sync(&blkiolat->timer); + timer_shutdown_sync(&blkiolat->timer); flush_work(&blkiolat->enable_work); blkcg_deactivate_policy(rqos->q, &blkcg_policy_iolatency); kfree(blkiolat); diff --git a/block/blk-stat.c b/block/blk-stat.c index 2ea01b5c1aca..855da21de5dc 100644 --- a/block/blk-stat.c +++ b/block/blk-stat.c @@ -165,7 +165,7 @@ void blk_stat_remove_callback(struct request_queue *q, blk_queue_flag_clear(QUEUE_FLAG_STATS, q); spin_unlock_irqrestore(&q->stats->lock, flags); - del_timer_sync(&cb->timer); + timer_shutdown_sync(&cb->timer); } static void blk_stat_free_callback_rcu(struct rcu_head *head) diff --git a/block/blk-throttle.c b/block/blk-throttle.c index 847721dc2b2b..38740c4f517a 100644 --- a/block/blk-throttle.c +++ b/block/blk-throttle.c @@ -490,7 +490,7 @@ static void throtl_pd_free(struct blkg_policy_data *pd) { struct throtl_grp *tg = pd_to_tg(pd); - del_timer_sync(&tg->service_queue.pending_timer); + timer_shutdown_sync(&tg->service_queue.pending_timer); blkg_rwstat_exit(&tg->stat_bytes); blkg_rwstat_exit(&tg->stat_ios); kfree(tg); diff --git a/block/kyber-iosched.c b/block/kyber-iosched.c index b05357bced99..2146969237bf 100644 --- a/block/kyber-iosched.c +++ b/block/kyber-iosched.c @@ -434,7 +434,7 @@ static void kyber_exit_sched(struct elevator_queue *e) struct kyber_queue_data *kqd = e->elevator_data; int i; - del_timer_sync(&kqd->timer); + timer_shutdown_sync(&kqd->timer); blk_stat_disable_accounting(kqd->q); for (i = 0; i < KYBER_NUM_DOMAINS; i++) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c index f3e4db16fd07..2dc5be89a001 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -2184,7 +2184,7 @@ void drbd_destroy_device(struct kref *kref) struct drbd_resource *resource = device->resource; struct drbd_peer_device *peer_device, *tmp_peer_device; - del_timer_sync(&device->request_timer); + timer_shutdown_sync(&device->request_timer); /* paranoia asserts */ D_ASSERT(device, device->open_cnt == 0); diff --git a/drivers/block/loop.c b/drivers/block/loop.c index ad92192c7d61..3ea087cd1f99 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -1755,7 +1755,7 @@ static void lo_free_disk(struct gendisk *disk) if (lo->workqueue) destroy_workqueue(lo->workqueue); loop_free_idle_workers(lo, true); - del_timer_sync(&lo->timer); + timer_shutdown_sync(&lo->timer); mutex_destroy(&lo->lo_mutex); kfree(lo); } diff --git a/drivers/block/sunvdc.c b/drivers/block/sunvdc.c index fb855da971ee..e14fe5d968d8 100644 --- a/drivers/block/sunvdc.c +++ b/drivers/block/sunvdc.c @@ -1067,7 +1067,7 @@ static void vdc_port_remove(struct vio_dev *vdev) flush_work(&port->ldc_reset_work); cancel_delayed_work_sync(&port->ldc_reset_timer_work); - del_timer_sync(&port->vio.timer); + timer_shutdown_sync(&port->vio.timer); del_gendisk(port->disk); put_disk(port->disk);
[ Once again, quilt fails the MIME coding ] From: "Steven Rostedt (Google)" <rostedt@goodmis.org> Before a timer is freed, timer_shutdown_sync() must be called. Link: https://lore.kernel.org/all/20220407161745.7d6754b3@gandalf.local.home/ Cc: Andy Walls <awalls@md.metrocast.net> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: Mike Isely <isely@pobox.com> Cc: Sakari Ailus <sakari.ailus@linux.intel.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Johan Hovold <johan@kernel.org> Cc: Hans Verkuil <hverkuil-cisco@xs4all.nl> Cc: Benjamin Mugnier <benjamin.mugnier@foss.st.com> Cc: Vladimir Oltean <olteanv@gmail.com> Cc: Corey Minyard <cminyard@mvista.com> Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Cc: Miguel Ojeda <ojeda@kernel.org> Cc: "Uwe Kleine-König" <u.kleine-koenig@pengutronix.de> Cc: linux-media@vger.kernel.org Cc: linux-staging@lists.linux.dev Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> --- drivers/media/pci/ivtv/ivtv-driver.c | 2 +- drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 18 +++++++++--------- drivers/media/usb/s2255/s2255drv.c | 4 ++-- .../staging/media/atomisp/i2c/atomisp-lm3554.c | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/drivers/media/pci/ivtv/ivtv-driver.c b/drivers/media/pci/ivtv/ivtv-driver.c index f5846c22c799..ba503d820e48 100644 --- a/drivers/media/pci/ivtv/ivtv-driver.c +++ b/drivers/media/pci/ivtv/ivtv-driver.c @@ -1425,7 +1425,7 @@ static void ivtv_remove(struct pci_dev *pdev) /* Interrupts */ ivtv_set_irq_mask(itv, 0xffffffff); - del_timer_sync(&itv->dma_timer); + timer_shutdown_sync(&itv->dma_timer); /* Kill irq worker */ kthread_flush_worker(&itv->irq_worker); diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c index 62ff1fa1c753..db000c9145d7 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c @@ -2605,10 +2605,10 @@ struct pvr2_hdw *pvr2_hdw_create(struct usb_interface *intf, return hdw; fail: if (hdw) { - del_timer_sync(&hdw->quiescent_timer); - del_timer_sync(&hdw->decoder_stabilization_timer); - del_timer_sync(&hdw->encoder_run_timer); - del_timer_sync(&hdw->encoder_wait_timer); + timer_shutdown_sync(&hdw->quiescent_timer); + timer_shutdown_sync(&hdw->decoder_stabilization_timer); + timer_shutdown_sync(&hdw->encoder_run_timer); + timer_shutdown_sync(&hdw->encoder_wait_timer); flush_work(&hdw->workpoll); v4l2_device_unregister(&hdw->v4l2_dev); usb_free_urb(hdw->ctl_read_urb); @@ -2668,10 +2668,10 @@ void pvr2_hdw_destroy(struct pvr2_hdw *hdw) if (!hdw) return; pvr2_trace(PVR2_TRACE_INIT,"pvr2_hdw_destroy: hdw=%p",hdw); flush_work(&hdw->workpoll); - del_timer_sync(&hdw->quiescent_timer); - del_timer_sync(&hdw->decoder_stabilization_timer); - del_timer_sync(&hdw->encoder_run_timer); - del_timer_sync(&hdw->encoder_wait_timer); + timer_shutdown_sync(&hdw->quiescent_timer); + timer_shutdown_sync(&hdw->decoder_stabilization_timer); + timer_shutdown_sync(&hdw->encoder_run_timer); + timer_shutdown_sync(&hdw->encoder_wait_timer); if (hdw->fw_buffer) { kfree(hdw->fw_buffer); hdw->fw_buffer = NULL; @@ -3722,7 +3722,7 @@ status); hdw->cmd_debug_state = 5; /* Stop timer */ - del_timer_sync(&timer.timer); + timer_shutdown_sync(&timer.timer); hdw->cmd_debug_state = 6; status = 0; diff --git a/drivers/media/usb/s2255/s2255drv.c b/drivers/media/usb/s2255/s2255drv.c index acf18e2251a5..3c2627712fe9 100644 --- a/drivers/media/usb/s2255/s2255drv.c +++ b/drivers/media/usb/s2255/s2255drv.c @@ -1487,7 +1487,7 @@ static void s2255_destroy(struct s2255_dev *dev) /* board shutdown stops the read pipe if it is running */ s2255_board_shutdown(dev); /* make sure firmware still not trying to load */ - del_timer_sync(&dev->timer); /* only started in .probe and .open */ + timer_shutdown_sync(&dev->timer); /* only started in .probe and .open */ if (dev->fw_data->fw_urb) { usb_kill_urb(dev->fw_data->fw_urb); usb_free_urb(dev->fw_data->fw_urb); @@ -2322,7 +2322,7 @@ static int s2255_probe(struct usb_interface *interface, errorFWDATA2: usb_free_urb(dev->fw_data->fw_urb); errorFWURB: - del_timer_sync(&dev->timer); + timer_shutdown_sync(&dev->timer); errorEP: usb_put_dev(dev->udev); errorUDEV: diff --git a/drivers/staging/media/atomisp/i2c/atomisp-lm3554.c b/drivers/staging/media/atomisp/i2c/atomisp-lm3554.c index 75d16b525294..c4ce4cd445d7 100644 --- a/drivers/staging/media/atomisp/i2c/atomisp-lm3554.c +++ b/drivers/staging/media/atomisp/i2c/atomisp-lm3554.c @@ -921,7 +921,7 @@ static void lm3554_remove(struct i2c_client *client) atomisp_gmin_remove_subdev(sd); - del_timer_sync(&flash->flash_off_delay); + timer_shutdown_sync(&flash->flash_off_delay); lm3554_gpio_uninit(client);
Am 04.11.22 um 06:54 schrieb Steven Rostedt: > [ Once again, quilt fails the MIME coding ] > > From: "Steven Rostedt (Google)" <rostedt@goodmis.org> > > Before a timer is freed, timer_shutdown_sync() must be called. > > Link: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Fall%2F20220407161745.7d6754b3%40gandalf.local.home%2F&data=05%7C01%7Cchristian.koenig%40amd.com%7Ca18ff1d0a7e442a1283808dabe29148d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638031380931371691%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XZgwOy0u20L1AxOjhUpWICodbSn2VYhh6YGSykjUegQ%3D&reserved=0 > > Cc: Sumit Semwal <sumit.semwal@linaro.org> > Cc: "Christian König" <christian.koenig@amd.com> > Cc: linux-media@vger.kernel.org > Cc: dri-devel@lists.freedesktop.org > Cc: linaro-mm-sig@lists.linaro.org > Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> > --- > drivers/dma-buf/st-dma-fence.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c > index fb6e0a6ae2c9..5d3e7b503501 100644 > --- a/drivers/dma-buf/st-dma-fence.c > +++ b/drivers/dma-buf/st-dma-fence.c > @@ -412,7 +412,7 @@ static int test_wait_timeout(void *arg) > > err = 0; > err_free: > - del_timer_sync(&wt.timer); > + timer_shutdown_sync(&wt.timer); Mhm, what exactly is the benefit of renaming the function? Not that I'm against the change, but my thinking is more if there are more functions which don't re-arm the time than those which do that then why not forbid it in general? Regards, Christian. > destroy_timer_on_stack(&wt.timer); > dma_fence_signal(wt.f); > dma_fence_put(wt.f);
Hi, On 04/11/2022 05:41, Steven Rostedt wrote: > From: "Steven Rostedt (Google)" <rostedt@goodmis.org> > > Before a timer is freed, timer_shutdown_sync() must be called. > > Link: https://lore.kernel.org/all/20220407161745.7d6754b3@gandalf.local.home/ > > Cc: "Noralf Trønnes" <noralf@tronnes.org> > Cc: David Airlie <airlied@gmail.com> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: Jani Nikula <jani.nikula@linux.intel.com> > Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> > Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> > Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com> > Cc: dri-devel@lists.freedesktop.org > Cc: intel-gfx@lists.freedesktop.org > Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> > --- > drivers/gpu/drm/gud/gud_pipe.c | 2 +- > drivers/gpu/drm/i915/i915_sw_fence.c | 2 +- If it stays all DRM drivers in one patch then I guess it needs to go via drm-misc, which for i915 would be okay I think in this case since patch is extremely unlikely to clash with anything. Or split it up per driver and then we can handle it in drm-intel-next once core functionality is in. We do however have some more calls to del_timer_sync, where freeing is perhaps not immediately next to the site in code, but things definitely get freed like on module unload. Would we need to convert all of them to avoid some, presumably new, warnings? Regards, Tvrtko > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/gud/gud_pipe.c b/drivers/gpu/drm/gud/gud_pipe.c > index 7c6dc2bcd14a..08429bdd57cf 100644 > --- a/drivers/gpu/drm/gud/gud_pipe.c > +++ b/drivers/gpu/drm/gud/gud_pipe.c > @@ -272,7 +272,7 @@ static int gud_usb_bulk(struct gud_device *gdrm, size_t len) > > usb_sg_wait(&ctx.sgr); > > - if (!del_timer_sync(&ctx.timer)) > + if (!timer_shutdown_sync(&ctx.timer)) > ret = -ETIMEDOUT; > else if (ctx.sgr.status < 0) > ret = ctx.sgr.status; > diff --git a/drivers/gpu/drm/i915/i915_sw_fence.c b/drivers/gpu/drm/i915/i915_sw_fence.c > index 6fc0d1b89690..bfaa9a67dc35 100644 > --- a/drivers/gpu/drm/i915/i915_sw_fence.c > +++ b/drivers/gpu/drm/i915/i915_sw_fence.c > @@ -465,7 +465,7 @@ static void irq_i915_sw_fence_work(struct irq_work *wrk) > struct i915_sw_dma_fence_cb_timer *cb = > container_of(wrk, typeof(*cb), work); > > - del_timer_sync(&cb->timer); > + timer_shutdown_sync(&cb->timer); > dma_fence_put(cb->dma); > > kfree_rcu(cb, rcu);
On Thu, Nov 3, 2022 at 10:48 PM Steven Rostedt <rostedt@goodmis.org> wrote: > > Ideally, I would have the first patch go into this rc cycle, which is mostly > non functional as it will allow the other patches to come in via the respective > subsystems in the next merge window. Ack. I also wonder if we could do the completely trivially correct conversions immediately. I'm talking about the scripted ones where it's currently a "del_timer_sync()", and the very next action is freeing whatever data structure the timer is in (possibly with something like free_irq() in between - my point is that there's an unconditional free that is very clear and unambiguous), so that there is absolutely no question about whether they should use "timer_shutdown_sync()" or not. IOW, things like patches 03, 17 and 31, and at least parts others in this series. This series clearly has several much more complex cases that need actual real code review, and I think it would help to have the completely unambiguous cases out of the way, just to get rid of noise. So I'd take that first patch, and a scripted set of "this cannot change any semantics" patches early. Linus
On Fri, 4 Nov 2022 08:15:53 +0100 Christian König <christian.koenig@amd.com> wrote: > > index fb6e0a6ae2c9..5d3e7b503501 100644 > > --- a/drivers/dma-buf/st-dma-fence.c > > +++ b/drivers/dma-buf/st-dma-fence.c > > @@ -412,7 +412,7 @@ static int test_wait_timeout(void *arg) > > > > err = 0; > > err_free: > > - del_timer_sync(&wt.timer); > > + timer_shutdown_sync(&wt.timer); > > Mhm, what exactly is the benefit of renaming the function? > > Not that I'm against the change, but my thinking is more if there are > more functions which don't re-arm the time than those which do that then > why not forbid it in general? Timers are more often re-armed then not. I had to look for the locations where del_timer*() was called just before freeing, and other locations where they are freed later. I didn't rename del_timer_sync() to timer_shutdown_sync(), this version renamed the new "del_timer_shutdown()" to "timer_shutdown_sync()". Maybe I'm just confused at what you are asking. -- Steve
On Fri, 4 Nov 2022 08:48:28 +0000 Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com> wrote: > If it stays all DRM drivers in one patch then I guess it needs to go via > drm-misc, which for i915 would be okay I think in this case since patch > is extremely unlikely to clash with anything. Or split it up per driver > and then we can handle it in drm-intel-next once core functionality is in. > > We do however have some more calls to del_timer_sync, where freeing is > perhaps not immediately next to the site in code, but things definitely > get freed like on module unload. Would we need to convert all of them to > avoid some, presumably new, warnings? I'm happy to split this patch up. I just got a bit lazy and started just grouping via entire subsystems. You should see the networking patch ;-) -- Steve
On Fri, Nov 04, 2022 at 01:40:53AM -0400, Steven Rostedt wrote: > > Back in April, I posted an RFC patch set to help mitigate a common issue > where a timer gets armed just before it is freed, and when the timer > goes off, it crashes in the timer code without any evidence of who the > culprit was. I got side tracked and never finished up on that patch set. > Since this type of crash is still our #1 crash we are seeing in the field, > it has become a priority again to finish it. > > This is v3 of that patch set. Thomas Gleixner posted an untested version > that makes timer->function NULL as the flag that it is shutdown. I took that > code, tested it (fixed it up), added more comments, and changed the > name to timer_shutdown_sync(). I also converted it to use WARN_ON_ONCE() > instead of just WARN_ON() as Linus asked for. > Unfortunately the renaming caused some symbol conflicts. Global definition: timer_shutdown File Line 0 time.c 93 static inline void timer_shutdown(struct clock_event_device *evt) 1 arm_arch_timer.c 690 static __always_inline int timer_shutdown(const int access, 2 timer-fttmr010.c 105 int (*timer_shutdown)(struct clock_event_device *evt); 3 timer-sp804.c 158 static inline void timer_shutdown(struct clock_event_device *evt) 4 timer.h 239 static inline int timer_shutdown(struct timer_list *timer) Guenter
On Fri, 4 Nov 2022 12:22:32 -0700 Guenter Roeck <linux@roeck-us.net> wrote: > Unfortunately the renaming caused some symbol conflicts. > > Global definition: timer_shutdown > > File Line > 0 time.c 93 static inline void timer_shutdown(struct clock_event_device *evt) > 1 arm_arch_timer.c 690 static __always_inline int timer_shutdown(const int access, > 2 timer-fttmr010.c 105 int (*timer_shutdown)(struct clock_event_device *evt); > 3 timer-sp804.c 158 static inline void timer_shutdown(struct clock_event_device *evt) > 4 timer.h 239 static inline int timer_shutdown(struct timer_list *timer) $ git grep '\btimer_shutdown' arch/arm/mach-spear/time.c:static inline void timer_shutdown(struct clock_event_device *evt) arch/arm/mach-spear/time.c: timer_shutdown(evt); arch/arm/mach-spear/time.c: timer_shutdown(evt); arch/arm/mach-spear/time.c: timer_shutdown(evt); drivers/clocksource/arm_arch_timer.c:static __always_inline int timer_shutdown(const int access, drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_VIRT_ACCESS, clk); drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_PHYS_ACCESS, clk); drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_MEM_VIRT_ACCESS, clk); drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_MEM_PHYS_ACCESS, clk); drivers/clocksource/timer-fttmr010.c: int (*timer_shutdown)(struct clock_event_device *evt); drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown = ast2600_timer_shutdown; drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown = fttmr010_timer_shutdown; drivers/clocksource/timer-fttmr010.c: fttmr010->clkevt.set_state_shutdown = fttmr010->timer_shutdown; drivers/clocksource/timer-fttmr010.c: fttmr010->clkevt.tick_resume = fttmr010->timer_shutdown; drivers/clocksource/timer-sp804.c:static inline void timer_shutdown(struct clock_event_device *evt) drivers/clocksource/timer-sp804.c: timer_shutdown(evt); drivers/clocksource/timer-sp804.c: timer_shutdown(evt); Honestly, I think these need to be renamed, as "timer_shutdown()" should be specific to the timer code, and not individual timers. I'll start making a patch set that starts by renaming these timers, then adds the timer_shutdown() API, and finished with the trivial updates, and that will be a real "PATCH" (non RFC). Linus, should I also add any patches that has already been acked by the respective maintainer? -- Steve
On Fri, Nov 4, 2022 at 12:42 PM Steven Rostedt <rostedt@goodmis.org> wrote: > > Linus, should I also add any patches that has already been acked by the > respective maintainer? No, I'd prefer to keep only the ones that are 100% unambiguously not changing any semantics. Linus
On Fri, 4 Nov 2022 15:42:09 -0400 Steven Rostedt <rostedt@goodmis.org> wrote: > $ git grep '\btimer_shutdown' > arch/arm/mach-spear/time.c:static inline void timer_shutdown(struct clock_event_device *evt) > arch/arm/mach-spear/time.c: timer_shutdown(evt); > arch/arm/mach-spear/time.c: timer_shutdown(evt); > arch/arm/mach-spear/time.c: timer_shutdown(evt); > drivers/clocksource/arm_arch_timer.c:static __always_inline int timer_shutdown(const int access, > drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_VIRT_ACCESS, clk); > drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_PHYS_ACCESS, clk); > drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_MEM_VIRT_ACCESS, clk); > drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_MEM_PHYS_ACCESS, clk); > drivers/clocksource/timer-fttmr010.c: int (*timer_shutdown)(struct clock_event_device *evt); > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown = ast2600_timer_shutdown; > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown = fttmr010_timer_shutdown; > drivers/clocksource/timer-fttmr010.c: fttmr010->clkevt.set_state_shutdown = fttmr010->timer_shutdown; > drivers/clocksource/timer-fttmr010.c: fttmr010->clkevt.tick_resume = fttmr010->timer_shutdown; I won't touch structure fields though. -- Steve > drivers/clocksource/timer-sp804.c:static inline void timer_shutdown(struct clock_event_device *evt) > drivers/clocksource/timer-sp804.c: timer_shutdown(evt); > drivers/clocksource/timer-sp804.c: timer_shutdown(evt);
On Fri, Nov 04, 2022 at 03:42:09PM -0400, Steven Rostedt wrote: > On Fri, 4 Nov 2022 12:22:32 -0700 > Guenter Roeck <linux@roeck-us.net> wrote: > > > Unfortunately the renaming caused some symbol conflicts. > > > > Global definition: timer_shutdown > > > > File Line > > 0 time.c 93 static inline void timer_shutdown(struct clock_event_device *evt) > > 1 arm_arch_timer.c 690 static __always_inline int timer_shutdown(const int access, > > 2 timer-fttmr010.c 105 int (*timer_shutdown)(struct clock_event_device *evt); > > 3 timer-sp804.c 158 static inline void timer_shutdown(struct clock_event_device *evt) > > 4 timer.h 239 static inline int timer_shutdown(struct timer_list *timer) > > $ git grep '\btimer_shutdown' > arch/arm/mach-spear/time.c:static inline void timer_shutdown(struct clock_event_device *evt) > arch/arm/mach-spear/time.c: timer_shutdown(evt); > arch/arm/mach-spear/time.c: timer_shutdown(evt); > arch/arm/mach-spear/time.c: timer_shutdown(evt); > drivers/clocksource/arm_arch_timer.c:static __always_inline int timer_shutdown(const int access, > drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_VIRT_ACCESS, clk); > drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_PHYS_ACCESS, clk); > drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_MEM_VIRT_ACCESS, clk); > drivers/clocksource/arm_arch_timer.c: return timer_shutdown(ARCH_TIMER_MEM_PHYS_ACCESS, clk); > drivers/clocksource/timer-fttmr010.c: int (*timer_shutdown)(struct clock_event_device *evt); > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown = ast2600_timer_shutdown; > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown = fttmr010_timer_shutdown; > drivers/clocksource/timer-fttmr010.c: fttmr010->clkevt.set_state_shutdown = fttmr010->timer_shutdown; > drivers/clocksource/timer-fttmr010.c: fttmr010->clkevt.tick_resume = fttmr010->timer_shutdown; > drivers/clocksource/timer-sp804.c:static inline void timer_shutdown(struct clock_event_device *evt) > drivers/clocksource/timer-sp804.c: timer_shutdown(evt); > drivers/clocksource/timer-sp804.c: timer_shutdown(evt); > > Honestly, I think these need to be renamed, as "timer_shutdown()" > should be specific to the timer code, and not individual timers. Yes, that is what I did locally. I am repeating my test now with that change made. Guenter
On Fri, Nov 04, 2022 at 04:38:34PM -0400, Steven Rostedt wrote: > On Fri, 4 Nov 2022 15:42:09 -0400 > Steven Rostedt <rostedt@goodmis.org> wrote: > [ ... ] > > > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown(evt); > > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown = ast2600_timer_shutdown; > > drivers/clocksource/timer-fttmr010.c: fttmr010->timer_shutdown = fttmr010_timer_shutdown; > > drivers/clocksource/timer-fttmr010.c: fttmr010->clkevt.set_state_shutdown = fttmr010->timer_shutdown; > > drivers/clocksource/timer-fttmr010.c: fttmr010->clkevt.tick_resume = fttmr010->timer_shutdown; > > I won't touch structure fields though. > Agreed, same here. Guenter
On Fri, Nov 04, 2022 at 01:40:53AM -0400, Steven Rostedt wrote: > > Back in April, I posted an RFC patch set to help mitigate a common issue > where a timer gets armed just before it is freed, and when the timer > goes off, it crashes in the timer code without any evidence of who the > culprit was. I got side tracked and never finished up on that patch set. > Since this type of crash is still our #1 crash we are seeing in the field, > it has become a priority again to finish it. > After applying the patches attached below, everything compiles for me, and there are no crashes. There are still various warnings, most in networking. I know I need to apply some patch(es) to fix the networking warnings, but I didn't entirely understand what exactly to apply, so I didn't try. Complete logs are at https://kerneltests.org/builders, on the bottom half of the page (qemu tests, in the 'testing' column). Guenter --- Warnings: ODEBUG: free active (active state 0) object type: timer_list hint: tcp_write_timer+0x0/0x1d0 from tcp_close -> __sk_destruct -> tcp_write_timer ODEBUG: free active (active state 0) object type: timer_list hint: tcp_keepalive_timer+0x0/0x4c0 from tcp_close -> __sk_destruct -> tcp_keepalive_timer -> __del_timer_sync ODEBUG: free active (active state 0) object type: timer_list hint: blk_rq_timed_out_timer+0x0/0x40 blk_free_queue_rcu -> blk_free_queue_rcu -> blk_rq_timed_out_timer --- Changes applied on top of patch set to fix build errors: diff --git a/arch/arm/mach-spear/time.c b/arch/arm/mach-spear/time.c index e979e2197f8e..5371c824786d 100644 --- a/arch/arm/mach-spear/time.c +++ b/arch/arm/mach-spear/time.c @@ -90,7 +90,7 @@ static void __init spear_clocksource_init(void) 200, 16, clocksource_mmio_readw_up); } -static inline void timer_shutdown(struct clock_event_device *evt) +static inline void spear_timer_shutdown(struct clock_event_device *evt) { u16 val = readw(gpt_base + CR(CLKEVT)); @@ -101,7 +101,7 @@ static inline void timer_shutdown(struct clock_event_device *evt) static int spear_shutdown(struct clock_event_device *evt) { - timer_shutdown(evt); + spear_timer_shutdown(evt); return 0; } @@ -111,7 +111,7 @@ static int spear_set_oneshot(struct clock_event_device *evt) u16 val; /* stop the timer */ - timer_shutdown(evt); + spear_timer_shutdown(evt); val = readw(gpt_base + CR(CLKEVT)); val |= CTRL_ONE_SHOT; @@ -126,7 +126,7 @@ static int spear_set_periodic(struct clock_event_device *evt) u16 val; /* stop the timer */ - timer_shutdown(evt); + spear_timer_shutdown(evt); period = clk_get_rate(gpt_clk) / HZ; period >>= CTRL_PRESCALER16; diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c index a7ff77550e17..9c3420a0d19d 100644 --- a/drivers/clocksource/arm_arch_timer.c +++ b/drivers/clocksource/arm_arch_timer.c @@ -687,8 +687,8 @@ static irqreturn_t arch_timer_handler_virt_mem(int irq, void *dev_id) return timer_handler(ARCH_TIMER_MEM_VIRT_ACCESS, evt); } -static __always_inline int timer_shutdown(const int access, - struct clock_event_device *clk) +static __always_inline int arch_timer_shutdown(const int access, + struct clock_event_device *clk) { unsigned long ctrl; @@ -701,22 +701,22 @@ static __always_inline int timer_shutdown(const int access, static int arch_timer_shutdown_virt(struct clock_event_device *clk) { - return timer_shutdown(ARCH_TIMER_VIRT_ACCESS, clk); + return arch_timer_shutdown(ARCH_TIMER_VIRT_ACCESS, clk); } static int arch_timer_shutdown_phys(struct clock_event_device *clk) { - return timer_shutdown(ARCH_TIMER_PHYS_ACCESS, clk); + return arch_timer_shutdown(ARCH_TIMER_PHYS_ACCESS, clk); } static int arch_timer_shutdown_virt_mem(struct clock_event_device *clk) { - return timer_shutdown(ARCH_TIMER_MEM_VIRT_ACCESS, clk); + return arch_timer_shutdown(ARCH_TIMER_MEM_VIRT_ACCESS, clk); } static int arch_timer_shutdown_phys_mem(struct clock_event_device *clk) { - return timer_shutdown(ARCH_TIMER_MEM_PHYS_ACCESS, clk); + return arch_timer_shutdown(ARCH_TIMER_MEM_PHYS_ACCESS, clk); } static __always_inline void set_next_event(const int access, unsigned long evt, diff --git a/drivers/clocksource/timer-sp804.c b/drivers/clocksource/timer-sp804.c index e6a87f4af2b5..a3c38e1343f0 100644 --- a/drivers/clocksource/timer-sp804.c +++ b/drivers/clocksource/timer-sp804.c @@ -155,14 +155,14 @@ static irqreturn_t sp804_timer_interrupt(int irq, void *dev_id) return IRQ_HANDLED; } -static inline void timer_shutdown(struct clock_event_device *evt) +static inline void sp804_timer_shutdown(struct clock_event_device *evt) { writel(0, common_clkevt->ctrl); } static int sp804_shutdown(struct clock_event_device *evt) { - timer_shutdown(evt); + sp804_timer_shutdown(evt); return 0; } @@ -171,7 +171,7 @@ static int sp804_set_periodic(struct clock_event_device *evt) unsigned long ctrl = TIMER_CTRL_32BIT | TIMER_CTRL_IE | TIMER_CTRL_PERIODIC | TIMER_CTRL_ENABLE; - timer_shutdown(evt); + sp804_timer_shutdown(evt); writel(common_clkevt->reload, common_clkevt->load); writel(ctrl, common_clkevt->ctrl); return 0;
Am 04.11.22 um 19:58 schrieb Steven Rostedt: > On Fri, 4 Nov 2022 08:15:53 +0100 > Christian König <christian.koenig@amd.com> wrote: > >>> index fb6e0a6ae2c9..5d3e7b503501 100644 >>> --- a/drivers/dma-buf/st-dma-fence.c >>> +++ b/drivers/dma-buf/st-dma-fence.c >>> @@ -412,7 +412,7 @@ static int test_wait_timeout(void *arg) >>> >>> err = 0; >>> err_free: >>> - del_timer_sync(&wt.timer); >>> + timer_shutdown_sync(&wt.timer); >> Mhm, what exactly is the benefit of renaming the function? >> >> Not that I'm against the change, but my thinking is more if there are >> more functions which don't re-arm the time than those which do that then >> why not forbid it in general? > Timers are more often re-armed then not. I had to look for the > locations where del_timer*() was called just before freeing, and other > locations where they are freed later. > > I didn't rename del_timer_sync() to timer_shutdown_sync(), this version > renamed the new "del_timer_shutdown()" to "timer_shutdown_sync()". > > Maybe I'm just confused at what you are asking. No, that explains it a bit better. I was just wondering what exactly the different to del_timer_sync() is. Maybe shorten the summary in the cover letter a bit. The history how this change came to be is not as interesting as why we are changing something. Regards, Christian. > > -- Steve > _______________________________________________ > Linaro-mm-sig mailing list -- linaro-mm-sig@lists.linaro.org > To unsubscribe send an email to linaro-mm-sig-leave@lists.linaro.org