Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dd2261ed authored by Julien Grall's avatar Julien Grall Committed by Thomas Gleixner
Browse files

hrtimer: Protect lockless access to timer->base 



The update to timer->base is protected by the base->cpu_base->lock().
However, hrtimer_cancel_wait_running() does access it lockless.  So the
compiler is allowed to refetch timer->base which can cause havoc when the
timer base is changed concurrently.

Use READ_ONCE() to prevent this.

[ tglx: Adapted from a RT patch ]

Signed-off-by: default avatarJulien Grall <julien.grall@arm.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190821092409.13225-2-julien.grall@arm.com
parent 7cb9a94c

kernel/time/hrtimer.c

+2 −1
Original line number Diff line number Diff line
@@ -1214,7 +1214,8 @@ static void hrtimer_sync_wait_running(struct hrtimer_cpu_base *cpu_base, 
 */

void hrtimer_cancel_wait_running(const struct hrtimer *timer)

{

	struct hrtimer_clock_base *base = timer->base;

	/* Lockless read. Prevent the compiler from reloading it below */

	struct hrtimer_clock_base *base = READ_ONCE(timer->base);



	if (!timer->is_soft || !base || !base->cpu_base) {

		cpu_relax();