[Intel-gfx] [patch 00/11] hrtimers: Cleanup hrtimer_forward() [ab]use

Thomas Gleixner tglx at linutronix.de
Thu Sep 23 16:04:18 UTC 2021


A recent syzbot report unearthed abuse of hrtimer_forward() which can cause
runaway timers hogging the CPU in timer expiry context by rearming the
timer in the past over and over.

This happens when the caller uses timer->expiry for the 'now' argument of
hrtimer_forward(). That works as long as the timer expiry is on time, but
can cause a long period of rearm/fire loops which hog the CPU. Expiring
late can have various causes, but obviously virtualization is prone to that
due to VCPU scheduling.

The correct usage of hrtimer_forward() is to hand the current time to the
'now' argument which ensures that the next event on the periodic time line
is past now. This is what hrtimer_forward_now() provides.

The following series addresses this:

    1) Add a debug mechanism to the hrtimer expiry loop

    2) Convert all hrtimer_forward() usage outside of kernel/time/ to
       use hrtimer_forward_now().

    3) Confine hrtimer_forward() to kernel/time/ core code.

The mac80211_hwsim patch has already been picked up by the wireless
maintainer and all other patches which affect usage outside the core code
can be picked up by the relevant subsystems. If a maintainer wants me to
pick a particular patch up, please let me know.

The last patch which confines hrtimer_forward() will be postponed until all
other patches have been merged into Linus tree.

The series is also available from git:

    git://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git hrtimer

Thanks,

	tglx
---
 drivers/gpu/drm/i915/i915_pmu.c        |    2 -
 drivers/net/wireless/mac80211_hwsim.c  |    4 +-
 drivers/net/wwan/iosm/iosm_ipc_imem.c  |    4 +-
 drivers/power/reset/ltc2952-poweroff.c |    4 --
 include/linux/hrtimer.h                |   26 -----------------
 include/linux/posix-timers.h           |    3 ++
 kernel/signal.c                        |   14 +--------
 kernel/time/hrtimer.c                  |   48 ++++++++++++++++++++++++++++++++-
 kernel/time/itimer.c                   |   13 ++++++++
 kernel/time/posix-timers.c             |   42 +++++++++++-----------------
 kernel/time/tick-internal.h            |    1 
 net/can/bcm.c                          |    2 -
 sound/drivers/pcsp/pcsp_lib.c          |    2 -
 13 files changed, 92 insertions(+), 73 deletions(-)



More information about the Intel-gfx mailing list