rtc: Fix hrtimer deadlock

Ben reported a lockup related to rtc. The lockup happens due to: CPU0 CPU1 rtc_irq_set_state() __run_hrtimer() spin_lock_irqsave(&rtc->irq_task_lock) rtc_handle_legacy_irq(); spin_lock(&rtc->irq_task_lock); hrtimer_cancel() while (callback_running); So the running callback never finishes as it's blocked on rtc->irq_task_lock. Use hrtimer_try_to_cancel() instead and drop rtc->irq_task_lock while waiting for the callback. Fix this for both rtc_irq_set_state() and rtc_irq_set_freq(). Cc: stable@kernel.org Reported-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: John Stultz <john.stultz@linaro.org>
2011-07-22 09:12:51 +00:00 · 2011-07-22 09:12:51 +00:00 · 3c8bb90efb
commit 3c8bb90efb
parent 53cc2820ac
1 changed files with 37 additions and 19 deletions
--- a/drivers/rtc/interface.c
+++ b/drivers/rtc/interface.c
@ -636,6 +636,29 @@ void rtc_irq_unregister(struct rtc_device *rtc, struct rtc_task *task)
 }
 EXPORT_SYMBOL_GPL(rtc_irq_unregister);
 static int rtc_update_hrtimer(struct rtc_device *rtc, int enabled)
 {
 	/*
 	 * We always cancel the timer here first, because otherwise
 	 * we could run into BUG_ON(timer->state != HRTIMER_STATE_CALLBACK);
 	 * when we manage to start the timer before the callback
 	 * returns HRTIMER_RESTART.
 	 *
 	 * We cannot use hrtimer_cancel() here as a running callback
 	 * could be blocked on rtc->irq_task_lock and hrtimer_cancel()
 	 * would spin forever.
 	 */
 	if (hrtimer_try_to_cancel(&rtc->pie_timer) < 0)
 		return -1;
 	if (enabled) {
 		ktime_t period = ktime_set(0, NSEC_PER_SEC / rtc->irq_freq);
 		hrtimer_start(&rtc->pie_timer, period, HRTIMER_MODE_REL);
 	}
 	return 0;
 }
 /**
 * rtc_irq_set_state - enable/disable 2^N Hz periodic IRQs
 * @rtc: the rtc device
@ -651,24 +674,21 @@ int rtc_irq_set_state(struct rtc_device *rtc, struct rtc_task *task, int enabled
 	int err = 0;
 	unsigned long flags;
 retry:
 	spin_lock_irqsave(&rtc->irq_task_lock, flags);
 	if (rtc->irq_task != NULL && task == NULL)
 		err = -EBUSY;
 	if (rtc->irq_task != task)
 		err = -EACCES;
-	if (err)
+	if (!err) {
-		goto out;
+		if (rtc_update_hrtimer(rtc, enabled) < 0) {
-
+			spin_unlock_irqrestore(&rtc->irq_task_lock, flags);
-	if (enabled) {
+			cpu_relax();
-		ktime_t period = ktime_set(0, NSEC_PER_SEC/rtc->irq_freq);
+			goto retry;
 		hrtimer_start(&rtc->pie_timer, period, HRTIMER_MODE_REL);
 	} else {
 		hrtimer_cancel(&rtc->pie_timer);
 		}
 		rtc->pie_enabled = enabled;
-out:
+	}
 	spin_unlock_irqrestore(&rtc->irq_task_lock, flags);
 	return err;
 }
 EXPORT_SYMBOL_GPL(rtc_irq_set_state);
@ -690,20 +710,18 @@ int rtc_irq_set_freq(struct rtc_device *rtc, struct rtc_task *task, int freq)
 	if (freq <= 0)
 		return -EINVAL;
-
+retry:
 	spin_lock_irqsave(&rtc->irq_task_lock, flags);
 	if (rtc->irq_task != NULL && task == NULL)
 		err = -EBUSY;
 	if (rtc->irq_task != task)
 		err = -EACCES;
-	if (err == 0) {
+	if (!err) {
 		rtc->irq_freq = freq;
-		if (rtc->pie_enabled) {
+		if (rtc->pie_enabled && rtc_update_hrtimer(rtc, 1) < 0) {
-			ktime_t period;
+			spin_unlock_irqrestore(&rtc->irq_task_lock, flags);
-			hrtimer_cancel(&rtc->pie_timer);
+			cpu_relax();
-			period = ktime_set(0, NSEC_PER_SEC/rtc->irq_freq);
+			goto retry;
 			hrtimer_start(&rtc->pie_timer, period,
 					HRTIMER_MODE_REL);
 		}
 	}
 	spin_unlock_irqrestore(&rtc->irq_task_lock, flags);