From nobody Mon Jul 25 13:54:57 2022
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ls1kp0TtNz4XY49;
	Mon, 25 Jul 2022 13:54:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Ls1kn6wPrz4M21;
	Mon, 25 Jul 2022 13:54:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1658757298;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IbAjMvFuA3vBmOBMX0jnMYwR5I9LZsOgmi+lEapwXoQ=;
	b=T0Z+GVwYqya6IQXfwBx9l6s/YqYT17nv7qHIOdD0IWFHEYMio0kB2McALJBgoQ7dHTqV2G
	CyDPBFmPGpbpvwRpKk5GOtrkkrKjDGfsT0Fr6VLw0W8gB26MAP6rGRtTlC0E980yAQY1il
	iKyYEqmmtioTkwN/b/QNJQGIDfbpFmc6gwNqvuicf45BabQMM5GskYXfoDg9xa3Q03J+9v
	BpIDHjlZ4LGRfAVC7wkUr8UPc+bp5yVOpaK+W180S4b9USj9wBmbn73FTz3YgWQ/E88z3J
	1yQuQBa8SarVCRCV88XlXjHrIDvlnX+XcL0YuVHyfx9jobG37cPLh4Nv4Ew5zg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ls1kn5sf6z10Wx;
	Mon, 25 Jul 2022 13:54:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26PDsv3M019872;
	Mon, 25 Jul 2022 13:54:57 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26PDsvUa019871;
	Mon, 25 Jul 2022 13:54:57 GMT
	(envelope-from git)
Date: Mon, 25 Jul 2022 13:54:57 GMT
Message-Id: <202207251354.26PDsvUa019871@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 3be1eaa32b95 - stable/13 - eventtimer: Fix several races in the timer reload code
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 3be1eaa32b95857cf848295e10ffc25e2852d2e6
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1658757298;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IbAjMvFuA3vBmOBMX0jnMYwR5I9LZsOgmi+lEapwXoQ=;
	b=Yj8B6k5C68zalS/ZFwIic4zZAUN4XB8lGcyLj0RggeNmtb/xro66idddxMsW+Hm4uY7BT3
	UhXyvN/tjOZ8RI5maCD0vbWRAJW867HhC0hv9SHTDyTpjthjaZX93vTnKGqkM+vPEdSf9d
	OAsBgk3RcvlzBRivGnnT2MSfDaXgMOD8R4F0EmE//BGLmcaFUhROmYbqQVEWknIPAuAWcN
	MCTvymozzp5Ui4GjRh6IVe+g16H9XLxJ1xn/4EyJIPwCPDRJcoLqvUGn6nOgbtXHoY8BFX
	mwNNIuxOdXTTrajjC7w2xSFJhGKlYuzCz84aOdFXtsD58qzZBJL60vLepOA8/A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1658757298; a=rsa-sha256; cv=none;
	b=fPLRhk0HSzObxmmMMCcahHCzABEeUtoAQCAaqIo6/5N/tqlsR9OWc0x+bieoHVlAYvkHVb
	/VkJ4sHkqHRJI68EcC0C8IVnnVluArBKawcQXDMScnyzjaedIc5zx3fFyt1stqdpM/XVLl
	r+ouCAZGOzUetJW6F97XtJv2d5/AiDAfqu9wGNZuhTM69z2HYa+bOInFzfj8jZrMvqSbAe
	HUoi5o5oiq+2wG8S5kstsncjLuADSZg30AC1//ytQsah7w2hpavRc8Yj+EPPs9hkPN0WBQ
	s3ps9s7YMaQ8oAqfHU/Mqzss7GyIjhiczKOqYSrQiQWm0kuZO4h4YRx6zJl6NQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=3be1eaa32b95857cf848295e10ffc25e2852d2e6

commit 3be1eaa32b95857cf848295e10ffc25e2852d2e6
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-06-30 18:27:07 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-07-25 13:45:51 +0000

    eventtimer: Fix several races in the timer reload code
    
    In handleevents(), lock the timer state before fetching the time for the
    next event.  A concurrent callout_cc_add() call might be changing the
    next event time, and the race can cause handleevents() to program an
    out-of-date time, causing the callout to run later (by an unbounded
    period, up to the idle hardclock period of 1s) than requested.
    
    In cpu_idleclock(), call getnextcpuevent() with the timer state mutex
    held, for similar reasons.  In particular, cpu_idleclock() runs with
    interrupts enabled, so an untimely timer interrupt can result in a stale
    next event time being programmed.  Further, an interrupt can cause
    cpu_idleclock() to use a stale value for "now".
    
    In cpu_activeclock(), disable interrupts before loading "now", so as to
    avoid going backwards in time when calling handleevents().  It's ok to
    leave interrupts enabled when checking "state->idle", since the race at
    worst will cause handleevents() to be called unnecessarily.  But use an
    atomic load to indicate that the test is racy.
    
    PR:             264867
    Reviewed by:    mav, jhb, kib
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit a889a65ba36985dfb31111ac1607be35ca2b2c8c)
---
 sys/kern/kern_clocksource.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/sys/kern/kern_clocksource.c b/sys/kern/kern_clocksource.c
index 9d53d1242482..89d19bca9317 100644
--- a/sys/kern/kern_clocksource.c
+++ b/sys/kern/kern_clocksource.c
@@ -214,8 +214,8 @@ handleevents(sbintime_t now, int fake)
 		callout_process(now);
 	}
 
-	t = getnextcpuevent(state, 0);
 	ET_HW_LOCK(state);
+	t = getnextcpuevent(state, 0);
 	if (!busy) {
 		state->idle = 0;
 		state->nextevent = t;
@@ -678,14 +678,12 @@ cpu_initclocks_bsp(void)
 void
 cpu_initclocks_ap(void)
 {
-	sbintime_t now;
 	struct pcpu_state *state;
 	struct thread *td;
 
 	state = DPCPU_PTR(timerstate);
-	now = sbinuptime();
 	ET_HW_LOCK(state);
-	state->now = now;
+	state->now = sbinuptime();
 	hardclock_sync(curcpu);
 	spinlock_enter();
 	ET_HW_UNLOCK(state);
@@ -769,6 +767,7 @@ cpu_idleclock(void)
 	    )
 		return (-1);
 	state = DPCPU_PTR(timerstate);
+	ET_HW_LOCK(state);
 	if (periodic)
 		now = state->now;
 	else
@@ -776,7 +775,6 @@ cpu_idleclock(void)
 	CTR3(KTR_SPARE2, "idle at %d:    now  %d.%08x",
 	    curcpu, (int)(now >> 32), (u_int)(now & 0xffffffff));
 	t = getnextcpuevent(state, 1);
-	ET_HW_LOCK(state);
 	state->idle = 1;
 	state->nextevent = t;
 	if (!periodic)
@@ -796,15 +794,15 @@ cpu_activeclock(void)
 	struct thread *td;
 
 	state = DPCPU_PTR(timerstate);
-	if (state->idle == 0 || busy)
+	if (atomic_load_int(&state->idle) == 0 || busy)
 		return;
+	spinlock_enter();
 	if (periodic)
 		now = state->now;
 	else
 		now = sbinuptime();
 	CTR3(KTR_SPARE2, "active at %d:  now  %d.%08x",
 	    curcpu, (int)(now >> 32), (u_int)(now & 0xffffffff));
-	spinlock_enter();
 	td = curthread;
 	td->td_intr_nesting_level++;
 	handleevents(now, 1);