path: root/kernel/time/timer.c
diff options
authorDmitry Vyukov <>2015-09-18 15:54:23 +0200
committerThomas Gleixner <>2015-09-22 15:43:18 +0200
commit3ed769bdb2a2484fd7f9f7f3047413053aacbe21 (patch)
tree75f0039968b1b80ffe61b6d446f34ade7b24cf11 /kernel/time/timer.c
parent571af55a31d3652ac1f758f116835a76d0335661 (diff)
timers: Fix data race in timer_stats_account_timer()
timer_stats_account_timer() reads timer->start_site, then checks it for NULL and then re-reads it again, while timer_stats_timer_clear_start_info() can concurrently reset timer->start_site to NULL. This should not lead to crashes, but can double number of entries in timer stats as start_site is used during comparison, the doubled entries will have unuseful NULL start_site. Read timer->start_site only once in timer_stats_account_timer(). The data race was found with KernelThreadSanitizer (KTSAN). Signed-off-by: Dmitry Vyukov <> Cc: Cc: Cc: Cc: Cc: Link: Signed-off-by: Thomas Gleixner <>
Diffstat (limited to 'kernel/time/timer.c')
1 files changed, 9 insertions, 2 deletions
diff --git a/kernel/time/timer.c b/kernel/time/timer.c
index 84190f02b521..d3f5e92f722a 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
@@ -461,10 +461,17 @@ void __timer_stats_timer_set_start_info(struct timer_list *timer, void *addr)
static void timer_stats_account_timer(struct timer_list *timer)
- if (likely(!timer->start_site))
+ void *site;
+ /*
+ * start_site can be concurrently reset by
+ * timer_stats_timer_clear_start_info()
+ */
+ site = READ_ONCE(timer->start_site);
+ if (likely(!site))
- timer_stats_update_stats(timer, timer->start_pid, timer->start_site,
+ timer_stats_update_stats(timer, timer->start_pid, site,
timer->function, timer->start_comm,