Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Kernel internal timers
4 *
5 * Copyright (C) 1991, 1992 Linus Torvalds
6 *
7 * 1997-01-28 Modified by Finn Arne Gangstad to make timers scale better.
8 *
9 * 1997-09-10 Updated NTP code according to technical memorandum Jan '96
10 * "A Kernel Model for Precision Timekeeping" by Dave Mills
11 * 1998-12-24 Fixed a xtime SMP race (we need the xtime_lock rw spinlock to
12 * serialize accesses to xtime/lost_ticks).
13 * Copyright (C) 1998 Andrea Arcangeli
14 * 1999-03-10 Improved NTP compatibility by Ulrich Windl
15 * 2002-05-31 Move sys_sysinfo here and make its locking sane, Robert Love
16 * 2000-10-05 Implemented scalable SMP per-CPU timer handling.
17 * Copyright (C) 2000, 2001, 2002 Ingo Molnar
18 * Designed by David S. Miller, Alexey Kuznetsov and Ingo Molnar
19 */
20
21#include <linux/kernel_stat.h>
22#include <linux/export.h>
23#include <linux/interrupt.h>
24#include <linux/percpu.h>
25#include <linux/init.h>
26#include <linux/mm.h>
27#include <linux/swap.h>
28#include <linux/pid_namespace.h>
29#include <linux/notifier.h>
30#include <linux/thread_info.h>
31#include <linux/time.h>
32#include <linux/jiffies.h>
33#include <linux/posix-timers.h>
34#include <linux/cpu.h>
35#include <linux/syscalls.h>
36#include <linux/delay.h>
37#include <linux/tick.h>
38#include <linux/kallsyms.h>
39#include <linux/irq_work.h>
40#include <linux/sched/signal.h>
41#include <linux/sched/sysctl.h>
42#include <linux/sched/nohz.h>
43#include <linux/sched/debug.h>
44#include <linux/slab.h>
45#include <linux/compat.h>
46#include <linux/random.h>
47
48#include <linux/uaccess.h>
49#include <asm/unistd.h>
50#include <asm/div64.h>
51#include <asm/timex.h>
52#include <asm/io.h>
53
54#include "tick-internal.h"
55
56#define CREATE_TRACE_POINTS
57#include <trace/events/timer.h>
58
59__visible u64 jiffies_64 __cacheline_aligned_in_smp = INITIAL_JIFFIES;
60
61EXPORT_SYMBOL(jiffies_64);
62
63/*
64 * The timer wheel has LVL_DEPTH array levels. Each level provides an array of
65 * LVL_SIZE buckets. Each level is driven by its own clock and therefor each
66 * level has a different granularity.
67 *
68 * The level granularity is: LVL_CLK_DIV ^ lvl
69 * The level clock frequency is: HZ / (LVL_CLK_DIV ^ level)
70 *
71 * The array level of a newly armed timer depends on the relative expiry
72 * time. The farther the expiry time is away the higher the array level and
73 * therefor the granularity becomes.
74 *
75 * Contrary to the original timer wheel implementation, which aims for 'exact'
76 * expiry of the timers, this implementation removes the need for recascading
77 * the timers into the lower array levels. The previous 'classic' timer wheel
78 * implementation of the kernel already violated the 'exact' expiry by adding
79 * slack to the expiry time to provide batched expiration. The granularity
80 * levels provide implicit batching.
81 *
82 * This is an optimization of the original timer wheel implementation for the
83 * majority of the timer wheel use cases: timeouts. The vast majority of
84 * timeout timers (networking, disk I/O ...) are canceled before expiry. If
85 * the timeout expires it indicates that normal operation is disturbed, so it
86 * does not matter much whether the timeout comes with a slight delay.
87 *
88 * The only exception to this are networking timers with a small expiry
89 * time. They rely on the granularity. Those fit into the first wheel level,
90 * which has HZ granularity.
91 *
92 * We don't have cascading anymore. timers with a expiry time above the
93 * capacity of the last wheel level are force expired at the maximum timeout
94 * value of the last wheel level. From data sampling we know that the maximum
95 * value observed is 5 days (network connection tracking), so this should not
96 * be an issue.
97 *
98 * The currently chosen array constants values are a good compromise between
99 * array size and granularity.
100 *
101 * This results in the following granularity and range levels:
102 *
103 * HZ 1000 steps
104 * Level Offset Granularity Range
105 * 0 0 1 ms 0 ms - 63 ms
106 * 1 64 8 ms 64 ms - 511 ms
107 * 2 128 64 ms 512 ms - 4095 ms (512ms - ~4s)
108 * 3 192 512 ms 4096 ms - 32767 ms (~4s - ~32s)
109 * 4 256 4096 ms (~4s) 32768 ms - 262143 ms (~32s - ~4m)
110 * 5 320 32768 ms (~32s) 262144 ms - 2097151 ms (~4m - ~34m)
111 * 6 384 262144 ms (~4m) 2097152 ms - 16777215 ms (~34m - ~4h)
112 * 7 448 2097152 ms (~34m) 16777216 ms - 134217727 ms (~4h - ~1d)
113 * 8 512 16777216 ms (~4h) 134217728 ms - 1073741822 ms (~1d - ~12d)
114 *
115 * HZ 300
116 * Level Offset Granularity Range
117 * 0 0 3 ms 0 ms - 210 ms
118 * 1 64 26 ms 213 ms - 1703 ms (213ms - ~1s)
119 * 2 128 213 ms 1706 ms - 13650 ms (~1s - ~13s)
120 * 3 192 1706 ms (~1s) 13653 ms - 109223 ms (~13s - ~1m)
121 * 4 256 13653 ms (~13s) 109226 ms - 873810 ms (~1m - ~14m)
122 * 5 320 109226 ms (~1m) 873813 ms - 6990503 ms (~14m - ~1h)
123 * 6 384 873813 ms (~14m) 6990506 ms - 55924050 ms (~1h - ~15h)
124 * 7 448 6990506 ms (~1h) 55924053 ms - 447392423 ms (~15h - ~5d)
125 * 8 512 55924053 ms (~15h) 447392426 ms - 3579139406 ms (~5d - ~41d)
126 *
127 * HZ 250
128 * Level Offset Granularity Range
129 * 0 0 4 ms 0 ms - 255 ms
130 * 1 64 32 ms 256 ms - 2047 ms (256ms - ~2s)
131 * 2 128 256 ms 2048 ms - 16383 ms (~2s - ~16s)
132 * 3 192 2048 ms (~2s) 16384 ms - 131071 ms (~16s - ~2m)
133 * 4 256 16384 ms (~16s) 131072 ms - 1048575 ms (~2m - ~17m)
134 * 5 320 131072 ms (~2m) 1048576 ms - 8388607 ms (~17m - ~2h)
135 * 6 384 1048576 ms (~17m) 8388608 ms - 67108863 ms (~2h - ~18h)
136 * 7 448 8388608 ms (~2h) 67108864 ms - 536870911 ms (~18h - ~6d)
137 * 8 512 67108864 ms (~18h) 536870912 ms - 4294967288 ms (~6d - ~49d)
138 *
139 * HZ 100
140 * Level Offset Granularity Range
141 * 0 0 10 ms 0 ms - 630 ms
142 * 1 64 80 ms 640 ms - 5110 ms (640ms - ~5s)
143 * 2 128 640 ms 5120 ms - 40950 ms (~5s - ~40s)
144 * 3 192 5120 ms (~5s) 40960 ms - 327670 ms (~40s - ~5m)
145 * 4 256 40960 ms (~40s) 327680 ms - 2621430 ms (~5m - ~43m)
146 * 5 320 327680 ms (~5m) 2621440 ms - 20971510 ms (~43m - ~5h)
147 * 6 384 2621440 ms (~43m) 20971520 ms - 167772150 ms (~5h - ~1d)
148 * 7 448 20971520 ms (~5h) 167772160 ms - 1342177270 ms (~1d - ~15d)
149 */
150
151/* Clock divisor for the next level */
152#define LVL_CLK_SHIFT 3
153#define LVL_CLK_DIV (1UL << LVL_CLK_SHIFT)
154#define LVL_CLK_MASK (LVL_CLK_DIV - 1)
155#define LVL_SHIFT(n) ((n) * LVL_CLK_SHIFT)
156#define LVL_GRAN(n) (1UL << LVL_SHIFT(n))
157
158/*
159 * The time start value for each level to select the bucket at enqueue
160 * time. We start from the last possible delta of the previous level
161 * so that we can later add an extra LVL_GRAN(n) to n (see calc_index()).
162 */
163#define LVL_START(n) ((LVL_SIZE - 1) << (((n) - 1) * LVL_CLK_SHIFT))
164
165/* Size of each clock level */
166#define LVL_BITS 6
167#define LVL_SIZE (1UL << LVL_BITS)
168#define LVL_MASK (LVL_SIZE - 1)
169#define LVL_OFFS(n) ((n) * LVL_SIZE)
170
171/* Level depth */
172#if HZ > 100
173# define LVL_DEPTH 9
174# else
175# define LVL_DEPTH 8
176#endif
177
178/* The cutoff (max. capacity of the wheel) */
179#define WHEEL_TIMEOUT_CUTOFF (LVL_START(LVL_DEPTH))
180#define WHEEL_TIMEOUT_MAX (WHEEL_TIMEOUT_CUTOFF - LVL_GRAN(LVL_DEPTH - 1))
181
182/*
183 * The resulting wheel size. If NOHZ is configured we allocate two
184 * wheels so we have a separate storage for the deferrable timers.
185 */
186#define WHEEL_SIZE (LVL_SIZE * LVL_DEPTH)
187
188#ifdef CONFIG_NO_HZ_COMMON
189# define NR_BASES 2
190# define BASE_STD 0
191# define BASE_DEF 1
192#else
193# define NR_BASES 1
194# define BASE_STD 0
195# define BASE_DEF 0
196#endif
197
198struct timer_base {
199 raw_spinlock_t lock;
200 struct timer_list *running_timer;
201#ifdef CONFIG_PREEMPT_RT
202 spinlock_t expiry_lock;
203 atomic_t timer_waiters;
204#endif
205 unsigned long clk;
206 unsigned long next_expiry;
207 unsigned int cpu;
208 bool next_expiry_recalc;
209 bool is_idle;
210 bool timers_pending;
211 DECLARE_BITMAP(pending_map, WHEEL_SIZE);
212 struct hlist_head vectors[WHEEL_SIZE];
213} ____cacheline_aligned;
214
215static DEFINE_PER_CPU(struct timer_base, timer_bases[NR_BASES]);
216
217#ifdef CONFIG_NO_HZ_COMMON
218
219static DEFINE_STATIC_KEY_FALSE(timers_nohz_active);
220static DEFINE_MUTEX(timer_keys_mutex);
221
222static void timer_update_keys(struct work_struct *work);
223static DECLARE_WORK(timer_update_work, timer_update_keys);
224
225#ifdef CONFIG_SMP
226unsigned int sysctl_timer_migration = 1;
227
228DEFINE_STATIC_KEY_FALSE(timers_migration_enabled);
229
230static void timers_update_migration(void)
231{
232 if (sysctl_timer_migration && tick_nohz_active)
233 static_branch_enable(&timers_migration_enabled);
234 else
235 static_branch_disable(&timers_migration_enabled);
236}
237#else
238static inline void timers_update_migration(void) { }
239#endif /* !CONFIG_SMP */
240
241static void timer_update_keys(struct work_struct *work)
242{
243 mutex_lock(&timer_keys_mutex);
244 timers_update_migration();
245 static_branch_enable(&timers_nohz_active);
246 mutex_unlock(&timer_keys_mutex);
247}
248
249void timers_update_nohz(void)
250{
251 schedule_work(&timer_update_work);
252}
253
254int timer_migration_handler(struct ctl_table *table, int write,
255 void *buffer, size_t *lenp, loff_t *ppos)
256{
257 int ret;
258
259 mutex_lock(&timer_keys_mutex);
260 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
261 if (!ret && write)
262 timers_update_migration();
263 mutex_unlock(&timer_keys_mutex);
264 return ret;
265}
266
267static inline bool is_timers_nohz_active(void)
268{
269 return static_branch_unlikely(&timers_nohz_active);
270}
271#else
272static inline bool is_timers_nohz_active(void) { return false; }
273#endif /* NO_HZ_COMMON */
274
275static unsigned long round_jiffies_common(unsigned long j, int cpu,
276 bool force_up)
277{
278 int rem;
279 unsigned long original = j;
280
281 /*
282 * We don't want all cpus firing their timers at once hitting the
283 * same lock or cachelines, so we skew each extra cpu with an extra
284 * 3 jiffies. This 3 jiffies came originally from the mm/ code which
285 * already did this.
286 * The skew is done by adding 3*cpunr, then round, then subtract this
287 * extra offset again.
288 */
289 j += cpu * 3;
290
291 rem = j % HZ;
292
293 /*
294 * If the target jiffie is just after a whole second (which can happen
295 * due to delays of the timer irq, long irq off times etc etc) then
296 * we should round down to the whole second, not up. Use 1/4th second
297 * as cutoff for this rounding as an extreme upper bound for this.
298 * But never round down if @force_up is set.
299 */
300 if (rem < HZ/4 && !force_up) /* round down */
301 j = j - rem;
302 else /* round up */
303 j = j - rem + HZ;
304
305 /* now that we have rounded, subtract the extra skew again */
306 j -= cpu * 3;
307
308 /*
309 * Make sure j is still in the future. Otherwise return the
310 * unmodified value.
311 */
312 return time_is_after_jiffies(j) ? j : original;
313}
314
315/**
316 * __round_jiffies - function to round jiffies to a full second
317 * @j: the time in (absolute) jiffies that should be rounded
318 * @cpu: the processor number on which the timeout will happen
319 *
320 * __round_jiffies() rounds an absolute time in the future (in jiffies)
321 * up or down to (approximately) full seconds. This is useful for timers
322 * for which the exact time they fire does not matter too much, as long as
323 * they fire approximately every X seconds.
324 *
325 * By rounding these timers to whole seconds, all such timers will fire
326 * at the same time, rather than at various times spread out. The goal
327 * of this is to have the CPU wake up less, which saves power.
328 *
329 * The exact rounding is skewed for each processor to avoid all
330 * processors firing at the exact same time, which could lead
331 * to lock contention or spurious cache line bouncing.
332 *
333 * The return value is the rounded version of the @j parameter.
334 */
335unsigned long __round_jiffies(unsigned long j, int cpu)
336{
337 return round_jiffies_common(j, cpu, false);
338}
339EXPORT_SYMBOL_GPL(__round_jiffies);
340
341/**
342 * __round_jiffies_relative - function to round jiffies to a full second
343 * @j: the time in (relative) jiffies that should be rounded
344 * @cpu: the processor number on which the timeout will happen
345 *
346 * __round_jiffies_relative() rounds a time delta in the future (in jiffies)
347 * up or down to (approximately) full seconds. This is useful for timers
348 * for which the exact time they fire does not matter too much, as long as
349 * they fire approximately every X seconds.
350 *
351 * By rounding these timers to whole seconds, all such timers will fire
352 * at the same time, rather than at various times spread out. The goal
353 * of this is to have the CPU wake up less, which saves power.
354 *
355 * The exact rounding is skewed for each processor to avoid all
356 * processors firing at the exact same time, which could lead
357 * to lock contention or spurious cache line bouncing.
358 *
359 * The return value is the rounded version of the @j parameter.
360 */
361unsigned long __round_jiffies_relative(unsigned long j, int cpu)
362{
363 unsigned long j0 = jiffies;
364
365 /* Use j0 because jiffies might change while we run */
366 return round_jiffies_common(j + j0, cpu, false) - j0;
367}
368EXPORT_SYMBOL_GPL(__round_jiffies_relative);
369
370/**
371 * round_jiffies - function to round jiffies to a full second
372 * @j: the time in (absolute) jiffies that should be rounded
373 *
374 * round_jiffies() rounds an absolute time in the future (in jiffies)
375 * up or down to (approximately) full seconds. This is useful for timers
376 * for which the exact time they fire does not matter too much, as long as
377 * they fire approximately every X seconds.
378 *
379 * By rounding these timers to whole seconds, all such timers will fire
380 * at the same time, rather than at various times spread out. The goal
381 * of this is to have the CPU wake up less, which saves power.
382 *
383 * The return value is the rounded version of the @j parameter.
384 */
385unsigned long round_jiffies(unsigned long j)
386{
387 return round_jiffies_common(j, raw_smp_processor_id(), false);
388}
389EXPORT_SYMBOL_GPL(round_jiffies);
390
391/**
392 * round_jiffies_relative - function to round jiffies to a full second
393 * @j: the time in (relative) jiffies that should be rounded
394 *
395 * round_jiffies_relative() rounds a time delta in the future (in jiffies)
396 * up or down to (approximately) full seconds. This is useful for timers
397 * for which the exact time they fire does not matter too much, as long as
398 * they fire approximately every X seconds.
399 *
400 * By rounding these timers to whole seconds, all such timers will fire
401 * at the same time, rather than at various times spread out. The goal
402 * of this is to have the CPU wake up less, which saves power.
403 *
404 * The return value is the rounded version of the @j parameter.
405 */
406unsigned long round_jiffies_relative(unsigned long j)
407{
408 return __round_jiffies_relative(j, raw_smp_processor_id());
409}
410EXPORT_SYMBOL_GPL(round_jiffies_relative);
411
412/**
413 * __round_jiffies_up - function to round jiffies up to a full second
414 * @j: the time in (absolute) jiffies that should be rounded
415 * @cpu: the processor number on which the timeout will happen
416 *
417 * This is the same as __round_jiffies() except that it will never
418 * round down. This is useful for timeouts for which the exact time
419 * of firing does not matter too much, as long as they don't fire too
420 * early.
421 */
422unsigned long __round_jiffies_up(unsigned long j, int cpu)
423{
424 return round_jiffies_common(j, cpu, true);
425}
426EXPORT_SYMBOL_GPL(__round_jiffies_up);
427
428/**
429 * __round_jiffies_up_relative - function to round jiffies up to a full second
430 * @j: the time in (relative) jiffies that should be rounded
431 * @cpu: the processor number on which the timeout will happen
432 *
433 * This is the same as __round_jiffies_relative() except that it will never
434 * round down. This is useful for timeouts for which the exact time
435 * of firing does not matter too much, as long as they don't fire too
436 * early.
437 */
438unsigned long __round_jiffies_up_relative(unsigned long j, int cpu)
439{
440 unsigned long j0 = jiffies;
441
442 /* Use j0 because jiffies might change while we run */
443 return round_jiffies_common(j + j0, cpu, true) - j0;
444}
445EXPORT_SYMBOL_GPL(__round_jiffies_up_relative);
446
447/**
448 * round_jiffies_up - function to round jiffies up to a full second
449 * @j: the time in (absolute) jiffies that should be rounded
450 *
451 * This is the same as round_jiffies() except that it will never
452 * round down. This is useful for timeouts for which the exact time
453 * of firing does not matter too much, as long as they don't fire too
454 * early.
455 */
456unsigned long round_jiffies_up(unsigned long j)
457{
458 return round_jiffies_common(j, raw_smp_processor_id(), true);
459}
460EXPORT_SYMBOL_GPL(round_jiffies_up);
461
462/**
463 * round_jiffies_up_relative - function to round jiffies up to a full second
464 * @j: the time in (relative) jiffies that should be rounded
465 *
466 * This is the same as round_jiffies_relative() except that it will never
467 * round down. This is useful for timeouts for which the exact time
468 * of firing does not matter too much, as long as they don't fire too
469 * early.
470 */
471unsigned long round_jiffies_up_relative(unsigned long j)
472{
473 return __round_jiffies_up_relative(j, raw_smp_processor_id());
474}
475EXPORT_SYMBOL_GPL(round_jiffies_up_relative);
476
477
478static inline unsigned int timer_get_idx(struct timer_list *timer)
479{
480 return (timer->flags & TIMER_ARRAYMASK) >> TIMER_ARRAYSHIFT;
481}
482
483static inline void timer_set_idx(struct timer_list *timer, unsigned int idx)
484{
485 timer->flags = (timer->flags & ~TIMER_ARRAYMASK) |
486 idx << TIMER_ARRAYSHIFT;
487}
488
489/*
490 * Helper function to calculate the array index for a given expiry
491 * time.
492 */
493static inline unsigned calc_index(unsigned long expires, unsigned lvl,
494 unsigned long *bucket_expiry)
495{
496
497 /*
498 * The timer wheel has to guarantee that a timer does not fire
499 * early. Early expiry can happen due to:
500 * - Timer is armed at the edge of a tick
501 * - Truncation of the expiry time in the outer wheel levels
502 *
503 * Round up with level granularity to prevent this.
504 */
505 expires = (expires + LVL_GRAN(lvl)) >> LVL_SHIFT(lvl);
506 *bucket_expiry = expires << LVL_SHIFT(lvl);
507 return LVL_OFFS(lvl) + (expires & LVL_MASK);
508}
509
510static int calc_wheel_index(unsigned long expires, unsigned long clk,
511 unsigned long *bucket_expiry)
512{
513 unsigned long delta = expires - clk;
514 unsigned int idx;
515
516 if (delta < LVL_START(1)) {
517 idx = calc_index(expires, 0, bucket_expiry);
518 } else if (delta < LVL_START(2)) {
519 idx = calc_index(expires, 1, bucket_expiry);
520 } else if (delta < LVL_START(3)) {
521 idx = calc_index(expires, 2, bucket_expiry);
522 } else if (delta < LVL_START(4)) {
523 idx = calc_index(expires, 3, bucket_expiry);
524 } else if (delta < LVL_START(5)) {
525 idx = calc_index(expires, 4, bucket_expiry);
526 } else if (delta < LVL_START(6)) {
527 idx = calc_index(expires, 5, bucket_expiry);
528 } else if (delta < LVL_START(7)) {
529 idx = calc_index(expires, 6, bucket_expiry);
530 } else if (LVL_DEPTH > 8 && delta < LVL_START(8)) {
531 idx = calc_index(expires, 7, bucket_expiry);
532 } else if ((long) delta < 0) {
533 idx = clk & LVL_MASK;
534 *bucket_expiry = clk;
535 } else {
536 /*
537 * Force expire obscene large timeouts to expire at the
538 * capacity limit of the wheel.
539 */
540 if (delta >= WHEEL_TIMEOUT_CUTOFF)
541 expires = clk + WHEEL_TIMEOUT_MAX;
542
543 idx = calc_index(expires, LVL_DEPTH - 1, bucket_expiry);
544 }
545 return idx;
546}
547
548static void
549trigger_dyntick_cpu(struct timer_base *base, struct timer_list *timer)
550{
551 if (!is_timers_nohz_active())
552 return;
553
554 /*
555 * TODO: This wants some optimizing similar to the code below, but we
556 * will do that when we switch from push to pull for deferrable timers.
557 */
558 if (timer->flags & TIMER_DEFERRABLE) {
559 if (tick_nohz_full_cpu(base->cpu))
560 wake_up_nohz_cpu(base->cpu);
561 return;
562 }
563
564 /*
565 * We might have to IPI the remote CPU if the base is idle and the
566 * timer is not deferrable. If the other CPU is on the way to idle
567 * then it can't set base->is_idle as we hold the base lock:
568 */
569 if (base->is_idle)
570 wake_up_nohz_cpu(base->cpu);
571}
572
573/*
574 * Enqueue the timer into the hash bucket, mark it pending in
575 * the bitmap, store the index in the timer flags then wake up
576 * the target CPU if needed.
577 */
578static void enqueue_timer(struct timer_base *base, struct timer_list *timer,
579 unsigned int idx, unsigned long bucket_expiry)
580{
581
582 hlist_add_head(&timer->entry, base->vectors + idx);
583 __set_bit(idx, base->pending_map);
584 timer_set_idx(timer, idx);
585
586 trace_timer_start(timer, timer->expires, timer->flags);
587
588 /*
589 * Check whether this is the new first expiring timer. The
590 * effective expiry time of the timer is required here
591 * (bucket_expiry) instead of timer->expires.
592 */
593 if (time_before(bucket_expiry, base->next_expiry)) {
594 /*
595 * Set the next expiry time and kick the CPU so it
596 * can reevaluate the wheel:
597 */
598 base->next_expiry = bucket_expiry;
599 base->timers_pending = true;
600 base->next_expiry_recalc = false;
601 trigger_dyntick_cpu(base, timer);
602 }
603}
604
605static void internal_add_timer(struct timer_base *base, struct timer_list *timer)
606{
607 unsigned long bucket_expiry;
608 unsigned int idx;
609
610 idx = calc_wheel_index(timer->expires, base->clk, &bucket_expiry);
611 enqueue_timer(base, timer, idx, bucket_expiry);
612}
613
614#ifdef CONFIG_DEBUG_OBJECTS_TIMERS
615
616static const struct debug_obj_descr timer_debug_descr;
617
618static void *timer_debug_hint(void *addr)
619{
620 return ((struct timer_list *) addr)->function;
621}
622
623static bool timer_is_static_object(void *addr)
624{
625 struct timer_list *timer = addr;
626
627 return (timer->entry.pprev == NULL &&
628 timer->entry.next == TIMER_ENTRY_STATIC);
629}
630
631/*
632 * fixup_init is called when:
633 * - an active object is initialized
634 */
635static bool timer_fixup_init(void *addr, enum debug_obj_state state)
636{
637 struct timer_list *timer = addr;
638
639 switch (state) {
640 case ODEBUG_STATE_ACTIVE:
641 del_timer_sync(timer);
642 debug_object_init(timer, &timer_debug_descr);
643 return true;
644 default:
645 return false;
646 }
647}
648
649/* Stub timer callback for improperly used timers. */
650static void stub_timer(struct timer_list *unused)
651{
652 WARN_ON(1);
653}
654
655/*
656 * fixup_activate is called when:
657 * - an active object is activated
658 * - an unknown non-static object is activated
659 */
660static bool timer_fixup_activate(void *addr, enum debug_obj_state state)
661{
662 struct timer_list *timer = addr;
663
664 switch (state) {
665 case ODEBUG_STATE_NOTAVAILABLE:
666 timer_setup(timer, stub_timer, 0);
667 return true;
668
669 case ODEBUG_STATE_ACTIVE:
670 WARN_ON(1);
671 fallthrough;
672 default:
673 return false;
674 }
675}
676
677/*
678 * fixup_free is called when:
679 * - an active object is freed
680 */
681static bool timer_fixup_free(void *addr, enum debug_obj_state state)
682{
683 struct timer_list *timer = addr;
684
685 switch (state) {
686 case ODEBUG_STATE_ACTIVE:
687 del_timer_sync(timer);
688 debug_object_free(timer, &timer_debug_descr);
689 return true;
690 default:
691 return false;
692 }
693}
694
695/*
696 * fixup_assert_init is called when:
697 * - an untracked/uninit-ed object is found
698 */
699static bool timer_fixup_assert_init(void *addr, enum debug_obj_state state)
700{
701 struct timer_list *timer = addr;
702
703 switch (state) {
704 case ODEBUG_STATE_NOTAVAILABLE:
705 timer_setup(timer, stub_timer, 0);
706 return true;
707 default:
708 return false;
709 }
710}
711
712static const struct debug_obj_descr timer_debug_descr = {
713 .name = "timer_list",
714 .debug_hint = timer_debug_hint,
715 .is_static_object = timer_is_static_object,
716 .fixup_init = timer_fixup_init,
717 .fixup_activate = timer_fixup_activate,
718 .fixup_free = timer_fixup_free,
719 .fixup_assert_init = timer_fixup_assert_init,
720};
721
722static inline void debug_timer_init(struct timer_list *timer)
723{
724 debug_object_init(timer, &timer_debug_descr);
725}
726
727static inline void debug_timer_activate(struct timer_list *timer)
728{
729 debug_object_activate(timer, &timer_debug_descr);
730}
731
732static inline void debug_timer_deactivate(struct timer_list *timer)
733{
734 debug_object_deactivate(timer, &timer_debug_descr);
735}
736
737static inline void debug_timer_assert_init(struct timer_list *timer)
738{
739 debug_object_assert_init(timer, &timer_debug_descr);
740}
741
742static void do_init_timer(struct timer_list *timer,
743 void (*func)(struct timer_list *),
744 unsigned int flags,
745 const char *name, struct lock_class_key *key);
746
747void init_timer_on_stack_key(struct timer_list *timer,
748 void (*func)(struct timer_list *),
749 unsigned int flags,
750 const char *name, struct lock_class_key *key)
751{
752 debug_object_init_on_stack(timer, &timer_debug_descr);
753 do_init_timer(timer, func, flags, name, key);
754}
755EXPORT_SYMBOL_GPL(init_timer_on_stack_key);
756
757void destroy_timer_on_stack(struct timer_list *timer)
758{
759 debug_object_free(timer, &timer_debug_descr);
760}
761EXPORT_SYMBOL_GPL(destroy_timer_on_stack);
762
763#else
764static inline void debug_timer_init(struct timer_list *timer) { }
765static inline void debug_timer_activate(struct timer_list *timer) { }
766static inline void debug_timer_deactivate(struct timer_list *timer) { }
767static inline void debug_timer_assert_init(struct timer_list *timer) { }
768#endif
769
770static inline void debug_init(struct timer_list *timer)
771{
772 debug_timer_init(timer);
773 trace_timer_init(timer);
774}
775
776static inline void debug_deactivate(struct timer_list *timer)
777{
778 debug_timer_deactivate(timer);
779 trace_timer_cancel(timer);
780}
781
782static inline void debug_assert_init(struct timer_list *timer)
783{
784 debug_timer_assert_init(timer);
785}
786
787static void do_init_timer(struct timer_list *timer,
788 void (*func)(struct timer_list *),
789 unsigned int flags,
790 const char *name, struct lock_class_key *key)
791{
792 timer->entry.pprev = NULL;
793 timer->function = func;
794 if (WARN_ON_ONCE(flags & ~TIMER_INIT_FLAGS))
795 flags &= TIMER_INIT_FLAGS;
796 timer->flags = flags | raw_smp_processor_id();
797 lockdep_init_map(&timer->lockdep_map, name, key, 0);
798}
799
800/**
801 * init_timer_key - initialize a timer
802 * @timer: the timer to be initialized
803 * @func: timer callback function
804 * @flags: timer flags
805 * @name: name of the timer
806 * @key: lockdep class key of the fake lock used for tracking timer
807 * sync lock dependencies
808 *
809 * init_timer_key() must be done to a timer prior calling *any* of the
810 * other timer functions.
811 */
812void init_timer_key(struct timer_list *timer,
813 void (*func)(struct timer_list *), unsigned int flags,
814 const char *name, struct lock_class_key *key)
815{
816 debug_init(timer);
817 do_init_timer(timer, func, flags, name, key);
818}
819EXPORT_SYMBOL(init_timer_key);
820
821static inline void detach_timer(struct timer_list *timer, bool clear_pending)
822{
823 struct hlist_node *entry = &timer->entry;
824
825 debug_deactivate(timer);
826
827 __hlist_del(entry);
828 if (clear_pending)
829 entry->pprev = NULL;
830 entry->next = LIST_POISON2;
831}
832
833static int detach_if_pending(struct timer_list *timer, struct timer_base *base,
834 bool clear_pending)
835{
836 unsigned idx = timer_get_idx(timer);
837
838 if (!timer_pending(timer))
839 return 0;
840
841 if (hlist_is_singular_node(&timer->entry, base->vectors + idx)) {
842 __clear_bit(idx, base->pending_map);
843 base->next_expiry_recalc = true;
844 }
845
846 detach_timer(timer, clear_pending);
847 return 1;
848}
849
850static inline struct timer_base *get_timer_cpu_base(u32 tflags, u32 cpu)
851{
852 struct timer_base *base = per_cpu_ptr(&timer_bases[BASE_STD], cpu);
853
854 /*
855 * If the timer is deferrable and NO_HZ_COMMON is set then we need
856 * to use the deferrable base.
857 */
858 if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE))
859 base = per_cpu_ptr(&timer_bases[BASE_DEF], cpu);
860 return base;
861}
862
863static inline struct timer_base *get_timer_this_cpu_base(u32 tflags)
864{
865 struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
866
867 /*
868 * If the timer is deferrable and NO_HZ_COMMON is set then we need
869 * to use the deferrable base.
870 */
871 if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE))
872 base = this_cpu_ptr(&timer_bases[BASE_DEF]);
873 return base;
874}
875
876static inline struct timer_base *get_timer_base(u32 tflags)
877{
878 return get_timer_cpu_base(tflags, tflags & TIMER_CPUMASK);
879}
880
881static inline struct timer_base *
882get_target_base(struct timer_base *base, unsigned tflags)
883{
884#if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON)
885 if (static_branch_likely(&timers_migration_enabled) &&
886 !(tflags & TIMER_PINNED))
887 return get_timer_cpu_base(tflags, get_nohz_timer_target());
888#endif
889 return get_timer_this_cpu_base(tflags);
890}
891
892static inline void forward_timer_base(struct timer_base *base)
893{
894 unsigned long jnow = READ_ONCE(jiffies);
895
896 /*
897 * No need to forward if we are close enough below jiffies.
898 * Also while executing timers, base->clk is 1 offset ahead
899 * of jiffies to avoid endless requeuing to current jiffies.
900 */
901 if ((long)(jnow - base->clk) < 1)
902 return;
903
904 /*
905 * If the next expiry value is > jiffies, then we fast forward to
906 * jiffies otherwise we forward to the next expiry value.
907 */
908 if (time_after(base->next_expiry, jnow)) {
909 base->clk = jnow;
910 } else {
911 if (WARN_ON_ONCE(time_before(base->next_expiry, base->clk)))
912 return;
913 base->clk = base->next_expiry;
914 }
915}
916
917
918/*
919 * We are using hashed locking: Holding per_cpu(timer_bases[x]).lock means
920 * that all timers which are tied to this base are locked, and the base itself
921 * is locked too.
922 *
923 * So __run_timers/migrate_timers can safely modify all timers which could
924 * be found in the base->vectors array.
925 *
926 * When a timer is migrating then the TIMER_MIGRATING flag is set and we need
927 * to wait until the migration is done.
928 */
929static struct timer_base *lock_timer_base(struct timer_list *timer,
930 unsigned long *flags)
931 __acquires(timer->base->lock)
932{
933 for (;;) {
934 struct timer_base *base;
935 u32 tf;
936
937 /*
938 * We need to use READ_ONCE() here, otherwise the compiler
939 * might re-read @tf between the check for TIMER_MIGRATING
940 * and spin_lock().
941 */
942 tf = READ_ONCE(timer->flags);
943
944 if (!(tf & TIMER_MIGRATING)) {
945 base = get_timer_base(tf);
946 raw_spin_lock_irqsave(&base->lock, *flags);
947 if (timer->flags == tf)
948 return base;
949 raw_spin_unlock_irqrestore(&base->lock, *flags);
950 }
951 cpu_relax();
952 }
953}
954
955#define MOD_TIMER_PENDING_ONLY 0x01
956#define MOD_TIMER_REDUCE 0x02
957#define MOD_TIMER_NOTPENDING 0x04
958
959static inline int
960__mod_timer(struct timer_list *timer, unsigned long expires, unsigned int options)
961{
962 unsigned long clk = 0, flags, bucket_expiry;
963 struct timer_base *base, *new_base;
964 unsigned int idx = UINT_MAX;
965 int ret = 0;
966
967 BUG_ON(!timer->function);
968
969 /*
970 * This is a common optimization triggered by the networking code - if
971 * the timer is re-modified to have the same timeout or ends up in the
972 * same array bucket then just return:
973 */
974 if (!(options & MOD_TIMER_NOTPENDING) && timer_pending(timer)) {
975 /*
976 * The downside of this optimization is that it can result in
977 * larger granularity than you would get from adding a new
978 * timer with this expiry.
979 */
980 long diff = timer->expires - expires;
981
982 if (!diff)
983 return 1;
984 if (options & MOD_TIMER_REDUCE && diff <= 0)
985 return 1;
986
987 /*
988 * We lock timer base and calculate the bucket index right
989 * here. If the timer ends up in the same bucket, then we
990 * just update the expiry time and avoid the whole
991 * dequeue/enqueue dance.
992 */
993 base = lock_timer_base(timer, &flags);
994 forward_timer_base(base);
995
996 if (timer_pending(timer) && (options & MOD_TIMER_REDUCE) &&
997 time_before_eq(timer->expires, expires)) {
998 ret = 1;
999 goto out_unlock;
1000 }
1001
1002 clk = base->clk;
1003 idx = calc_wheel_index(expires, clk, &bucket_expiry);
1004
1005 /*
1006 * Retrieve and compare the array index of the pending
1007 * timer. If it matches set the expiry to the new value so a
1008 * subsequent call will exit in the expires check above.
1009 */
1010 if (idx == timer_get_idx(timer)) {
1011 if (!(options & MOD_TIMER_REDUCE))
1012 timer->expires = expires;
1013 else if (time_after(timer->expires, expires))
1014 timer->expires = expires;
1015 ret = 1;
1016 goto out_unlock;
1017 }
1018 } else {
1019 base = lock_timer_base(timer, &flags);
1020 forward_timer_base(base);
1021 }
1022
1023 ret = detach_if_pending(timer, base, false);
1024 if (!ret && (options & MOD_TIMER_PENDING_ONLY))
1025 goto out_unlock;
1026
1027 new_base = get_target_base(base, timer->flags);
1028
1029 if (base != new_base) {
1030 /*
1031 * We are trying to schedule the timer on the new base.
1032 * However we can't change timer's base while it is running,
1033 * otherwise del_timer_sync() can't detect that the timer's
1034 * handler yet has not finished. This also guarantees that the
1035 * timer is serialized wrt itself.
1036 */
1037 if (likely(base->running_timer != timer)) {
1038 /* See the comment in lock_timer_base() */
1039 timer->flags |= TIMER_MIGRATING;
1040
1041 raw_spin_unlock(&base->lock);
1042 base = new_base;
1043 raw_spin_lock(&base->lock);
1044 WRITE_ONCE(timer->flags,
1045 (timer->flags & ~TIMER_BASEMASK) | base->cpu);
1046 forward_timer_base(base);
1047 }
1048 }
1049
1050 debug_timer_activate(timer);
1051
1052 timer->expires = expires;
1053 /*
1054 * If 'idx' was calculated above and the base time did not advance
1055 * between calculating 'idx' and possibly switching the base, only
1056 * enqueue_timer() is required. Otherwise we need to (re)calculate
1057 * the wheel index via internal_add_timer().
1058 */
1059 if (idx != UINT_MAX && clk == base->clk)
1060 enqueue_timer(base, timer, idx, bucket_expiry);
1061 else
1062 internal_add_timer(base, timer);
1063
1064out_unlock:
1065 raw_spin_unlock_irqrestore(&base->lock, flags);
1066
1067 return ret;
1068}
1069
1070/**
1071 * mod_timer_pending - modify a pending timer's timeout
1072 * @timer: the pending timer to be modified
1073 * @expires: new timeout in jiffies
1074 *
1075 * mod_timer_pending() is the same for pending timers as mod_timer(),
1076 * but will not re-activate and modify already deleted timers.
1077 *
1078 * It is useful for unserialized use of timers.
1079 */
1080int mod_timer_pending(struct timer_list *timer, unsigned long expires)
1081{
1082 return __mod_timer(timer, expires, MOD_TIMER_PENDING_ONLY);
1083}
1084EXPORT_SYMBOL(mod_timer_pending);
1085
1086/**
1087 * mod_timer - modify a timer's timeout
1088 * @timer: the timer to be modified
1089 * @expires: new timeout in jiffies
1090 *
1091 * mod_timer() is a more efficient way to update the expire field of an
1092 * active timer (if the timer is inactive it will be activated)
1093 *
1094 * mod_timer(timer, expires) is equivalent to:
1095 *
1096 * del_timer(timer); timer->expires = expires; add_timer(timer);
1097 *
1098 * Note that if there are multiple unserialized concurrent users of the
1099 * same timer, then mod_timer() is the only safe way to modify the timeout,
1100 * since add_timer() cannot modify an already running timer.
1101 *
1102 * The function returns whether it has modified a pending timer or not.
1103 * (ie. mod_timer() of an inactive timer returns 0, mod_timer() of an
1104 * active timer returns 1.)
1105 */
1106int mod_timer(struct timer_list *timer, unsigned long expires)
1107{
1108 return __mod_timer(timer, expires, 0);
1109}
1110EXPORT_SYMBOL(mod_timer);
1111
1112/**
1113 * timer_reduce - Modify a timer's timeout if it would reduce the timeout
1114 * @timer: The timer to be modified
1115 * @expires: New timeout in jiffies
1116 *
1117 * timer_reduce() is very similar to mod_timer(), except that it will only
1118 * modify a running timer if that would reduce the expiration time (it will
1119 * start a timer that isn't running).
1120 */
1121int timer_reduce(struct timer_list *timer, unsigned long expires)
1122{
1123 return __mod_timer(timer, expires, MOD_TIMER_REDUCE);
1124}
1125EXPORT_SYMBOL(timer_reduce);
1126
1127/**
1128 * add_timer - start a timer
1129 * @timer: the timer to be added
1130 *
1131 * The kernel will do a ->function(@timer) callback from the
1132 * timer interrupt at the ->expires point in the future. The
1133 * current time is 'jiffies'.
1134 *
1135 * The timer's ->expires, ->function fields must be set prior calling this
1136 * function.
1137 *
1138 * Timers with an ->expires field in the past will be executed in the next
1139 * timer tick.
1140 */
1141void add_timer(struct timer_list *timer)
1142{
1143 BUG_ON(timer_pending(timer));
1144 __mod_timer(timer, timer->expires, MOD_TIMER_NOTPENDING);
1145}
1146EXPORT_SYMBOL(add_timer);
1147
1148/**
1149 * add_timer_on - start a timer on a particular CPU
1150 * @timer: the timer to be added
1151 * @cpu: the CPU to start it on
1152 *
1153 * This is not very scalable on SMP. Double adds are not possible.
1154 */
1155void add_timer_on(struct timer_list *timer, int cpu)
1156{
1157 struct timer_base *new_base, *base;
1158 unsigned long flags;
1159
1160 BUG_ON(timer_pending(timer) || !timer->function);
1161
1162 new_base = get_timer_cpu_base(timer->flags, cpu);
1163
1164 /*
1165 * If @timer was on a different CPU, it should be migrated with the
1166 * old base locked to prevent other operations proceeding with the
1167 * wrong base locked. See lock_timer_base().
1168 */
1169 base = lock_timer_base(timer, &flags);
1170 if (base != new_base) {
1171 timer->flags |= TIMER_MIGRATING;
1172
1173 raw_spin_unlock(&base->lock);
1174 base = new_base;
1175 raw_spin_lock(&base->lock);
1176 WRITE_ONCE(timer->flags,
1177 (timer->flags & ~TIMER_BASEMASK) | cpu);
1178 }
1179 forward_timer_base(base);
1180
1181 debug_timer_activate(timer);
1182 internal_add_timer(base, timer);
1183 raw_spin_unlock_irqrestore(&base->lock, flags);
1184}
1185EXPORT_SYMBOL_GPL(add_timer_on);
1186
1187/**
1188 * del_timer - deactivate a timer.
1189 * @timer: the timer to be deactivated
1190 *
1191 * del_timer() deactivates a timer - this works on both active and inactive
1192 * timers.
1193 *
1194 * The function returns whether it has deactivated a pending timer or not.
1195 * (ie. del_timer() of an inactive timer returns 0, del_timer() of an
1196 * active timer returns 1.)
1197 */
1198int del_timer(struct timer_list *timer)
1199{
1200 struct timer_base *base;
1201 unsigned long flags;
1202 int ret = 0;
1203
1204 debug_assert_init(timer);
1205
1206 if (timer_pending(timer)) {
1207 base = lock_timer_base(timer, &flags);
1208 ret = detach_if_pending(timer, base, true);
1209 raw_spin_unlock_irqrestore(&base->lock, flags);
1210 }
1211
1212 return ret;
1213}
1214EXPORT_SYMBOL(del_timer);
1215
1216/**
1217 * try_to_del_timer_sync - Try to deactivate a timer
1218 * @timer: timer to delete
1219 *
1220 * This function tries to deactivate a timer. Upon successful (ret >= 0)
1221 * exit the timer is not queued and the handler is not running on any CPU.
1222 */
1223int try_to_del_timer_sync(struct timer_list *timer)
1224{
1225 struct timer_base *base;
1226 unsigned long flags;
1227 int ret = -1;
1228
1229 debug_assert_init(timer);
1230
1231 base = lock_timer_base(timer, &flags);
1232
1233 if (base->running_timer != timer)
1234 ret = detach_if_pending(timer, base, true);
1235
1236 raw_spin_unlock_irqrestore(&base->lock, flags);
1237
1238 return ret;
1239}
1240EXPORT_SYMBOL(try_to_del_timer_sync);
1241
1242#ifdef CONFIG_PREEMPT_RT
1243static __init void timer_base_init_expiry_lock(struct timer_base *base)
1244{
1245 spin_lock_init(&base->expiry_lock);
1246}
1247
1248static inline void timer_base_lock_expiry(struct timer_base *base)
1249{
1250 spin_lock(&base->expiry_lock);
1251}
1252
1253static inline void timer_base_unlock_expiry(struct timer_base *base)
1254{
1255 spin_unlock(&base->expiry_lock);
1256}
1257
1258/*
1259 * The counterpart to del_timer_wait_running().
1260 *
1261 * If there is a waiter for base->expiry_lock, then it was waiting for the
1262 * timer callback to finish. Drop expiry_lock and reacquire it. That allows
1263 * the waiter to acquire the lock and make progress.
1264 */
1265static void timer_sync_wait_running(struct timer_base *base)
1266{
1267 if (atomic_read(&base->timer_waiters)) {
1268 raw_spin_unlock_irq(&base->lock);
1269 spin_unlock(&base->expiry_lock);
1270 spin_lock(&base->expiry_lock);
1271 raw_spin_lock_irq(&base->lock);
1272 }
1273}
1274
1275/*
1276 * This function is called on PREEMPT_RT kernels when the fast path
1277 * deletion of a timer failed because the timer callback function was
1278 * running.
1279 *
1280 * This prevents priority inversion, if the softirq thread on a remote CPU
1281 * got preempted, and it prevents a life lock when the task which tries to
1282 * delete a timer preempted the softirq thread running the timer callback
1283 * function.
1284 */
1285static void del_timer_wait_running(struct timer_list *timer)
1286{
1287 u32 tf;
1288
1289 tf = READ_ONCE(timer->flags);
1290 if (!(tf & (TIMER_MIGRATING | TIMER_IRQSAFE))) {
1291 struct timer_base *base = get_timer_base(tf);
1292
1293 /*
1294 * Mark the base as contended and grab the expiry lock,
1295 * which is held by the softirq across the timer
1296 * callback. Drop the lock immediately so the softirq can
1297 * expire the next timer. In theory the timer could already
1298 * be running again, but that's more than unlikely and just
1299 * causes another wait loop.
1300 */
1301 atomic_inc(&base->timer_waiters);
1302 spin_lock_bh(&base->expiry_lock);
1303 atomic_dec(&base->timer_waiters);
1304 spin_unlock_bh(&base->expiry_lock);
1305 }
1306}
1307#else
1308static inline void timer_base_init_expiry_lock(struct timer_base *base) { }
1309static inline void timer_base_lock_expiry(struct timer_base *base) { }
1310static inline void timer_base_unlock_expiry(struct timer_base *base) { }
1311static inline void timer_sync_wait_running(struct timer_base *base) { }
1312static inline void del_timer_wait_running(struct timer_list *timer) { }
1313#endif
1314
1315#if defined(CONFIG_SMP) || defined(CONFIG_PREEMPT_RT)
1316/**
1317 * del_timer_sync - deactivate a timer and wait for the handler to finish.
1318 * @timer: the timer to be deactivated
1319 *
1320 * This function only differs from del_timer() on SMP: besides deactivating
1321 * the timer it also makes sure the handler has finished executing on other
1322 * CPUs.
1323 *
1324 * Synchronization rules: Callers must prevent restarting of the timer,
1325 * otherwise this function is meaningless. It must not be called from
1326 * interrupt contexts unless the timer is an irqsafe one. The caller must
1327 * not hold locks which would prevent completion of the timer's
1328 * handler. The timer's handler must not call add_timer_on(). Upon exit the
1329 * timer is not queued and the handler is not running on any CPU.
1330 *
1331 * Note: For !irqsafe timers, you must not hold locks that are held in
1332 * interrupt context while calling this function. Even if the lock has
1333 * nothing to do with the timer in question. Here's why::
1334 *
1335 * CPU0 CPU1
1336 * ---- ----
1337 * <SOFTIRQ>
1338 * call_timer_fn();
1339 * base->running_timer = mytimer;
1340 * spin_lock_irq(somelock);
1341 * <IRQ>
1342 * spin_lock(somelock);
1343 * del_timer_sync(mytimer);
1344 * while (base->running_timer == mytimer);
1345 *
1346 * Now del_timer_sync() will never return and never release somelock.
1347 * The interrupt on the other CPU is waiting to grab somelock but
1348 * it has interrupted the softirq that CPU0 is waiting to finish.
1349 *
1350 * The function returns whether it has deactivated a pending timer or not.
1351 */
1352int del_timer_sync(struct timer_list *timer)
1353{
1354 int ret;
1355
1356#ifdef CONFIG_LOCKDEP
1357 unsigned long flags;
1358
1359 /*
1360 * If lockdep gives a backtrace here, please reference
1361 * the synchronization rules above.
1362 */
1363 local_irq_save(flags);
1364 lock_map_acquire(&timer->lockdep_map);
1365 lock_map_release(&timer->lockdep_map);
1366 local_irq_restore(flags);
1367#endif
1368 /*
1369 * don't use it in hardirq context, because it
1370 * could lead to deadlock.
1371 */
1372 WARN_ON(in_irq() && !(timer->flags & TIMER_IRQSAFE));
1373
1374 /*
1375 * Must be able to sleep on PREEMPT_RT because of the slowpath in
1376 * del_timer_wait_running().
1377 */
1378 if (IS_ENABLED(CONFIG_PREEMPT_RT) && !(timer->flags & TIMER_IRQSAFE))
1379 lockdep_assert_preemption_enabled();
1380
1381 do {
1382 ret = try_to_del_timer_sync(timer);
1383
1384 if (unlikely(ret < 0)) {
1385 del_timer_wait_running(timer);
1386 cpu_relax();
1387 }
1388 } while (ret < 0);
1389
1390 return ret;
1391}
1392EXPORT_SYMBOL(del_timer_sync);
1393#endif
1394
1395static void call_timer_fn(struct timer_list *timer,
1396 void (*fn)(struct timer_list *),
1397 unsigned long baseclk)
1398{
1399 int count = preempt_count();
1400
1401#ifdef CONFIG_LOCKDEP
1402 /*
1403 * It is permissible to free the timer from inside the
1404 * function that is called from it, this we need to take into
1405 * account for lockdep too. To avoid bogus "held lock freed"
1406 * warnings as well as problems when looking into
1407 * timer->lockdep_map, make a copy and use that here.
1408 */
1409 struct lockdep_map lockdep_map;
1410
1411 lockdep_copy_map(&lockdep_map, &timer->lockdep_map);
1412#endif
1413 /*
1414 * Couple the lock chain with the lock chain at
1415 * del_timer_sync() by acquiring the lock_map around the fn()
1416 * call here and in del_timer_sync().
1417 */
1418 lock_map_acquire(&lockdep_map);
1419
1420 trace_timer_expire_entry(timer, baseclk);
1421 fn(timer);
1422 trace_timer_expire_exit(timer);
1423
1424 lock_map_release(&lockdep_map);
1425
1426 if (count != preempt_count()) {
1427 WARN_ONCE(1, "timer: %pS preempt leak: %08x -> %08x\n",
1428 fn, count, preempt_count());
1429 /*
1430 * Restore the preempt count. That gives us a decent
1431 * chance to survive and extract information. If the
1432 * callback kept a lock held, bad luck, but not worse
1433 * than the BUG() we had.
1434 */
1435 preempt_count_set(count);
1436 }
1437}
1438
1439static void expire_timers(struct timer_base *base, struct hlist_head *head)
1440{
1441 /*
1442 * This value is required only for tracing. base->clk was
1443 * incremented directly before expire_timers was called. But expiry
1444 * is related to the old base->clk value.
1445 */
1446 unsigned long baseclk = base->clk - 1;
1447
1448 while (!hlist_empty(head)) {
1449 struct timer_list *timer;
1450 void (*fn)(struct timer_list *);
1451
1452 timer = hlist_entry(head->first, struct timer_list, entry);
1453
1454 base->running_timer = timer;
1455 detach_timer(timer, true);
1456
1457 fn = timer->function;
1458
1459 if (timer->flags & TIMER_IRQSAFE) {
1460 raw_spin_unlock(&base->lock);
1461 call_timer_fn(timer, fn, baseclk);
1462 raw_spin_lock(&base->lock);
1463 base->running_timer = NULL;
1464 } else {
1465 raw_spin_unlock_irq(&base->lock);
1466 call_timer_fn(timer, fn, baseclk);
1467 raw_spin_lock_irq(&base->lock);
1468 base->running_timer = NULL;
1469 timer_sync_wait_running(base);
1470 }
1471 }
1472}
1473
1474static int collect_expired_timers(struct timer_base *base,
1475 struct hlist_head *heads)
1476{
1477 unsigned long clk = base->clk = base->next_expiry;
1478 struct hlist_head *vec;
1479 int i, levels = 0;
1480 unsigned int idx;
1481
1482 for (i = 0; i < LVL_DEPTH; i++) {
1483 idx = (clk & LVL_MASK) + i * LVL_SIZE;
1484
1485 if (__test_and_clear_bit(idx, base->pending_map)) {
1486 vec = base->vectors + idx;
1487 hlist_move_list(vec, heads++);
1488 levels++;
1489 }
1490 /* Is it time to look at the next level? */
1491 if (clk & LVL_CLK_MASK)
1492 break;
1493 /* Shift clock for the next level granularity */
1494 clk >>= LVL_CLK_SHIFT;
1495 }
1496 return levels;
1497}
1498
1499/*
1500 * Find the next pending bucket of a level. Search from level start (@offset)
1501 * + @clk upwards and if nothing there, search from start of the level
1502 * (@offset) up to @offset + clk.
1503 */
1504static int next_pending_bucket(struct timer_base *base, unsigned offset,
1505 unsigned clk)
1506{
1507 unsigned pos, start = offset + clk;
1508 unsigned end = offset + LVL_SIZE;
1509
1510 pos = find_next_bit(base->pending_map, end, start);
1511 if (pos < end)
1512 return pos - start;
1513
1514 pos = find_next_bit(base->pending_map, start, offset);
1515 return pos < start ? pos + LVL_SIZE - start : -1;
1516}
1517
1518/*
1519 * Search the first expiring timer in the various clock levels. Caller must
1520 * hold base->lock.
1521 */
1522static unsigned long __next_timer_interrupt(struct timer_base *base)
1523{
1524 unsigned long clk, next, adj;
1525 unsigned lvl, offset = 0;
1526
1527 next = base->clk + NEXT_TIMER_MAX_DELTA;
1528 clk = base->clk;
1529 for (lvl = 0; lvl < LVL_DEPTH; lvl++, offset += LVL_SIZE) {
1530 int pos = next_pending_bucket(base, offset, clk & LVL_MASK);
1531 unsigned long lvl_clk = clk & LVL_CLK_MASK;
1532
1533 if (pos >= 0) {
1534 unsigned long tmp = clk + (unsigned long) pos;
1535
1536 tmp <<= LVL_SHIFT(lvl);
1537 if (time_before(tmp, next))
1538 next = tmp;
1539
1540 /*
1541 * If the next expiration happens before we reach
1542 * the next level, no need to check further.
1543 */
1544 if (pos <= ((LVL_CLK_DIV - lvl_clk) & LVL_CLK_MASK))
1545 break;
1546 }
1547 /*
1548 * Clock for the next level. If the current level clock lower
1549 * bits are zero, we look at the next level as is. If not we
1550 * need to advance it by one because that's going to be the
1551 * next expiring bucket in that level. base->clk is the next
1552 * expiring jiffie. So in case of:
1553 *
1554 * LVL5 LVL4 LVL3 LVL2 LVL1 LVL0
1555 * 0 0 0 0 0 0
1556 *
1557 * we have to look at all levels @index 0. With
1558 *
1559 * LVL5 LVL4 LVL3 LVL2 LVL1 LVL0
1560 * 0 0 0 0 0 2
1561 *
1562 * LVL0 has the next expiring bucket @index 2. The upper
1563 * levels have the next expiring bucket @index 1.
1564 *
1565 * In case that the propagation wraps the next level the same
1566 * rules apply:
1567 *
1568 * LVL5 LVL4 LVL3 LVL2 LVL1 LVL0
1569 * 0 0 0 0 F 2
1570 *
1571 * So after looking at LVL0 we get:
1572 *
1573 * LVL5 LVL4 LVL3 LVL2 LVL1
1574 * 0 0 0 1 0
1575 *
1576 * So no propagation from LVL1 to LVL2 because that happened
1577 * with the add already, but then we need to propagate further
1578 * from LVL2 to LVL3.
1579 *
1580 * So the simple check whether the lower bits of the current
1581 * level are 0 or not is sufficient for all cases.
1582 */
1583 adj = lvl_clk ? 1 : 0;
1584 clk >>= LVL_CLK_SHIFT;
1585 clk += adj;
1586 }
1587
1588 base->next_expiry_recalc = false;
1589 base->timers_pending = !(next == base->clk + NEXT_TIMER_MAX_DELTA);
1590
1591 return next;
1592}
1593
1594#ifdef CONFIG_NO_HZ_COMMON
1595/*
1596 * Check, if the next hrtimer event is before the next timer wheel
1597 * event:
1598 */
1599static u64 cmp_next_hrtimer_event(u64 basem, u64 expires)
1600{
1601 u64 nextevt = hrtimer_get_next_event();
1602
1603 /*
1604 * If high resolution timers are enabled
1605 * hrtimer_get_next_event() returns KTIME_MAX.
1606 */
1607 if (expires <= nextevt)
1608 return expires;
1609
1610 /*
1611 * If the next timer is already expired, return the tick base
1612 * time so the tick is fired immediately.
1613 */
1614 if (nextevt <= basem)
1615 return basem;
1616
1617 /*
1618 * Round up to the next jiffie. High resolution timers are
1619 * off, so the hrtimers are expired in the tick and we need to
1620 * make sure that this tick really expires the timer to avoid
1621 * a ping pong of the nohz stop code.
1622 *
1623 * Use DIV_ROUND_UP_ULL to prevent gcc calling __divdi3
1624 */
1625 return DIV_ROUND_UP_ULL(nextevt, TICK_NSEC) * TICK_NSEC;
1626}
1627
1628/**
1629 * get_next_timer_interrupt - return the time (clock mono) of the next timer
1630 * @basej: base time jiffies
1631 * @basem: base time clock monotonic
1632 *
1633 * Returns the tick aligned clock monotonic time of the next pending
1634 * timer or KTIME_MAX if no timer is pending.
1635 */
1636u64 get_next_timer_interrupt(unsigned long basej, u64 basem)
1637{
1638 struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
1639 u64 expires = KTIME_MAX;
1640 unsigned long nextevt;
1641
1642 /*
1643 * Pretend that there is no timer pending if the cpu is offline.
1644 * Possible pending timers will be migrated later to an active cpu.
1645 */
1646 if (cpu_is_offline(smp_processor_id()))
1647 return expires;
1648
1649 raw_spin_lock(&base->lock);
1650 if (base->next_expiry_recalc)
1651 base->next_expiry = __next_timer_interrupt(base);
1652 nextevt = base->next_expiry;
1653
1654 /*
1655 * We have a fresh next event. Check whether we can forward the
1656 * base. We can only do that when @basej is past base->clk
1657 * otherwise we might rewind base->clk.
1658 */
1659 if (time_after(basej, base->clk)) {
1660 if (time_after(nextevt, basej))
1661 base->clk = basej;
1662 else if (time_after(nextevt, base->clk))
1663 base->clk = nextevt;
1664 }
1665
1666 if (time_before_eq(nextevt, basej)) {
1667 expires = basem;
1668 base->is_idle = false;
1669 } else {
1670 if (base->timers_pending)
1671 expires = basem + (u64)(nextevt - basej) * TICK_NSEC;
1672 /*
1673 * If we expect to sleep more than a tick, mark the base idle.
1674 * Also the tick is stopped so any added timer must forward
1675 * the base clk itself to keep granularity small. This idle
1676 * logic is only maintained for the BASE_STD base, deferrable
1677 * timers may still see large granularity skew (by design).
1678 */
1679 if ((expires - basem) > TICK_NSEC)
1680 base->is_idle = true;
1681 }
1682 raw_spin_unlock(&base->lock);
1683
1684 return cmp_next_hrtimer_event(basem, expires);
1685}
1686
1687/**
1688 * timer_clear_idle - Clear the idle state of the timer base
1689 *
1690 * Called with interrupts disabled
1691 */
1692void timer_clear_idle(void)
1693{
1694 struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
1695
1696 /*
1697 * We do this unlocked. The worst outcome is a remote enqueue sending
1698 * a pointless IPI, but taking the lock would just make the window for
1699 * sending the IPI a few instructions smaller for the cost of taking
1700 * the lock in the exit from idle path.
1701 */
1702 base->is_idle = false;
1703}
1704#endif
1705
1706/**
1707 * __run_timers - run all expired timers (if any) on this CPU.
1708 * @base: the timer vector to be processed.
1709 */
1710static inline void __run_timers(struct timer_base *base)
1711{
1712 struct hlist_head heads[LVL_DEPTH];
1713 int levels;
1714
1715 if (time_before(jiffies, base->next_expiry))
1716 return;
1717
1718 timer_base_lock_expiry(base);
1719 raw_spin_lock_irq(&base->lock);
1720
1721 while (time_after_eq(jiffies, base->clk) &&
1722 time_after_eq(jiffies, base->next_expiry)) {
1723 levels = collect_expired_timers(base, heads);
1724 /*
1725 * The only possible reason for not finding any expired
1726 * timer at this clk is that all matching timers have been
1727 * dequeued.
1728 */
1729 WARN_ON_ONCE(!levels && !base->next_expiry_recalc);
1730 base->clk++;
1731 base->next_expiry = __next_timer_interrupt(base);
1732
1733 while (levels--)
1734 expire_timers(base, heads + levels);
1735 }
1736 raw_spin_unlock_irq(&base->lock);
1737 timer_base_unlock_expiry(base);
1738}
1739
1740/*
1741 * This function runs timers and the timer-tq in bottom half context.
1742 */
1743static __latent_entropy void run_timer_softirq(struct softirq_action *h)
1744{
1745 struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
1746
1747 __run_timers(base);
1748 if (IS_ENABLED(CONFIG_NO_HZ_COMMON))
1749 __run_timers(this_cpu_ptr(&timer_bases[BASE_DEF]));
1750}
1751
1752/*
1753 * Called by the local, per-CPU timer interrupt on SMP.
1754 */
1755static void run_local_timers(void)
1756{
1757 struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
1758
1759 hrtimer_run_queues();
1760 /* Raise the softirq only if required. */
1761 if (time_before(jiffies, base->next_expiry)) {
1762 if (!IS_ENABLED(CONFIG_NO_HZ_COMMON))
1763 return;
1764 /* CPU is awake, so check the deferrable base. */
1765 base++;
1766 if (time_before(jiffies, base->next_expiry))
1767 return;
1768 }
1769 raise_softirq(TIMER_SOFTIRQ);
1770}
1771
1772/*
1773 * Called from the timer interrupt handler to charge one tick to the current
1774 * process. user_tick is 1 if the tick is user time, 0 for system.
1775 */
1776void update_process_times(int user_tick)
1777{
1778 struct task_struct *p = current;
1779
1780 PRANDOM_ADD_NOISE(jiffies, user_tick, p, 0);
1781
1782 /* Note: this timer irq context must be accounted for as well. */
1783 account_process_tick(p, user_tick);
1784 run_local_timers();
1785 rcu_sched_clock_irq(user_tick);
1786#ifdef CONFIG_IRQ_WORK
1787 if (in_irq())
1788 irq_work_tick();
1789#endif
1790 scheduler_tick();
1791 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
1792 run_posix_cpu_timers();
1793}
1794
1795/*
1796 * Since schedule_timeout()'s timer is defined on the stack, it must store
1797 * the target task on the stack as well.
1798 */
1799struct process_timer {
1800 struct timer_list timer;
1801 struct task_struct *task;
1802};
1803
1804static void process_timeout(struct timer_list *t)
1805{
1806 struct process_timer *timeout = from_timer(timeout, t, timer);
1807
1808 wake_up_process(timeout->task);
1809}
1810
1811/**
1812 * schedule_timeout - sleep until timeout
1813 * @timeout: timeout value in jiffies
1814 *
1815 * Make the current task sleep until @timeout jiffies have elapsed.
1816 * The function behavior depends on the current task state
1817 * (see also set_current_state() description):
1818 *
1819 * %TASK_RUNNING - the scheduler is called, but the task does not sleep
1820 * at all. That happens because sched_submit_work() does nothing for
1821 * tasks in %TASK_RUNNING state.
1822 *
1823 * %TASK_UNINTERRUPTIBLE - at least @timeout jiffies are guaranteed to
1824 * pass before the routine returns unless the current task is explicitly
1825 * woken up, (e.g. by wake_up_process()).
1826 *
1827 * %TASK_INTERRUPTIBLE - the routine may return early if a signal is
1828 * delivered to the current task or the current task is explicitly woken
1829 * up.
1830 *
1831 * The current task state is guaranteed to be %TASK_RUNNING when this
1832 * routine returns.
1833 *
1834 * Specifying a @timeout value of %MAX_SCHEDULE_TIMEOUT will schedule
1835 * the CPU away without a bound on the timeout. In this case the return
1836 * value will be %MAX_SCHEDULE_TIMEOUT.
1837 *
1838 * Returns 0 when the timer has expired otherwise the remaining time in
1839 * jiffies will be returned. In all cases the return value is guaranteed
1840 * to be non-negative.
1841 */
1842signed long __sched schedule_timeout(signed long timeout)
1843{
1844 struct process_timer timer;
1845 unsigned long expire;
1846
1847 switch (timeout)
1848 {
1849 case MAX_SCHEDULE_TIMEOUT:
1850 /*
1851 * These two special cases are useful to be comfortable
1852 * in the caller. Nothing more. We could take
1853 * MAX_SCHEDULE_TIMEOUT from one of the negative value
1854 * but I' d like to return a valid offset (>=0) to allow
1855 * the caller to do everything it want with the retval.
1856 */
1857 schedule();
1858 goto out;
1859 default:
1860 /*
1861 * Another bit of PARANOID. Note that the retval will be
1862 * 0 since no piece of kernel is supposed to do a check
1863 * for a negative retval of schedule_timeout() (since it
1864 * should never happens anyway). You just have the printk()
1865 * that will tell you if something is gone wrong and where.
1866 */
1867 if (timeout < 0) {
1868 printk(KERN_ERR "schedule_timeout: wrong timeout "
1869 "value %lx\n", timeout);
1870 dump_stack();
1871 __set_current_state(TASK_RUNNING);
1872 goto out;
1873 }
1874 }
1875
1876 expire = timeout + jiffies;
1877
1878 timer.task = current;
1879 timer_setup_on_stack(&timer.timer, process_timeout, 0);
1880 __mod_timer(&timer.timer, expire, MOD_TIMER_NOTPENDING);
1881 schedule();
1882 del_singleshot_timer_sync(&timer.timer);
1883
1884 /* Remove the timer from the object tracker */
1885 destroy_timer_on_stack(&timer.timer);
1886
1887 timeout = expire - jiffies;
1888
1889 out:
1890 return timeout < 0 ? 0 : timeout;
1891}
1892EXPORT_SYMBOL(schedule_timeout);
1893
1894/*
1895 * We can use __set_current_state() here because schedule_timeout() calls
1896 * schedule() unconditionally.
1897 */
1898signed long __sched schedule_timeout_interruptible(signed long timeout)
1899{
1900 __set_current_state(TASK_INTERRUPTIBLE);
1901 return schedule_timeout(timeout);
1902}
1903EXPORT_SYMBOL(schedule_timeout_interruptible);
1904
1905signed long __sched schedule_timeout_killable(signed long timeout)
1906{
1907 __set_current_state(TASK_KILLABLE);
1908 return schedule_timeout(timeout);
1909}
1910EXPORT_SYMBOL(schedule_timeout_killable);
1911
1912signed long __sched schedule_timeout_uninterruptible(signed long timeout)
1913{
1914 __set_current_state(TASK_UNINTERRUPTIBLE);
1915 return schedule_timeout(timeout);
1916}
1917EXPORT_SYMBOL(schedule_timeout_uninterruptible);
1918
1919/*
1920 * Like schedule_timeout_uninterruptible(), except this task will not contribute
1921 * to load average.
1922 */
1923signed long __sched schedule_timeout_idle(signed long timeout)
1924{
1925 __set_current_state(TASK_IDLE);
1926 return schedule_timeout(timeout);
1927}
1928EXPORT_SYMBOL(schedule_timeout_idle);
1929
1930#ifdef CONFIG_HOTPLUG_CPU
1931static void migrate_timer_list(struct timer_base *new_base, struct hlist_head *head)
1932{
1933 struct timer_list *timer;
1934 int cpu = new_base->cpu;
1935
1936 while (!hlist_empty(head)) {
1937 timer = hlist_entry(head->first, struct timer_list, entry);
1938 detach_timer(timer, false);
1939 timer->flags = (timer->flags & ~TIMER_BASEMASK) | cpu;
1940 internal_add_timer(new_base, timer);
1941 }
1942}
1943
1944int timers_prepare_cpu(unsigned int cpu)
1945{
1946 struct timer_base *base;
1947 int b;
1948
1949 for (b = 0; b < NR_BASES; b++) {
1950 base = per_cpu_ptr(&timer_bases[b], cpu);
1951 base->clk = jiffies;
1952 base->next_expiry = base->clk + NEXT_TIMER_MAX_DELTA;
1953 base->timers_pending = false;
1954 base->is_idle = false;
1955 }
1956 return 0;
1957}
1958
1959int timers_dead_cpu(unsigned int cpu)
1960{
1961 struct timer_base *old_base;
1962 struct timer_base *new_base;
1963 int b, i;
1964
1965 BUG_ON(cpu_online(cpu));
1966
1967 for (b = 0; b < NR_BASES; b++) {
1968 old_base = per_cpu_ptr(&timer_bases[b], cpu);
1969 new_base = get_cpu_ptr(&timer_bases[b]);
1970 /*
1971 * The caller is globally serialized and nobody else
1972 * takes two locks at once, deadlock is not possible.
1973 */
1974 raw_spin_lock_irq(&new_base->lock);
1975 raw_spin_lock_nested(&old_base->lock, SINGLE_DEPTH_NESTING);
1976
1977 /*
1978 * The current CPUs base clock might be stale. Update it
1979 * before moving the timers over.
1980 */
1981 forward_timer_base(new_base);
1982
1983 BUG_ON(old_base->running_timer);
1984
1985 for (i = 0; i < WHEEL_SIZE; i++)
1986 migrate_timer_list(new_base, old_base->vectors + i);
1987
1988 raw_spin_unlock(&old_base->lock);
1989 raw_spin_unlock_irq(&new_base->lock);
1990 put_cpu_ptr(&timer_bases);
1991 }
1992 return 0;
1993}
1994
1995#endif /* CONFIG_HOTPLUG_CPU */
1996
1997static void __init init_timer_cpu(int cpu)
1998{
1999 struct timer_base *base;
2000 int i;
2001
2002 for (i = 0; i < NR_BASES; i++) {
2003 base = per_cpu_ptr(&timer_bases[i], cpu);
2004 base->cpu = cpu;
2005 raw_spin_lock_init(&base->lock);
2006 base->clk = jiffies;
2007 base->next_expiry = base->clk + NEXT_TIMER_MAX_DELTA;
2008 timer_base_init_expiry_lock(base);
2009 }
2010}
2011
2012static void __init init_timer_cpus(void)
2013{
2014 int cpu;
2015
2016 for_each_possible_cpu(cpu)
2017 init_timer_cpu(cpu);
2018}
2019
2020void __init init_timers(void)
2021{
2022 init_timer_cpus();
2023 posix_cputimers_init_work();
2024 open_softirq(TIMER_SOFTIRQ, run_timer_softirq);
2025}
2026
2027/**
2028 * msleep - sleep safely even with waitqueue interruptions
2029 * @msecs: Time in milliseconds to sleep for
2030 */
2031void msleep(unsigned int msecs)
2032{
2033 unsigned long timeout = msecs_to_jiffies(msecs) + 1;
2034
2035 while (timeout)
2036 timeout = schedule_timeout_uninterruptible(timeout);
2037}
2038
2039EXPORT_SYMBOL(msleep);
2040
2041/**
2042 * msleep_interruptible - sleep waiting for signals
2043 * @msecs: Time in milliseconds to sleep for
2044 */
2045unsigned long msleep_interruptible(unsigned int msecs)
2046{
2047 unsigned long timeout = msecs_to_jiffies(msecs) + 1;
2048
2049 while (timeout && !signal_pending(current))
2050 timeout = schedule_timeout_interruptible(timeout);
2051 return jiffies_to_msecs(timeout);
2052}
2053
2054EXPORT_SYMBOL(msleep_interruptible);
2055
2056/**
2057 * usleep_range - Sleep for an approximate time
2058 * @min: Minimum time in usecs to sleep
2059 * @max: Maximum time in usecs to sleep
2060 *
2061 * In non-atomic context where the exact wakeup time is flexible, use
2062 * usleep_range() instead of udelay(). The sleep improves responsiveness
2063 * by avoiding the CPU-hogging busy-wait of udelay(), and the range reduces
2064 * power usage by allowing hrtimers to take advantage of an already-
2065 * scheduled interrupt instead of scheduling a new one just for this sleep.
2066 */
2067void __sched usleep_range(unsigned long min, unsigned long max)
2068{
2069 ktime_t exp = ktime_add_us(ktime_get(), min);
2070 u64 delta = (u64)(max - min) * NSEC_PER_USEC;
2071
2072 for (;;) {
2073 __set_current_state(TASK_UNINTERRUPTIBLE);
2074 /* Do not return before the requested sleep time has elapsed */
2075 if (!schedule_hrtimeout_range(&exp, delta, HRTIMER_MODE_ABS))
2076 break;
2077 }
2078}
2079EXPORT_SYMBOL(usleep_range);
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Kernel internal timers
4 *
5 * Copyright (C) 1991, 1992 Linus Torvalds
6 *
7 * 1997-01-28 Modified by Finn Arne Gangstad to make timers scale better.
8 *
9 * 1997-09-10 Updated NTP code according to technical memorandum Jan '96
10 * "A Kernel Model for Precision Timekeeping" by Dave Mills
11 * 1998-12-24 Fixed a xtime SMP race (we need the xtime_lock rw spinlock to
12 * serialize accesses to xtime/lost_ticks).
13 * Copyright (C) 1998 Andrea Arcangeli
14 * 1999-03-10 Improved NTP compatibility by Ulrich Windl
15 * 2002-05-31 Move sys_sysinfo here and make its locking sane, Robert Love
16 * 2000-10-05 Implemented scalable SMP per-CPU timer handling.
17 * Copyright (C) 2000, 2001, 2002 Ingo Molnar
18 * Designed by David S. Miller, Alexey Kuznetsov and Ingo Molnar
19 */
20
21#include <linux/kernel_stat.h>
22#include <linux/export.h>
23#include <linux/interrupt.h>
24#include <linux/percpu.h>
25#include <linux/init.h>
26#include <linux/mm.h>
27#include <linux/swap.h>
28#include <linux/pid_namespace.h>
29#include <linux/notifier.h>
30#include <linux/thread_info.h>
31#include <linux/time.h>
32#include <linux/jiffies.h>
33#include <linux/posix-timers.h>
34#include <linux/cpu.h>
35#include <linux/syscalls.h>
36#include <linux/delay.h>
37#include <linux/tick.h>
38#include <linux/kallsyms.h>
39#include <linux/irq_work.h>
40#include <linux/sched/sysctl.h>
41#include <linux/sched/nohz.h>
42#include <linux/sched/debug.h>
43#include <linux/slab.h>
44#include <linux/compat.h>
45#include <linux/random.h>
46#include <linux/sysctl.h>
47
48#include <linux/uaccess.h>
49#include <asm/unistd.h>
50#include <asm/div64.h>
51#include <asm/timex.h>
52#include <asm/io.h>
53
54#include "tick-internal.h"
55#include "timer_migration.h"
56
57#define CREATE_TRACE_POINTS
58#include <trace/events/timer.h>
59
60__visible u64 jiffies_64 __cacheline_aligned_in_smp = INITIAL_JIFFIES;
61
62EXPORT_SYMBOL(jiffies_64);
63
64/*
65 * The timer wheel has LVL_DEPTH array levels. Each level provides an array of
66 * LVL_SIZE buckets. Each level is driven by its own clock and therefore each
67 * level has a different granularity.
68 *
69 * The level granularity is: LVL_CLK_DIV ^ level
70 * The level clock frequency is: HZ / (LVL_CLK_DIV ^ level)
71 *
72 * The array level of a newly armed timer depends on the relative expiry
73 * time. The farther the expiry time is away the higher the array level and
74 * therefore the granularity becomes.
75 *
76 * Contrary to the original timer wheel implementation, which aims for 'exact'
77 * expiry of the timers, this implementation removes the need for recascading
78 * the timers into the lower array levels. The previous 'classic' timer wheel
79 * implementation of the kernel already violated the 'exact' expiry by adding
80 * slack to the expiry time to provide batched expiration. The granularity
81 * levels provide implicit batching.
82 *
83 * This is an optimization of the original timer wheel implementation for the
84 * majority of the timer wheel use cases: timeouts. The vast majority of
85 * timeout timers (networking, disk I/O ...) are canceled before expiry. If
86 * the timeout expires it indicates that normal operation is disturbed, so it
87 * does not matter much whether the timeout comes with a slight delay.
88 *
89 * The only exception to this are networking timers with a small expiry
90 * time. They rely on the granularity. Those fit into the first wheel level,
91 * which has HZ granularity.
92 *
93 * We don't have cascading anymore. timers with a expiry time above the
94 * capacity of the last wheel level are force expired at the maximum timeout
95 * value of the last wheel level. From data sampling we know that the maximum
96 * value observed is 5 days (network connection tracking), so this should not
97 * be an issue.
98 *
99 * The currently chosen array constants values are a good compromise between
100 * array size and granularity.
101 *
102 * This results in the following granularity and range levels:
103 *
104 * HZ 1000 steps
105 * Level Offset Granularity Range
106 * 0 0 1 ms 0 ms - 63 ms
107 * 1 64 8 ms 64 ms - 511 ms
108 * 2 128 64 ms 512 ms - 4095 ms (512ms - ~4s)
109 * 3 192 512 ms 4096 ms - 32767 ms (~4s - ~32s)
110 * 4 256 4096 ms (~4s) 32768 ms - 262143 ms (~32s - ~4m)
111 * 5 320 32768 ms (~32s) 262144 ms - 2097151 ms (~4m - ~34m)
112 * 6 384 262144 ms (~4m) 2097152 ms - 16777215 ms (~34m - ~4h)
113 * 7 448 2097152 ms (~34m) 16777216 ms - 134217727 ms (~4h - ~1d)
114 * 8 512 16777216 ms (~4h) 134217728 ms - 1073741822 ms (~1d - ~12d)
115 *
116 * HZ 300
117 * Level Offset Granularity Range
118 * 0 0 3 ms 0 ms - 210 ms
119 * 1 64 26 ms 213 ms - 1703 ms (213ms - ~1s)
120 * 2 128 213 ms 1706 ms - 13650 ms (~1s - ~13s)
121 * 3 192 1706 ms (~1s) 13653 ms - 109223 ms (~13s - ~1m)
122 * 4 256 13653 ms (~13s) 109226 ms - 873810 ms (~1m - ~14m)
123 * 5 320 109226 ms (~1m) 873813 ms - 6990503 ms (~14m - ~1h)
124 * 6 384 873813 ms (~14m) 6990506 ms - 55924050 ms (~1h - ~15h)
125 * 7 448 6990506 ms (~1h) 55924053 ms - 447392423 ms (~15h - ~5d)
126 * 8 512 55924053 ms (~15h) 447392426 ms - 3579139406 ms (~5d - ~41d)
127 *
128 * HZ 250
129 * Level Offset Granularity Range
130 * 0 0 4 ms 0 ms - 255 ms
131 * 1 64 32 ms 256 ms - 2047 ms (256ms - ~2s)
132 * 2 128 256 ms 2048 ms - 16383 ms (~2s - ~16s)
133 * 3 192 2048 ms (~2s) 16384 ms - 131071 ms (~16s - ~2m)
134 * 4 256 16384 ms (~16s) 131072 ms - 1048575 ms (~2m - ~17m)
135 * 5 320 131072 ms (~2m) 1048576 ms - 8388607 ms (~17m - ~2h)
136 * 6 384 1048576 ms (~17m) 8388608 ms - 67108863 ms (~2h - ~18h)
137 * 7 448 8388608 ms (~2h) 67108864 ms - 536870911 ms (~18h - ~6d)
138 * 8 512 67108864 ms (~18h) 536870912 ms - 4294967288 ms (~6d - ~49d)
139 *
140 * HZ 100
141 * Level Offset Granularity Range
142 * 0 0 10 ms 0 ms - 630 ms
143 * 1 64 80 ms 640 ms - 5110 ms (640ms - ~5s)
144 * 2 128 640 ms 5120 ms - 40950 ms (~5s - ~40s)
145 * 3 192 5120 ms (~5s) 40960 ms - 327670 ms (~40s - ~5m)
146 * 4 256 40960 ms (~40s) 327680 ms - 2621430 ms (~5m - ~43m)
147 * 5 320 327680 ms (~5m) 2621440 ms - 20971510 ms (~43m - ~5h)
148 * 6 384 2621440 ms (~43m) 20971520 ms - 167772150 ms (~5h - ~1d)
149 * 7 448 20971520 ms (~5h) 167772160 ms - 1342177270 ms (~1d - ~15d)
150 */
151
152/* Clock divisor for the next level */
153#define LVL_CLK_SHIFT 3
154#define LVL_CLK_DIV (1UL << LVL_CLK_SHIFT)
155#define LVL_CLK_MASK (LVL_CLK_DIV - 1)
156#define LVL_SHIFT(n) ((n) * LVL_CLK_SHIFT)
157#define LVL_GRAN(n) (1UL << LVL_SHIFT(n))
158
159/*
160 * The time start value for each level to select the bucket at enqueue
161 * time. We start from the last possible delta of the previous level
162 * so that we can later add an extra LVL_GRAN(n) to n (see calc_index()).
163 */
164#define LVL_START(n) ((LVL_SIZE - 1) << (((n) - 1) * LVL_CLK_SHIFT))
165
166/* Size of each clock level */
167#define LVL_BITS 6
168#define LVL_SIZE (1UL << LVL_BITS)
169#define LVL_MASK (LVL_SIZE - 1)
170#define LVL_OFFS(n) ((n) * LVL_SIZE)
171
172/* Level depth */
173#if HZ > 100
174# define LVL_DEPTH 9
175# else
176# define LVL_DEPTH 8
177#endif
178
179/* The cutoff (max. capacity of the wheel) */
180#define WHEEL_TIMEOUT_CUTOFF (LVL_START(LVL_DEPTH))
181#define WHEEL_TIMEOUT_MAX (WHEEL_TIMEOUT_CUTOFF - LVL_GRAN(LVL_DEPTH - 1))
182
183/*
184 * The resulting wheel size. If NOHZ is configured we allocate two
185 * wheels so we have a separate storage for the deferrable timers.
186 */
187#define WHEEL_SIZE (LVL_SIZE * LVL_DEPTH)
188
189#ifdef CONFIG_NO_HZ_COMMON
190/*
191 * If multiple bases need to be locked, use the base ordering for lock
192 * nesting, i.e. lowest number first.
193 */
194# define NR_BASES 3
195# define BASE_LOCAL 0
196# define BASE_GLOBAL 1
197# define BASE_DEF 2
198#else
199# define NR_BASES 1
200# define BASE_LOCAL 0
201# define BASE_GLOBAL 0
202# define BASE_DEF 0
203#endif
204
205/**
206 * struct timer_base - Per CPU timer base (number of base depends on config)
207 * @lock: Lock protecting the timer_base
208 * @running_timer: When expiring timers, the lock is dropped. To make
209 * sure not to race against deleting/modifying a
210 * currently running timer, the pointer is set to the
211 * timer, which expires at the moment. If no timer is
212 * running, the pointer is NULL.
213 * @expiry_lock: PREEMPT_RT only: Lock is taken in softirq around
214 * timer expiry callback execution and when trying to
215 * delete a running timer and it wasn't successful in
216 * the first glance. It prevents priority inversion
217 * when callback was preempted on a remote CPU and a
218 * caller tries to delete the running timer. It also
219 * prevents a life lock, when the task which tries to
220 * delete a timer preempted the softirq thread which
221 * is running the timer callback function.
222 * @timer_waiters: PREEMPT_RT only: Tells, if there is a waiter
223 * waiting for the end of the timer callback function
224 * execution.
225 * @clk: clock of the timer base; is updated before enqueue
226 * of a timer; during expiry, it is 1 offset ahead of
227 * jiffies to avoid endless requeuing to current
228 * jiffies
229 * @next_expiry: expiry value of the first timer; it is updated when
230 * finding the next timer and during enqueue; the
231 * value is not valid, when next_expiry_recalc is set
232 * @cpu: Number of CPU the timer base belongs to
233 * @next_expiry_recalc: States, whether a recalculation of next_expiry is
234 * required. Value is set true, when a timer was
235 * deleted.
236 * @is_idle: Is set, when timer_base is idle. It is triggered by NOHZ
237 * code. This state is only used in standard
238 * base. Deferrable timers, which are enqueued remotely
239 * never wake up an idle CPU. So no matter of supporting it
240 * for this base.
241 * @timers_pending: Is set, when a timer is pending in the base. It is only
242 * reliable when next_expiry_recalc is not set.
243 * @pending_map: bitmap of the timer wheel; each bit reflects a
244 * bucket of the wheel. When a bit is set, at least a
245 * single timer is enqueued in the related bucket.
246 * @vectors: Array of lists; Each array member reflects a bucket
247 * of the timer wheel. The list contains all timers
248 * which are enqueued into a specific bucket.
249 */
250struct timer_base {
251 raw_spinlock_t lock;
252 struct timer_list *running_timer;
253#ifdef CONFIG_PREEMPT_RT
254 spinlock_t expiry_lock;
255 atomic_t timer_waiters;
256#endif
257 unsigned long clk;
258 unsigned long next_expiry;
259 unsigned int cpu;
260 bool next_expiry_recalc;
261 bool is_idle;
262 bool timers_pending;
263 DECLARE_BITMAP(pending_map, WHEEL_SIZE);
264 struct hlist_head vectors[WHEEL_SIZE];
265} ____cacheline_aligned;
266
267static DEFINE_PER_CPU(struct timer_base, timer_bases[NR_BASES]);
268
269#ifdef CONFIG_NO_HZ_COMMON
270
271static DEFINE_STATIC_KEY_FALSE(timers_nohz_active);
272static DEFINE_MUTEX(timer_keys_mutex);
273
274static void timer_update_keys(struct work_struct *work);
275static DECLARE_WORK(timer_update_work, timer_update_keys);
276
277#ifdef CONFIG_SMP
278static unsigned int sysctl_timer_migration = 1;
279
280DEFINE_STATIC_KEY_FALSE(timers_migration_enabled);
281
282static void timers_update_migration(void)
283{
284 if (sysctl_timer_migration && tick_nohz_active)
285 static_branch_enable(&timers_migration_enabled);
286 else
287 static_branch_disable(&timers_migration_enabled);
288}
289
290#ifdef CONFIG_SYSCTL
291static int timer_migration_handler(const struct ctl_table *table, int write,
292 void *buffer, size_t *lenp, loff_t *ppos)
293{
294 int ret;
295
296 mutex_lock(&timer_keys_mutex);
297 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
298 if (!ret && write)
299 timers_update_migration();
300 mutex_unlock(&timer_keys_mutex);
301 return ret;
302}
303
304static struct ctl_table timer_sysctl[] = {
305 {
306 .procname = "timer_migration",
307 .data = &sysctl_timer_migration,
308 .maxlen = sizeof(unsigned int),
309 .mode = 0644,
310 .proc_handler = timer_migration_handler,
311 .extra1 = SYSCTL_ZERO,
312 .extra2 = SYSCTL_ONE,
313 },
314};
315
316static int __init timer_sysctl_init(void)
317{
318 register_sysctl("kernel", timer_sysctl);
319 return 0;
320}
321device_initcall(timer_sysctl_init);
322#endif /* CONFIG_SYSCTL */
323#else /* CONFIG_SMP */
324static inline void timers_update_migration(void) { }
325#endif /* !CONFIG_SMP */
326
327static void timer_update_keys(struct work_struct *work)
328{
329 mutex_lock(&timer_keys_mutex);
330 timers_update_migration();
331 static_branch_enable(&timers_nohz_active);
332 mutex_unlock(&timer_keys_mutex);
333}
334
335void timers_update_nohz(void)
336{
337 schedule_work(&timer_update_work);
338}
339
340static inline bool is_timers_nohz_active(void)
341{
342 return static_branch_unlikely(&timers_nohz_active);
343}
344#else
345static inline bool is_timers_nohz_active(void) { return false; }
346#endif /* NO_HZ_COMMON */
347
348static unsigned long round_jiffies_common(unsigned long j, int cpu,
349 bool force_up)
350{
351 int rem;
352 unsigned long original = j;
353
354 /*
355 * We don't want all cpus firing their timers at once hitting the
356 * same lock or cachelines, so we skew each extra cpu with an extra
357 * 3 jiffies. This 3 jiffies came originally from the mm/ code which
358 * already did this.
359 * The skew is done by adding 3*cpunr, then round, then subtract this
360 * extra offset again.
361 */
362 j += cpu * 3;
363
364 rem = j % HZ;
365
366 /*
367 * If the target jiffy is just after a whole second (which can happen
368 * due to delays of the timer irq, long irq off times etc etc) then
369 * we should round down to the whole second, not up. Use 1/4th second
370 * as cutoff for this rounding as an extreme upper bound for this.
371 * But never round down if @force_up is set.
372 */
373 if (rem < HZ/4 && !force_up) /* round down */
374 j = j - rem;
375 else /* round up */
376 j = j - rem + HZ;
377
378 /* now that we have rounded, subtract the extra skew again */
379 j -= cpu * 3;
380
381 /*
382 * Make sure j is still in the future. Otherwise return the
383 * unmodified value.
384 */
385 return time_is_after_jiffies(j) ? j : original;
386}
387
388/**
389 * __round_jiffies - function to round jiffies to a full second
390 * @j: the time in (absolute) jiffies that should be rounded
391 * @cpu: the processor number on which the timeout will happen
392 *
393 * __round_jiffies() rounds an absolute time in the future (in jiffies)
394 * up or down to (approximately) full seconds. This is useful for timers
395 * for which the exact time they fire does not matter too much, as long as
396 * they fire approximately every X seconds.
397 *
398 * By rounding these timers to whole seconds, all such timers will fire
399 * at the same time, rather than at various times spread out. The goal
400 * of this is to have the CPU wake up less, which saves power.
401 *
402 * The exact rounding is skewed for each processor to avoid all
403 * processors firing at the exact same time, which could lead
404 * to lock contention or spurious cache line bouncing.
405 *
406 * The return value is the rounded version of the @j parameter.
407 */
408unsigned long __round_jiffies(unsigned long j, int cpu)
409{
410 return round_jiffies_common(j, cpu, false);
411}
412EXPORT_SYMBOL_GPL(__round_jiffies);
413
414/**
415 * __round_jiffies_relative - function to round jiffies to a full second
416 * @j: the time in (relative) jiffies that should be rounded
417 * @cpu: the processor number on which the timeout will happen
418 *
419 * __round_jiffies_relative() rounds a time delta in the future (in jiffies)
420 * up or down to (approximately) full seconds. This is useful for timers
421 * for which the exact time they fire does not matter too much, as long as
422 * they fire approximately every X seconds.
423 *
424 * By rounding these timers to whole seconds, all such timers will fire
425 * at the same time, rather than at various times spread out. The goal
426 * of this is to have the CPU wake up less, which saves power.
427 *
428 * The exact rounding is skewed for each processor to avoid all
429 * processors firing at the exact same time, which could lead
430 * to lock contention or spurious cache line bouncing.
431 *
432 * The return value is the rounded version of the @j parameter.
433 */
434unsigned long __round_jiffies_relative(unsigned long j, int cpu)
435{
436 unsigned long j0 = jiffies;
437
438 /* Use j0 because jiffies might change while we run */
439 return round_jiffies_common(j + j0, cpu, false) - j0;
440}
441EXPORT_SYMBOL_GPL(__round_jiffies_relative);
442
443/**
444 * round_jiffies - function to round jiffies to a full second
445 * @j: the time in (absolute) jiffies that should be rounded
446 *
447 * round_jiffies() rounds an absolute time in the future (in jiffies)
448 * up or down to (approximately) full seconds. This is useful for timers
449 * for which the exact time they fire does not matter too much, as long as
450 * they fire approximately every X seconds.
451 *
452 * By rounding these timers to whole seconds, all such timers will fire
453 * at the same time, rather than at various times spread out. The goal
454 * of this is to have the CPU wake up less, which saves power.
455 *
456 * The return value is the rounded version of the @j parameter.
457 */
458unsigned long round_jiffies(unsigned long j)
459{
460 return round_jiffies_common(j, raw_smp_processor_id(), false);
461}
462EXPORT_SYMBOL_GPL(round_jiffies);
463
464/**
465 * round_jiffies_relative - function to round jiffies to a full second
466 * @j: the time in (relative) jiffies that should be rounded
467 *
468 * round_jiffies_relative() rounds a time delta in the future (in jiffies)
469 * up or down to (approximately) full seconds. This is useful for timers
470 * for which the exact time they fire does not matter too much, as long as
471 * they fire approximately every X seconds.
472 *
473 * By rounding these timers to whole seconds, all such timers will fire
474 * at the same time, rather than at various times spread out. The goal
475 * of this is to have the CPU wake up less, which saves power.
476 *
477 * The return value is the rounded version of the @j parameter.
478 */
479unsigned long round_jiffies_relative(unsigned long j)
480{
481 return __round_jiffies_relative(j, raw_smp_processor_id());
482}
483EXPORT_SYMBOL_GPL(round_jiffies_relative);
484
485/**
486 * __round_jiffies_up - function to round jiffies up to a full second
487 * @j: the time in (absolute) jiffies that should be rounded
488 * @cpu: the processor number on which the timeout will happen
489 *
490 * This is the same as __round_jiffies() except that it will never
491 * round down. This is useful for timeouts for which the exact time
492 * of firing does not matter too much, as long as they don't fire too
493 * early.
494 */
495unsigned long __round_jiffies_up(unsigned long j, int cpu)
496{
497 return round_jiffies_common(j, cpu, true);
498}
499EXPORT_SYMBOL_GPL(__round_jiffies_up);
500
501/**
502 * __round_jiffies_up_relative - function to round jiffies up to a full second
503 * @j: the time in (relative) jiffies that should be rounded
504 * @cpu: the processor number on which the timeout will happen
505 *
506 * This is the same as __round_jiffies_relative() except that it will never
507 * round down. This is useful for timeouts for which the exact time
508 * of firing does not matter too much, as long as they don't fire too
509 * early.
510 */
511unsigned long __round_jiffies_up_relative(unsigned long j, int cpu)
512{
513 unsigned long j0 = jiffies;
514
515 /* Use j0 because jiffies might change while we run */
516 return round_jiffies_common(j + j0, cpu, true) - j0;
517}
518EXPORT_SYMBOL_GPL(__round_jiffies_up_relative);
519
520/**
521 * round_jiffies_up - function to round jiffies up to a full second
522 * @j: the time in (absolute) jiffies that should be rounded
523 *
524 * This is the same as round_jiffies() except that it will never
525 * round down. This is useful for timeouts for which the exact time
526 * of firing does not matter too much, as long as they don't fire too
527 * early.
528 */
529unsigned long round_jiffies_up(unsigned long j)
530{
531 return round_jiffies_common(j, raw_smp_processor_id(), true);
532}
533EXPORT_SYMBOL_GPL(round_jiffies_up);
534
535/**
536 * round_jiffies_up_relative - function to round jiffies up to a full second
537 * @j: the time in (relative) jiffies that should be rounded
538 *
539 * This is the same as round_jiffies_relative() except that it will never
540 * round down. This is useful for timeouts for which the exact time
541 * of firing does not matter too much, as long as they don't fire too
542 * early.
543 */
544unsigned long round_jiffies_up_relative(unsigned long j)
545{
546 return __round_jiffies_up_relative(j, raw_smp_processor_id());
547}
548EXPORT_SYMBOL_GPL(round_jiffies_up_relative);
549
550
551static inline unsigned int timer_get_idx(struct timer_list *timer)
552{
553 return (timer->flags & TIMER_ARRAYMASK) >> TIMER_ARRAYSHIFT;
554}
555
556static inline void timer_set_idx(struct timer_list *timer, unsigned int idx)
557{
558 timer->flags = (timer->flags & ~TIMER_ARRAYMASK) |
559 idx << TIMER_ARRAYSHIFT;
560}
561
562/*
563 * Helper function to calculate the array index for a given expiry
564 * time.
565 */
566static inline unsigned calc_index(unsigned long expires, unsigned lvl,
567 unsigned long *bucket_expiry)
568{
569
570 /*
571 * The timer wheel has to guarantee that a timer does not fire
572 * early. Early expiry can happen due to:
573 * - Timer is armed at the edge of a tick
574 * - Truncation of the expiry time in the outer wheel levels
575 *
576 * Round up with level granularity to prevent this.
577 */
578 expires = (expires >> LVL_SHIFT(lvl)) + 1;
579 *bucket_expiry = expires << LVL_SHIFT(lvl);
580 return LVL_OFFS(lvl) + (expires & LVL_MASK);
581}
582
583static int calc_wheel_index(unsigned long expires, unsigned long clk,
584 unsigned long *bucket_expiry)
585{
586 unsigned long delta = expires - clk;
587 unsigned int idx;
588
589 if (delta < LVL_START(1)) {
590 idx = calc_index(expires, 0, bucket_expiry);
591 } else if (delta < LVL_START(2)) {
592 idx = calc_index(expires, 1, bucket_expiry);
593 } else if (delta < LVL_START(3)) {
594 idx = calc_index(expires, 2, bucket_expiry);
595 } else if (delta < LVL_START(4)) {
596 idx = calc_index(expires, 3, bucket_expiry);
597 } else if (delta < LVL_START(5)) {
598 idx = calc_index(expires, 4, bucket_expiry);
599 } else if (delta < LVL_START(6)) {
600 idx = calc_index(expires, 5, bucket_expiry);
601 } else if (delta < LVL_START(7)) {
602 idx = calc_index(expires, 6, bucket_expiry);
603 } else if (LVL_DEPTH > 8 && delta < LVL_START(8)) {
604 idx = calc_index(expires, 7, bucket_expiry);
605 } else if ((long) delta < 0) {
606 idx = clk & LVL_MASK;
607 *bucket_expiry = clk;
608 } else {
609 /*
610 * Force expire obscene large timeouts to expire at the
611 * capacity limit of the wheel.
612 */
613 if (delta >= WHEEL_TIMEOUT_CUTOFF)
614 expires = clk + WHEEL_TIMEOUT_MAX;
615
616 idx = calc_index(expires, LVL_DEPTH - 1, bucket_expiry);
617 }
618 return idx;
619}
620
621static void
622trigger_dyntick_cpu(struct timer_base *base, struct timer_list *timer)
623{
624 /*
625 * Deferrable timers do not prevent the CPU from entering dynticks and
626 * are not taken into account on the idle/nohz_full path. An IPI when a
627 * new deferrable timer is enqueued will wake up the remote CPU but
628 * nothing will be done with the deferrable timer base. Therefore skip
629 * the remote IPI for deferrable timers completely.
630 */
631 if (!is_timers_nohz_active() || timer->flags & TIMER_DEFERRABLE)
632 return;
633
634 /*
635 * We might have to IPI the remote CPU if the base is idle and the
636 * timer is pinned. If it is a non pinned timer, it is only queued
637 * on the remote CPU, when timer was running during queueing. Then
638 * everything is handled by remote CPU anyway. If the other CPU is
639 * on the way to idle then it can't set base->is_idle as we hold
640 * the base lock:
641 */
642 if (base->is_idle) {
643 WARN_ON_ONCE(!(timer->flags & TIMER_PINNED ||
644 tick_nohz_full_cpu(base->cpu)));
645 wake_up_nohz_cpu(base->cpu);
646 }
647}
648
649/*
650 * Enqueue the timer into the hash bucket, mark it pending in
651 * the bitmap, store the index in the timer flags then wake up
652 * the target CPU if needed.
653 */
654static void enqueue_timer(struct timer_base *base, struct timer_list *timer,
655 unsigned int idx, unsigned long bucket_expiry)
656{
657
658 hlist_add_head(&timer->entry, base->vectors + idx);
659 __set_bit(idx, base->pending_map);
660 timer_set_idx(timer, idx);
661
662 trace_timer_start(timer, bucket_expiry);
663
664 /*
665 * Check whether this is the new first expiring timer. The
666 * effective expiry time of the timer is required here
667 * (bucket_expiry) instead of timer->expires.
668 */
669 if (time_before(bucket_expiry, base->next_expiry)) {
670 /*
671 * Set the next expiry time and kick the CPU so it
672 * can reevaluate the wheel:
673 */
674 WRITE_ONCE(base->next_expiry, bucket_expiry);
675 base->timers_pending = true;
676 base->next_expiry_recalc = false;
677 trigger_dyntick_cpu(base, timer);
678 }
679}
680
681static void internal_add_timer(struct timer_base *base, struct timer_list *timer)
682{
683 unsigned long bucket_expiry;
684 unsigned int idx;
685
686 idx = calc_wheel_index(timer->expires, base->clk, &bucket_expiry);
687 enqueue_timer(base, timer, idx, bucket_expiry);
688}
689
690#ifdef CONFIG_DEBUG_OBJECTS_TIMERS
691
692static const struct debug_obj_descr timer_debug_descr;
693
694struct timer_hint {
695 void (*function)(struct timer_list *t);
696 long offset;
697};
698
699#define TIMER_HINT(fn, container, timr, hintfn) \
700 { \
701 .function = fn, \
702 .offset = offsetof(container, hintfn) - \
703 offsetof(container, timr) \
704 }
705
706static const struct timer_hint timer_hints[] = {
707 TIMER_HINT(delayed_work_timer_fn,
708 struct delayed_work, timer, work.func),
709 TIMER_HINT(kthread_delayed_work_timer_fn,
710 struct kthread_delayed_work, timer, work.func),
711};
712
713static void *timer_debug_hint(void *addr)
714{
715 struct timer_list *timer = addr;
716 int i;
717
718 for (i = 0; i < ARRAY_SIZE(timer_hints); i++) {
719 if (timer_hints[i].function == timer->function) {
720 void (**fn)(void) = addr + timer_hints[i].offset;
721
722 return *fn;
723 }
724 }
725
726 return timer->function;
727}
728
729static bool timer_is_static_object(void *addr)
730{
731 struct timer_list *timer = addr;
732
733 return (timer->entry.pprev == NULL &&
734 timer->entry.next == TIMER_ENTRY_STATIC);
735}
736
737/*
738 * timer_fixup_init is called when:
739 * - an active object is initialized
740 */
741static bool timer_fixup_init(void *addr, enum debug_obj_state state)
742{
743 struct timer_list *timer = addr;
744
745 switch (state) {
746 case ODEBUG_STATE_ACTIVE:
747 del_timer_sync(timer);
748 debug_object_init(timer, &timer_debug_descr);
749 return true;
750 default:
751 return false;
752 }
753}
754
755/* Stub timer callback for improperly used timers. */
756static void stub_timer(struct timer_list *unused)
757{
758 WARN_ON(1);
759}
760
761/*
762 * timer_fixup_activate is called when:
763 * - an active object is activated
764 * - an unknown non-static object is activated
765 */
766static bool timer_fixup_activate(void *addr, enum debug_obj_state state)
767{
768 struct timer_list *timer = addr;
769
770 switch (state) {
771 case ODEBUG_STATE_NOTAVAILABLE:
772 timer_setup(timer, stub_timer, 0);
773 return true;
774
775 case ODEBUG_STATE_ACTIVE:
776 WARN_ON(1);
777 fallthrough;
778 default:
779 return false;
780 }
781}
782
783/*
784 * timer_fixup_free is called when:
785 * - an active object is freed
786 */
787static bool timer_fixup_free(void *addr, enum debug_obj_state state)
788{
789 struct timer_list *timer = addr;
790
791 switch (state) {
792 case ODEBUG_STATE_ACTIVE:
793 del_timer_sync(timer);
794 debug_object_free(timer, &timer_debug_descr);
795 return true;
796 default:
797 return false;
798 }
799}
800
801/*
802 * timer_fixup_assert_init is called when:
803 * - an untracked/uninit-ed object is found
804 */
805static bool timer_fixup_assert_init(void *addr, enum debug_obj_state state)
806{
807 struct timer_list *timer = addr;
808
809 switch (state) {
810 case ODEBUG_STATE_NOTAVAILABLE:
811 timer_setup(timer, stub_timer, 0);
812 return true;
813 default:
814 return false;
815 }
816}
817
818static const struct debug_obj_descr timer_debug_descr = {
819 .name = "timer_list",
820 .debug_hint = timer_debug_hint,
821 .is_static_object = timer_is_static_object,
822 .fixup_init = timer_fixup_init,
823 .fixup_activate = timer_fixup_activate,
824 .fixup_free = timer_fixup_free,
825 .fixup_assert_init = timer_fixup_assert_init,
826};
827
828static inline void debug_timer_init(struct timer_list *timer)
829{
830 debug_object_init(timer, &timer_debug_descr);
831}
832
833static inline void debug_timer_activate(struct timer_list *timer)
834{
835 debug_object_activate(timer, &timer_debug_descr);
836}
837
838static inline void debug_timer_deactivate(struct timer_list *timer)
839{
840 debug_object_deactivate(timer, &timer_debug_descr);
841}
842
843static inline void debug_timer_assert_init(struct timer_list *timer)
844{
845 debug_object_assert_init(timer, &timer_debug_descr);
846}
847
848static void do_init_timer(struct timer_list *timer,
849 void (*func)(struct timer_list *),
850 unsigned int flags,
851 const char *name, struct lock_class_key *key);
852
853void init_timer_on_stack_key(struct timer_list *timer,
854 void (*func)(struct timer_list *),
855 unsigned int flags,
856 const char *name, struct lock_class_key *key)
857{
858 debug_object_init_on_stack(timer, &timer_debug_descr);
859 do_init_timer(timer, func, flags, name, key);
860}
861EXPORT_SYMBOL_GPL(init_timer_on_stack_key);
862
863void destroy_timer_on_stack(struct timer_list *timer)
864{
865 debug_object_free(timer, &timer_debug_descr);
866}
867EXPORT_SYMBOL_GPL(destroy_timer_on_stack);
868
869#else
870static inline void debug_timer_init(struct timer_list *timer) { }
871static inline void debug_timer_activate(struct timer_list *timer) { }
872static inline void debug_timer_deactivate(struct timer_list *timer) { }
873static inline void debug_timer_assert_init(struct timer_list *timer) { }
874#endif
875
876static inline void debug_init(struct timer_list *timer)
877{
878 debug_timer_init(timer);
879 trace_timer_init(timer);
880}
881
882static inline void debug_deactivate(struct timer_list *timer)
883{
884 debug_timer_deactivate(timer);
885 trace_timer_cancel(timer);
886}
887
888static inline void debug_assert_init(struct timer_list *timer)
889{
890 debug_timer_assert_init(timer);
891}
892
893static void do_init_timer(struct timer_list *timer,
894 void (*func)(struct timer_list *),
895 unsigned int flags,
896 const char *name, struct lock_class_key *key)
897{
898 timer->entry.pprev = NULL;
899 timer->function = func;
900 if (WARN_ON_ONCE(flags & ~TIMER_INIT_FLAGS))
901 flags &= TIMER_INIT_FLAGS;
902 timer->flags = flags | raw_smp_processor_id();
903 lockdep_init_map(&timer->lockdep_map, name, key, 0);
904}
905
906/**
907 * init_timer_key - initialize a timer
908 * @timer: the timer to be initialized
909 * @func: timer callback function
910 * @flags: timer flags
911 * @name: name of the timer
912 * @key: lockdep class key of the fake lock used for tracking timer
913 * sync lock dependencies
914 *
915 * init_timer_key() must be done to a timer prior to calling *any* of the
916 * other timer functions.
917 */
918void init_timer_key(struct timer_list *timer,
919 void (*func)(struct timer_list *), unsigned int flags,
920 const char *name, struct lock_class_key *key)
921{
922 debug_init(timer);
923 do_init_timer(timer, func, flags, name, key);
924}
925EXPORT_SYMBOL(init_timer_key);
926
927static inline void detach_timer(struct timer_list *timer, bool clear_pending)
928{
929 struct hlist_node *entry = &timer->entry;
930
931 debug_deactivate(timer);
932
933 __hlist_del(entry);
934 if (clear_pending)
935 entry->pprev = NULL;
936 entry->next = LIST_POISON2;
937}
938
939static int detach_if_pending(struct timer_list *timer, struct timer_base *base,
940 bool clear_pending)
941{
942 unsigned idx = timer_get_idx(timer);
943
944 if (!timer_pending(timer))
945 return 0;
946
947 if (hlist_is_singular_node(&timer->entry, base->vectors + idx)) {
948 __clear_bit(idx, base->pending_map);
949 base->next_expiry_recalc = true;
950 }
951
952 detach_timer(timer, clear_pending);
953 return 1;
954}
955
956static inline struct timer_base *get_timer_cpu_base(u32 tflags, u32 cpu)
957{
958 int index = tflags & TIMER_PINNED ? BASE_LOCAL : BASE_GLOBAL;
959 struct timer_base *base;
960
961 base = per_cpu_ptr(&timer_bases[index], cpu);
962
963 /*
964 * If the timer is deferrable and NO_HZ_COMMON is set then we need
965 * to use the deferrable base.
966 */
967 if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE))
968 base = per_cpu_ptr(&timer_bases[BASE_DEF], cpu);
969 return base;
970}
971
972static inline struct timer_base *get_timer_this_cpu_base(u32 tflags)
973{
974 int index = tflags & TIMER_PINNED ? BASE_LOCAL : BASE_GLOBAL;
975 struct timer_base *base;
976
977 base = this_cpu_ptr(&timer_bases[index]);
978
979 /*
980 * If the timer is deferrable and NO_HZ_COMMON is set then we need
981 * to use the deferrable base.
982 */
983 if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE))
984 base = this_cpu_ptr(&timer_bases[BASE_DEF]);
985 return base;
986}
987
988static inline struct timer_base *get_timer_base(u32 tflags)
989{
990 return get_timer_cpu_base(tflags, tflags & TIMER_CPUMASK);
991}
992
993static inline void __forward_timer_base(struct timer_base *base,
994 unsigned long basej)
995{
996 /*
997 * Check whether we can forward the base. We can only do that when
998 * @basej is past base->clk otherwise we might rewind base->clk.
999 */
1000 if (time_before_eq(basej, base->clk))
1001 return;
1002
1003 /*
1004 * If the next expiry value is > jiffies, then we fast forward to
1005 * jiffies otherwise we forward to the next expiry value.
1006 */
1007 if (time_after(base->next_expiry, basej)) {
1008 base->clk = basej;
1009 } else {
1010 if (WARN_ON_ONCE(time_before(base->next_expiry, base->clk)))
1011 return;
1012 base->clk = base->next_expiry;
1013 }
1014
1015}
1016
1017static inline void forward_timer_base(struct timer_base *base)
1018{
1019 __forward_timer_base(base, READ_ONCE(jiffies));
1020}
1021
1022/*
1023 * We are using hashed locking: Holding per_cpu(timer_bases[x]).lock means
1024 * that all timers which are tied to this base are locked, and the base itself
1025 * is locked too.
1026 *
1027 * So __run_timers/migrate_timers can safely modify all timers which could
1028 * be found in the base->vectors array.
1029 *
1030 * When a timer is migrating then the TIMER_MIGRATING flag is set and we need
1031 * to wait until the migration is done.
1032 */
1033static struct timer_base *lock_timer_base(struct timer_list *timer,
1034 unsigned long *flags)
1035 __acquires(timer->base->lock)
1036{
1037 for (;;) {
1038 struct timer_base *base;
1039 u32 tf;
1040
1041 /*
1042 * We need to use READ_ONCE() here, otherwise the compiler
1043 * might re-read @tf between the check for TIMER_MIGRATING
1044 * and spin_lock().
1045 */
1046 tf = READ_ONCE(timer->flags);
1047
1048 if (!(tf & TIMER_MIGRATING)) {
1049 base = get_timer_base(tf);
1050 raw_spin_lock_irqsave(&base->lock, *flags);
1051 if (timer->flags == tf)
1052 return base;
1053 raw_spin_unlock_irqrestore(&base->lock, *flags);
1054 }
1055 cpu_relax();
1056 }
1057}
1058
1059#define MOD_TIMER_PENDING_ONLY 0x01
1060#define MOD_TIMER_REDUCE 0x02
1061#define MOD_TIMER_NOTPENDING 0x04
1062
1063static inline int
1064__mod_timer(struct timer_list *timer, unsigned long expires, unsigned int options)
1065{
1066 unsigned long clk = 0, flags, bucket_expiry;
1067 struct timer_base *base, *new_base;
1068 unsigned int idx = UINT_MAX;
1069 int ret = 0;
1070
1071 debug_assert_init(timer);
1072
1073 /*
1074 * This is a common optimization triggered by the networking code - if
1075 * the timer is re-modified to have the same timeout or ends up in the
1076 * same array bucket then just return:
1077 */
1078 if (!(options & MOD_TIMER_NOTPENDING) && timer_pending(timer)) {
1079 /*
1080 * The downside of this optimization is that it can result in
1081 * larger granularity than you would get from adding a new
1082 * timer with this expiry.
1083 */
1084 long diff = timer->expires - expires;
1085
1086 if (!diff)
1087 return 1;
1088 if (options & MOD_TIMER_REDUCE && diff <= 0)
1089 return 1;
1090
1091 /*
1092 * We lock timer base and calculate the bucket index right
1093 * here. If the timer ends up in the same bucket, then we
1094 * just update the expiry time and avoid the whole
1095 * dequeue/enqueue dance.
1096 */
1097 base = lock_timer_base(timer, &flags);
1098 /*
1099 * Has @timer been shutdown? This needs to be evaluated
1100 * while holding base lock to prevent a race against the
1101 * shutdown code.
1102 */
1103 if (!timer->function)
1104 goto out_unlock;
1105
1106 forward_timer_base(base);
1107
1108 if (timer_pending(timer) && (options & MOD_TIMER_REDUCE) &&
1109 time_before_eq(timer->expires, expires)) {
1110 ret = 1;
1111 goto out_unlock;
1112 }
1113
1114 clk = base->clk;
1115 idx = calc_wheel_index(expires, clk, &bucket_expiry);
1116
1117 /*
1118 * Retrieve and compare the array index of the pending
1119 * timer. If it matches set the expiry to the new value so a
1120 * subsequent call will exit in the expires check above.
1121 */
1122 if (idx == timer_get_idx(timer)) {
1123 if (!(options & MOD_TIMER_REDUCE))
1124 timer->expires = expires;
1125 else if (time_after(timer->expires, expires))
1126 timer->expires = expires;
1127 ret = 1;
1128 goto out_unlock;
1129 }
1130 } else {
1131 base = lock_timer_base(timer, &flags);
1132 /*
1133 * Has @timer been shutdown? This needs to be evaluated
1134 * while holding base lock to prevent a race against the
1135 * shutdown code.
1136 */
1137 if (!timer->function)
1138 goto out_unlock;
1139
1140 forward_timer_base(base);
1141 }
1142
1143 ret = detach_if_pending(timer, base, false);
1144 if (!ret && (options & MOD_TIMER_PENDING_ONLY))
1145 goto out_unlock;
1146
1147 new_base = get_timer_this_cpu_base(timer->flags);
1148
1149 if (base != new_base) {
1150 /*
1151 * We are trying to schedule the timer on the new base.
1152 * However we can't change timer's base while it is running,
1153 * otherwise timer_delete_sync() can't detect that the timer's
1154 * handler yet has not finished. This also guarantees that the
1155 * timer is serialized wrt itself.
1156 */
1157 if (likely(base->running_timer != timer)) {
1158 /* See the comment in lock_timer_base() */
1159 timer->flags |= TIMER_MIGRATING;
1160
1161 raw_spin_unlock(&base->lock);
1162 base = new_base;
1163 raw_spin_lock(&base->lock);
1164 WRITE_ONCE(timer->flags,
1165 (timer->flags & ~TIMER_BASEMASK) | base->cpu);
1166 forward_timer_base(base);
1167 }
1168 }
1169
1170 debug_timer_activate(timer);
1171
1172 timer->expires = expires;
1173 /*
1174 * If 'idx' was calculated above and the base time did not advance
1175 * between calculating 'idx' and possibly switching the base, only
1176 * enqueue_timer() is required. Otherwise we need to (re)calculate
1177 * the wheel index via internal_add_timer().
1178 */
1179 if (idx != UINT_MAX && clk == base->clk)
1180 enqueue_timer(base, timer, idx, bucket_expiry);
1181 else
1182 internal_add_timer(base, timer);
1183
1184out_unlock:
1185 raw_spin_unlock_irqrestore(&base->lock, flags);
1186
1187 return ret;
1188}
1189
1190/**
1191 * mod_timer_pending - Modify a pending timer's timeout
1192 * @timer: The pending timer to be modified
1193 * @expires: New absolute timeout in jiffies
1194 *
1195 * mod_timer_pending() is the same for pending timers as mod_timer(), but
1196 * will not activate inactive timers.
1197 *
1198 * If @timer->function == NULL then the start operation is silently
1199 * discarded.
1200 *
1201 * Return:
1202 * * %0 - The timer was inactive and not modified or was in
1203 * shutdown state and the operation was discarded
1204 * * %1 - The timer was active and requeued to expire at @expires
1205 */
1206int mod_timer_pending(struct timer_list *timer, unsigned long expires)
1207{
1208 return __mod_timer(timer, expires, MOD_TIMER_PENDING_ONLY);
1209}
1210EXPORT_SYMBOL(mod_timer_pending);
1211
1212/**
1213 * mod_timer - Modify a timer's timeout
1214 * @timer: The timer to be modified
1215 * @expires: New absolute timeout in jiffies
1216 *
1217 * mod_timer(timer, expires) is equivalent to:
1218 *
1219 * del_timer(timer); timer->expires = expires; add_timer(timer);
1220 *
1221 * mod_timer() is more efficient than the above open coded sequence. In
1222 * case that the timer is inactive, the del_timer() part is a NOP. The
1223 * timer is in any case activated with the new expiry time @expires.
1224 *
1225 * Note that if there are multiple unserialized concurrent users of the
1226 * same timer, then mod_timer() is the only safe way to modify the timeout,
1227 * since add_timer() cannot modify an already running timer.
1228 *
1229 * If @timer->function == NULL then the start operation is silently
1230 * discarded. In this case the return value is 0 and meaningless.
1231 *
1232 * Return:
1233 * * %0 - The timer was inactive and started or was in shutdown
1234 * state and the operation was discarded
1235 * * %1 - The timer was active and requeued to expire at @expires or
1236 * the timer was active and not modified because @expires did
1237 * not change the effective expiry time
1238 */
1239int mod_timer(struct timer_list *timer, unsigned long expires)
1240{
1241 return __mod_timer(timer, expires, 0);
1242}
1243EXPORT_SYMBOL(mod_timer);
1244
1245/**
1246 * timer_reduce - Modify a timer's timeout if it would reduce the timeout
1247 * @timer: The timer to be modified
1248 * @expires: New absolute timeout in jiffies
1249 *
1250 * timer_reduce() is very similar to mod_timer(), except that it will only
1251 * modify an enqueued timer if that would reduce the expiration time. If
1252 * @timer is not enqueued it starts the timer.
1253 *
1254 * If @timer->function == NULL then the start operation is silently
1255 * discarded.
1256 *
1257 * Return:
1258 * * %0 - The timer was inactive and started or was in shutdown
1259 * state and the operation was discarded
1260 * * %1 - The timer was active and requeued to expire at @expires or
1261 * the timer was active and not modified because @expires
1262 * did not change the effective expiry time such that the
1263 * timer would expire earlier than already scheduled
1264 */
1265int timer_reduce(struct timer_list *timer, unsigned long expires)
1266{
1267 return __mod_timer(timer, expires, MOD_TIMER_REDUCE);
1268}
1269EXPORT_SYMBOL(timer_reduce);
1270
1271/**
1272 * add_timer - Start a timer
1273 * @timer: The timer to be started
1274 *
1275 * Start @timer to expire at @timer->expires in the future. @timer->expires
1276 * is the absolute expiry time measured in 'jiffies'. When the timer expires
1277 * timer->function(timer) will be invoked from soft interrupt context.
1278 *
1279 * The @timer->expires and @timer->function fields must be set prior
1280 * to calling this function.
1281 *
1282 * If @timer->function == NULL then the start operation is silently
1283 * discarded.
1284 *
1285 * If @timer->expires is already in the past @timer will be queued to
1286 * expire at the next timer tick.
1287 *
1288 * This can only operate on an inactive timer. Attempts to invoke this on
1289 * an active timer are rejected with a warning.
1290 */
1291void add_timer(struct timer_list *timer)
1292{
1293 if (WARN_ON_ONCE(timer_pending(timer)))
1294 return;
1295 __mod_timer(timer, timer->expires, MOD_TIMER_NOTPENDING);
1296}
1297EXPORT_SYMBOL(add_timer);
1298
1299/**
1300 * add_timer_local() - Start a timer on the local CPU
1301 * @timer: The timer to be started
1302 *
1303 * Same as add_timer() except that the timer flag TIMER_PINNED is set.
1304 *
1305 * See add_timer() for further details.
1306 */
1307void add_timer_local(struct timer_list *timer)
1308{
1309 if (WARN_ON_ONCE(timer_pending(timer)))
1310 return;
1311 timer->flags |= TIMER_PINNED;
1312 __mod_timer(timer, timer->expires, MOD_TIMER_NOTPENDING);
1313}
1314EXPORT_SYMBOL(add_timer_local);
1315
1316/**
1317 * add_timer_global() - Start a timer without TIMER_PINNED flag set
1318 * @timer: The timer to be started
1319 *
1320 * Same as add_timer() except that the timer flag TIMER_PINNED is unset.
1321 *
1322 * See add_timer() for further details.
1323 */
1324void add_timer_global(struct timer_list *timer)
1325{
1326 if (WARN_ON_ONCE(timer_pending(timer)))
1327 return;
1328 timer->flags &= ~TIMER_PINNED;
1329 __mod_timer(timer, timer->expires, MOD_TIMER_NOTPENDING);
1330}
1331EXPORT_SYMBOL(add_timer_global);
1332
1333/**
1334 * add_timer_on - Start a timer on a particular CPU
1335 * @timer: The timer to be started
1336 * @cpu: The CPU to start it on
1337 *
1338 * Same as add_timer() except that it starts the timer on the given CPU and
1339 * the TIMER_PINNED flag is set. When timer shouldn't be a pinned timer in
1340 * the next round, add_timer_global() should be used instead as it unsets
1341 * the TIMER_PINNED flag.
1342 *
1343 * See add_timer() for further details.
1344 */
1345void add_timer_on(struct timer_list *timer, int cpu)
1346{
1347 struct timer_base *new_base, *base;
1348 unsigned long flags;
1349
1350 debug_assert_init(timer);
1351
1352 if (WARN_ON_ONCE(timer_pending(timer)))
1353 return;
1354
1355 /* Make sure timer flags have TIMER_PINNED flag set */
1356 timer->flags |= TIMER_PINNED;
1357
1358 new_base = get_timer_cpu_base(timer->flags, cpu);
1359
1360 /*
1361 * If @timer was on a different CPU, it should be migrated with the
1362 * old base locked to prevent other operations proceeding with the
1363 * wrong base locked. See lock_timer_base().
1364 */
1365 base = lock_timer_base(timer, &flags);
1366 /*
1367 * Has @timer been shutdown? This needs to be evaluated while
1368 * holding base lock to prevent a race against the shutdown code.
1369 */
1370 if (!timer->function)
1371 goto out_unlock;
1372
1373 if (base != new_base) {
1374 timer->flags |= TIMER_MIGRATING;
1375
1376 raw_spin_unlock(&base->lock);
1377 base = new_base;
1378 raw_spin_lock(&base->lock);
1379 WRITE_ONCE(timer->flags,
1380 (timer->flags & ~TIMER_BASEMASK) | cpu);
1381 }
1382 forward_timer_base(base);
1383
1384 debug_timer_activate(timer);
1385 internal_add_timer(base, timer);
1386out_unlock:
1387 raw_spin_unlock_irqrestore(&base->lock, flags);
1388}
1389EXPORT_SYMBOL_GPL(add_timer_on);
1390
1391/**
1392 * __timer_delete - Internal function: Deactivate a timer
1393 * @timer: The timer to be deactivated
1394 * @shutdown: If true, this indicates that the timer is about to be
1395 * shutdown permanently.
1396 *
1397 * If @shutdown is true then @timer->function is set to NULL under the
1398 * timer base lock which prevents further rearming of the time. In that
1399 * case any attempt to rearm @timer after this function returns will be
1400 * silently ignored.
1401 *
1402 * Return:
1403 * * %0 - The timer was not pending
1404 * * %1 - The timer was pending and deactivated
1405 */
1406static int __timer_delete(struct timer_list *timer, bool shutdown)
1407{
1408 struct timer_base *base;
1409 unsigned long flags;
1410 int ret = 0;
1411
1412 debug_assert_init(timer);
1413
1414 /*
1415 * If @shutdown is set then the lock has to be taken whether the
1416 * timer is pending or not to protect against a concurrent rearm
1417 * which might hit between the lockless pending check and the lock
1418 * acquisition. By taking the lock it is ensured that such a newly
1419 * enqueued timer is dequeued and cannot end up with
1420 * timer->function == NULL in the expiry code.
1421 *
1422 * If timer->function is currently executed, then this makes sure
1423 * that the callback cannot requeue the timer.
1424 */
1425 if (timer_pending(timer) || shutdown) {
1426 base = lock_timer_base(timer, &flags);
1427 ret = detach_if_pending(timer, base, true);
1428 if (shutdown)
1429 timer->function = NULL;
1430 raw_spin_unlock_irqrestore(&base->lock, flags);
1431 }
1432
1433 return ret;
1434}
1435
1436/**
1437 * timer_delete - Deactivate a timer
1438 * @timer: The timer to be deactivated
1439 *
1440 * The function only deactivates a pending timer, but contrary to
1441 * timer_delete_sync() it does not take into account whether the timer's
1442 * callback function is concurrently executed on a different CPU or not.
1443 * It neither prevents rearming of the timer. If @timer can be rearmed
1444 * concurrently then the return value of this function is meaningless.
1445 *
1446 * Return:
1447 * * %0 - The timer was not pending
1448 * * %1 - The timer was pending and deactivated
1449 */
1450int timer_delete(struct timer_list *timer)
1451{
1452 return __timer_delete(timer, false);
1453}
1454EXPORT_SYMBOL(timer_delete);
1455
1456/**
1457 * timer_shutdown - Deactivate a timer and prevent rearming
1458 * @timer: The timer to be deactivated
1459 *
1460 * The function does not wait for an eventually running timer callback on a
1461 * different CPU but it prevents rearming of the timer. Any attempt to arm
1462 * @timer after this function returns will be silently ignored.
1463 *
1464 * This function is useful for teardown code and should only be used when
1465 * timer_shutdown_sync() cannot be invoked due to locking or context constraints.
1466 *
1467 * Return:
1468 * * %0 - The timer was not pending
1469 * * %1 - The timer was pending
1470 */
1471int timer_shutdown(struct timer_list *timer)
1472{
1473 return __timer_delete(timer, true);
1474}
1475EXPORT_SYMBOL_GPL(timer_shutdown);
1476
1477/**
1478 * __try_to_del_timer_sync - Internal function: Try to deactivate a timer
1479 * @timer: Timer to deactivate
1480 * @shutdown: If true, this indicates that the timer is about to be
1481 * shutdown permanently.
1482 *
1483 * If @shutdown is true then @timer->function is set to NULL under the
1484 * timer base lock which prevents further rearming of the timer. Any
1485 * attempt to rearm @timer after this function returns will be silently
1486 * ignored.
1487 *
1488 * This function cannot guarantee that the timer cannot be rearmed
1489 * right after dropping the base lock if @shutdown is false. That
1490 * needs to be prevented by the calling code if necessary.
1491 *
1492 * Return:
1493 * * %0 - The timer was not pending
1494 * * %1 - The timer was pending and deactivated
1495 * * %-1 - The timer callback function is running on a different CPU
1496 */
1497static int __try_to_del_timer_sync(struct timer_list *timer, bool shutdown)
1498{
1499 struct timer_base *base;
1500 unsigned long flags;
1501 int ret = -1;
1502
1503 debug_assert_init(timer);
1504
1505 base = lock_timer_base(timer, &flags);
1506
1507 if (base->running_timer != timer)
1508 ret = detach_if_pending(timer, base, true);
1509 if (shutdown)
1510 timer->function = NULL;
1511
1512 raw_spin_unlock_irqrestore(&base->lock, flags);
1513
1514 return ret;
1515}
1516
1517/**
1518 * try_to_del_timer_sync - Try to deactivate a timer
1519 * @timer: Timer to deactivate
1520 *
1521 * This function tries to deactivate a timer. On success the timer is not
1522 * queued and the timer callback function is not running on any CPU.
1523 *
1524 * This function does not guarantee that the timer cannot be rearmed right
1525 * after dropping the base lock. That needs to be prevented by the calling
1526 * code if necessary.
1527 *
1528 * Return:
1529 * * %0 - The timer was not pending
1530 * * %1 - The timer was pending and deactivated
1531 * * %-1 - The timer callback function is running on a different CPU
1532 */
1533int try_to_del_timer_sync(struct timer_list *timer)
1534{
1535 return __try_to_del_timer_sync(timer, false);
1536}
1537EXPORT_SYMBOL(try_to_del_timer_sync);
1538
1539#ifdef CONFIG_PREEMPT_RT
1540static __init void timer_base_init_expiry_lock(struct timer_base *base)
1541{
1542 spin_lock_init(&base->expiry_lock);
1543}
1544
1545static inline void timer_base_lock_expiry(struct timer_base *base)
1546{
1547 spin_lock(&base->expiry_lock);
1548}
1549
1550static inline void timer_base_unlock_expiry(struct timer_base *base)
1551{
1552 spin_unlock(&base->expiry_lock);
1553}
1554
1555/*
1556 * The counterpart to del_timer_wait_running().
1557 *
1558 * If there is a waiter for base->expiry_lock, then it was waiting for the
1559 * timer callback to finish. Drop expiry_lock and reacquire it. That allows
1560 * the waiter to acquire the lock and make progress.
1561 */
1562static void timer_sync_wait_running(struct timer_base *base)
1563 __releases(&base->lock) __releases(&base->expiry_lock)
1564 __acquires(&base->expiry_lock) __acquires(&base->lock)
1565{
1566 if (atomic_read(&base->timer_waiters)) {
1567 raw_spin_unlock_irq(&base->lock);
1568 spin_unlock(&base->expiry_lock);
1569 spin_lock(&base->expiry_lock);
1570 raw_spin_lock_irq(&base->lock);
1571 }
1572}
1573
1574/*
1575 * This function is called on PREEMPT_RT kernels when the fast path
1576 * deletion of a timer failed because the timer callback function was
1577 * running.
1578 *
1579 * This prevents priority inversion, if the softirq thread on a remote CPU
1580 * got preempted, and it prevents a life lock when the task which tries to
1581 * delete a timer preempted the softirq thread running the timer callback
1582 * function.
1583 */
1584static void del_timer_wait_running(struct timer_list *timer)
1585{
1586 u32 tf;
1587
1588 tf = READ_ONCE(timer->flags);
1589 if (!(tf & (TIMER_MIGRATING | TIMER_IRQSAFE))) {
1590 struct timer_base *base = get_timer_base(tf);
1591
1592 /*
1593 * Mark the base as contended and grab the expiry lock,
1594 * which is held by the softirq across the timer
1595 * callback. Drop the lock immediately so the softirq can
1596 * expire the next timer. In theory the timer could already
1597 * be running again, but that's more than unlikely and just
1598 * causes another wait loop.
1599 */
1600 atomic_inc(&base->timer_waiters);
1601 spin_lock_bh(&base->expiry_lock);
1602 atomic_dec(&base->timer_waiters);
1603 spin_unlock_bh(&base->expiry_lock);
1604 }
1605}
1606#else
1607static inline void timer_base_init_expiry_lock(struct timer_base *base) { }
1608static inline void timer_base_lock_expiry(struct timer_base *base) { }
1609static inline void timer_base_unlock_expiry(struct timer_base *base) { }
1610static inline void timer_sync_wait_running(struct timer_base *base) { }
1611static inline void del_timer_wait_running(struct timer_list *timer) { }
1612#endif
1613
1614/**
1615 * __timer_delete_sync - Internal function: Deactivate a timer and wait
1616 * for the handler to finish.
1617 * @timer: The timer to be deactivated
1618 * @shutdown: If true, @timer->function will be set to NULL under the
1619 * timer base lock which prevents rearming of @timer
1620 *
1621 * If @shutdown is not set the timer can be rearmed later. If the timer can
1622 * be rearmed concurrently, i.e. after dropping the base lock then the
1623 * return value is meaningless.
1624 *
1625 * If @shutdown is set then @timer->function is set to NULL under timer
1626 * base lock which prevents rearming of the timer. Any attempt to rearm
1627 * a shutdown timer is silently ignored.
1628 *
1629 * If the timer should be reused after shutdown it has to be initialized
1630 * again.
1631 *
1632 * Return:
1633 * * %0 - The timer was not pending
1634 * * %1 - The timer was pending and deactivated
1635 */
1636static int __timer_delete_sync(struct timer_list *timer, bool shutdown)
1637{
1638 int ret;
1639
1640#ifdef CONFIG_LOCKDEP
1641 unsigned long flags;
1642
1643 /*
1644 * If lockdep gives a backtrace here, please reference
1645 * the synchronization rules above.
1646 */
1647 local_irq_save(flags);
1648 lock_map_acquire(&timer->lockdep_map);
1649 lock_map_release(&timer->lockdep_map);
1650 local_irq_restore(flags);
1651#endif
1652 /*
1653 * don't use it in hardirq context, because it
1654 * could lead to deadlock.
1655 */
1656 WARN_ON(in_hardirq() && !(timer->flags & TIMER_IRQSAFE));
1657
1658 /*
1659 * Must be able to sleep on PREEMPT_RT because of the slowpath in
1660 * del_timer_wait_running().
1661 */
1662 if (IS_ENABLED(CONFIG_PREEMPT_RT) && !(timer->flags & TIMER_IRQSAFE))
1663 lockdep_assert_preemption_enabled();
1664
1665 do {
1666 ret = __try_to_del_timer_sync(timer, shutdown);
1667
1668 if (unlikely(ret < 0)) {
1669 del_timer_wait_running(timer);
1670 cpu_relax();
1671 }
1672 } while (ret < 0);
1673
1674 return ret;
1675}
1676
1677/**
1678 * timer_delete_sync - Deactivate a timer and wait for the handler to finish.
1679 * @timer: The timer to be deactivated
1680 *
1681 * Synchronization rules: Callers must prevent restarting of the timer,
1682 * otherwise this function is meaningless. It must not be called from
1683 * interrupt contexts unless the timer is an irqsafe one. The caller must
1684 * not hold locks which would prevent completion of the timer's callback
1685 * function. The timer's handler must not call add_timer_on(). Upon exit
1686 * the timer is not queued and the handler is not running on any CPU.
1687 *
1688 * For !irqsafe timers, the caller must not hold locks that are held in
1689 * interrupt context. Even if the lock has nothing to do with the timer in
1690 * question. Here's why::
1691 *
1692 * CPU0 CPU1
1693 * ---- ----
1694 * <SOFTIRQ>
1695 * call_timer_fn();
1696 * base->running_timer = mytimer;
1697 * spin_lock_irq(somelock);
1698 * <IRQ>
1699 * spin_lock(somelock);
1700 * timer_delete_sync(mytimer);
1701 * while (base->running_timer == mytimer);
1702 *
1703 * Now timer_delete_sync() will never return and never release somelock.
1704 * The interrupt on the other CPU is waiting to grab somelock but it has
1705 * interrupted the softirq that CPU0 is waiting to finish.
1706 *
1707 * This function cannot guarantee that the timer is not rearmed again by
1708 * some concurrent or preempting code, right after it dropped the base
1709 * lock. If there is the possibility of a concurrent rearm then the return
1710 * value of the function is meaningless.
1711 *
1712 * If such a guarantee is needed, e.g. for teardown situations then use
1713 * timer_shutdown_sync() instead.
1714 *
1715 * Return:
1716 * * %0 - The timer was not pending
1717 * * %1 - The timer was pending and deactivated
1718 */
1719int timer_delete_sync(struct timer_list *timer)
1720{
1721 return __timer_delete_sync(timer, false);
1722}
1723EXPORT_SYMBOL(timer_delete_sync);
1724
1725/**
1726 * timer_shutdown_sync - Shutdown a timer and prevent rearming
1727 * @timer: The timer to be shutdown
1728 *
1729 * When the function returns it is guaranteed that:
1730 * - @timer is not queued
1731 * - The callback function of @timer is not running
1732 * - @timer cannot be enqueued again. Any attempt to rearm
1733 * @timer is silently ignored.
1734 *
1735 * See timer_delete_sync() for synchronization rules.
1736 *
1737 * This function is useful for final teardown of an infrastructure where
1738 * the timer is subject to a circular dependency problem.
1739 *
1740 * A common pattern for this is a timer and a workqueue where the timer can
1741 * schedule work and work can arm the timer. On shutdown the workqueue must
1742 * be destroyed and the timer must be prevented from rearming. Unless the
1743 * code has conditionals like 'if (mything->in_shutdown)' to prevent that
1744 * there is no way to get this correct with timer_delete_sync().
1745 *
1746 * timer_shutdown_sync() is solving the problem. The correct ordering of
1747 * calls in this case is:
1748 *
1749 * timer_shutdown_sync(&mything->timer);
1750 * workqueue_destroy(&mything->workqueue);
1751 *
1752 * After this 'mything' can be safely freed.
1753 *
1754 * This obviously implies that the timer is not required to be functional
1755 * for the rest of the shutdown operation.
1756 *
1757 * Return:
1758 * * %0 - The timer was not pending
1759 * * %1 - The timer was pending
1760 */
1761int timer_shutdown_sync(struct timer_list *timer)
1762{
1763 return __timer_delete_sync(timer, true);
1764}
1765EXPORT_SYMBOL_GPL(timer_shutdown_sync);
1766
1767static void call_timer_fn(struct timer_list *timer,
1768 void (*fn)(struct timer_list *),
1769 unsigned long baseclk)
1770{
1771 int count = preempt_count();
1772
1773#ifdef CONFIG_LOCKDEP
1774 /*
1775 * It is permissible to free the timer from inside the
1776 * function that is called from it, this we need to take into
1777 * account for lockdep too. To avoid bogus "held lock freed"
1778 * warnings as well as problems when looking into
1779 * timer->lockdep_map, make a copy and use that here.
1780 */
1781 struct lockdep_map lockdep_map;
1782
1783 lockdep_copy_map(&lockdep_map, &timer->lockdep_map);
1784#endif
1785 /*
1786 * Couple the lock chain with the lock chain at
1787 * timer_delete_sync() by acquiring the lock_map around the fn()
1788 * call here and in timer_delete_sync().
1789 */
1790 lock_map_acquire(&lockdep_map);
1791
1792 trace_timer_expire_entry(timer, baseclk);
1793 fn(timer);
1794 trace_timer_expire_exit(timer);
1795
1796 lock_map_release(&lockdep_map);
1797
1798 if (count != preempt_count()) {
1799 WARN_ONCE(1, "timer: %pS preempt leak: %08x -> %08x\n",
1800 fn, count, preempt_count());
1801 /*
1802 * Restore the preempt count. That gives us a decent
1803 * chance to survive and extract information. If the
1804 * callback kept a lock held, bad luck, but not worse
1805 * than the BUG() we had.
1806 */
1807 preempt_count_set(count);
1808 }
1809}
1810
1811static void expire_timers(struct timer_base *base, struct hlist_head *head)
1812{
1813 /*
1814 * This value is required only for tracing. base->clk was
1815 * incremented directly before expire_timers was called. But expiry
1816 * is related to the old base->clk value.
1817 */
1818 unsigned long baseclk = base->clk - 1;
1819
1820 while (!hlist_empty(head)) {
1821 struct timer_list *timer;
1822 void (*fn)(struct timer_list *);
1823
1824 timer = hlist_entry(head->first, struct timer_list, entry);
1825
1826 base->running_timer = timer;
1827 detach_timer(timer, true);
1828
1829 fn = timer->function;
1830
1831 if (WARN_ON_ONCE(!fn)) {
1832 /* Should never happen. Emphasis on should! */
1833 base->running_timer = NULL;
1834 continue;
1835 }
1836
1837 if (timer->flags & TIMER_IRQSAFE) {
1838 raw_spin_unlock(&base->lock);
1839 call_timer_fn(timer, fn, baseclk);
1840 raw_spin_lock(&base->lock);
1841 base->running_timer = NULL;
1842 } else {
1843 raw_spin_unlock_irq(&base->lock);
1844 call_timer_fn(timer, fn, baseclk);
1845 raw_spin_lock_irq(&base->lock);
1846 base->running_timer = NULL;
1847 timer_sync_wait_running(base);
1848 }
1849 }
1850}
1851
1852static int collect_expired_timers(struct timer_base *base,
1853 struct hlist_head *heads)
1854{
1855 unsigned long clk = base->clk = base->next_expiry;
1856 struct hlist_head *vec;
1857 int i, levels = 0;
1858 unsigned int idx;
1859
1860 for (i = 0; i < LVL_DEPTH; i++) {
1861 idx = (clk & LVL_MASK) + i * LVL_SIZE;
1862
1863 if (__test_and_clear_bit(idx, base->pending_map)) {
1864 vec = base->vectors + idx;
1865 hlist_move_list(vec, heads++);
1866 levels++;
1867 }
1868 /* Is it time to look at the next level? */
1869 if (clk & LVL_CLK_MASK)
1870 break;
1871 /* Shift clock for the next level granularity */
1872 clk >>= LVL_CLK_SHIFT;
1873 }
1874 return levels;
1875}
1876
1877/*
1878 * Find the next pending bucket of a level. Search from level start (@offset)
1879 * + @clk upwards and if nothing there, search from start of the level
1880 * (@offset) up to @offset + clk.
1881 */
1882static int next_pending_bucket(struct timer_base *base, unsigned offset,
1883 unsigned clk)
1884{
1885 unsigned pos, start = offset + clk;
1886 unsigned end = offset + LVL_SIZE;
1887
1888 pos = find_next_bit(base->pending_map, end, start);
1889 if (pos < end)
1890 return pos - start;
1891
1892 pos = find_next_bit(base->pending_map, start, offset);
1893 return pos < start ? pos + LVL_SIZE - start : -1;
1894}
1895
1896/*
1897 * Search the first expiring timer in the various clock levels. Caller must
1898 * hold base->lock.
1899 *
1900 * Store next expiry time in base->next_expiry.
1901 */
1902static void timer_recalc_next_expiry(struct timer_base *base)
1903{
1904 unsigned long clk, next, adj;
1905 unsigned lvl, offset = 0;
1906
1907 next = base->clk + NEXT_TIMER_MAX_DELTA;
1908 clk = base->clk;
1909 for (lvl = 0; lvl < LVL_DEPTH; lvl++, offset += LVL_SIZE) {
1910 int pos = next_pending_bucket(base, offset, clk & LVL_MASK);
1911 unsigned long lvl_clk = clk & LVL_CLK_MASK;
1912
1913 if (pos >= 0) {
1914 unsigned long tmp = clk + (unsigned long) pos;
1915
1916 tmp <<= LVL_SHIFT(lvl);
1917 if (time_before(tmp, next))
1918 next = tmp;
1919
1920 /*
1921 * If the next expiration happens before we reach
1922 * the next level, no need to check further.
1923 */
1924 if (pos <= ((LVL_CLK_DIV - lvl_clk) & LVL_CLK_MASK))
1925 break;
1926 }
1927 /*
1928 * Clock for the next level. If the current level clock lower
1929 * bits are zero, we look at the next level as is. If not we
1930 * need to advance it by one because that's going to be the
1931 * next expiring bucket in that level. base->clk is the next
1932 * expiring jiffy. So in case of:
1933 *
1934 * LVL5 LVL4 LVL3 LVL2 LVL1 LVL0
1935 * 0 0 0 0 0 0
1936 *
1937 * we have to look at all levels @index 0. With
1938 *
1939 * LVL5 LVL4 LVL3 LVL2 LVL1 LVL0
1940 * 0 0 0 0 0 2
1941 *
1942 * LVL0 has the next expiring bucket @index 2. The upper
1943 * levels have the next expiring bucket @index 1.
1944 *
1945 * In case that the propagation wraps the next level the same
1946 * rules apply:
1947 *
1948 * LVL5 LVL4 LVL3 LVL2 LVL1 LVL0
1949 * 0 0 0 0 F 2
1950 *
1951 * So after looking at LVL0 we get:
1952 *
1953 * LVL5 LVL4 LVL3 LVL2 LVL1
1954 * 0 0 0 1 0
1955 *
1956 * So no propagation from LVL1 to LVL2 because that happened
1957 * with the add already, but then we need to propagate further
1958 * from LVL2 to LVL3.
1959 *
1960 * So the simple check whether the lower bits of the current
1961 * level are 0 or not is sufficient for all cases.
1962 */
1963 adj = lvl_clk ? 1 : 0;
1964 clk >>= LVL_CLK_SHIFT;
1965 clk += adj;
1966 }
1967
1968 WRITE_ONCE(base->next_expiry, next);
1969 base->next_expiry_recalc = false;
1970 base->timers_pending = !(next == base->clk + NEXT_TIMER_MAX_DELTA);
1971}
1972
1973#ifdef CONFIG_NO_HZ_COMMON
1974/*
1975 * Check, if the next hrtimer event is before the next timer wheel
1976 * event:
1977 */
1978static u64 cmp_next_hrtimer_event(u64 basem, u64 expires)
1979{
1980 u64 nextevt = hrtimer_get_next_event();
1981
1982 /*
1983 * If high resolution timers are enabled
1984 * hrtimer_get_next_event() returns KTIME_MAX.
1985 */
1986 if (expires <= nextevt)
1987 return expires;
1988
1989 /*
1990 * If the next timer is already expired, return the tick base
1991 * time so the tick is fired immediately.
1992 */
1993 if (nextevt <= basem)
1994 return basem;
1995
1996 /*
1997 * Round up to the next jiffy. High resolution timers are
1998 * off, so the hrtimers are expired in the tick and we need to
1999 * make sure that this tick really expires the timer to avoid
2000 * a ping pong of the nohz stop code.
2001 *
2002 * Use DIV_ROUND_UP_ULL to prevent gcc calling __divdi3
2003 */
2004 return DIV_ROUND_UP_ULL(nextevt, TICK_NSEC) * TICK_NSEC;
2005}
2006
2007static unsigned long next_timer_interrupt(struct timer_base *base,
2008 unsigned long basej)
2009{
2010 if (base->next_expiry_recalc)
2011 timer_recalc_next_expiry(base);
2012
2013 /*
2014 * Move next_expiry for the empty base into the future to prevent an
2015 * unnecessary raise of the timer softirq when the next_expiry value
2016 * will be reached even if there is no timer pending.
2017 *
2018 * This update is also required to make timer_base::next_expiry values
2019 * easy comparable to find out which base holds the first pending timer.
2020 */
2021 if (!base->timers_pending)
2022 WRITE_ONCE(base->next_expiry, basej + NEXT_TIMER_MAX_DELTA);
2023
2024 return base->next_expiry;
2025}
2026
2027static unsigned long fetch_next_timer_interrupt(unsigned long basej, u64 basem,
2028 struct timer_base *base_local,
2029 struct timer_base *base_global,
2030 struct timer_events *tevt)
2031{
2032 unsigned long nextevt, nextevt_local, nextevt_global;
2033 bool local_first;
2034
2035 nextevt_local = next_timer_interrupt(base_local, basej);
2036 nextevt_global = next_timer_interrupt(base_global, basej);
2037
2038 local_first = time_before_eq(nextevt_local, nextevt_global);
2039
2040 nextevt = local_first ? nextevt_local : nextevt_global;
2041
2042 /*
2043 * If the @nextevt is at max. one tick away, use @nextevt and store
2044 * it in the local expiry value. The next global event is irrelevant in
2045 * this case and can be left as KTIME_MAX.
2046 */
2047 if (time_before_eq(nextevt, basej + 1)) {
2048 /* If we missed a tick already, force 0 delta */
2049 if (time_before(nextevt, basej))
2050 nextevt = basej;
2051 tevt->local = basem + (u64)(nextevt - basej) * TICK_NSEC;
2052
2053 /*
2054 * This is required for the remote check only but it doesn't
2055 * hurt, when it is done for both call sites:
2056 *
2057 * * The remote callers will only take care of the global timers
2058 * as local timers will be handled by CPU itself. When not
2059 * updating tevt->global with the already missed first global
2060 * timer, it is possible that it will be missed completely.
2061 *
2062 * * The local callers will ignore the tevt->global anyway, when
2063 * nextevt is max. one tick away.
2064 */
2065 if (!local_first)
2066 tevt->global = tevt->local;
2067 return nextevt;
2068 }
2069
2070 /*
2071 * Update tevt.* values:
2072 *
2073 * If the local queue expires first, then the global event can be
2074 * ignored. If the global queue is empty, nothing to do either.
2075 */
2076 if (!local_first && base_global->timers_pending)
2077 tevt->global = basem + (u64)(nextevt_global - basej) * TICK_NSEC;
2078
2079 if (base_local->timers_pending)
2080 tevt->local = basem + (u64)(nextevt_local - basej) * TICK_NSEC;
2081
2082 return nextevt;
2083}
2084
2085# ifdef CONFIG_SMP
2086/**
2087 * fetch_next_timer_interrupt_remote() - Store next timers into @tevt
2088 * @basej: base time jiffies
2089 * @basem: base time clock monotonic
2090 * @tevt: Pointer to the storage for the expiry values
2091 * @cpu: Remote CPU
2092 *
2093 * Stores the next pending local and global timer expiry values in the
2094 * struct pointed to by @tevt. If a queue is empty the corresponding
2095 * field is set to KTIME_MAX. If local event expires before global
2096 * event, global event is set to KTIME_MAX as well.
2097 *
2098 * Caller needs to make sure timer base locks are held (use
2099 * timer_lock_remote_bases() for this purpose).
2100 */
2101void fetch_next_timer_interrupt_remote(unsigned long basej, u64 basem,
2102 struct timer_events *tevt,
2103 unsigned int cpu)
2104{
2105 struct timer_base *base_local, *base_global;
2106
2107 /* Preset local / global events */
2108 tevt->local = tevt->global = KTIME_MAX;
2109
2110 base_local = per_cpu_ptr(&timer_bases[BASE_LOCAL], cpu);
2111 base_global = per_cpu_ptr(&timer_bases[BASE_GLOBAL], cpu);
2112
2113 lockdep_assert_held(&base_local->lock);
2114 lockdep_assert_held(&base_global->lock);
2115
2116 fetch_next_timer_interrupt(basej, basem, base_local, base_global, tevt);
2117}
2118
2119/**
2120 * timer_unlock_remote_bases - unlock timer bases of cpu
2121 * @cpu: Remote CPU
2122 *
2123 * Unlocks the remote timer bases.
2124 */
2125void timer_unlock_remote_bases(unsigned int cpu)
2126 __releases(timer_bases[BASE_LOCAL]->lock)
2127 __releases(timer_bases[BASE_GLOBAL]->lock)
2128{
2129 struct timer_base *base_local, *base_global;
2130
2131 base_local = per_cpu_ptr(&timer_bases[BASE_LOCAL], cpu);
2132 base_global = per_cpu_ptr(&timer_bases[BASE_GLOBAL], cpu);
2133
2134 raw_spin_unlock(&base_global->lock);
2135 raw_spin_unlock(&base_local->lock);
2136}
2137
2138/**
2139 * timer_lock_remote_bases - lock timer bases of cpu
2140 * @cpu: Remote CPU
2141 *
2142 * Locks the remote timer bases.
2143 */
2144void timer_lock_remote_bases(unsigned int cpu)
2145 __acquires(timer_bases[BASE_LOCAL]->lock)
2146 __acquires(timer_bases[BASE_GLOBAL]->lock)
2147{
2148 struct timer_base *base_local, *base_global;
2149
2150 base_local = per_cpu_ptr(&timer_bases[BASE_LOCAL], cpu);
2151 base_global = per_cpu_ptr(&timer_bases[BASE_GLOBAL], cpu);
2152
2153 lockdep_assert_irqs_disabled();
2154
2155 raw_spin_lock(&base_local->lock);
2156 raw_spin_lock_nested(&base_global->lock, SINGLE_DEPTH_NESTING);
2157}
2158
2159/**
2160 * timer_base_is_idle() - Return whether timer base is set idle
2161 *
2162 * Returns value of local timer base is_idle value.
2163 */
2164bool timer_base_is_idle(void)
2165{
2166 return __this_cpu_read(timer_bases[BASE_LOCAL].is_idle);
2167}
2168
2169static void __run_timer_base(struct timer_base *base);
2170
2171/**
2172 * timer_expire_remote() - expire global timers of cpu
2173 * @cpu: Remote CPU
2174 *
2175 * Expire timers of global base of remote CPU.
2176 */
2177void timer_expire_remote(unsigned int cpu)
2178{
2179 struct timer_base *base = per_cpu_ptr(&timer_bases[BASE_GLOBAL], cpu);
2180
2181 __run_timer_base(base);
2182}
2183
2184static void timer_use_tmigr(unsigned long basej, u64 basem,
2185 unsigned long *nextevt, bool *tick_stop_path,
2186 bool timer_base_idle, struct timer_events *tevt)
2187{
2188 u64 next_tmigr;
2189
2190 if (timer_base_idle)
2191 next_tmigr = tmigr_cpu_new_timer(tevt->global);
2192 else if (tick_stop_path)
2193 next_tmigr = tmigr_cpu_deactivate(tevt->global);
2194 else
2195 next_tmigr = tmigr_quick_check(tevt->global);
2196
2197 /*
2198 * If the CPU is the last going idle in timer migration hierarchy, make
2199 * sure the CPU will wake up in time to handle remote timers.
2200 * next_tmigr == KTIME_MAX if other CPUs are still active.
2201 */
2202 if (next_tmigr < tevt->local) {
2203 u64 tmp;
2204
2205 /* If we missed a tick already, force 0 delta */
2206 if (next_tmigr < basem)
2207 next_tmigr = basem;
2208
2209 tmp = div_u64(next_tmigr - basem, TICK_NSEC);
2210
2211 *nextevt = basej + (unsigned long)tmp;
2212 tevt->local = next_tmigr;
2213 }
2214}
2215# else
2216static void timer_use_tmigr(unsigned long basej, u64 basem,
2217 unsigned long *nextevt, bool *tick_stop_path,
2218 bool timer_base_idle, struct timer_events *tevt)
2219{
2220 /*
2221 * Make sure first event is written into tevt->local to not miss a
2222 * timer on !SMP systems.
2223 */
2224 tevt->local = min_t(u64, tevt->local, tevt->global);
2225}
2226# endif /* CONFIG_SMP */
2227
2228static inline u64 __get_next_timer_interrupt(unsigned long basej, u64 basem,
2229 bool *idle)
2230{
2231 struct timer_events tevt = { .local = KTIME_MAX, .global = KTIME_MAX };
2232 struct timer_base *base_local, *base_global;
2233 unsigned long nextevt;
2234 bool idle_is_possible;
2235
2236 /*
2237 * When the CPU is offline, the tick is cancelled and nothing is supposed
2238 * to try to stop it.
2239 */
2240 if (WARN_ON_ONCE(cpu_is_offline(smp_processor_id()))) {
2241 if (idle)
2242 *idle = true;
2243 return tevt.local;
2244 }
2245
2246 base_local = this_cpu_ptr(&timer_bases[BASE_LOCAL]);
2247 base_global = this_cpu_ptr(&timer_bases[BASE_GLOBAL]);
2248
2249 raw_spin_lock(&base_local->lock);
2250 raw_spin_lock_nested(&base_global->lock, SINGLE_DEPTH_NESTING);
2251
2252 nextevt = fetch_next_timer_interrupt(basej, basem, base_local,
2253 base_global, &tevt);
2254
2255 /*
2256 * If the next event is only one jiffy ahead there is no need to call
2257 * timer migration hierarchy related functions. The value for the next
2258 * global timer in @tevt struct equals then KTIME_MAX. This is also
2259 * true, when the timer base is idle.
2260 *
2261 * The proper timer migration hierarchy function depends on the callsite
2262 * and whether timer base is idle or not. @nextevt will be updated when
2263 * this CPU needs to handle the first timer migration hierarchy
2264 * event. See timer_use_tmigr() for detailed information.
2265 */
2266 idle_is_possible = time_after(nextevt, basej + 1);
2267 if (idle_is_possible)
2268 timer_use_tmigr(basej, basem, &nextevt, idle,
2269 base_local->is_idle, &tevt);
2270
2271 /*
2272 * We have a fresh next event. Check whether we can forward the
2273 * base.
2274 */
2275 __forward_timer_base(base_local, basej);
2276 __forward_timer_base(base_global, basej);
2277
2278 /*
2279 * Set base->is_idle only when caller is timer_base_try_to_set_idle()
2280 */
2281 if (idle) {
2282 /*
2283 * Bases are idle if the next event is more than a tick
2284 * away. Caution: @nextevt could have changed by enqueueing a
2285 * global timer into timer migration hierarchy. Therefore a new
2286 * check is required here.
2287 *
2288 * If the base is marked idle then any timer add operation must
2289 * forward the base clk itself to keep granularity small. This
2290 * idle logic is only maintained for the BASE_LOCAL and
2291 * BASE_GLOBAL base, deferrable timers may still see large
2292 * granularity skew (by design).
2293 */
2294 if (!base_local->is_idle && time_after(nextevt, basej + 1)) {
2295 base_local->is_idle = true;
2296 /*
2297 * Global timers queued locally while running in a task
2298 * in nohz_full mode need a self-IPI to kick reprogramming
2299 * in IRQ tail.
2300 */
2301 if (tick_nohz_full_cpu(base_local->cpu))
2302 base_global->is_idle = true;
2303 trace_timer_base_idle(true, base_local->cpu);
2304 }
2305 *idle = base_local->is_idle;
2306
2307 /*
2308 * When timer base is not set idle, undo the effect of
2309 * tmigr_cpu_deactivate() to prevent inconsistent states - active
2310 * timer base but inactive timer migration hierarchy.
2311 *
2312 * When timer base was already marked idle, nothing will be
2313 * changed here.
2314 */
2315 if (!base_local->is_idle && idle_is_possible)
2316 tmigr_cpu_activate();
2317 }
2318
2319 raw_spin_unlock(&base_global->lock);
2320 raw_spin_unlock(&base_local->lock);
2321
2322 return cmp_next_hrtimer_event(basem, tevt.local);
2323}
2324
2325/**
2326 * get_next_timer_interrupt() - return the time (clock mono) of the next timer
2327 * @basej: base time jiffies
2328 * @basem: base time clock monotonic
2329 *
2330 * Returns the tick aligned clock monotonic time of the next pending timer or
2331 * KTIME_MAX if no timer is pending. If timer of global base was queued into
2332 * timer migration hierarchy, first global timer is not taken into account. If
2333 * it was the last CPU of timer migration hierarchy going idle, first global
2334 * event is taken into account.
2335 */
2336u64 get_next_timer_interrupt(unsigned long basej, u64 basem)
2337{
2338 return __get_next_timer_interrupt(basej, basem, NULL);
2339}
2340
2341/**
2342 * timer_base_try_to_set_idle() - Try to set the idle state of the timer bases
2343 * @basej: base time jiffies
2344 * @basem: base time clock monotonic
2345 * @idle: pointer to store the value of timer_base->is_idle on return;
2346 * *idle contains the information whether tick was already stopped
2347 *
2348 * Returns the tick aligned clock monotonic time of the next pending timer or
2349 * KTIME_MAX if no timer is pending. When tick was already stopped KTIME_MAX is
2350 * returned as well.
2351 */
2352u64 timer_base_try_to_set_idle(unsigned long basej, u64 basem, bool *idle)
2353{
2354 if (*idle)
2355 return KTIME_MAX;
2356
2357 return __get_next_timer_interrupt(basej, basem, idle);
2358}
2359
2360/**
2361 * timer_clear_idle - Clear the idle state of the timer base
2362 *
2363 * Called with interrupts disabled
2364 */
2365void timer_clear_idle(void)
2366{
2367 /*
2368 * We do this unlocked. The worst outcome is a remote pinned timer
2369 * enqueue sending a pointless IPI, but taking the lock would just
2370 * make the window for sending the IPI a few instructions smaller
2371 * for the cost of taking the lock in the exit from idle
2372 * path. Required for BASE_LOCAL only.
2373 */
2374 __this_cpu_write(timer_bases[BASE_LOCAL].is_idle, false);
2375 if (tick_nohz_full_cpu(smp_processor_id()))
2376 __this_cpu_write(timer_bases[BASE_GLOBAL].is_idle, false);
2377 trace_timer_base_idle(false, smp_processor_id());
2378
2379 /* Activate without holding the timer_base->lock */
2380 tmigr_cpu_activate();
2381}
2382#endif
2383
2384/**
2385 * __run_timers - run all expired timers (if any) on this CPU.
2386 * @base: the timer vector to be processed.
2387 */
2388static inline void __run_timers(struct timer_base *base)
2389{
2390 struct hlist_head heads[LVL_DEPTH];
2391 int levels;
2392
2393 lockdep_assert_held(&base->lock);
2394
2395 if (base->running_timer)
2396 return;
2397
2398 while (time_after_eq(jiffies, base->clk) &&
2399 time_after_eq(jiffies, base->next_expiry)) {
2400 levels = collect_expired_timers(base, heads);
2401 /*
2402 * The two possible reasons for not finding any expired
2403 * timer at this clk are that all matching timers have been
2404 * dequeued or no timer has been queued since
2405 * base::next_expiry was set to base::clk +
2406 * NEXT_TIMER_MAX_DELTA.
2407 */
2408 WARN_ON_ONCE(!levels && !base->next_expiry_recalc
2409 && base->timers_pending);
2410 /*
2411 * While executing timers, base->clk is set 1 offset ahead of
2412 * jiffies to avoid endless requeuing to current jiffies.
2413 */
2414 base->clk++;
2415 timer_recalc_next_expiry(base);
2416
2417 while (levels--)
2418 expire_timers(base, heads + levels);
2419 }
2420}
2421
2422static void __run_timer_base(struct timer_base *base)
2423{
2424 /* Can race against a remote CPU updating next_expiry under the lock */
2425 if (time_before(jiffies, READ_ONCE(base->next_expiry)))
2426 return;
2427
2428 timer_base_lock_expiry(base);
2429 raw_spin_lock_irq(&base->lock);
2430 __run_timers(base);
2431 raw_spin_unlock_irq(&base->lock);
2432 timer_base_unlock_expiry(base);
2433}
2434
2435static void run_timer_base(int index)
2436{
2437 struct timer_base *base = this_cpu_ptr(&timer_bases[index]);
2438
2439 __run_timer_base(base);
2440}
2441
2442/*
2443 * This function runs timers and the timer-tq in bottom half context.
2444 */
2445static __latent_entropy void run_timer_softirq(void)
2446{
2447 run_timer_base(BASE_LOCAL);
2448 if (IS_ENABLED(CONFIG_NO_HZ_COMMON)) {
2449 run_timer_base(BASE_GLOBAL);
2450 run_timer_base(BASE_DEF);
2451
2452 if (is_timers_nohz_active())
2453 tmigr_handle_remote();
2454 }
2455}
2456
2457/*
2458 * Called by the local, per-CPU timer interrupt on SMP.
2459 */
2460static void run_local_timers(void)
2461{
2462 struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_LOCAL]);
2463
2464 hrtimer_run_queues();
2465
2466 for (int i = 0; i < NR_BASES; i++, base++) {
2467 /*
2468 * Raise the softirq only if required.
2469 *
2470 * timer_base::next_expiry can be written by a remote CPU while
2471 * holding the lock. If this write happens at the same time than
2472 * the lockless local read, sanity checker could complain about
2473 * data corruption.
2474 *
2475 * There are two possible situations where
2476 * timer_base::next_expiry is written by a remote CPU:
2477 *
2478 * 1. Remote CPU expires global timers of this CPU and updates
2479 * timer_base::next_expiry of BASE_GLOBAL afterwards in
2480 * next_timer_interrupt() or timer_recalc_next_expiry(). The
2481 * worst outcome is a superfluous raise of the timer softirq
2482 * when the not yet updated value is read.
2483 *
2484 * 2. A new first pinned timer is enqueued by a remote CPU
2485 * and therefore timer_base::next_expiry of BASE_LOCAL is
2486 * updated. When this update is missed, this isn't a
2487 * problem, as an IPI is executed nevertheless when the CPU
2488 * was idle before. When the CPU wasn't idle but the update
2489 * is missed, then the timer would expire one jiffy late -
2490 * bad luck.
2491 *
2492 * Those unlikely corner cases where the worst outcome is only a
2493 * one jiffy delay or a superfluous raise of the softirq are
2494 * not that expensive as doing the check always while holding
2495 * the lock.
2496 *
2497 * Possible remote writers are using WRITE_ONCE(). Local reader
2498 * uses therefore READ_ONCE().
2499 */
2500 if (time_after_eq(jiffies, READ_ONCE(base->next_expiry)) ||
2501 (i == BASE_DEF && tmigr_requires_handle_remote())) {
2502 raise_timer_softirq(TIMER_SOFTIRQ);
2503 return;
2504 }
2505 }
2506}
2507
2508/*
2509 * Called from the timer interrupt handler to charge one tick to the current
2510 * process. user_tick is 1 if the tick is user time, 0 for system.
2511 */
2512void update_process_times(int user_tick)
2513{
2514 struct task_struct *p = current;
2515
2516 /* Note: this timer irq context must be accounted for as well. */
2517 account_process_tick(p, user_tick);
2518 run_local_timers();
2519 rcu_sched_clock_irq(user_tick);
2520#ifdef CONFIG_IRQ_WORK
2521 if (in_irq())
2522 irq_work_tick();
2523#endif
2524 sched_tick();
2525 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
2526 run_posix_cpu_timers();
2527}
2528
2529#ifdef CONFIG_HOTPLUG_CPU
2530static void migrate_timer_list(struct timer_base *new_base, struct hlist_head *head)
2531{
2532 struct timer_list *timer;
2533 int cpu = new_base->cpu;
2534
2535 while (!hlist_empty(head)) {
2536 timer = hlist_entry(head->first, struct timer_list, entry);
2537 detach_timer(timer, false);
2538 timer->flags = (timer->flags & ~TIMER_BASEMASK) | cpu;
2539 internal_add_timer(new_base, timer);
2540 }
2541}
2542
2543int timers_prepare_cpu(unsigned int cpu)
2544{
2545 struct timer_base *base;
2546 int b;
2547
2548 for (b = 0; b < NR_BASES; b++) {
2549 base = per_cpu_ptr(&timer_bases[b], cpu);
2550 base->clk = jiffies;
2551 base->next_expiry = base->clk + NEXT_TIMER_MAX_DELTA;
2552 base->next_expiry_recalc = false;
2553 base->timers_pending = false;
2554 base->is_idle = false;
2555 }
2556 return 0;
2557}
2558
2559int timers_dead_cpu(unsigned int cpu)
2560{
2561 struct timer_base *old_base;
2562 struct timer_base *new_base;
2563 int b, i;
2564
2565 for (b = 0; b < NR_BASES; b++) {
2566 old_base = per_cpu_ptr(&timer_bases[b], cpu);
2567 new_base = get_cpu_ptr(&timer_bases[b]);
2568 /*
2569 * The caller is globally serialized and nobody else
2570 * takes two locks at once, deadlock is not possible.
2571 */
2572 raw_spin_lock_irq(&new_base->lock);
2573 raw_spin_lock_nested(&old_base->lock, SINGLE_DEPTH_NESTING);
2574
2575 /*
2576 * The current CPUs base clock might be stale. Update it
2577 * before moving the timers over.
2578 */
2579 forward_timer_base(new_base);
2580
2581 WARN_ON_ONCE(old_base->running_timer);
2582 old_base->running_timer = NULL;
2583
2584 for (i = 0; i < WHEEL_SIZE; i++)
2585 migrate_timer_list(new_base, old_base->vectors + i);
2586
2587 raw_spin_unlock(&old_base->lock);
2588 raw_spin_unlock_irq(&new_base->lock);
2589 put_cpu_ptr(&timer_bases);
2590 }
2591 return 0;
2592}
2593
2594#endif /* CONFIG_HOTPLUG_CPU */
2595
2596static void __init init_timer_cpu(int cpu)
2597{
2598 struct timer_base *base;
2599 int i;
2600
2601 for (i = 0; i < NR_BASES; i++) {
2602 base = per_cpu_ptr(&timer_bases[i], cpu);
2603 base->cpu = cpu;
2604 raw_spin_lock_init(&base->lock);
2605 base->clk = jiffies;
2606 base->next_expiry = base->clk + NEXT_TIMER_MAX_DELTA;
2607 timer_base_init_expiry_lock(base);
2608 }
2609}
2610
2611static void __init init_timer_cpus(void)
2612{
2613 int cpu;
2614
2615 for_each_possible_cpu(cpu)
2616 init_timer_cpu(cpu);
2617}
2618
2619void __init init_timers(void)
2620{
2621 init_timer_cpus();
2622 posix_cputimers_init_work();
2623 open_softirq(TIMER_SOFTIRQ, run_timer_softirq);
2624}