Hi
I'm writing a device driver that processes it's requests.
Each request is described by a request structure. There may be arbitary
number of requests pending, so I have a kmem_cache for those objects.
Request processing may include "retry after N usecs" on some conditions, so
I have a struct htrimer embedded into my request structure, and use it to
implement the delay.
When request processing is complete, I deallocate request structure with
kmem_cache_free().
I faced an issue when request processing is complete when running inside
hrtimer callback. I have nothing in my request processing that can't be
done in atomic context - just several device register accesses and
wake_up_interruptible() call. So I thought that I may do everything inside
hrtimer callback. Including kmem_cache_free() the request structure.
But looks like I can't. Hrtimer code does access hrtimer object after
return from callback, even if HRTIMER_NORESTART is returned. So if request
object (that is container of hrtimer object in my case) is deallocated,
slab corruption happens.
Looks like I will have to implement some ugly workaround for that ... like
a "garbage-collector" thread that will do nothing but deallocate requests
from some sort of free list.
I'd like to ask several questions.
- Isn't it a bug that timer object is accessed after it's callback was
called and returned HRTIMER_NORESTART?
- If that is not a bug, then when it is "officially safe" to deallocate
struct hrtimer object?
- Are there any recommendations on how to implement "single-shot" timers
like in my case?
Nikita
On Mon, 7 Dec 2009, Nikita V. Youshchenko wrote:
> - Isn't it a bug that timer object is accessed after it's callback was
> called and returned HRTIMER_NORESTART?
No, it's not. It's deliberately implemented that way.
> - If that is not a bug, then when it is "officially safe" to deallocate
> struct hrtimer object?
When it's neither enqueued nor running the callback. See the other use
sites.
> - Are there any recommendations on how to implement "single-shot" timers
> like in my case?
Well, you wake up something which waits on completion of that request,
right ? Probably the caller which issued the request. Why don't you
free the request in the waiter context after it got woken up ?
Thanks,
tglx