posix-cpu-timers: Provide mechanisms to defer timer handling to task_work

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Running posix CPU timers in hard interrupt context has a few downsides:

- For PREEMPT_RT it cannot work as the expiry code needs to take
sighand lock, which is a 'sleeping spinlock' in RT. The original RT
approach of offloading the posix CPU timer handling into a high
priority thread was clumsy and provided no real benefit in general.

- For fine grained accounting it's just wrong to run this in context of
the timer interrupt because that way a process specific CPU time is
accounted to the timer interrupt.

- Long running timer interrupts caused by a large amount of expiring
timers which can be created and armed by unpriviledged user space.

There is no hard requirement to expire them in interrupt context.

If the signal is targeted at the task itself then it won't be delivered
before the task returns to user space anyway. If the signal is targeted at
a supervisor process then it might be slightly delayed, but posix CPU
timers are inaccurate anyway due to the fact that they are tied to the
tick.

Provide infrastructure to schedule task work which allows splitting the
posix CPU timer code into a quick check in interrupt context and a thread
context expiry and signal delivery function. This has to be enabled by
architectures as it requires that the architecture specific KVM
implementation handles pending task work before exiting to guest mode.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20200730102337.783470146@linutronix.de

authored by

Thomas Gleixner and committed by

Ingo Molnar 5 years ago 1fb497dd 820903c7

+204 -12

5 changed files

expand all

include

linux

posix-timers.h

sched.h

kernel

time

Kconfig

posix-cpu-timers.c

timer.c

+17

include/linux/posix-timers.h

··· 6 6 #include <linux/list.h> 7 7 #include <linux/alarmtimer.h> 8 8 #include <linux/timerqueue.h> 9 + #include <linux/task_work.h> 9 10 10 11 struct kernel_siginfo; 11 12 struct task_struct; ··· 126 125 unsigned int expiry_active; 127 126 }; 128 127 128 + /** 129 + * posix_cputimers_work - Container for task work based posix CPU timer expiry 130 + * @work: The task work to be scheduled 131 + * @scheduled: @work has been scheduled already, no further processing 132 + */ 133 + struct posix_cputimers_work { 134 + struct callback_head work; 135 + unsigned int scheduled; 136 + }; 137 + 129 138 static inline void posix_cputimers_init(struct posix_cputimers *pct) 130 139 { 131 140 memset(pct, 0, sizeof(*pct)); ··· 174 163 static inline void posix_cputimers_init(struct posix_cputimers *pct) { } 175 164 static inline void posix_cputimers_group_init(struct posix_cputimers *pct, 176 165 u64 cpu_limit) { } 166 + #endif 167 + 168 + #ifdef CONFIG_POSIX_CPU_TIMERS_TASK_WORK 169 + void posix_cputimers_init_work(void); 170 + #else 171 + static inline void posix_cputimers_init_work(void) { } 177 172 #endif 178 173 179 174 #define REQUEUE_PENDING 1

include/linux/sched.h

··· 889 889 /* Empty if CONFIG_POSIX_CPUTIMERS=n */ 890 890 struct posix_cputimers posix_cputimers; 891 891 892 + #ifdef CONFIG_POSIX_CPU_TIMERS_TASK_WORK 893 + struct posix_cputimers_work posix_cputimers_work; 894 + #endif 895 + 892 896 /* Process credentials: */ 893 897 894 898 /* Tracer's credentials at attach: */

kernel/time/Kconfig

··· 52 52 config GENERIC_CMOS_UPDATE 53 53 bool 54 54 55 + # Select to handle posix CPU timers from task_work 56 + # and not from the timer interrupt context 57 + config HAVE_POSIX_CPU_TIMERS_TASK_WORK 58 + bool 59 + 60 + config POSIX_CPU_TIMERS_TASK_WORK 61 + bool 62 + default y if POSIX_TIMERS && HAVE_POSIX_CPU_TIMERS_TASK_WORK 63 + 55 64 if GENERIC_CLOCKEVENTS 56 65 menu "Timers subsystem" 57 66

+173 -12

kernel/time/posix-cpu-timers.c

··· 377 377 */ 378 378 static int posix_cpu_timer_create(struct k_itimer *new_timer) 379 379 { 380 + static struct lock_class_key posix_cpu_timers_key; 380 381 struct pid *pid; 381 382 382 383 rcu_read_lock(); ··· 386 385 rcu_read_unlock(); 387 386 return -EINVAL; 388 387 } 388 + 389 + /* 390 + * If posix timer expiry is handled in task work context then 391 + * timer::it_lock can be taken without disabling interrupts as all 392 + * other locking happens in task context. This requires a seperate 393 + * lock class key otherwise regular posix timer expiry would record 394 + * the lock class being taken in interrupt context and generate a 395 + * false positive warning. 396 + */ 397 + if (IS_ENABLED(CONFIG_POSIX_CPU_TIMERS_TASK_WORK)) 398 + lockdep_set_class(&new_timer->it_lock, &posix_cpu_timers_key); 389 399 390 400 new_timer->kclock = &clock_posix_cpu; 391 401 timerqueue_init(&new_timer->it.cpu.node); ··· 1092 1080 return false; 1093 1081 } 1094 1082 1095 - static void __run_posix_cpu_timers(struct task_struct *tsk) 1083 + static void handle_posix_cpu_timers(struct task_struct *tsk); 1084 + 1085 + #ifdef CONFIG_POSIX_CPU_TIMERS_TASK_WORK 1086 + static void posix_cpu_timers_work(struct callback_head *work) 1087 + { 1088 + handle_posix_cpu_timers(current); 1089 + } 1090 + 1091 + /* 1092 + * Initialize posix CPU timers task work in init task. Out of line to 1093 + * keep the callback static and to avoid header recursion hell. 1094 + */ 1095 + void __init posix_cputimers_init_work(void) 1096 + { 1097 + init_task_work(&current->posix_cputimers_work.work, 1098 + posix_cpu_timers_work); 1099 + } 1100 + 1101 + /* 1102 + * Note: All operations on tsk->posix_cputimer_work.scheduled happen either 1103 + * in hard interrupt context or in task context with interrupts 1104 + * disabled. Aside of that the writer/reader interaction is always in the 1105 + * context of the current task, which means they are strict per CPU. 1106 + */ 1107 + static inline bool posix_cpu_timers_work_scheduled(struct task_struct *tsk) 1108 + { 1109 + return tsk->posix_cputimers_work.scheduled; 1110 + } 1111 + 1112 + static inline void __run_posix_cpu_timers(struct task_struct *tsk) 1113 + { 1114 + if (WARN_ON_ONCE(tsk->posix_cputimers_work.scheduled)) 1115 + return; 1116 + 1117 + /* Schedule task work to actually expire the timers */ 1118 + tsk->posix_cputimers_work.scheduled = true; 1119 + task_work_add(tsk, &tsk->posix_cputimers_work.work, TWA_RESUME); 1120 + } 1121 + 1122 + static inline bool posix_cpu_timers_enable_work(struct task_struct *tsk, 1123 + unsigned long start) 1124 + { 1125 + bool ret = true; 1126 + 1127 + /* 1128 + * On !RT kernels interrupts are disabled while collecting expired 1129 + * timers, so no tick can happen and the fast path check can be 1130 + * reenabled without further checks. 1131 + */ 1132 + if (!IS_ENABLED(CONFIG_PREEMPT_RT)) { 1133 + tsk->posix_cputimers_work.scheduled = false; 1134 + return true; 1135 + } 1136 + 1137 + /* 1138 + * On RT enabled kernels ticks can happen while the expired timers 1139 + * are collected under sighand lock. But any tick which observes 1140 + * the CPUTIMERS_WORK_SCHEDULED bit set, does not run the fastpath 1141 + * checks. So reenabling the tick work has do be done carefully: 1142 + * 1143 + * Disable interrupts and run the fast path check if jiffies have 1144 + * advanced since the collecting of expired timers started. If 1145 + * jiffies have not advanced or the fast path check did not find 1146 + * newly expired timers, reenable the fast path check in the timer 1147 + * interrupt. If there are newly expired timers, return false and 1148 + * let the collection loop repeat. 1149 + */ 1150 + local_irq_disable(); 1151 + if (start != jiffies && fastpath_timer_check(tsk)) 1152 + ret = false; 1153 + else 1154 + tsk->posix_cputimers_work.scheduled = false; 1155 + local_irq_enable(); 1156 + 1157 + return ret; 1158 + } 1159 + #else /* CONFIG_POSIX_CPU_TIMERS_TASK_WORK */ 1160 + static inline void __run_posix_cpu_timers(struct task_struct *tsk) 1161 + { 1162 + lockdep_posixtimer_enter(); 1163 + handle_posix_cpu_timers(tsk); 1164 + lockdep_posixtimer_exit(); 1165 + } 1166 + 1167 + static inline bool posix_cpu_timers_work_scheduled(struct task_struct *tsk) 1168 + { 1169 + return false; 1170 + } 1171 + 1172 + static inline bool posix_cpu_timers_enable_work(struct task_struct *tsk, 1173 + unsigned long start) 1174 + { 1175 + return true; 1176 + } 1177 + #endif /* CONFIG_POSIX_CPU_TIMERS_TASK_WORK */ 1178 + 1179 + static void handle_posix_cpu_timers(struct task_struct *tsk) 1096 1180 { 1097 1181 struct k_itimer *timer, *next; 1098 - unsigned long flags; 1182 + unsigned long flags, start; 1099 1183 LIST_HEAD(firing); 1100 1184 1101 1185 if (!lock_task_sighand(tsk, &flags)) 1102 1186 return; 1103 1187 1104 - /* 1105 - * Here we take off tsk->signal->cpu_timers[N] and 1106 - * tsk->cpu_timers[N] all the timers that are firing, and 1107 - * put them on the firing list. 1108 - */ 1109 - check_thread_timers(tsk, &firing); 1188 + do { 1189 + /* 1190 + * On RT locking sighand lock does not disable interrupts, 1191 + * so this needs to be careful vs. ticks. Store the current 1192 + * jiffies value. 1193 + */ 1194 + start = READ_ONCE(jiffies); 1195 + barrier(); 1110 1196 1111 - check_process_timers(tsk, &firing); 1197 + /* 1198 + * Here we take off tsk->signal->cpu_timers[N] and 1199 + * tsk->cpu_timers[N] all the timers that are firing, and 1200 + * put them on the firing list. 1201 + */ 1202 + check_thread_timers(tsk, &firing); 1203 + 1204 + check_process_timers(tsk, &firing); 1205 + 1206 + /* 1207 + * The above timer checks have updated the exipry cache and 1208 + * because nothing can have queued or modified timers after 1209 + * sighand lock was taken above it is guaranteed to be 1210 + * consistent. So the next timer interrupt fastpath check 1211 + * will find valid data. 1212 + * 1213 + * If timer expiry runs in the timer interrupt context then 1214 + * the loop is not relevant as timers will be directly 1215 + * expired in interrupt context. The stub function below 1216 + * returns always true which allows the compiler to 1217 + * optimize the loop out. 1218 + * 1219 + * If timer expiry is deferred to task work context then 1220 + * the following rules apply: 1221 + * 1222 + * - On !RT kernels no tick can have happened on this CPU 1223 + * after sighand lock was acquired because interrupts are 1224 + * disabled. So reenabling task work before dropping 1225 + * sighand lock and reenabling interrupts is race free. 1226 + * 1227 + * - On RT kernels ticks might have happened but the tick 1228 + * work ignored posix CPU timer handling because the 1229 + * CPUTIMERS_WORK_SCHEDULED bit is set. Reenabling work 1230 + * must be done very carefully including a check whether 1231 + * ticks have happened since the start of the timer 1232 + * expiry checks. posix_cpu_timers_enable_work() takes 1233 + * care of that and eventually lets the expiry checks 1234 + * run again. 1235 + */ 1236 + } while (!posix_cpu_timers_enable_work(tsk, start)); 1112 1237 1113 1238 /* 1114 - * We must release these locks before taking any timer's lock. 1239 + * We must release sighand lock before taking any timer's lock. 1115 1240 * There is a potential race with timer deletion here, as the 1116 1241 * siglock now protects our private firing list. We have set 1117 1242 * the firing flag in each timer, so that a deletion attempt ··· 1266 1117 list_for_each_entry_safe(timer, next, &firing, it.cpu.elist) { 1267 1118 int cpu_firing; 1268 1119 1120 + /* 1121 + * spin_lock() is sufficient here even independent of the 1122 + * expiry context. If expiry happens in hard interrupt 1123 + * context it's obvious. For task work context it's safe 1124 + * because all other operations on timer::it_lock happen in 1125 + * task context (syscall or exit). 1126 + */ 1269 1127 spin_lock(&timer->it_lock); 1270 1128 list_del_init(&timer->it.cpu.elist); 1271 1129 cpu_firing = timer->it.cpu.firing; ··· 1300 1144 lockdep_assert_irqs_disabled(); 1301 1145 1302 1146 /* 1147 + * If the actual expiry is deferred to task work context and the 1148 + * work is already scheduled there is no point to do anything here. 1149 + */ 1150 + if (posix_cpu_timers_work_scheduled(tsk)) 1151 + return; 1152 + 1153 + /* 1303 1154 * The fast path checks that there are no expired thread or thread 1304 1155 * group timers. If that's so, just return. 1305 1156 */ 1306 1157 if (!fastpath_timer_check(tsk)) 1307 1158 return; 1308 1159 1309 - lockdep_posixtimer_enter(); 1310 1160 __run_posix_cpu_timers(tsk); 1311 - lockdep_posixtimer_exit(); 1312 1161 } 1313 1162 1314 1163 /*

kernel/time/timer.c

··· 2017 2017 void __init init_timers(void) 2018 2018 { 2019 2019 init_timer_cpus(); 2020 + posix_cputimers_init_work(); 2020 2021 open_softirq(TIMER_SOFTIRQ, run_timer_softirq); 2021 2022 } 2022 2023