[SRU][F][PATCH v3 15/16] timers: Update the documentation to reflect on the new timer_shutdown() API

Massimiliano Pellizzer massimiliano.pellizzer at canonical.com
Fri Nov 29 17:00:16 UTC 2024 

From: "Steven Rostedt (Google)" <rostedt at goodmis.org>

In order to make sure that a timer is not re-armed after it is stopped
before freeing, a new shutdown state is added to the timer code. The API
timer_shutdown_sync() and timer_shutdown() must be called before the
object that holds the timer can be freed.

Update the documentation to reflect this new workflow.

[ tglx: Updated to the new semantics and updated the zh_CN version ]

Signed-off-by: Steven Rostedt (Google) <rostedt at goodmis.org>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Tested-by: Guenter Roeck <linux at roeck-us.net>
Reviewed-by: Jacob Keller <jacob.e.keller at intel.com>
Reviewed-by: Anna-Maria Behnsen <anna-maria at linutronix.de>
Link: https://lore.kernel.org/r/20221110064147.712934793@goodmis.org
Link: https://lore.kernel.org/r/20221123201625.375284489@linutronix.de

(backported from commit a31323bef2b66455920d054b160c17d4240f8fd4)
[mpellizzer: backported considering context differences]
CVE-2024-35887
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
---
 Documentation/RCU/Design/Requirements/Requirements.html | 2 +-
 Documentation/core-api/local_ops.rst                    | 2 +-
 Documentation/kernel-hacking/locking.rst                | 5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Documentation/RCU/Design/Requirements/Requirements.html b/Documentation/RCU/Design/Requirements/Requirements.html
index 5dc41e703847..b606cfab23b4 100644
--- a/Documentation/RCU/Design/Requirements/Requirements.html
+++ b/Documentation/RCU/Design/Requirements/Requirements.html
@@ -2342,7 +2342,7 @@ one of its functions results in a segmentation fault.
 The module-unload functions must therefore cancel any
 delayed calls to loadable-module functions, for example,
 any outstanding <tt>mod_timer()</tt> must be dealt with
-via <tt>timer_delete_sync()</tt> or similar.
+via <tt>timer_shutdown_sync()</tt> or similar.
 
 <p>
 Unfortunately, there is no way to cancel an RCU callback;
diff --git a/Documentation/core-api/local_ops.rst b/Documentation/core-api/local_ops.rst
index a84f8b0c7ab2..0b42ceaaf3c4 100644
--- a/Documentation/core-api/local_ops.rst
+++ b/Documentation/core-api/local_ops.rst
@@ -191,7 +191,7 @@ Here is a sample module which implements a basic per cpu counter using
 
     static void __exit test_exit(void)
     {
-            timer_delete_sync(&test_timer);
+            timer_shutdown_sync(&test_timer);
     }
 
     module_init(test_init);
diff --git a/Documentation/kernel-hacking/locking.rst b/Documentation/kernel-hacking/locking.rst
index c91fbe62679a..b72d9b0ee184 100644
--- a/Documentation/kernel-hacking/locking.rst
+++ b/Documentation/kernel-hacking/locking.rst
@@ -1017,6 +1017,11 @@ Because this is a fairly common case which is prone to races, you should
 use :c:func:`timer_delete_sync()` (``include/linux/timer.h``) to
 handle this case.
 
+Before freeing a timer, timer_shutdown() or timer_shutdown_sync() should be
+called which will keep it from being rearmed. Any subsequent attempt to
+rearm the timer will be silently ignored by the core code.
+
+
 Locking Speed
 =============
 
-- 
2.43.0

More information about the kernel-team mailing list