When it is save to kfree() hrtimer object?

[Nikita V. Youshchenko]

Hi

I'm writing a device driver that processes it's requests.

Each request is described by a request structure. There may be arbitary 
number of requests pending, so I have a kmem_cache for those objects.

Request processing may include "retry after N usecs" on some conditions, so 
I have a struct htrimer embedded into my request structure, and use it to 
implement the delay.

When request processing is complete, I deallocate request structure with 
kmem_cache_free().

I faced an issue when request processing is complete when running inside 
hrtimer callback. I have nothing in my request processing that can't be 
done in atomic context - just several device register accesses and 
wake_up_interruptible() call. So I thought that I may do everything inside 
hrtimer callback. Including kmem_cache_free() the request structure.

But looks like I can't. Hrtimer code does access hrtimer object after 
return from callback, even if HRTIMER_NORESTART is returned. So if request 
object (that is container of hrtimer object in my case) is deallocated, 
slab corruption happens.

Looks like I will have to implement some ugly workaround for that ...  like 
a "garbage-collector" thread that will do nothing but deallocate requests 
from some sort of free list.

I'd like to ask several questions.

- Isn't it a bug that timer object is accessed after it's callback was 
called and returned HRTIMER_NORESTART?

- If that is not a bug, then when it is "officially safe" to deallocate 
struct hrtimer object?

- Are there any recommendations on how to implement "single-shot" timers 
like in my case?

Nikita
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/