-
We observe an issue that the timer-list gets corrupted resulting in an endless loop executed by the timer-server thread. During the processing of the timeout list, a pointer to the next timer to be handled is kept in the tmp stack variable. Just before calling the timer handler of the current timer the lock on the timer list is released giving other threads to change the list. If the timer currently referenced by tmp is deleted, we end up with an invalid node (next pointer pointing to itself) and this will result in an endless loop of the timer server. Test code is not available but I have seen this issue in our real production code and after applying this path, the issue is solved. The patch basically changes the timer server logic to always start from the beginning of the list since when a timer is processed, it is either removed (one-shot) or reinserted in a different location in the list. The processing of the list will stop anyhow if all timers that need to expire up to "now" are handled. Signed-off-by: Ronny Meeus <ronny.meeus@gmail.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
b89eacfe