Re: [patch V2 15/17] timers: Provide timer_shutdown[_sync]()
From: Anna-Maria Behnsen
Date: Wed Nov 23 2022 - 07:02:38 EST
On Tue, 22 Nov 2022, Thomas Gleixner wrote:
> @@ -1605,6 +1629,48 @@ int timer_delete_sync(struct timer_list
> }
> EXPORT_SYMBOL(timer_delete_sync);
>
> +/**
> + * timer_shutdown_sync - Shutdown a timer and prevent rearming
> + * @timer: The timer to be shutdown
> + *
> + * When the function returns it is guaranteed that:
> + * - @timer is not queued
> + * - The callback function of @timer is not running
> + * - @timer cannot be enqueued again. Any attempt to rearm
> + * @timer is silently ignored.
> + *
> + * See timer_delete_sync() for synchronization rules.
> + *
> + * This function is useful for final teardown of an infrastructure where
> + * the timer is subject to a circular dependency problem.
> + *
> + * A common pattern for this is a timer and a workqueue where the timer can
> + * schedule work and work can arm the timer. On shutdown the workqueue must
> + * be destroyed and the timer must be prevented from rearming. Unless the
> + * code has conditionals like 'if (mything->in_shutdown)' to prevent that
> + * there is no way to get this correct with timer_delete_sync().
> + *
> + * timer_shutdown_sync() is solving the problem. The correct ordering of
> + * calls in this case is:
> + *
> + * timer_shutdown_sync(&mything->timer);
> + * workqueue_destroy(&mything->workqueue);
> + *
> + * After this 'mything' can be safely freed.
> + *
> + * This obviously requires that the timer is not required to be functional
> + * for the rest of the shutdown operation.
NIT... Maybe the first requires could be replaced by
assumes/expects/presupposes to prevent double use of required?
Thanks,
Anna-Maria