Hello!
> for (;;) {
> unsigned long flags;
> int running;
>
> spin_lock_irqsave(&timerlist_lock, flags);
>
> ** The timer handler could be running now.
Of course! It is exactly the situation, when del_timer_sync()
is different of del_timer().
> It can delete the
> timer and kfree it, or reuse its memory for something else,
> or turn it into a semantically different timer **
Yes, and in this case you cannot use del_timer_sync() and
have to use generic reference counting scheme.
del_timer_sync() is used by process, which _owns_ this timer
and have exclusive right to destroy it. See?
If timer handler is self-restartable, del_timer_sync() guarantees that
timer is not running after exit from del_timer_sync(),
so that you may destroy it safely.
Another (more complicated) scheme is used by TCP (net/ipv4/tcp_timer.c),
by neighbour cache (core/neighbour.c) etc. In these cases timer
"thread" has equal rights with process threads and we have to use
exact reference counting to wait for last timer user.
del_timer_sync() does nothing useful in this case, but it also does not fail,
because anyone operating on timer holds it with reference count.
Alexey
|