On Mon, Feb 29, 2016 at 07:41:33PM +0800, Jianyu Zhan wrote:
> Commit e91467ecd1ef ("bug in futex unqueue_me") introduces a barrier()
> in unqueue_me(), to address a pointer aliasing problem in s390x, between
> q->lock_ptr and local variable lock_ptr.
>
> Since there is a retry logic to reload q->lock_ptr into local variable
> lock_ptr,
> s390x generates code that aliases q->lock_ptr with lock_ptr, while q->lock_ptr
> might change between retries, which beats the alias and causes problem.
You've mention it causes problems a few times, but you do not specify what
problem it causes or how it manifests.
Is this a theoretical bug, or have you experienced a failure case. If so, how
did this manifest? Do you have a reproducer we could add to the futex testsuite
in the kernel selftests?
>
> This patch replaces this bare barrier() with a READ_ONCE(), a weaker form of
> barrier(), which could be more informative.
>
> And furthermore, this retry logic is effectively the same with:
>
> while (lock_ptr = q->lock_ptr)
> do_something_with(lock_ptr);
>
> and compiler is at its will to merge successive load of q->lock_ptr, which is
> also problematic
> at this scenario. READ_ONCE() can avoid this problem.
>
> Signed-off-by: Jianyu Zhan <nasa4...@gmail.com>
> ---
> kernel/futex.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/futex.c b/kernel/futex.c
> index 5d6ce64..20e8466 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -1927,8 +1927,12 @@ static int unqueue_me(struct futex_q *q)
>
> /* In the common case we don't take the spinlock, which is nice. */
> retry:
> - lock_ptr = q->lock_ptr;
> - barrier();
> + /*
> + * q->lock_ptr can change and a pointer aliasing(of lock_ptr) will
> cause problem,
> + * and also to avoid potential compiler merging of successive load of
> q->lock_ptr under
> + * this retry logic, so we use READ_ONCE() here.
> + */
> + lock_ptr = READ_ONCE(q->lock_ptr);
> if (lock_ptr != NULL) {
> spin_lock(lock_ptr);
> /*
> --
> 2.4.3
>
>
--
Darren Hart
Intel Open Source Technology Center
