[PATCH] futex: replace bare barrier() with a READ_ONCE()

From: Jianyu Zhan
Date: Mon Feb 29 2016 - 06:41:44 EST

Commit e91467ecd1ef ("bug in futex unqueue_me") introduces a barrier()
in unqueue_me(), to address a pointer aliasing problem in s390x, between
q->lock_ptr and local variable lock_ptr.

Since there is a retry logic to reload q->lock_ptr into local variable lock_ptr,
s390x generates code that aliases q->lock_ptr with lock_ptr, while q->lock_ptr
might change between retries, which beats the alias and causes problem.

This patch replaces this bare barrier() with a READ_ONCE(), a weaker form of
barrier(), which could be more informative.

And furthermore, this retry logic is effectively the same with:

while (lock_ptr = q->lock_ptr)

and compiler is at its will to merge successive load of q->lock_ptr, which is also problematic
at this scenario. READ_ONCE() can avoid this problem.

Signed-off-by: Jianyu Zhan <nasa4836@xxxxxxxxx>
kernel/futex.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index 5d6ce64..20e8466 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1927,8 +1927,12 @@ static int unqueue_me(struct futex_q *q)

/* In the common case we don't take the spinlock, which is nice. */
- lock_ptr = q->lock_ptr;
- barrier();
+ /*
+ * q->lock_ptr can change and a pointer aliasing(of lock_ptr) will cause problem,
+ * and also to avoid potential compiler merging of successive load of q->lock_ptr under
+ * this retry logic, so we use READ_ONCE() here.
+ */
+ lock_ptr = READ_ONCE(q->lock_ptr);
if (lock_ptr != NULL) {