Re: [PATCH] futex: replace bare barrier() with a READ_ONCE()

From: Darren Hart
Date: Mon Feb 29 2016 - 17:22:17 EST

Next message: JoÃo Paulo Rechi Vita: "Re: [PATCHv2 08/10] rfkill: Use switch to demux userspace operations"
Previous message: Aravind Gopalakrishnan: "[PATCH V2 2/5] EDAC, MCE, AMD: Enable error decoding of Scalable MCA errors"
In reply to: Jianyu Zhan: "[PATCH] futex: replace bare barrier() with a READ_ONCE()"
Next in thread: Jianyu Zhan: "Re: [PATCH] futex: replace bare barrier() with a READ_ONCE()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 29, 2016 at 07:41:33PM +0800, Jianyu Zhan wrote:
> Commit e91467ecd1ef ("bug in futex unqueue_me") introduces a barrier()
> in unqueue_me(), to address a pointer aliasing problem in s390x, between
> q->lock_ptr and local variable lock_ptr.
>
> Since there is a retry logic to reload q->lock_ptr into local variable lock_ptr,
> s390x generates code that aliases q->lock_ptr with lock_ptr, while q->lock_ptr
> might change between retries, which beats the alias and causes problem.

You've mention it causes problems a few times, but you do not specify what
problem it causes or how it manifests.

Is this a theoretical bug, or have you experienced a failure case. If so, how
did this manifest? Do you have a reproducer we could add to the futex testsuite
in the kernel selftests?

>
> This patch replaces this bare barrier() with a READ_ONCE(), a weaker form of
> barrier(), which could be more informative.
>
> And furthermore, this retry logic is effectively the same with:
>
> while (lock_ptr = q->lock_ptr)
> do_something_with(lock_ptr);
>
> and compiler is at its will to merge successive load of q->lock_ptr, which is also problematic
> at this scenario. READ_ONCE() can avoid this problem.
>
> Signed-off-by: Jianyu Zhan <nasa4836@xxxxxxxxx>
> ---
> kernel/futex.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/futex.c b/kernel/futex.c
> index 5d6ce64..20e8466 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -1927,8 +1927,12 @@ static int unqueue_me(struct futex_q *q)
>
> /* In the common case we don't take the spinlock, which is nice. */
> retry:
> - lock_ptr = q->lock_ptr;
> - barrier();
> + /*
> + * q->lock_ptr can change and a pointer aliasing(of lock_ptr) will cause problem,
> + * and also to avoid potential compiler merging of successive load of q->lock_ptr under
> + * this retry logic, so we use READ_ONCE() here.
> + */
> + lock_ptr = READ_ONCE(q->lock_ptr);
> if (lock_ptr != NULL) {
> spin_lock(lock_ptr);
> /*
> --
> 2.4.3
>
>

--
Darren Hart
Intel Open Source Technology Center

Next message: JoÃo Paulo Rechi Vita: "Re: [PATCHv2 08/10] rfkill: Use switch to demux userspace operations"
Previous message: Aravind Gopalakrishnan: "[PATCH V2 2/5] EDAC, MCE, AMD: Enable error decoding of Scalable MCA errors"
In reply to: Jianyu Zhan: "[PATCH] futex: replace bare barrier() with a READ_ONCE()"
Next in thread: Jianyu Zhan: "Re: [PATCH] futex: replace bare barrier() with a READ_ONCE()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]