Commit e91467ecd1ef ("bug in futex unqueue_me") introduces a barrier()
in unqueue_me(), to address a pointer aliasing problem in s390x, between
q->lock_ptr and local variable lock_ptr.
Since there is a retry logic to reload q->lock_ptr into local variable lock_ptr,
s390x generates code that aliases q->lock_ptr with lock_ptr, while q->lock_ptr
might change between retries, which beats the alias and causes problem.
This patch replaces this bare barrier() with a READ_ONCE(), a weaker form of
barrier(), which could be more informative.
And furthermore, this retry logic is effectively the same with:
while (lock_ptr = q->lock_ptr)
do_something_with(lock_ptr);
and compiler is at its will to merge successive load of q->lock_ptr, which is
also problematic
at this scenario. READ_ONCE() can avoid this problem.
Signed-off-by: Jianyu Zhan <[email protected]>
---
kernel/futex.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/kernel/futex.c b/kernel/futex.c
index 5d6ce64..20e8466 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1927,8 +1927,12 @@ static int unqueue_me(struct futex_q *q)
/* In the common case we don't take the spinlock, which is nice. */
retry:
- lock_ptr = q->lock_ptr;
- barrier();
+ /*
+ * q->lock_ptr can change and a pointer aliasing(of lock_ptr) will
cause problem,
+ * and also to avoid potential compiler merging of successive load of
q->lock_ptr under
+ * this retry logic, so we use READ_ONCE() here.
+ */
+ lock_ptr = READ_ONCE(q->lock_ptr);
if (lock_ptr != NULL) {
spin_lock(lock_ptr);
/*
--
2.4.3
