Re: Add memory barrier when waiting on futex
From: Peter Zijlstra
Date: Mon Nov 25 2013 - 09:40:17 EST
On Mon, Nov 25, 2013 at 01:15:17PM +0000, Ma, Xindong wrote:
> We encountered following panic several times:
> [ 74.671982] BUG: unable to handle kernel NULL pointer dereference at 00000008
> [ 74.672101] IP: [<c129bb27>] wake_futex+0x47/0x80
> [ 74.674144] [<c129bc29>] futex_wake+0xc9/0x110
> [ 74.674195] [<c129da0b>] do_futex+0xeb/0x950
> [ 74.674484] [<c129e30b>] SyS_futex+0x9b/0x140
> [ 74.674582] [<c195a718>] syscall_call+0x7/0xb
>
> On smp systems, setting current task to q->task in queue_me() may
> not visible immediately to another cpu, some times this will
> cause panic in wake_futex(). Adding memory barrier to avoid this.
>
> Signed-off-by: Leon Ma <xindong.ma@xxxxxxxxx>
> Signed-off-by: xiaobing tu <xiaobing.tu@xxxxxxxxx>
> ---
> kernel/futex.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/futex.c b/kernel/futex.c
> index 80ba086..792cd41 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -1529,6 +1529,7 @@ static inline void queue_me(struct futex_q *q, struct futex_hash_bucket *hb)
> plist_node_init(&q->list, prio);
> plist_add(&q->list, &hb->chain);
> q->task = current;
> + smp_mb();
> spin_unlock(&hb->lock);
> }
This is wrong, because an uncommented barrier is wrong per definition.
This is further wrong because wake_futex() is always called with
hb->lock held, and since queue_me also has hb->lock held, this is in
fact guaranteed.
This is even more wrong for adding stable.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/