On Mon, 2013-11-25 at 15:39 +0100, Peter Zijlstra wrote: > On Mon, Nov 25, 2013 at 01:15:17PM +0000, Ma, Xindong wrote: > > We encountered following panic several times: > > > [ 74.671982] BUG: unable to handle kernel NULL pointer dereference at 00000008 > > [ 74.672101] IP: [<c129bb27>] wake_futex+0x47/0x80 > > > [ 74.674144] [<c129bc29>] futex_wake+0xc9/0x110 > > [ 74.674195] [<c129da0b>] do_futex+0xeb/0x950 > > [ 74.674484] [<c129e30b>] SyS_futex+0x9b/0x140 > > [ 74.674582] [<c195a718>] syscall_call+0x7/0xb > > > > On smp systems, setting current task to q->task in queue_me() may > > not visible immediately to another cpu, some times this will > > cause panic in wake_futex(). Adding memory barrier to avoid this. > > > > Signed-off-by: Leon Ma <xindong.ma@xxxxxxxxx> > > Signed-off-by: xiaobing tu <xiaobing.tu@xxxxxxxxx> > > --- > > kernel/futex.c | 1 + > > 1 files changed, 1 insertions(+), 0 deletions(-) > > > > diff --git a/kernel/futex.c b/kernel/futex.c > > index 80ba086..792cd41 100644 > > --- a/kernel/futex.c > > +++ b/kernel/futex.c > > @@ -1529,6 +1529,7 @@ static inline void queue_me(struct futex_q *q, struct futex_hash_bucket *hb) > > plist_node_init(&q->list, prio); > > plist_add(&q->list, &hb->chain); > > q->task = current; > > + smp_mb(); > > spin_unlock(&hb->lock); > > } > > This is wrong, because an uncommented barrier is wrong per definition. > > This is further wrong because wake_futex() is always called with > hb->lock held, and since queue_me also has hb->lock held, this is in > fact guaranteed. Indeed. Leon Ma, would you have a test case to share? I'm interested to see how this was possible. -- Darren Hart Intel Open Source Technology Center Yocto Project - Linux Kernel -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html