[3.13.y.z extended stable] Patch "futex: Ensure get_futex_key_refs() always implies a barrier" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Tue Oct 21 20:09:35 UTC 2014

This is a note to let you know that I have just added a patch titled

    futex: Ensure get_futex_key_refs() always implies a barrier

to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree 
which can be found at:


This patch is scheduled to be released in version

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.13.y.z tree, see



>From 001367a3aad525f96c73830f069ecf5a3455ebaa Mon Sep 17 00:00:00 2001
From: Catalin Marinas <catalin.marinas at arm.com>
Date: Fri, 17 Oct 2014 17:38:49 +0100
Subject: futex: Ensure get_futex_key_refs() always implies a barrier

commit 76835b0ebf8a7fe85beb03c75121419a7dec52f0 upstream.

Commit b0c29f79ecea (futexes: Avoid taking the hb->lock if there's
nothing to wake up) changes the futex code to avoid taking a lock when
there are no waiters. This code has been subsequently fixed in commit
11d4616bd07f (futex: revert back to the explicit waiter counting code).
Both the original commit and the fix-up rely on get_futex_key_refs() to
always imply a barrier.

However, for private futexes, none of the cases in the switch statement
of get_futex_key_refs() would be hit and the function completes without
a memory barrier as required before checking the "waiters" in
futex_wake() -> hb_waiters_pending(). The consequence is a race with a
thread waiting on a futex on another CPU, allowing the waker thread to
read "waiters == 0" while the waiter thread to have read "futex_val ==
locked" (in kernel).

Without this fix, the problem (user space deadlocks) can be seen with
Android bionic's mutex implementation on an arm64 multi-cluster system.

Signed-off-by: Catalin Marinas <catalin.marinas at arm.com>
Reported-by: Matteo Franchin <Matteo.Franchin at arm.com>
Fixes: b0c29f79ecea (futexes: Avoid taking the hb->lock if there's nothing to wake up)
Acked-by: Davidlohr Bueso <dave at stgolabs.net>
Tested-by: Mike Galbraith <umgwanakikbuti at gmail.com>
Cc: Darren Hart <dvhart at linux.intel.com>
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: Peter Zijlstra <peterz at infradead.org>
Cc: Ingo Molnar <mingo at kernel.org>
Cc: Paul E. McKenney <paulmck at linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
 kernel/futex.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/futex.c b/kernel/futex.c
index 4741b1f..2b1583e 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -194,6 +194,8 @@ static void get_futex_key_refs(union futex_key *key)
+	default:
+		smp_mb(); /* explicit MB (B) */


More information about the kernel-team mailing list