From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06088C3ABBF for ; Wed, 7 May 2025 22:51:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1B9956B0089; Wed, 7 May 2025 18:51:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 146646B008A; Wed, 7 May 2025 18:51:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB0B66B008C; Wed, 7 May 2025 18:51:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id C8D9D6B0089 for ; Wed, 7 May 2025 18:51:01 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 36009813A6 for ; Wed, 7 May 2025 22:51:02 +0000 (UTC) X-FDA: 83417608764.27.F5E9191 Received: from e240-12.smtp-out.eu-north-1.amazonses.com (e240-12.smtp-out.eu-north-1.amazonses.com [23.251.240.12]) by imf01.hostedemail.com (Postfix) with ESMTP id 18A0340005 for ; Wed, 7 May 2025 22:50:59 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=goosey.org header.s=iuunfi4kzpbzwuqjzrd5q2mr652n55fx header.b=dPLhJQlL; dkim=pass header.d=amazonses.com header.s=bw45wyq3hkghdoq32obql4uyexcghmc7 header.b=rVedRhyN; dmarc=pass (policy=none) header.from=goosey.org; spf=pass (imf01.hostedemail.com: domain of 01100196acf1ed3d-03823944-4f10-4a42-b487-eb964d97b987-000000@eu-north-1.amazonses.com designates 23.251.240.12 as permitted sender) smtp.mailfrom=01100196acf1ed3d-03823944-4f10-4a42-b487-eb964d97b987-000000@eu-north-1.amazonses.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746658260; a=rsa-sha256; cv=none; b=wcD/UqCUQZFPdM4KEEP2S4eIdcjqADpEBobj2bIGehr7kwjdNyHCUyt9vz5gyEwt51S2WI KiY96w98vMOpX3LjAB3UYEkl3rVLLHwB3cIRs0KhQmP9HJgyum+7BKSw3rc6IRjOfokSjJ sQ1DCuVyQs+OSJWuMOMnna7l1VpB2Lw= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=goosey.org header.s=iuunfi4kzpbzwuqjzrd5q2mr652n55fx header.b=dPLhJQlL; dkim=pass header.d=amazonses.com header.s=bw45wyq3hkghdoq32obql4uyexcghmc7 header.b=rVedRhyN; dmarc=pass (policy=none) header.from=goosey.org; spf=pass (imf01.hostedemail.com: domain of 01100196acf1ed3d-03823944-4f10-4a42-b487-eb964d97b987-000000@eu-north-1.amazonses.com designates 23.251.240.12 as permitted sender) smtp.mailfrom=01100196acf1ed3d-03823944-4f10-4a42-b487-eb964d97b987-000000@eu-north-1.amazonses.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746658260; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=inEWQjpeb4cBb6X7aV2pOeZtL9RXbBPCDb77JeEInS0=; b=ZhNZVnyJeGH4aw1BA7K9yWd41c1QnX/0gAa17coc2nSQQNnUzhootEV9/mwTUI8B/rfVgr X8G9/INWcjUFVj7QpDHuvzCR1GwG7sqDgDLupOon/3/p7gcoO7N5JnpCZt8UX+JXJRWCgU Xpr1gLBtTLEpgvhs922Do6SId3C3QBc= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=iuunfi4kzpbzwuqjzrd5q2mr652n55fx; d=goosey.org; t=1746658258; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Content-Type:Content-Transfer-Encoding; bh=u/VxZyRVwVVWCb17n9SiizIdCucyimsALLFuxK9V/v8=; b=dPLhJQlLHZ6mziJMy7L8YSdPKvfMNYjDpuimXPqX2XIrGWbph4/nYgPU5MQGWuQW WT+xs88E86qud37wrLJwvlVw2Ou1LllZdfCPpb41bTBKpd92JIkyEsIhAYLZKj9uZgS J1fMj8pvQ0n+xfZAc386LruCpTST6KErxHCzIECHVJ1T/7UJKbtSt0dRaTHMCSVxuaH r2tg4apK3jHQVrH7pZCsyJqTI4abN6Qo+sxDuerjf19pY40o5gl1QEaN2pHs8IhnXb2 vYq4Hsy0V8xJ8EqKIvE0RCoKDCJYorG5pUw2k4TFYnWeRZHkH5QiK7uhDtQgg40nRV6 cepOBE06sw== DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=bw45wyq3hkghdoq32obql4uyexcghmc7; d=amazonses.com; t=1746658258; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=u/VxZyRVwVVWCb17n9SiizIdCucyimsALLFuxK9V/v8=; b=rVedRhyN7GVWLBXHzY70q0/BQ36RFnnzBCmLGkG1IJGsFCTmsWrm4oyF2czTrtwp ujzAUuO4bE0aMwY4EptzaUlYIvpdiaG3ZJ5MmQw27sSqCZmSN2t73r09ppNJpVanDrI rRbnWDXDm7RE/QBSgd7+kGKEK/5wUKhqs03ZMGDI= X-Forwarded-Encrypted: i=1; AJvYcCVH63DZ2vD3wahxcYTjEsgfr8lUvvJ4OK4ENCiyi64y4uy9THFGAPqNvSWoxGR33XErSthpS9brLw==@kvack.org X-Gm-Message-State: AOJu0YwD1sjNVEjj5ol44Fj5BrJJt5Qs7+2VoLMyBn2fRu76XbrQbKDZ uGMrc7Tuu38BfyvZLBCAC2iQd8B/+DotCUSsqP0xLKqLaM3h2CKfTl7SUzyPfhIJQgTBGA+C87U wqQG+qw/sxqZGg2QDn76njbsSWB0= X-Google-Smtp-Source: AGHT+IGYe4C//wRw1MydI9tDxP1BkXsgbQVwhKzvXB8b4Q2Wx/Ai6WIh6rV6vC7JP/xcoguyIqDCpOzYJKldHFl35+w= X-Received: by 2002:a17:90a:da87:b0:2fe:b907:3b05 with SMTP id 98e67ed59e1d1-30aac29bf2bmr7379060a91.29.1746658255869; Wed, 07 May 2025 15:50:55 -0700 (PDT) MIME-Version: 1.0 References: <20250507142552.9446-1-aha310510@gmail.com> In-Reply-To: <20250507142552.9446-1-aha310510@gmail.com> From: Ozgur Kara Date: Wed, 7 May 2025 22:50:58 +0000 X-Gmail-Original-Message-ID: X-Gm-Features: ATxdqUHzT-vjZuEaAAjESbWCVqFEXkWEYdlqR6AAnE_BlEpPNCKX6_n7HsKgm4M Message-ID: <01100196acf1ed3d-03823944-4f10-4a42-b487-eb964d97b987-000000@eu-north-1.amazonses.com> Subject: Re: [PATCH v3] mm/vmalloc: fix data race in show_numa_info() To: Jeongjun Park Cc: akpm@linux-foundation.org, urezki@gmail.com, edumazet@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Feedback-ID: ::1.eu-north-1.jZlAFvO9+f8tc21Z4t7ANdAU3Nw/ALd5VHiFFAqIVOg=:AmazonSES X-SES-Outgoing: 2025.05.07-23.251.240.12 X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 18A0340005 X-Stat-Signature: eztiax6srzpe5ww1go36y9f1pt7k1c6c X-Rspam-User: X-HE-Tag: 1746658259-847580 X-HE-Meta: U2FsdGVkX19LdkxCcxLLwU66K4siey6IEamNrffQL9Sm+FrNsiySGHZHexaxxz5Q12Ewvj8QOkVrfTRmfEv21QGPOb5Bh7Er01cTbYRnVK8c/v41JTu2aaYCIpoJxrgGrjawv5EhdUcMwI3+vRq7dn4EOxm0okPdF99FPtXnLtweFFFV03LwPTm2/3eSBzlOwLrG3PdKaW/kp8ELusIOAviQDdJtaYhYcBo2m/uI88yab5263VduA5DNq1w/dgO9NNwz314DMgXmqO9DZ/eqSjGLsABHTBntki5bJo8jJ6xYQvh1NqkfuoZYg3ZUufprWEgUTneCd+kKLiaIpeYprlf3Q5mxnuG5LWKccogMnnS73myT9fKpI0tPgDVUObLP8zJ6KqLGyvEIDmxa8JXq5RbtdAAbcXRgaDrMmdcVkLqFsAnhDr+Fsbaqek+Sq1YqRBBG2vcHRBPwTACHod/K5NnLWSr+6N+0KMaYSaNEdRsbwgwZZFlzZDSL+nevP0lBZgRiqchXMec3pF/ycBYGko6ZgnSMZ9670715TXbFG20TVJdd/E0RiyL27wNB1KcxlOEPgR3HivZLyJC8lgJFpbfhoyevIkOxCJQGek8fkc1Afu2OPhP+BZrAmP8XeDzhQTYiaw+0AkmMBBG19J9sRtEP+Uqw2W6AAQnLaHzn9VFnJb+DHh3ht8G+JpvsqBPc07ea8lEtmlR/mBf7/P5yjXNQb7VvEPviZdpOjredI6DrprQe7rMfQrreZbD4Y1KFE4RJlk/m+e5LH07EwhthQjkP+28U9Gb4eI/p8vDMVqi/Na1kvNqntUA2XEOQWHVNUvHhDiR8wldjw3suvunjHvz8isN3EpIOibDMtnj3whBGZbOqbgkhglr1lM2hKqBmrbnEn0xCQcTkxCS6ZG6jaSQ9NVv+NtphrNDBYOn5sl9POxsBMFziQDQSs33Lz9a6tWaTBotKEFGFPSwkh+r 1QQQ+Kde iE9/RdTIsknswevN1Eobd+8qLQN5sLAv/+h7cDCIDP7PcnD6/+MtEUyG2XDwgkvq8XXIBdhBtlKlcYKzyVQ8yNSvRDU6sorfCdmW/0OwcC3Tg9SHbBJlUYt7utTSesfHvJ5GC3v6fDsIoF4Y7SxAuNqpdXB1C71j8dTUEcpN7SLxfPvGIq0Empin/N5fjGMrQQvyLVueZaTSzsX2jGZ5DwcxHOlnAlQ5PNPX7VGLPSLc9gN5qsouBTxGb1mck+g/3qrZWuNIzcO88CU3snFMc+tREe26+WgOalMwDxn5o5+mm9CUWg/+rxwa15OJCdjGYpGDE08YtJAA5tJ4grpxvC10kcRKOsnyA9ratySZUPTSN2x7EWC9jCdXjc4RXVhrdX7Fye2UXyys616kjsD0pi8AOQ/JRhZBycB70e5Ui7ZzfX/QmsYAf1p3jy7/I+RVavmFXbPuUWvPCP+5/klNfJnJLZ6oMGM9cFh+ZVNfmglnYvspUNYIOS9zwpQCe3rv+4Oq6DJNBbdsQMcrG2Cvv/aV6IA630CjjLlNuz8X+v4xlhcNFWwfQ12NnhaXzNiBmrwRJcEdpJaPHt1YRL9e7ImGODiP82B50bLdyMhCqvCV4zMvI31Fh8FT2GXYGGgZjHo+mATTQNHB8znICVs4iMNJa08TjhtfOqlR2YiHnS1Fzz7EyqVkm4UIJka6wmQQ8vpHrCbz7E/pZcBHfY3+bJj8ZMDJncbBVe44Nj21OQylJcJDmvvX1YVi/8mc+NGjXIQBEyYOL0f7G+5U= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Jeongjun Park , 7 May 2025 =C3=87ar, 17:32 tarihinde = =C5=9Funu yazd=C4=B1: > > The following data-race was found in show_numa_info(): > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show > > read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0: > show_numa_info mm/vmalloc.c:4936 [inline] > vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016 > seq_read_iter+0x373/0xb40 fs/seq_file.c:230 > proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 > new_sync_read fs/read_write.c:489 [inline] > vfs_read+0x5b4/0x740 fs/read_write.c:570 > ksys_read+0xbe/0x190 fs/read_write.c:713 > __do_sys_read fs/read_write.c:722 [inline] > __se_sys_read fs/read_write.c:720 [inline] > __x64_sys_read+0x41/0x50 fs/read_write.c:720 > x64_sys_call+0x1729/0x1fd0 arch/x86/include/generated/asm/syscalls_64.h:= 1 > do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] > do_syscall_64+0xa6/0x1b0 arch/x86/entry/syscall_64.c:94 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1: > show_numa_info mm/vmalloc.c:4934 [inline] > vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016 > seq_read_iter+0x373/0xb40 fs/seq_file.c:230 > proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 > new_sync_read fs/read_write.c:489 [inline] > vfs_read+0x5b4/0x740 fs/read_write.c:570 > ksys_read+0xbe/0x190 fs/read_write.c:713 > __do_sys_read fs/read_write.c:722 [inline] > __se_sys_read fs/read_write.c:720 [inline] > __x64_sys_read+0x41/0x50 fs/read_write.c:720 > x64_sys_call+0x1729/0x1fd0 arch/x86/include/generated/asm/syscalls_64.h:= 1 > do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] > do_syscall_64+0xa6/0x1b0 arch/x86/entry/syscall_64.c:94 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > value changed: 0x0000008f -> 0x00000000 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > According to this report, there is a read/write data-race because m->priv= ate > is accessible to multiple CPUs. To fix this, instead of allocating the he= ap > in proc_vmalloc_init() and passing the heap address to m->private, > show_numa_info() should allocate the heap. > > One thing to note is that show_numa_info() is called in a critical sectio= n > of a spinlock, so it must be allocated on the heap with GFP_ATOMIC flag. > > Fixes: a47a126ad5ea ("vmallocinfo: add NUMA information") > Suggested-by: Eric Dumazet > Suggested-by: Uladzislau Rezki (Sony) > Signed-off-by: Jeongjun Park > --- > v3: Following Uladzislau Rezki's suggestion, we check v->flags beforehand > to avoid printing uninitialized members of vm_struct. > - Link to v2: https://lore.kernel.org/all/20250506082520.84153-1-aha31051= 0@gmail.com/ > v2: Refactoring some functions and fix patch as per Eric Dumazet suggesti= on > - Link to v1: https://lore.kernel.org/all/20250505171948.24410-1-aha31051= 0@gmail.com/ > --- > mm/vmalloc.c | 51 ++++++++++++++++++++++++++------------------------- > 1 file changed, 26 insertions(+), 25 deletions(-) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index 3ed720a787ec..9139025e20e5 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -4914,28 +4914,32 @@ bool vmalloc_dump_obj(void *object) > #endif > > #ifdef CONFIG_PROC_FS > + > +/* > + * Print number of pages allocated on each memory node. > + * > + * This function can only be called if CONFIG_NUMA is enabled > + * and VM_UNINITIALIZED bit in v->flags is disabled. > + */ > static void show_numa_info(struct seq_file *m, struct vm_struct *v) > { > - if (IS_ENABLED(CONFIG_NUMA)) { > - unsigned int nr, *counters =3D m->private; > - unsigned int step =3D 1U << vm_area_page_order(v); > + unsigned int nr, *counters; > + unsigned int step =3D 1U << vm_area_page_order(v); > > - if (!counters) > - return; > + counters =3D kcalloc(nr_node_ids, sizeof(unsigned int), GFP_ATOMI= C); > + if (!counters) > + return; > > - if (v->flags & VM_UNINITIALIZED) Hello, although skipping memory blocks with VM_UNINITIALIZED flag seems like a good idea maybe it might be a good idea to check correctness of memory areas. if (v && (v->flags & VM_UNINITIALIZED)) { continue; } > - return; > - /* Pair with smp_wmb() in clear_vm_uninitialized_flag() *= / > - smp_rmb(); > + /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ > + smp_rmb(); > > - memset(counters, 0, nr_node_ids * sizeof(unsigned int)); > + for (nr =3D 0; nr < v->nr_pages; nr +=3D step) > + counters[page_to_nid(v->pages[nr])] +=3D step; > + for_each_node_state(nr, N_HIGH_MEMORY) > + if (counters[nr]) > + seq_printf(m, " N%u=3D%u", nr, counters[nr]); > > - for (nr =3D 0; nr < v->nr_pages; nr +=3D step) > - counters[page_to_nid(v->pages[nr])] +=3D step; > - for_each_node_state(nr, N_HIGH_MEMORY) > - if (counters[nr]) > - seq_printf(m, " N%u=3D%u", nr, counters[n= r]); > - } > + kfree(counters); > } > > static void show_purge_info(struct seq_file *m) > @@ -4979,6 +4983,8 @@ static int vmalloc_info_show(struct seq_file *m, vo= id *p) > } > > v =3D va->vm; > + if (v->flags & VM_UNINITIALIZED) > + continue; > > seq_printf(m, "0x%pK-0x%pK %7ld", > v->addr, v->addr + v->size, v->size); > @@ -5013,7 +5019,9 @@ static int vmalloc_info_show(struct seq_file *m, vo= id *p) > if (is_vmalloc_addr(v->pages)) > seq_puts(m, " vpages"); > > - show_numa_info(m, v); > + if (IS_ENABLED(CONFIG_NUMA)) > + show_numa_info(m, v); > + > seq_putc(m, '\n'); > } > spin_unlock(&vn->busy.lock); > @@ -5028,14 +5036,7 @@ static int vmalloc_info_show(struct seq_file *m, v= oid *p) > > static int __init proc_vmalloc_init(void) > { > - void *priv_data =3D NULL; > - > - if (IS_ENABLED(CONFIG_NUMA)) > - priv_data =3D kmalloc(nr_node_ids * sizeof(unsigned int),= GFP_KERNEL); > - > - proc_create_single_data("vmallocinfo", > - 0400, NULL, vmalloc_info_show, priv_data); > - > + proc_create_single("vmallocinfo", 0400, NULL, vmalloc_info_show); proc_create_single function clean but it no longer receives data like priv_data right? so if priv_data is needed again code will not work. if use priv_data becomes necessary, a suitable memory allocation and release mechanism should be added for this. otherwise a memory leak could occur and perhaps the use of kfree instead of kmalloc could also be added. proc_create_single_data("vmallocinfo", 0400, NULL, vmalloc_info_show, priv_data); // use kfree and free priv_data kfree(priv_data); Regards Ozgur > return 0; > } > module_init(proc_vmalloc_init); > -- > > >