From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.1 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FSL_HELO_FAKE,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0011C35646 for ; Fri, 21 Feb 2020 17:11:07 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id AA43320722 for ; Fri, 21 Feb 2020 17:11:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Dm+S/V9c" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AA43320722 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 4C8C26B0006; Fri, 21 Feb 2020 12:11:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 49F8F6B0007; Fri, 21 Feb 2020 12:11:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3DD856B0008; Fri, 21 Feb 2020 12:11:07 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0021.hostedemail.com [216.40.44.21]) by kanga.kvack.org (Postfix) with ESMTP id 26B846B0006 for ; Fri, 21 Feb 2020 12:11:07 -0500 (EST) Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id C8AA5180AD804 for ; Fri, 21 Feb 2020 17:11:06 +0000 (UTC) X-FDA: 76514774532.23.shape51_7a7b08797465e Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin23.hostedemail.com (Postfix) with ESMTP id 4D8EF449FC for ; Fri, 21 Feb 2020 17:07:22 +0000 (UTC) X-HE-Tag: shape51_7a7b08797465e X-Filterd-Recvd-Size: 5174 Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by imf16.hostedemail.com (Postfix) with ESMTP for ; Fri, 21 Feb 2020 17:07:21 +0000 (UTC) Received: by mail-wm1-f65.google.com with SMTP id q9so2511537wmj.5 for ; Fri, 21 Feb 2020 09:07:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=AqC2fWiWZxuVA5v3S/7DavUy6/LHSuW/SdnBa9FsreU=; b=Dm+S/V9cHvQIuxY32ywFd/CVVnU1HT7KaLT56X7KWzSAE8RHuLMUawyQ1sfFTrVuDg HgASOHEy9NMZP5zDvHpPokDCwwt0A0vczNG52ql5kiJ99tjb7xCwux3Rvj7WUILLEdbF LQ3LAouhLZfrkvMwRM70UW+RKmDXvJ1jKdT5vIOg8QS8y8MzvRkM1RSagbxFIrpDCuRr qcwI3WZh7h8Jbl5eQmASBh7WExK+uqOr8D6AeUP9RxKJBn5cHQVkjDMYNo10jHDq0yg0 hw27ZfmT1AGvuyTLRBNWhT0Vd5y7Nc3cD9ucM3mrd8ZSNKZdkGVO9Q04J6d51EV8u41Y GvXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=AqC2fWiWZxuVA5v3S/7DavUy6/LHSuW/SdnBa9FsreU=; b=AwnuQCWtoh49bD/Z5AeDqySLMhKNefc6iHb8v8uG3mFlO9MGsGU4IUxrzQTm8NK0Ud a+WTtB5jwKgvXTE6hspxU4ONUsvos3lnB3HRranxp4UngTop9uexJRALSORtQ2mr311h 7hJXLedcBL03uN8y2x+C0BKeeIau5Yk4QW/4BZOYBDj1e+8/l6kU+Dz/cCK9euslP4+c da7ezHppLUS/CcX/HlSpAihH8rUVTxP2tKItNcz2hZ6qHT+KUrvRgBl1kBqADPPrNdfi S6Jvvn7jn+aOUOpy7NNQYOh5uOYhqQ7D3doyWIcBMpEzRSJLYZmNcGMb2dLo99+H9nHN dFmw== X-Gm-Message-State: APjAAAXCTqoeHi8ngDo2FlSZoljgogLwhVZSXhj7ncYHVxZFpGz5/n4F n73ZNCHRts+novPXKIB4oxoGCA== X-Google-Smtp-Source: APXvYqzRCwaG2Ny1EOpRxBTYNEMY4FxGnxVFVGpKec47kvpAJV08JB3catC0hCh+B9JrFktrKFv6dQ== X-Received: by 2002:a7b:cbd6:: with SMTP id n22mr5087891wmi.118.1582304839975; Fri, 21 Feb 2020 09:07:19 -0800 (PST) Received: from google.com ([100.105.32.75]) by smtp.gmail.com with ESMTPSA id q124sm10332724wme.2.2020.02.21.09.07.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Feb 2020 09:07:19 -0800 (PST) Date: Fri, 21 Feb 2020 18:07:13 +0100 From: Marco Elver To: Qian Cai Cc: akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] percpu_counter: fix a data race at vm_committed_as Message-ID: <20200221170713.GA227918@google.com> References: <1582302724-2804-1-git-send-email-cai@lca.pw> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1582302724-2804-1-git-send-email-cai@lca.pw> User-Agent: Mutt/1.10.1 (2018-07-13) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, 21 Feb 2020, Qian Cai wrote: > "vm_committed_as.count" could be accessed concurrently as reported by > KCSAN, > > BUG: KCSAN: data-race in __vm_enough_memory / percpu_counter_add_batch > > write to 0xffffffff9451c538 of 8 bytes by task 65879 on cpu 35: > percpu_counter_add_batch+0x83/0xd0 > percpu_counter_add_batch at lib/percpu_counter.c:91 > __vm_enough_memory+0xb9/0x260 > dup_mm+0x3a4/0x8f0 > copy_process+0x2458/0x3240 > _do_fork+0xaa/0x9f0 > __do_sys_clone+0x125/0x160 > __x64_sys_clone+0x70/0x90 > do_syscall_64+0x91/0xb05 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > read to 0xffffffff9451c538 of 8 bytes by task 66773 on cpu 19: > __vm_enough_memory+0x199/0x260 > percpu_counter_read_positive at include/linux/percpu_counter.h:81 > (inlined by) __vm_enough_memory at mm/util.c:839 > mmap_region+0x1b2/0xa10 > do_mmap+0x45c/0x700 > vm_mmap_pgoff+0xc0/0x130 > ksys_mmap_pgoff+0x6e/0x300 > __x64_sys_mmap+0x33/0x40 > do_syscall_64+0x91/0xb05 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > The read is outside percpu_counter::lock critical section which results > in a data race. Fix it by adding a READ_ONCE() in > percpu_counter_read_positive() which could also service as the existing > compiler memory barrier. > > Signed-off-by: Qian Cai Acked-by: Marco Elver FWIW in the function where this was inlined here, the generated code (on x86 at least) is identical. Thanks, -- Marco > --- > include/linux/percpu_counter.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/linux/percpu_counter.h b/include/linux/percpu_counter.h > index 4f052496cdfd..0a4f54dd4737 100644 > --- a/include/linux/percpu_counter.h > +++ b/include/linux/percpu_counter.h > @@ -78,9 +78,9 @@ static inline s64 percpu_counter_read(struct percpu_counter *fbc) > */ > static inline s64 percpu_counter_read_positive(struct percpu_counter *fbc) > { > - s64 ret = fbc->count; > + /* Prevent reloads of fbc->count */ > + s64 ret = READ_ONCE(fbc->count); > > - barrier(); /* Prevent reloads of fbc->count */ > if (ret >= 0) > return ret; > return 0; > -- > 1.8.3.1 >