From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D778AC3ABBC
	for <linux-mm@archiver.kernel.org>; Mon,  5 May 2025 17:20:12 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id C8AB76B0089; Mon,  5 May 2025 13:20:11 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C35E16B008C; Mon,  5 May 2025 13:20:11 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B24636B0092; Mon,  5 May 2025 13:20:11 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 959F36B0089
	for <linux-mm@kvack.org>; Mon,  5 May 2025 13:20:11 -0400 (EDT)
Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id BB407160408
	for <linux-mm@kvack.org>; Mon,  5 May 2025 17:20:11 +0000 (UTC)
X-FDA: 83409517422.06.1714E84
Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169])
	by imf13.hostedemail.com (Postfix) with ESMTP id D4D6320018
	for <linux-mm@kvack.org>; Mon,  5 May 2025 17:20:09 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=ci47Xxob;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf13.hostedemail.com: domain of aha310510@gmail.com designates 209.85.210.169 as permitted sender) smtp.mailfrom=aha310510@gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746465609; a=rsa-sha256;
	cv=none;
	b=uAl3Em+/GoiW7acYGM0uL3R2oaaFzKHWgG0EE2fyLdSQtRjiPjlT23BIeq5TrHOKxNwd48
	Q5uJuFSz/S/gJ4i7wckNhUUKYgrdG0e5vpBAM2sRHQuQ83TVx5jACuEX56D/dWBfqpHCkr
	2REWhYkARLcupeXwB6tASvtSc19qwsE=
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=ci47Xxob;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf13.hostedemail.com: domain of aha310510@gmail.com designates 209.85.210.169 as permitted sender) smtp.mailfrom=aha310510@gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1746465609;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:references:dkim-signature;
	bh=mQLHWcdfFkuiv5N/+v6WJKhCdy1asd1QaZJCrWGTx7s=;
	b=Vtp53CIe9L9JHPyahzPLWkGZisherg1Wzn5r225mvNIiecygY4W2t4S8hSAkGyM+trfceC
	tjIKcuGtlqeLoZar5PlXKngOjwVF2+O+eCO0eUheq4CaKDaYZSJHWyyFFJq596H/nxHUsd
	LdsU6U7vJa2XllWvEj7NZqQILGfMpdk=
Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-736c1138ae5so4751046b3a.3
        for <linux-mm@kvack.org>; Mon, 05 May 2025 10:20:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1746465609; x=1747070409; darn=kvack.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=mQLHWcdfFkuiv5N/+v6WJKhCdy1asd1QaZJCrWGTx7s=;
        b=ci47Xxobv6cwroW3Gea7NWbbHYfs5kbQ+nZ7MjjkQ3g8btcEZnYImj4qcxUS/z4Fkn
         Wnr0cNhoQuUtR59lP2MmUTISYuukD63o0jZP+dEPx81HrhrcsVf5Rzcq2sPMFJK6Og/l
         HoWP07Q8HKIxBjYF9btBKesaO2TWShmJdsCI5RYB7qAdB6f+emaDbVkRQwIwJS1ZmF80
         jWU1g4bXcVVL4vOwLt2gvGZs8lEbY7XWWYOLrsd7/RmUdOIYUP5nvB5YbJMI/J4ZMePk
         0BvL3lruwY4arykkMdeZYIqckgbVJSWxtwtNcTPWd4qaXaulq4NR0QPrWopnP9xqjmrb
         9CaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746465609; x=1747070409;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=mQLHWcdfFkuiv5N/+v6WJKhCdy1asd1QaZJCrWGTx7s=;
        b=QQFCe/Ck7tKBCwdiCUyl3Tvi1lzjWc07OxJAVN+GvIZLk6d78c7OgqkuYWHagnL0lP
         aHZDB+BN/6V8/D6tXNPnUuqoz8u3XHaDyMzHPKg0GO7dYzNdezwkLeg1784+syVpxxtB
         sitbpLZrf2ftMTtUBDtfJxzqMtLsQNNvjEGS07OAhyJR7Iesdl1scCUt4yrP5Ar0AwTz
         Rd9TlCLh57OmDu3UGI5UEI1wlpGUhvCE/Ju84gmY1oLhS7RuZ0GuLjGXnPVo6vuJZe5H
         6uf/LVJXdGnufiqRUy22MSl92rwhY4hH/cSnMIS9eMbiQN6NsvRU0xEfDpx4m2D8HU7j
         4B+Q==
X-Forwarded-Encrypted: i=1; AJvYcCW9faDAYQA17VcLBYjHCdpNkEusrM05v818Hfka03Vmo/+47M3UMnn7ew0TLcWFkp/FlzW/gbmcHw==@kvack.org
X-Gm-Message-State: AOJu0YxRfVese59LCltGWLCU9o1kjMtN3cy/KmAUFBxO2g3Lp0P32nVO
	AxVy0w23Fr7hKCstQ65JixJy6mE0qZIbkacW3fOYfmChQl0WSy0c
X-Gm-Gg: ASbGncuATcZJHvmwUS4jNHzZU0N7RdEyodxp/Im8rGgI2EUrSczlduQzN/VY8fdnVPk
	D6EDjhJyEInOsDL4HayZ7yI1KvMix36QAWmbBb7kmQcUUypI27UkOr9fLO98gMGLsb4qviOWl9e
	HbiL1U81fkYB0QgSbdrU9MGA0fgwgQry+5erk+oesY85csfW1rDaUxyUGossAWljUwCcTAUENHW
	v474DyGpbqsa+c1QsAgU8kGstkeCgtYT7LoT14ZmECzWK6EeKMkWqS2rKN4fndF6DV3fVj/2nbo
	eLORFBiswC2+RKtP5eENMiXW+Vp8jNOKpJBxCqJnS4lMSqofO1OqFPelhFwAX6TReAlXgQ==
X-Google-Smtp-Source: AGHT+IFecyZtj1dy4XazVt9jUD0w3fTT/mj3hzCNHgmZ5240nXoOG80I/i5Z9bsDWP2gD84a3DekPQ==
X-Received: by 2002:a05:6a21:4a4c:b0:1f5:9330:29fe with SMTP id adf61e73a8af0-20e96607fb1mr10733132637.17.1746465608523;
        Mon, 05 May 2025 10:20:08 -0700 (PDT)
Received: from localhost.localdomain ([121.185.186.233])
        by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b1fb3b7bbd0sm4858306a12.37.2025.05.05.10.20.06
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 05 May 2025 10:20:08 -0700 (PDT)
From: Jeongjun Park <aha310510@gmail.com>
To: akpm@linux-foundation.org
Cc: urezki@gmail.com,
	edumazet@google.com,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	Jeongjun Park <aha310510@gmail.com>
Subject: [PATCH] mm/vmalloc: fix data race in show_numa_info()
Date: Tue,  6 May 2025 02:19:48 +0900
Message-ID: <20250505171948.24410-1-aha310510@gmail.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam10
X-Rspamd-Queue-Id: D4D6320018
X-Stat-Signature: us6hp7anhsc6iwgdwh8k7sojyx3p197h
X-Rspam-User: 
X-HE-Tag: 1746465609-882326
X-HE-Meta: U2FsdGVkX1/5q+5FdcTDI9+r/RpC12JyGp0kHodPcDhis/BtyNa+qxt9xWr9Z94PaZrzfGtMm0Tw7S40XD0fCXKBjmm6+b7FMBqOpli3mQ1y16TzvhSFLX8aXFL6rF8P9xmGF+jjx16gEcgObmCWVpCwzcnoBBbmaxD1oxPZpOMy1ew5BICCa33Ms1Yrq8CJjd0aTgr7R0uk5Jr2ACzSLPUuqmC74hwvAUyStQ6gPqBRwp+tRISCw40AnV7XNtEiXibwmydoXHq4tRe7bb1IzJS05OCqYcq+bp4d27A5MFahqhvOkHWn14nfySDWxTezaneA6oxBTynsfCoDnV5OB+274mrZ7vrIq6D4x1jYnycZcE71EMQlHs57HNJJBpkkvx4ZmX0jFCB9hPaLnIMyObBWYl81gQ7mukePxuNzJ4gTRTcG+FEjVBs2boh4B/zYP1vfUAdmVlbg3C5TZ5I89U8WnGpXRb6hFHGBo9ZwbsJ63ynHTFDqvS+MxLvuRSQYnopSSI0GHAk30tm7kiAu0C8ozGAdj7DzUwyExUPxnozXBy/wtXaYthv6XKI32nLeJxU/iBEUzjf4ObyO0/uGlDZjo0Ijd3dNockkbp775voRXA6njLCyIcPRDx6YwPhrqEmwXdGtyagOlUz5JgkYRWlQqOJZLl20tXK0iexdwqV2ukGdd5NyKd4N/DsgryTR3LaJG2sfOC9OnZdAODee6o8Vw5Fku+dvqdp9WaEGKdkaHmWS4SRnC3IeEcrKkP1VmImWNjry2MzBkMNF1nYf785h49letmpoKTAyK4wQfUlb1xiVK3Lu2nBpzcaiRHSMp8kadNgoG/OcRiMXSrzR1YZgOxwzsphlYBw0vwo8wNLmCoA82OaapxnLLtXECzsfVUwNNNqlmCZVbqO3Vh/cCTgPl+fEnyo0f/PqGpLC2JiKS1z0HWN4cJFWuuoMMKHGNXm7P5KeaSeJIHcHtm0
 6xYtNKP6
 ukNbeDJN8hXT3CykCc4PxVim4+nMM0M5ogLZV2qM/K5X5NdKkHmjCJIyWfHaWyEjx8C5gfrIPT5d/cGoYb61bBkHIbzNJGMuBK5knkrjyuXmT53V9EbGSta0h2jfEv/cYvFb35pgnaQPno7G/JIf871GBgjVPrZFrcgbHpbr4GyZzCTjQOFEeQZngJYBc3INNHB8o2rKX9ATMGV7KzF6olCWe+8ANDgHZ0Uzgczo95r4QSePtgwZBxlJmud3OkxZSKTHFtRTogKyR1RMebLJIu+KT3W4Cj9lIubbYAtKwPaGfFmZoqqAdldAgLXviDrxJptT9Re529RU5yK93yT3a5evkFYwpoSUmgvk3RKWZGo4A98qRYCVHB5NKO+optOCyBB/+7a/kGOIneD2mfj9oaWC+fTgCA2SK+YNb
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

The following data-race was found in show_numa_info():

==================================================================
BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show

read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0:
 show_numa_info mm/vmalloc.c:4936 [inline]
 vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016
 seq_read_iter+0x373/0xb40 fs/seq_file.c:230
 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299
 new_sync_read fs/read_write.c:489 [inline]
 vfs_read+0x5b4/0x740 fs/read_write.c:570
 ksys_read+0xbe/0x190 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __x64_sys_read+0x41/0x50 fs/read_write.c:720
 x64_sys_call+0x1729/0x1fd0 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xa6/0x1b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1:
 show_numa_info mm/vmalloc.c:4934 [inline]
 vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016
 seq_read_iter+0x373/0xb40 fs/seq_file.c:230
 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299
 new_sync_read fs/read_write.c:489 [inline]
 vfs_read+0x5b4/0x740 fs/read_write.c:570
 ksys_read+0xbe/0x190 fs/read_write.c:713
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __x64_sys_read+0x41/0x50 fs/read_write.c:720
 x64_sys_call+0x1729/0x1fd0 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xa6/0x1b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000008f -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 8287 Comm: syz.0.411 Not tainted 6.15.0-rc4-00256-g95d3481af6dc-dirty #1 PREEMPT(voluntary) 
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
==================================================================

There is a read/write data-race in counter[]. This seems to be happening
because only read memory barriers are currently applied, so we need to
modify the write operation to counters[] to be handled atomically.

Fixes: a47a126ad5ea ("vmallocinfo: add NUMA information")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
---
 mm/vmalloc.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 3ed720a787ec..d93fa535bc21 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -4917,7 +4917,8 @@ bool vmalloc_dump_obj(void *object)
 static void show_numa_info(struct seq_file *m, struct vm_struct *v)
 {
 	if (IS_ENABLED(CONFIG_NUMA)) {
-		unsigned int nr, *counters = m->private;
+		atomic_t *counters = m->private;
+		unsigned int nr;
 		unsigned int step = 1U << vm_area_page_order(v);
 
 		if (!counters)
@@ -4931,10 +4932,10 @@ static void show_numa_info(struct seq_file *m, struct vm_struct *v)
 		memset(counters, 0, nr_node_ids * sizeof(unsigned int));
 
 		for (nr = 0; nr < v->nr_pages; nr += step)
-			counters[page_to_nid(v->pages[nr])] += step;
+			atomic_add(step, &counters[page_to_nid(v->pages[nr])]);
 		for_each_node_state(nr, N_HIGH_MEMORY)
-			if (counters[nr])
-				seq_printf(m, " N%u=%u", nr, counters[nr]);
+			if (atomic_read(&counters[nr]))
+				seq_printf(m, " N%u=%u", nr, atomic_read(&counters[nr]));
 	}
 }
 
--