From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05A21C3ABBE for ; Tue, 6 May 2025 08:25:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9FCF86B0085; Tue, 6 May 2025 04:25:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9ABD76B0088; Tue, 6 May 2025 04:25:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8744F6B0089; Tue, 6 May 2025 04:25:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 6AC1A6B0085 for ; Tue, 6 May 2025 04:25:37 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id F01A5161EE2 for ; Tue, 6 May 2025 08:25:37 +0000 (UTC) X-FDA: 83411799114.10.04CB0A7 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by imf21.hostedemail.com (Postfix) with ESMTP id 3599F1C0005 for ; Tue, 6 May 2025 08:25:36 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Q0QLrQi8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf21.hostedemail.com: domain of aha310510@gmail.com designates 209.85.210.180 as permitted sender) smtp.mailfrom=aha310510@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746519936; a=rsa-sha256; cv=none; b=y+sFOoVd884CD0tOdiJti601215uX9USYUjGKkMkVGZ8VA9mTmcTnHcjekuqRo+Tj+vm7c RqSczItR+SdgFiPOVA5JrjscaRKWikWo1GyE+HF95LPRv8lUK2/DCSHxvQ2wgS/EN9Fa8C M/DMp0xPUaJjhig+o7BlZf1sHhFaJQQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746519936; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=TFFttdtCDEZCyNTJvWqYSjw8T9NidMPynxT2P6ADGEY=; b=yu2lIqma+Chvl6f2irmZi9A8+Xk0Iu3pkFy8Ned5cQ4uuemhAwK/eN0EH3g1Dt19DkRJ4x 8CzZQLJw1oBBjyCVNi1RerURgn0gks8j1AzYxYFqRPxwlmLSCya/PyJWhveDGpSnZrutf+ bdI0Q0mgx3pCDvLg2T2zwiF1GvesDhk= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Q0QLrQi8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf21.hostedemail.com: domain of aha310510@gmail.com designates 209.85.210.180 as permitted sender) smtp.mailfrom=aha310510@gmail.com Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-7406c6dd2b1so2181695b3a.0 for ; Tue, 06 May 2025 01:25:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746519935; x=1747124735; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=TFFttdtCDEZCyNTJvWqYSjw8T9NidMPynxT2P6ADGEY=; b=Q0QLrQi8rrCwzOGrgjvgI0uLGJXJxbyj8sdf9XAYyJx7eleFfkS5JM9ZOhchkm823Y EnikD4ELNu/iEVQXx2xn2OwAt/crmtCgUeQhLe5onN096Um22jBCknrHOQNumzz/+aW6 MFE1TZjbEJfq+qVkx7I1vHiPSsfWNqKQv5s1qM1NMAfBTiAQQJ5PDomYm5GcJfannOLV m6KlG2u4p4fodpxK9wiF208oAu5yId0U8Unv6u956tmDHHKArx91LjZdqUnNIHt/Whmf ds2FdQwdjdBnMmBiUebWGddP6VCmtPEPu1EDt9+HijVZ2Ni6BmlBOcyJzo+1pfeTpAPy NZwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746519935; x=1747124735; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TFFttdtCDEZCyNTJvWqYSjw8T9NidMPynxT2P6ADGEY=; b=f2cbPh+Fst+sxh9dBJB3WhMSX2m7Fyc6MNaAkrX/s2jKwka4xQDA/KecUGmQXFQ8Pw mae2Xk0D9pQPR6TqqkNoKlcDv++oSA60xVgNQHlFof+1FupXNlELb+4IBkWJv7jj736B yxmcOjYp9thW/xZEl6n7oZDap0wrsoURN14MAWj0VoHzAVnU0a3jpnZN7Y3eGEhv/fMP JUAh9iywGv8Q4gGIsom4YRC6b0F/PNJmy1pysw/EhLIrq2bod8aaSZ4XiN99Bq/iZehI PEHtnV7JTKQlMw7rt5es4VBLr8Ns/Qk8ACYlqAqU+9CWm7qEXkywvtDKnmGZMJLgf671 IK0Q== X-Forwarded-Encrypted: i=1; AJvYcCUN403u20eNyrVQpVs9+OYYT7M6WDl+U69X+GwhEdDP22eU8Av4ad4k5YvpFHdKH3R72Ssf2Zuj6A==@kvack.org X-Gm-Message-State: AOJu0YwYV9q6zGxhbNJp32Ip84RkE8yyaVDwP95JTB2N4M825uoAxByb cNpm1EVBnNodfIXOZUdqwIzBh+JC+lQRd2nlmd8Oii7Rsv+hjnuv X-Gm-Gg: ASbGncv6UgjIZyc0imLTRgqcgOL6/n8EgMzwOEdDAJ3hLpS2Z/yAaE9lnZk2yHuQcgf sw/IK4iiKh+A6o7p5UNcwfX+z6FoX4ohR4r3t4TbvLE5YadOSSZHC/eHpxaeene5kfYIEjbVXnR Irt13F5C1yvE7wRXrFSqGJEI2AoEWQga3MDWi58g/uo/wAbZRVq9GMzFVcjA1EvQrSCLQqYjPEo rTa9ng9oIp53TCPdP8lu9mFPjI0KFDojhpQLZBvQF6PL2L77aVd47q05dR+LCkdYRkEJ5dYhrd6 hdxNnASQbS540n4X3owr06/kq+cJQ3HHOZTxc6AlVgh3ejnkeDkSE2QpbKswgX7y9ikgRw== X-Google-Smtp-Source: AGHT+IFqpuETaQnwTGTEmS5W7RR74OY3ecaKXVFMfCX78LqX+oJkQ8BmrW1I6LpLRP6E5qbObcC5dg== X-Received: by 2002:a05:6a21:6da3:b0:1f3:323e:3743 with SMTP id adf61e73a8af0-2116fa3a73bmr3548319637.12.1746519934852; Tue, 06 May 2025 01:25:34 -0700 (PDT) Received: from localhost.localdomain ([121.185.186.233]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b1fb3920f6dsm6904412a12.10.2025.05.06.01.25.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 May 2025 01:25:34 -0700 (PDT) From: Jeongjun Park To: akpm@linux-foundation.org Cc: urezki@gmail.com, edumazet@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Jeongjun Park Subject: [PATCH v2] mm/vmalloc: fix data race in show_numa_info() Date: Tue, 6 May 2025 17:25:19 +0900 Message-ID: <20250506082520.84153-1-aha310510@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 3599F1C0005 X-Stat-Signature: a1buzmnf7e167pcrfspdwxsputnri6kz X-Rspam-User: X-HE-Tag: 1746519935-270742 X-HE-Meta: U2FsdGVkX1+Nq2qHr8c6Bfi6eXK56hAqITbiSsih9fIk4bWU3FJtI+UGwtoyLW+R1gp6/s8UYF7O5ilEKmO9nwYsrWPV6pEin66OduUoZczNRjAmRMOlLLay3fuhb95AlbVtO7EpACoyXvHUCzaiii8/fmQAvDDYxhYf9uUZBxgo7ibwm0Jk9A3ZT5HNA1KL2VpaBU/1mYkh/1FSBatr/q5dBH2OK9lKL8Q6zULdh9h6JlTLz5PvA0VowW5Xr8cf9gCHce8yCUiVwfm+OWxdKNVcMkQUAWdKZ/lht3uCzoStCaLdhf/lQsEe5qpG2fhMUMTknDZUmZAoNQamc4oCUDKAJZrUR5c4mx5V+KaMkFxgD7Ac+JoD2NpGDDgJAdtr3Yqx4XCQzkKC7GYsbSAmDqZFMNCD1WeUyPAw4slt/IU9UEod3kZi0Q4gbrFN2U53vtUxA6IFxfYzf/2Vo8FhRFhjHAplHAsU9bzgF/viCZTdmq0plsOQuWka/YHlNch41Ol00t8UBnx+5bJVlknkRd9LxWCTKy7AoylXnjDC4/AZKjUxG2FbqduTe1o3tN7cLpskBZY/Di3RUSQJsHErIDMGGTIZ6psoK857KFKe1FA5SuI7e4VygJaeD7BPiP3diaLVBjMAttYU3LHYb/AVuAds3ezMZEFz+4aQjYfv5oYgqVUuqz3cWuI+UcrUzPsG0xKxKbMWRBO4opQgEmSmau2zAQThWgaUixm8DwhcYMfANF82umn+XUvRifNJa/iBls7l4y4hgf8FgZlCBdrJQLd982aF8gwPFyIPPVo7gDw6Q8M8oDhPIXSQfo0QT8gmHx4w/uVYYnsVjAvGameoC+ZZBR+v8NS82c2i5GXSeqGTHKMCo0oH71ialam2DlUcMm8dTwltM39EnIOw/QCemvjZAWGEggmXUlEIquI8ULrehulP8DwMmenBRBXIAya3somufCxtYpM35wb8+g7 nq4YdiFV b4GJvADa2G0Ifwzpfw/iJtnQ9rj4g0XiflhpI6qyujWJQFqN6rXvLM36RzfeD13Es6xQqGIuUq2b47W9zCnS7NBppSghL6l8zGjX8ApQ7rmWtK60pzg3Zrm+j6twLKLjg9w1PHZPwRilWxx+e4CLRnOMQyZlD/wtVezBWpUqxncxQ3ISEyJpXzaQa3xOPyDBPAsqdGZrN7sFwVPqNAX+F3KUXtxpsP7DG9vSf5R972e5aHWrmvoyFtvfudV2K7CCvDIH8Wd1vJxckN9XN5YLgY+KdbUg3xD8IVhBC5ALKk11v7QRoszsy8b4LaTNHper08ngyMP1mwWL/VETt+URC0aaM/mPD/JxiA5eotUwPAzkngmSaFUlzZl0u5jcz/3KwUpCd8BviVBnzO3qseN3jrqf0mnX0m3QRa+SwSzWg4iHpFkm6gfYYtD1aWpQDLkcKW7DhCEWDqkYZRDkUmvMQNdUFag== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0: show_numa_info mm/vmalloc.c:4936 [inline] vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 new_sync_read fs/read_write.c:489 [inline] vfs_read+0x5b4/0x740 fs/read_write.c:570 ksys_read+0xbe/0x190 fs/read_write.c:713 __do_sys_read fs/read_write.c:722 [inline] __se_sys_read fs/read_write.c:720 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:720 x64_sys_call+0x1729/0x1fd0 arch/x86/include/generated/asm/syscalls_64.h:1 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa6/0x1b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1: show_numa_info mm/vmalloc.c:4934 [inline] vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 new_sync_read fs/read_write.c:489 [inline] vfs_read+0x5b4/0x740 fs/read_write.c:570 ksys_read+0xbe/0x190 fs/read_write.c:713 __do_sys_read fs/read_write.c:722 [inline] __se_sys_read fs/read_write.c:720 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:720 x64_sys_call+0x1729/0x1fd0 arch/x86/include/generated/asm/syscalls_64.h:1 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa6/0x1b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x0000008f -> 0x00000000 ================================================================== According to this report, there is a read/write data-race because m->private is accessible to multiple CPUs. To fix this, instead of allocating the heap in proc_vmalloc_init() and passing the heap address to m->private, show_numa_info() should allocate the heap. One thing to note is that show_numa_info() is called in a critical section of a spinlock, so it must be allocated on the heap with GFP_ATOMIC flag. Fixes: a47a126ad5ea ("vmallocinfo: add NUMA information") Suggested-by: Eric Dumazet Signed-off-by: Jeongjun Park --- v2: Refactoring some functions and fix patch as per Eric Dumazet suggestion - Link to v1: https://lore.kernel.org/all/20250505171948.24410-1-aha310510@gmail.com/ --- mm/vmalloc.c | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 3ed720a787ec..a5e795346141 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4914,28 +4914,32 @@ bool vmalloc_dump_obj(void *object) #endif #ifdef CONFIG_PROC_FS + +/* + * Print number of pages allocated on each memory node. + * + * This function can only be called if CONFIG_NUMA is enabled + * and VM_UNINITIALIZED bit in v->flags is disabled. + */ static void show_numa_info(struct seq_file *m, struct vm_struct *v) { - if (IS_ENABLED(CONFIG_NUMA)) { - unsigned int nr, *counters = m->private; - unsigned int step = 1U << vm_area_page_order(v); + unsigned int nr, *counters; + unsigned int step = 1U << vm_area_page_order(v); - if (!counters) - return; + counters = kcalloc(nr_node_ids, sizeof(unsigned int), GFP_ATOMIC); + if (!counters) + return; - if (v->flags & VM_UNINITIALIZED) - return; - /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ - smp_rmb(); + /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ + smp_rmb(); - memset(counters, 0, nr_node_ids * sizeof(unsigned int)); + for (nr = 0; nr < v->nr_pages; nr += step) + counters[page_to_nid(v->pages[nr])] += step; + for_each_node_state(nr, N_HIGH_MEMORY) + if (counters[nr]) + seq_printf(m, " N%u=%u", nr, counters[nr]); - for (nr = 0; nr < v->nr_pages; nr += step) - counters[page_to_nid(v->pages[nr])] += step; - for_each_node_state(nr, N_HIGH_MEMORY) - if (counters[nr]) - seq_printf(m, " N%u=%u", nr, counters[nr]); - } + kfree(counters); } static void show_purge_info(struct seq_file *m) @@ -5013,7 +5017,10 @@ static int vmalloc_info_show(struct seq_file *m, void *p) if (is_vmalloc_addr(v->pages)) seq_puts(m, " vpages"); - show_numa_info(m, v); + if (!(v->flags & VM_UNINITIALIZED) && + IS_ENABLED(CONFIG_NUMA)) + show_numa_info(m, v); + seq_putc(m, '\n'); } spin_unlock(&vn->busy.lock); @@ -5028,14 +5035,7 @@ static int vmalloc_info_show(struct seq_file *m, void *p) static int __init proc_vmalloc_init(void) { - void *priv_data = NULL; - - if (IS_ENABLED(CONFIG_NUMA)) - priv_data = kmalloc(nr_node_ids * sizeof(unsigned int), GFP_KERNEL); - - proc_create_single_data("vmallocinfo", - 0400, NULL, vmalloc_info_show, priv_data); - + proc_create_single("vmallocinfo", 0400, NULL, vmalloc_info_show); return 0; } module_init(proc_vmalloc_init); --