From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F78CC433B4 for ; Wed, 14 Apr 2021 11:06:57 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BB1436103D for ; Wed, 14 Apr 2021 11:06:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BB1436103D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 1D1386B006C; Wed, 14 Apr 2021 07:06:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 181A16B0070; Wed, 14 Apr 2021 07:06:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 049B76B0071; Wed, 14 Apr 2021 07:06:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0148.hostedemail.com [216.40.44.148]) by kanga.kvack.org (Postfix) with ESMTP id DE0116B006C for ; Wed, 14 Apr 2021 07:06:55 -0400 (EDT) Received: from smtpin39.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 9DC448249980 for ; Wed, 14 Apr 2021 11:06:55 +0000 (UTC) X-FDA: 78030695190.39.4DC1BD0 Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) by imf25.hostedemail.com (Postfix) with ESMTP id D07766000124 for ; Wed, 14 Apr 2021 11:06:52 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id B9D52AF37; Wed, 14 Apr 2021 11:06:53 +0000 (UTC) To: Christoph Lameter , "Gong, Sishuai" Cc: "penberg@kernel.org" , "rientjes@google.com" , "iamjoonsoo.kim@lge.com" , "akpm@linux-foundation.org" , "linux-mm@kvack.org" References: From: Vlastimil Babka Subject: Re: A racy reading spot on n->free_objects in slab.c Message-ID: <86da47d1-6f68-a6fb-0101-69e706e30e7d@suse.cz> Date: Wed, 14 Apr 2021 13:06:52 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: D07766000124 X-Stat-Signature: hycfq6xbj7adofq9y88pnrrm3q5yayht Received-SPF: none (suse.cz>: No applicable sender policy available) receiver=imf25; identity=mailfrom; envelope-from=""; helo=mx2.suse.de; client-ip=195.135.220.15 X-HE-DKIM-Result: none/none X-HE-Tag: 1618398412-150078 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 4/14/21 9:32 AM, Christoph Lameter wrote: > On Tue, 13 Apr 2021, Gong, Sishuai wrote: >=20 >> We found a racy reading spot on shared variable n->free_objects in I'm assuming this was found with some research tool you're developing? Did it also flag the line "shared =3D READ_ONCE(n->shared);" as that's ba= sically the same thing. >> slab.c and it can be data-racing with several writers that update this >> variable. As shown below, in function cache_alloc_refill(), >> n->free_objects will be read without any protection. It could be >> possible that the read value immediately becomes out-of-date when >> another writer is changing it (e.g. free_block()) >=20 > Ok that is fine. If we mistakenly fill up the per cpu cache with new > objects to the slab then so be it. > If we mistakenly take the lock and fail to get an object then we can st= ill > reverse that decision and do the other thing. Agreed. It's common in the kernel to do optimistic reads outside of lock = to decide what to do and avoid locking at all in some cases. This may sacrif= ice some precision of these decisions. but not correctness, as locks are take= n later for the critical parts. > Maybe we need to add a comment there? Or maybe some construct that makes no difference for the compiler, but do= es for the tool? READ_ONCE() maybe?