From: Qian Cai <cai@lca.pw>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Marco Elver <elver@google.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm/vmscan: fix data races at kswapd_classzone_idx
Date: Tue, 25 Feb 2020 21:26:35 -0500 [thread overview]
Message-ID: <BE34F3EE-B992-418E-B2A4-D1FDDCD86906@lca.pw> (raw)
In-Reply-To: <20200225181101.eca053d3201a6ac68e543572@linux-foundation.org>
> On Feb 25, 2020, at 9:11 PM, Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Tue, 25 Feb 2020 11:55:26 -0500 Qian Cai <cai@lca.pw> wrote:
>
>> pgdat->kswapd_classzone_idx could be accessed concurrently in
>> wakeup_kswapd(). Plain writes and reads without any lock protection
>> result in data races. Fix them by adding a pair of READ|WRITE_ONCE() as
>> well as saving a branch (compilers might well optimize the original code
>> in an unintentional way anyway). The data races were reported by KCSAN,
>>
>> ...
>>
>> --- a/mm/vmscan.c
>> +++ b/mm/vmscan.c
>> @@ -3961,11 +3961,10 @@ void wakeup_kswapd(struct zone *zone, gfp_t gfp_flags, int order,
>> return;
>> pgdat = zone->zone_pgdat;
>>
>> - if (pgdat->kswapd_classzone_idx == MAX_NR_ZONES)
>> - pgdat->kswapd_classzone_idx = classzone_idx;
>> - else
>> - pgdat->kswapd_classzone_idx = max(pgdat->kswapd_classzone_idx,
>> - classzone_idx);
>> + if (READ_ONCE(pgdat->kswapd_classzone_idx) == MAX_NR_ZONES ||
>> + READ_ONCE(pgdat->kswapd_classzone_idx) < classzone_idx)
>> + WRITE_ONCE(pgdat->kswapd_classzone_idx, classzone_idx);
>> +
>> pgdat->kswapd_order = max(pgdat->kswapd_order, order);
>> if (!waitqueue_active(&pgdat->kswapd_wait))
>> return;
>
> This is very partial, isn't it? The above code itself is racy against
> other code which manipulates ->kswapd_classzone_idx and the
> manipulation in allow_direct_reclaim() is performed by threads other
> than kswapd and so need the READ_ONCE treatment and is still racy with
> that?
Right, I suppose allow_direct_reclaim() could use some treatment too.
>
> I guess occasional races here don't really matter, but a grossly wrong
> read from load tearing might matter. In which case shouldn't we be
> defending against them in all cases where non-kswapd threads read this
> field?
prev parent reply other threads:[~2020-02-26 2:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-25 16:55 Qian Cai
2020-02-26 1:29 ` Matthew Wilcox
2020-02-26 1:48 ` Qian Cai
2020-02-26 2:11 ` Andrew Morton
2020-02-26 2:26 ` Qian Cai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BE34F3EE-B992-418E-B2A4-D1FDDCD86906@lca.pw \
--to=cai@lca.pw \
--cc=akpm@linux-foundation.org \
--cc=elver@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox