From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68E68CF9C6B for ; Tue, 24 Sep 2024 04:50:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C60D46B0082; Tue, 24 Sep 2024 00:50:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BE7EB6B0083; Tue, 24 Sep 2024 00:50:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A61316B0085; Tue, 24 Sep 2024 00:50:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 837726B0082 for ; Tue, 24 Sep 2024 00:50:10 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 399E641787 for ; Tue, 24 Sep 2024 04:50:10 +0000 (UTC) X-FDA: 82598404980.14.11532A6 Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by imf05.hostedemail.com (Postfix) with ESMTP id 5463A100005 for ; Tue, 24 Sep 2024 04:50:08 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=bg86tLBN; spf=pass (imf05.hostedemail.com: domain of aha310510@gmail.com designates 209.85.215.169 as permitted sender) smtp.mailfrom=aha310510@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727153347; a=rsa-sha256; cv=none; b=f6baF2ZB6fOQqVq2/H5BPLA1qsoojl/I64N8XpCk/lg7v9IgP0AqeIoM6lgY7KoVX9x27C NJqT9jbwAOTCVmyqAE7/A49CmHg6b+Kx8OFtlHVdN8Z3wgCezXVH06mNx2Enq8guIxN9B3 Bcy3ina3v3ID91yemlihtoSRm0BoSXo= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=bg86tLBN; spf=pass (imf05.hostedemail.com: domain of aha310510@gmail.com designates 209.85.215.169 as permitted sender) smtp.mailfrom=aha310510@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727153347; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=d74Ho1WHawE+5XcSs6MQhq9EWssysWWKSXZfRcAZZ94=; b=KKvFaf2iTe2Hhu8OsMzJxGlXK5eJ904UQpRBnuoGLeC1kLIOfLgwQODmTqsz90SG4Gsg/n toCCBkgpfkVXfLWXsQgfDhFx8PuUQiQOdwONkNIo3GhexFwtojJVwyidMjwACrdkFZDi7Z R27FXUpKkLLTKL0yGyNtjPAKbamPJig= Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-7cf5e179b68so4154290a12.1 for ; Mon, 23 Sep 2024 21:50:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727153407; x=1727758207; darn=kvack.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=d74Ho1WHawE+5XcSs6MQhq9EWssysWWKSXZfRcAZZ94=; b=bg86tLBNpqQuWrF3HWnPaokvlH5QW5YQpqmO4UaF4s27STD3fadz33+HwmOpk7yT9h UZ+CfLkX0IeiM47SM93EHrZWWeUZkHFAsw3ostxVlESzPkJhUyECQ7IYiGmpOZh2yGcb GlOqP9noHyZJduwqTajuEH0K7taF/lVIuB8NorXc30CNv6EtRIiJcfcPz+lZc3SgNrDU SkSb8zibb95wu7pAjyHpbelsoqhXfNML3yQQYbzr699ITPWFJkgj813Ql3sLcIZR2AD/ eN9SBHG8LGIoDukAfML0X0lCbAuNw6WA9o+3EB++MK1VO54uQXjSMxaoRZcaaPUubdeu a7Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727153407; x=1727758207; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=d74Ho1WHawE+5XcSs6MQhq9EWssysWWKSXZfRcAZZ94=; b=a03Blbg0HRgE1KSZDb+Ph984dCFiyJuUS95evnam3bg2iawawEIxXG1ItfwFvtDBVp m/tXrH9KXYYDUstG/3gbOtfxWzsx9gIWAtcNYYuHZnfS8SJpeED0SXoLY4LEJ8d47EKU jVSCjR2GJ9ochc5ZSDRcRszyHZT0aJ/nd91BaH7NEkSYwwybNT8FzSOnl+HzVogl8y4R 5j7u6nALOhsqUOSWxx7DsI6Pjs7BPPnsvNZUa5cwFzRVL/EUmjicxNx47/bJWzQBO3Z/ OTXMiL7JSktwJmBICuMbIN0SBGK0LIQB9oJHcQrLLgzn8zCeLKWLGn8fJLBOYK04EyZ0 l5sg== X-Forwarded-Encrypted: i=1; AJvYcCUj78gx3zxoKbJfJpZRo+oe18jPmtD9KrLRo9GE28XU/sA6bRRhKywEIsJ6XvtY5AxzTD3693G/4A==@kvack.org X-Gm-Message-State: AOJu0Yzm+SyAiS4CgRFnrnc8MiY/2+h7umZw1NIpAGJjCB2jpjp17ENq 59Wv1pYHWopCOZwQVzl34s/48CO3xHFPWiyhtw6inhD8XpvYS3zW X-Google-Smtp-Source: AGHT+IGxnjLeasV01GQR3c/k7jfMr6OFFpgVkxR0DbPq5BAGkfddsJeKaE8mJODv29DHO7DVMj2UaQ== X-Received: by 2002:a05:6a20:5520:b0:1cf:49a6:992a with SMTP id adf61e73a8af0-1d343cbab3cmr3086297637.21.1727153406852; Mon, 23 Sep 2024 21:50:06 -0700 (PDT) Received: from smtpclient.apple ([2001:e60:a02a:7af0:89b:3903:a61c:1a89]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71afc9c7a8bsm399220b3a.201.2024.09.23.21.50.05 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 Sep 2024 21:50:06 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Jeongjun Park Mime-Version: 1.0 (1.0) Subject: Re: [PATCH] mm: migrate: fix data-race in migrate_folio_unmap() Date: Tue, 24 Sep 2024 13:49:54 +0900 Message-Id: References: Cc: David Hildenbrand , akpm@linux-foundation.org, wangkefeng.wang@huawei.com, ziy@nvidia.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, syzbot In-Reply-To: To: Matthew Wilcox X-Mailer: iPhone Mail (21G93) X-Stat-Signature: h5mqw9u544axgc7wputqkpjq8xxaqz5x X-Rspamd-Queue-Id: 5463A100005 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1727153408-545975 X-HE-Meta: U2FsdGVkX1/PRrw9GfAxZiQO1R9ckBB0t7D2vG4HU42sxDlRY1UVvnIn1J0NYkDf9UP4DHHXPN4Ge5SyhzYoNToqDrcrvbbntp0zEiNR6Mxf7bOHiqpai6vSebinqGKEPLQ48nx1wwrWcftN5ksTgV/X9zIVsz/kg/DK1ilUywk9lLWZKqu5BaPg5RB8QfHT0Fs3pHo0+VpNodf5cv3P/e4dj/SsI/7qekCKtsqDg/CiaFEbA8s2VOt6E/EvUuwx0ISGXIkiVdBJHfPcdkQYCZdszZB5gX74Ettt3lW0xzaIS2vidELHu3xsknUKNFQdfeng6lO1z12h/6s0CLQqQJIOUQYJGet0EIK8sVFlPl50OWyHbgkxmjB8ZMAusQE1yQOuVO14yd8fOGdzqAid91gjlJ52PROZ+G9QE6IsoAqW7x1Hp5itMrtBm6DlbpkbKkdo/VNXyB0bUUvzIHw07VNqvr7xqNwAzzjQoXd7h7TUF/tKIDrC7xWNHyV4h83JSbC4tPN3fpSR+jI9dqJCcslnFsrsh3cDWXoqZ7IAL95XofGRWeX5vsdXRT/BGVlZUqoLOFnwYYWKcQ+zt1fxqSD4zaeodpoGtZWwjyZ71IC/x787U2pBfgNfPnvmC87a5JjjA+NYDrlwM9q0LLSACLv+F+iR9IfAqBqBLNX/pTvtzxDGRpVlbUiBNH6QS1Qkav0tfVqQhxBTlxO/LiUMV71bU9grqy4l33wTFFtfgb7DcjS6EK9A9/3IDvXY5PYi64lWU/6pzr5oNpWQ104Qv5hVix65Rx7A0Sz8p526Y7o992/BL6oyc9+YtdW55Spg584z3M9XwWTqdBmVNeFwDU19jVPjzpkInddrYAAZEP+uFenieWUXjBwKcbOagyT7Fhh+ieoIwp1aaYTkYfHZpkK3PrTMUBfRWj5gTOamsUt41a5qD2JyO+wB/0oPZMp3uzaQNyoINPvviTgr1jQ oSVfXAw7 +hAJ0Gvsz+BzC1EpnqrCj5u7uDb1YpjC+JmSre+f5vjDBd7MmuLYr+ZMlpnrkm5o2sPZ6mItBAl5jq/fdya41VmqgqwKVUOPf8WLm42tVuRdyEGTzq2yoXT6Kd5k9BHgg/Q2s75Bs3Agoj8ZekVAtoQKCBUdeDqzFuvL+NiSmWddwnN1wDz9ZTU0SqvHVTEFOerqsZDgIpWNA+qSZenCHxMgOky5iZcB+dUv4H4eTC95S1CoM/pTSz72eFSPDwplBzP7Uk9QoRZkowQZ4RaO6+hFevlaoZHBEBmDRYzwwoAMDs6/0vSzo7WDFa+k6go7X+jTSYZn45JZzHqCV1dJYHYzOw+2kry6SFAdUfOv71peub+D+aN6qC2rYletYW4ds+t7/HKg/GeynMPjDoJxsBoR2CNP3uMDyykjdzNaoY5u/Z3iBal+MMcadurht3hD70RLJYPEkym9ZZhLBakhlpXhSsXDGY95ZNnVzkUQeVa71/MLJPCHyjhv5VYh6JUMMlX+ni3UPG2pDbQ18jCSaB1ZdPkwjlqoh4+wNK7311TE4Q2rKyU8U8fhcyN/ub+sy8XxurmmHPvZDwD0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > Matthew Wilcox wrote: >=20 > =EF=BB=BFOn Tue, Sep 24, 2024 at 09:28:44AM +0900, Jeongjun Park wrote: >>> Matthew Wilcox wrote: >>>=20 >>> =EF=BB=BFOn Mon, Sep 23, 2024 at 05:56:40PM +0200, David Hildenbrand wro= te: >>>>>> On 22.09.24 17:17, Jeongjun Park wrote: >>>>>> I found a report from syzbot [1] >>>>>>=20 >>>>>> When __folio_test_movable() is called in migrate_folio_unmap() to rea= d >>>>>> folio->mapping, a data race occurs because the folio is read without >>>>>> protecting it with folio_lock. >>>>>>=20 >>>>>> This can cause unintended behavior because folio->mapping is initiali= zed >>>>>> to a NULL value. Therefore, I think it is appropriate to call >>>>>> __folio_test_movable() under the protection of folio_lock to prevent >>>>>> data-race. >>>>>=20 >>>>> We hold a folio reference, would we really see PAGE_MAPPING_MOVABLE fl= ip? >>>>> Hmm >>>=20 >>> No; this shows a page cache folio getting truncated. It's fine; really >>> a false alarm from the tool. I don't think the proposed patch >>> introduces any problems, but it's all a bit meh. >>>=20 >>=20 >> Well, I still don't understand why it's okay to read folio->mapping >> without folio_lock . >=20 > Because it can't be changed in a way which changes the value of > __folio_test_movable(). We have a refcount on the folio at this point, > so it can't be freed. And __folio_set_movable() happens at allocation. >=20 Thanks for the explanation. Then it seems appropriate to annotate=20 data-race in __folio_test_movable() so that KCSAN ignores it. I will apply the change and send you a new patch. Regards, Jeongjun Park=