From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39427CED245 for ; Mon, 7 Oct 2024 22:42:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 50E146B007B; Mon, 7 Oct 2024 18:42:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 496836B0083; Mon, 7 Oct 2024 18:42:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 336EF6B0085; Mon, 7 Oct 2024 18:42:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1374B6B007B for ; Mon, 7 Oct 2024 18:42:03 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id A5091A0137 for ; Mon, 7 Oct 2024 22:42:01 +0000 (UTC) X-FDA: 82648280484.25.32B6EC1 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id ADEB040002 for ; Mon, 7 Oct 2024 22:42:00 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QXEKFhPy; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of chrisl@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=chrisl@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728340811; a=rsa-sha256; cv=none; b=0+Hd7brnaQrd2QI4sN3Agk1SBVPbwkgAGHUzIh8nFR5eQcjRMKGqYuhMykAuiM6FxGjc1L MdcaD+ARsDdgvEPLIC986CM6RNBxujNvEZkhgBcXjSafWpLtBO2Sb4EiCF5B2+R2PL6CqQ uSRUEfzWwtXuCHzGeRHimU5A26KcD1c= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QXEKFhPy; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of chrisl@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=chrisl@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728340811; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=59X50Xk+ro3QRuA79FJkZBBaJfnamlPzBKWDtqZiVZc=; b=Hu/hIwH1f6/5FqS/Pa89yEo9heH++Su1zJV/B9mi1m8jFvw/wcwzSiUNBAGaQqxR/ug1ap q9ZmKmdnehKuGmMB6KC1KOEZUgE6k8ClmPsYCSX7aEfsVceVEuWZPHtnRNOVNssNlyCKk+ 1xo+GMC8jwPRe0Dyo0HyeT81bhmevXQ= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 6ADB25C5AB6 for ; Mon, 7 Oct 2024 22:41:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5A89DC4CED0 for ; Mon, 7 Oct 2024 22:41:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1728340919; bh=lqN667crBi3O2F9hVlunj0HOZNmZ/QKEjkUVJuSzS1Y=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=QXEKFhPyXGkn9z4/GU9vnG/cXcOKzvJNZyRAej8gxberZ/ZLTAAAAjgOwlOkzd6qx b4abfmpdvMeEcDo8YIlNrMA5z3eo3MMdqx3EMD8vQkAn5utW5xkWwA3j1f/hx2/W0L NTnO6HMa8lzAGA+E1hjSTXPqrAvqSkhm7sfbNhgz7EBTCuHn5KoP6GjXfUQhB37N0H AV0aUY4ZmqZAlRNB1O1iTCY4Yo5mOtzYzB7BwfVzjrn+MMu7jWpIdEWak/Nd/rvqo6 sk+qETB/iVh6WkIR4UOgLghfMVbQpFaQUfKxjeCKhKRZZblwahfCSFQwn3RoRzSMYf JbealkpbTNN3g== Received: by mail-il1-f177.google.com with SMTP id e9e14a558f8ab-3a36ad4980bso97375ab.0 for ; Mon, 07 Oct 2024 15:41:59 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCWYdUYkG87oNPdoz68ndfu9HVB5QWYlZH/Ows647DH80rpd2e4Ex9i7ltgC54HJ7YfxG6/23UUJ8w==@kvack.org X-Gm-Message-State: AOJu0Ywb5Lo4y9WujiB4eGVaZqVUE6eN2FuEmTjLFz8xjTf5h4h+VKOK ovey680m1eiue/6B4IqVrjys1SYDDjoidG7BNrRkPfyTjOsaa/zXA3rgCX9haVWG8OoNiCGVj3E 2DqE4jm9iUy4OqRGOQGwxJ0b5NFcaW4ELSQvX X-Google-Smtp-Source: AGHT+IEAt2IrkbblTQNkyZXC0RWfgxSh29niwd3tIzyAY29WE2gsH2WVKbyx9rF68YLbqQzkueve+zVzpa17rtuztDk= X-Received: by 2002:a92:cdac:0:b0:3a0:aa15:3491 with SMTP id e9e14a558f8ab-3a38ea193c3mr551555ab.23.1728340918675; Mon, 07 Oct 2024 15:41:58 -0700 (PDT) MIME-Version: 1.0 References: <20241007070623.23340-1-aha310510@gmail.com> In-Reply-To: <20241007070623.23340-1-aha310510@gmail.com> From: Chris Li Date: Mon, 7 Oct 2024 15:41:46 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] mm: swap: prevent possible data-race in __try_to_reclaim_swap To: Jeongjun Park Cc: akpm@linux-foundation.org, kasong@tencent.com, ryncsn@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, syzbot+fa43f1b63e3aa6f66329@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: ADEB040002 X-Stat-Signature: 13ythh9ytaiyzi5t836xe4d97f5bis9b X-Rspam-User: X-HE-Tag: 1728340920-531999 X-HE-Meta: U2FsdGVkX197E0A9lpdRdK+Zc0tz2VkM3bel1q/44KCIdyLxiZMy+CvqMBDNVvNJdJ7fnnIHHZEcWkIV3wUtXNSnjo7BJN0aKZSWu/I8VabZ6S0mIcHRkBTYnKJAksGsJsZTiMzFqDoWp2lBjD5vTZUCvZpIH8Leb4vrKTUJSh9P4YlKAM1clxd0UDFjJvuXrWxkXus3/DPlrXabKToiqwYF7xD966ftyIiJKxbTNajw6P7X0SVqddOCapyq9XR9Ee66nDOzqSiccLi5NXFTFSqat+mwtu3Uo8oaqWujbYRDitl9iNjxavMejA5ilS2BFUCss9Mo/IIK0JLR9c6wBs2kHULtheCGgUtSgE3IX5IJ8r+70CGGEsx4NxEvIH1vMXzehVHKMufv1PqYlLRJvPVEhs5C0Y04Fpz2ZszHFDlpG1o7t3lbA42QDLy1MVuCGjRoK+l+vWxBB2rZHlrlFe3S+6POcJWnrjTj0n8S7z3NK3OaZZ/OuKxx9tf3zZUw4X3gdqJwRJD2/EmQTt5prKGUIcrb1eWPleOqxEWySfWDe+tjdrQF4aOLoHz83ZWpK/2muN93C4NaS2apfCiYTbszjtcZQqtuwzvjU1sn5BACFje5Oy3nxuDPm+9nNDLSCvVH0c1INCN9a3xnEBXHd3S21qA/HENmJm1tLhl6iYqjZEMla9zpQKnrGqPAMMD/zIYAYxCEAc9V1Pfe3XzFuaQMN0Dmb9XU15MFjZ5mQFP5tOFIDu9Jh8Ixd5WY7WEg+Eo7xfhGlPGq6hPvhNMVIaWpb7W4c2yYyJdGjG3I1OUL39/DrO9sZSBjxamiqNkakEHZPRlh+JtdEJ6lFstX4Fax+1R1akV4MOvg4Xv6TnAUdEnJZF9LrHbMmIJhzQ5GTkV+SNy87cdjeshDT/kIC4IDN+fv2OGBdou26dmrH5F2Up4ZcDgLz0gm4Q4zBe8F6+ulHI/CAwzu3NkH7u1 iTiW+lED TmXikaXiz1/v5TM7Cci91XN1baapCDdx1nDLYVNqhSO1FlHqHQ04IIz8C97AnlohEvcUscKBkSA7JZoTuQ06KEndPzxx5gujXG8LOeekAFyeEoS2w8sfwEucskeAjtS3QLCsaBQekWqLXYa+yzOonWZiBRJwAPzokjPvOEWM6BfxBzp8C9gVrKGq6u5cVeEmQZ4zXdKrpZf+v2qKZIwfYAg3heD8acEWXdHf+mLS8uMidmEWhMNwW18y2vdaPD3+Umuo87H9EzSWHByyhFFrZwmShoYt8qTVWgdRaIyieWW7d45i8OgLNt4opNjhgqYP3xPyBe0Ew7D3M14SDtQLHChtJApe6HJfF7pfo/Tf/HkFR1qg0vWgd7iwbhQboclAPbxVKhg7zUd+DgwfX6fjapTCMy0m/FjPd+2wjXac8sanC7Kc2KbTzhekUAcxyWf6gwTajSnSOosk8vHOtPVfvgj1zIk1yQ+L5iETOfO5HjVpgx30Nob8M9XOu6jdIFNcGNa0RwG5ubYjlR0W/IBKjRaRqwg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Oct 7, 2024 at 12:06=E2=80=AFAM Jeongjun Park = wrote: > > A report [1] was uploaded from syzbot. > > In the previous commit 862590ac3708 ("mm: swap: allow cache reclaim to sk= ip > slot cache"), the __try_to_reclaim_swap() function reads offset and folio= ->entry > from folio without folio_lock protection. > > In the currently reported KCSAN log, it is assumed that the actual data-r= ace > will not occur because the calltrace that does WRITE already obtains the > folio_lock and then writes. > > However, the existing __try_to_reclaim_swap() function was already implem= ented > to perform reads under folio_lock protection [1], and there is a risk of = a > data-race occurring through a function other than the one shown in the KC= SAN > log. > > Therefore, I think it is appropriate to change read operations for > folio to be performed under folio_lock. > > [1] > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > BUG: KCSAN: data-race in __delete_from_swap_cache / __try_to_reclaim_swap > > write to 0xffffea0004c90328 of 8 bytes by task 5186 on cpu 0: > __delete_from_swap_cache+0x1f0/0x290 mm/swap_state.c:163 > delete_from_swap_cache+0x72/0xe0 mm/swap_state.c:243 > folio_free_swap+0x1d8/0x1f0 mm/swapfile.c:1850 > free_swap_cache mm/swap_state.c:293 [inline] > free_pages_and_swap_cache+0x1fc/0x410 mm/swap_state.c:325 > __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline] > tlb_batch_pages_flush mm/mmu_gather.c:149 [inline] > tlb_flush_mmu_free mm/mmu_gather.c:366 [inline] > tlb_flush_mmu+0x2cf/0x440 mm/mmu_gather.c:373 > zap_pte_range mm/memory.c:1700 [inline] > zap_pmd_range mm/memory.c:1739 [inline] > zap_pud_range mm/memory.c:1768 [inline] > zap_p4d_range mm/memory.c:1789 [inline] > unmap_page_range+0x1f3c/0x22d0 mm/memory.c:1810 > unmap_single_vma+0x142/0x1d0 mm/memory.c:1856 > unmap_vmas+0x18d/0x2b0 mm/memory.c:1900 > exit_mmap+0x18a/0x690 mm/mmap.c:1864 > __mmput+0x28/0x1b0 kernel/fork.c:1347 > mmput+0x4c/0x60 kernel/fork.c:1369 > exit_mm+0xe4/0x190 kernel/exit.c:571 > do_exit+0x55e/0x17f0 kernel/exit.c:926 > do_group_exit+0x102/0x150 kernel/exit.c:1088 > get_signal+0xf2a/0x1070 kernel/signal.c:2917 > arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337 > exit_to_user_mode_loop kernel/entry/common.c:111 [inline] > exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] > __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] > syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218 > do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > read to 0xffffea0004c90328 of 8 bytes by task 5189 on cpu 1: > __try_to_reclaim_swap+0x9d/0x510 mm/swapfile.c:198 > free_swap_and_cache_nr+0x45d/0x8a0 mm/swapfile.c:1915 > zap_pte_range mm/memory.c:1656 [inline] > zap_pmd_range mm/memory.c:1739 [inline] > zap_pud_range mm/memory.c:1768 [inline] > zap_p4d_range mm/memory.c:1789 [inline] > unmap_page_range+0xcf8/0x22d0 mm/memory.c:1810 > unmap_single_vma+0x142/0x1d0 mm/memory.c:1856 > unmap_vmas+0x18d/0x2b0 mm/memory.c:1900 > exit_mmap+0x18a/0x690 mm/mmap.c:1864 > __mmput+0x28/0x1b0 kernel/fork.c:1347 > mmput+0x4c/0x60 kernel/fork.c:1369 > exit_mm+0xe4/0x190 kernel/exit.c:571 > do_exit+0x55e/0x17f0 kernel/exit.c:926 > __do_sys_exit kernel/exit.c:1055 [inline] > __se_sys_exit kernel/exit.c:1053 [inline] > __x64_sys_exit+0x1f/0x20 kernel/exit.c:1053 > x64_sys_call+0x2d46/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:= 61 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > value changed: 0x0000000000000242 -> 0x0000000000000000 > > Reported-by: syzbot+fa43f1b63e3aa6f66329@syzkaller.appspotmail.com > Fixes: 862590ac3708 ("mm: swap: allow cache reclaim to skip slot cache") > Signed-off-by: Jeongjun Park > --- > mm/swapfile.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/mm/swapfile.c b/mm/swapfile.c > index 0cded32414a1..eb782fcd5627 100644 > --- a/mm/swapfile.c > +++ b/mm/swapfile.c > @@ -194,9 +194,6 @@ static int __try_to_reclaim_swap(struct swap_info_str= uct *si, > if (IS_ERR(folio)) > return 0; > > - /* offset could point to the middle of a large folio */ > - entry =3D folio->swap; > - offset =3D swp_offset(entry); > nr_pages =3D folio_nr_pages(folio); > ret =3D -nr_pages; > > @@ -210,6 +207,10 @@ static int __try_to_reclaim_swap(struct swap_info_st= ruct *si, > if (!folio_trylock(folio)) > goto out; > > + /* offset could point to the middle of a large folio */ > + entry =3D folio->swap; > + offset =3D swp_offset(entry); > + Looks good to me, we do need to get the folio->swap after the folio is lock= ed. Acked-by: Chris Li Chris > need_reclaim =3D ((flags & TTRS_ANYWAY) || > ((flags & TTRS_UNMAPPED) && !folio_mapped(folio))= || > ((flags & TTRS_FULL) && mem_cgroup_swap_full(foli= o))); > -- >