From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A04D8C02192 for ; Wed, 5 Feb 2025 15:53:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 08CC6280018; Wed, 5 Feb 2025 10:53:03 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 03B4F280013; Wed, 5 Feb 2025 10:53:02 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DFBF9280018; Wed, 5 Feb 2025 10:53:02 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id BF469280013 for ; Wed, 5 Feb 2025 10:53:02 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 896681202E1 for ; Wed, 5 Feb 2025 15:53:02 +0000 (UTC) X-FDA: 83086334604.01.CA7E9B8 Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) by imf07.hostedemail.com (Postfix) with ESMTP id A379E4000C for ; Wed, 5 Feb 2025 15:53:00 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=HVarOXQa; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf07.hostedemail.com: domain of jannh@google.com designates 209.85.208.52 as permitted sender) smtp.mailfrom=jannh@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738770780; a=rsa-sha256; cv=none; b=dEVoMTH03MvqTxe8M60sSgpF8yYMFchEXQsDjjDhiReZ5Dir9/he7P/BnDmyeadCBoerCT pIyKql5UfIxT7tpuuNt7+QyN5wF24ZFkjFWd7ttgHiIjLkGJejaESH+eDDld09Eu9I+a1F 4ZOaYLrqQbfKvdqev6A6G9IF/Gzs45Q= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=HVarOXQa; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf07.hostedemail.com: domain of jannh@google.com designates 209.85.208.52 as permitted sender) smtp.mailfrom=jannh@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738770780; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7ni37c9VCydBbsTue8mMCRqONQFErlkn5c5FwbYtM/w=; b=DGg84WX6quzhrmBVFhJSnZ4tiDqBWcDtwaRgXs+coXOlpoagk59vzaaCkf4KEaxncgp9rr 4EWmjHmCp4zHOYGt5j5M/7L1QEvjTAwGRWSs0oYYSd3TedlfyrjwykOf3/vvBLL3BBdKDk HC1i0Zw2EidN5nvFzCI56RI5sLzQWsQ= Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-5dcd33d9d9dso14921a12.0 for ; Wed, 05 Feb 2025 07:53:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738770779; x=1739375579; darn=kvack.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=7ni37c9VCydBbsTue8mMCRqONQFErlkn5c5FwbYtM/w=; b=HVarOXQa840pp9aMov5dCTf3z70j/RCe1KzKIyPsQrI4m8xySTk4kfQjcMSQ49cCsr XGbSlsnY4nFKyeRWkX/d8zjC0qjbSuP9FwuX7tQdzLMu572KFBhsADpRUYB65E2Fa0P2 1xwEvpl1ExsFx7VSFQq1dSGGOwBInER4hVyF+Ph48ndIJt2gL8mb2ZwJITByVFT8/gp3 Ah90EjUfJQv40LNmOD70H0sOcpRkPZTijtP7yvvmVXiNDyJr3lrQ3Y3lYN4xrv7lkFwV cymhgwNa/7Wg2u5qk1Vpj/7k6cHu3P08Td+7zXsGuSG6HrdireUFVL66X20Rny/Kk3nt uNfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738770779; x=1739375579; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7ni37c9VCydBbsTue8mMCRqONQFErlkn5c5FwbYtM/w=; b=Sr3dz6DTPmxBcbkhEzjJ7UI3/VrnPzpMEuTRWXQMSHN9EPqZ/WsnIrtsRlO4PaIV1g unExZ4iC6d5/mi2GAv4WWchXFhq8dq+GpB+M6eiGUx59d0G3/PUWTI/PWrIbDXYjQbeY bsAwzCtRwoGO2z2/za14PqoPM5wmfMZXmNAZDvM016dZN1lEpuMeKvNBJogOMEAJoUWX 7g5Tuh5hvOTppGkOP6I91jD/wek2hFzo21BUljSGjoY8BS1gl6ocHgxlzsyGbRlDDQCo mSmqf69P4jD5bLkiIbAlIrp0KV10tPLWcEsd9Yqzb8hAlC8okFRrgTVsEDn35RhNIjL6 FMxg== X-Forwarded-Encrypted: i=1; AJvYcCWNASs2KjBzdDuhEt1hxssL0sVEviTqV0m29e9XEd1khZC/r2c0FcNTrSsa43C1xDOfYhXC2dzEKQ==@kvack.org X-Gm-Message-State: AOJu0YxFm+V5LYDVPuLeo+v3W+wi2gPcdBH2qBcEGAiEWDFMRCoX+JZS g+JlTnkFreW5lR1U31RBlXn/lgUYVB3+RIaD632eUKrk8eHMh4qGPsZtzTgJqmS8lRLo8Lx/JML eV0Z3RInkzCP807tFB9r6lTzScjG6SG9Wd5Fr X-Gm-Gg: ASbGncu578584ZHYwIPLfcTtBG8cRb2yZv2ApDGxZJ72EE3+VOu4fb99aM2ig6wQ04z n2cj6aCRWnYjVHlMJYbOAZV5WaFyc0KY0qxLg+NBJev0mkh+pnbcKPZbOt08UGrzAtIxpvfs9le 9NsgxExZ9e592SeZLnsXWrOsTZLw== X-Google-Smtp-Source: AGHT+IEVgAszXrJgSxs63CF50aVj+v7j5eqevOroqtjRssM/r5fJ/hHv7UX9sW+SGFs/o4p76YssjQ0RSjGlXuOMK5o= X-Received: by 2002:aa7:ccd9:0:b0:5dc:d9b1:ebdf with SMTP id 4fb4d7f45d1cf-5dcd9b1ed7amr142837a12.2.1738770778850; Wed, 05 Feb 2025 07:52:58 -0800 (PST) MIME-Version: 1.0 References: <67a34e60.050a0220.50516.0040.GAE@google.com> In-Reply-To: From: Jann Horn Date: Wed, 5 Feb 2025 16:52:22 +0100 X-Gm-Features: AWEUYZkf6Fw2ZkJcQNQk5DoH6vHa4QrRPSFrSdeb8aY2JcB1AG1nqNni6EoJxII Message-ID: Subject: Re: [syzbot] [mm?] KCSAN: data-race in mprotect_fixup / try_to_migrate_one To: "Liam R. Howlett" , Jann Horn , syzbot , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: A379E4000C X-Rspamd-Server: rspam10 X-Stat-Signature: 5inoghwuszy8b7h3jtoo6zt43w3snon4 X-HE-Tag: 1738770780-765040 X-HE-Meta: U2FsdGVkX19D0QRkLGw1hDHbtvjRhWfEtwxcLAiBGvgML22p9ZSEIZ38XHXKGsNcBWepeAGJ5rNOLiFzobKIuMnx3X2KFe+OB0SfQN8raPjiyY4i9Ki9BWQ+276ryIyxBWvOlLIKZTYbWouMbdRu20CoIEnIj75Zh0QNxrxxglgFnRJK2G5YYM8wNqd3Q2Hk4Bt+7Vvp99RmlgPKGsAzyrMSl+7esi0jA6a88h/yMx23SBfmd1ys55EKpl4z4ISKN+rGQJRClox+ZFrrqEItlEWZDy+apE69Sa0JYaGz3iURAJd6BE2ql0GA7WI4vlCYBVn9w6b/4wy/NTeGCOdTFwCWAp80GUh4mANKDqGvQaMaDgv3ADGlSJoeJ+2EdSqIxzo3bm6O726C+vFskcVG3BKTc457os/S9/N+Xa9TGfq3VKDHwVARh+xIl7gbdaPTWhSyfDsksHSx9HI3uJZZLE53h2Q3OngBFI3j3/Dr9AAaQQsYflRWKQGV6G5Z8rvQoxAZIosl02X7wLtF+n0FpXbQZX5lklQV3Gd78oWhWN8qyVJP+YJYTIpDkRg7Kjm1zS1z2B29JG47N5oytU6Kp322JB47qATm3/++Lf1CayX76XczrmW21fuVU+wZ4nDdSofVWkF6/d3VLAyVzgxw/clEY5Ta+LGM8gt4fm23/fNWd3ouQ50CIVh746vDSMb5UK/6WUEufyOcOSBJ0bWf6mREcwXUONh3uqPyJD1rg9Jw3ETUQXXA3qYGxdC/a68QH9wtuweKL7O2bQpl3AwM1Hj71w+XuUIgXPgowoHGi+Pw/uoGRRQNVh6VpZlS+VgUvaDhCHhz3BIyRMvrg26+TNjQ8lVGcLwlfApH80ZmFyw+cKOf+SIQDM3C9hGtieg1fS7PTfnr8hKsaeKTRCsNWyhCB2IzXfHXnn/mXTF0slF/xP2QJQwKGK69ATKjLaqYx7JFFGL2vZs8jmCVKXF Q6800XLA jemzjWR7R/ZJxTr8tcwtJQmMnB07vHDp13iiQDuYaWsMhtRw4q7FtLAvSrepgZtr8L1CAq2eaqKFEMFPr2IFTrhKVujDPJG6iGl6XjrDP6e/8BoGwDRttjGb9iFg5Oo0FKEfoWCTVIxb4TmsSngYD9IFZRnhKf+n2fxW/QOnH3qSQRLg2AQNAaqhIDrSQTMMBL/2QWYrSr9aCaM/Pyqc2EnhWTEC0ff2J1whI1rPc2Q9N0HvIfRavhRMkrezNdl/0mrGR7XPULj/RqgmnALax6N8o88jkUh0mtdP2brEWXPpBsx+OoyuW7SjyQGDWlVTwN/Oe85wZ5RJy0ebuTxgWGIdzmHgX/oh22LJxw1KUQajMV0BRW5JNVcRXP1moNECa0AQAXz0ezJqxWgjeXaoI2bxbEtcyxZPaizVzZxlxlgnfog5ZaDHKTeSNZBvtubVIScGdO2dOqL8SY7MEOxLHI1OI/gSnKtgjkjaa X-Bogosity: Ham, tests=bogofilter, spamicity=0.388471, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Feb 5, 2025 at 4:47=E2=80=AFPM Liam R. Howlett wrote: > * Jann Horn [250205 10:00]: > > The comments in the VMA flags code incorrectly assume that no > > concurrency is possible here; and I think the comment in > > mprotect_fixup() about protection by the mmap_lock has also been kinda > > wrong since the beginning of git history. > > > > The VM_LOCKED check in the migration code was added by Hugh in commit > > b74355078b655, but that's just one example syzbot stumbled over; we > > have similar racy vm_flags reads through the rmap on other paths like: > > > > unmap_mapping_range_tree -> unmap_mapping_range_vma -> > > zap_page_range_single -> unmap_single_vma -> unmap_page_range -> ... > > -> zap_pte_range -> zap_present_ptes -> vm_normal_page > > I think we need a list of vm_area_struct parts that are OK to access > without the read/write/vma lock. It seems flags is not one of those as > it could be racy. We do have this big table in these nice docs that Lorenzo spent quite some effort on: https://kernel.org/doc/html/latest/mm/process_addrs.html#vma-fields Though that does not currently call out this possible concurrency of vm_fla= gs.