From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AAA70C3ABCC
	for <linux-mm@archiver.kernel.org>; Tue, 13 May 2025 16:43:22 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 98FE78D0002; Tue, 13 May 2025 12:43:19 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 915B98D0001; Tue, 13 May 2025 12:43:19 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 791558D0002; Tue, 13 May 2025 12:43:19 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 557008D0001
	for <linux-mm@kvack.org>; Tue, 13 May 2025 12:43:19 -0400 (EDT)
Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 82C80BEBA2
	for <linux-mm@kvack.org>; Tue, 13 May 2025 16:43:21 +0000 (UTC)
X-FDA: 83438455002.09.E9197BA
Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47])
	by imf07.hostedemail.com (Postfix) with ESMTP id 9877F40005
	for <linux-mm@kvack.org>; Tue, 13 May 2025 16:43:19 +0000 (UTC)
Authentication-Results: imf07.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=YzKMPDtl;
	spf=pass (imf07.hostedemail.com: domain of jannh@google.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=jannh@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1747154599;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=heTvZeZKBDMFCc+tl4VLXOpKgOKmSz4ZD8f3fu37cZM=;
	b=SzstvfA2/oIU3VLE+ogTLKmJBT5a0Eaj9NbMGVqIVhu3/mw7kDU2mvRBytH+WF4kBte02S
	uAS03K2FlSdeN1lI5+gijz9cmrZfmcQuc8V84dvNr4xdauhF8HuZvLyetQBQNQGjx0+wkp
	Aa/BtxueFDIjyVk5BD9zqLuStrUrpbo=
ARC-Authentication-Results: i=1;
	imf07.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=YzKMPDtl;
	spf=pass (imf07.hostedemail.com: domain of jannh@google.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=jannh@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747154599; a=rsa-sha256;
	cv=none;
	b=emtnRrP7kO5dPN5ncBo5SnDja+/mKpOv6jGvPNltBYfJenqR4v7vSaM/xfe9yQo3HXGkh/
	+EkOHYe+Wiq9RC7r3EJECPSdUSP3TtJWS4WeZTExOycOfIgJYuEcrvAzne1d8zE9VJAH01
	QPpdkIIkCNv84U1pH8vFw08iovbu6Eg=
Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-5fab85c582fso202a12.0
        for <linux-mm@kvack.org>; Tue, 13 May 2025 09:43:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1747154598; x=1747759398; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=heTvZeZKBDMFCc+tl4VLXOpKgOKmSz4ZD8f3fu37cZM=;
        b=YzKMPDtlot63MebDJThwCwYC8GskrmmzpZ1HeNnucfX72cDsuUuDfxB41OTgLQWrMc
         5pEN9sfqbp4/yjjZ7rQAlXgYg+0aHuvHeznqaag5RyRrXZP5hpEozB0fZAdFOl1/A8iT
         azPwLBeDkr1xCQRRAlBvhp4nvsCPEGdaFnAwjrkQVjynQ7sV1GCQB9S/SmqghVRa/u7N
         1HgF/u3a1aebF77vh1JZlljQk+FfYRd1wJ/o/fwwnEEhpbq4RBwidaV7JoJFQYEsdchT
         IF5SWAAXdaFlRcrctUWYrVjgQbXZB5yiBrbvqaj1phlkJURCxKreGxF0hEKVDfK7J8wv
         +smw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747154598; x=1747759398;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=heTvZeZKBDMFCc+tl4VLXOpKgOKmSz4ZD8f3fu37cZM=;
        b=AG+rfLMoTCZbfe9YgUflaGQqlLT9BaQ/4kWmFBciwh23kAnEH9qHsizUtl/afBM3uQ
         4XUunmZbgFIsyq8UI1rO1GeooAkQG46HHjRiF/Juf+HLvMIAZ6TDzrteyN1DbZDrXtZx
         GcFqTRAYW49LArhUAVeQDHayZBWHC4ONWOkVH7BQOMXejTyuSPSIK2QZmaxnEARP9VSr
         wjZ0fG9MsEMEskD8CFNWmF/hWEhxy0nfKd1x1Ga9inq2VmecDFmMYJTM5tK9PeCwhVOT
         kUgFrGnXelrCNtvkc6dQAEG9xoSKe/a+FkSlOREwemmieAK3YXdu6Ivvuv/0WczDswYy
         AuOw==
X-Forwarded-Encrypted: i=1; AJvYcCXfojMk/gC1RSUlfrjHL0GBTNbqvoMzAcJNBopyE49xarRvpz/E1qDXFbZbALwZl3eWt0cBOYBF6Q==@kvack.org
X-Gm-Message-State: AOJu0YxwopxRQChXGzOUyaKhEW2aTofqVZIK9/kjPzstC47Wl/qlvr5b
	6T5kOqemNnI68oCAYTe3gPND2BSAXZ4OpgQk3p7H8XoVno+ZeAfTyoWDEmfin8Q3dsjfTJibjSj
	qAWtvBTP/xv3SvQcBKpuAIT7GsfDocaLCFFFha5LW
X-Gm-Gg: ASbGncs1EpFgDQEXGtJHiItSeIszfFoL5pVWA2MaAk4MspbFzEUkab55uJVOrT1nCiI
	txbhjqd86pqroNpjM+eeFnar15v8MN+ZwA1YEHLThvIyT/KmGvx0HAGSrXlaXllgAugGF6YrIEp
	YC65COfuHWDw9p9VThhOeEUEjBdktVofX6+5rwUdNmkxuyMVdVlBJ1Ini1YDI9
X-Google-Smtp-Source: AGHT+IFeEf+wYDiQSLYXA8vSEx5H+GjNIVfh7GSbHCZEImJ0hwAtol1+2PH0Y5WNR8LdkXYys4dD0Jo0Elwhr8KUVVA=
X-Received: by 2002:a05:6402:b2e:b0:5fd:2041:88f7 with SMTP id
 4fb4d7f45d1cf-5ff2a33cf76mr130110a12.2.1747154597587; Tue, 13 May 2025
 09:43:17 -0700 (PDT)
MIME-Version: 1.0
References: <6819bfbb.050a0220.a19a9.0007.GAE@google.com> <CAG48ez2pOt_Zf28CnLbVCzo1uBhWfqUjgh4fzDaQo+qceM6kSQ@mail.gmail.com>
 <CAG48ez1BGFn7jw+FYZJxRyyjnR+rrqx1AtNQoR_Jup3tZ-dADQ@mail.gmail.com> <CANpmjNP7Ktjq3gUGKqQKgn1tbNZLj2ALRNvF-ZcERZ42KRD6Aw@mail.gmail.com>
In-Reply-To: <CANpmjNP7Ktjq3gUGKqQKgn1tbNZLj2ALRNvF-ZcERZ42KRD6Aw@mail.gmail.com>
From: Jann Horn <jannh@google.com>
Date: Tue, 13 May 2025 18:42:41 +0200
X-Gm-Features: AX0GCFtCpxRj54oeo16LCjjTC2SyZKIbrjHlloWMXBSOgMNNMebHrFeou52UKTI
Message-ID: <CAG48ez2_u9F5YX9TNyLACyzyGq=sK8YTH+nOdPe4f4DZumLYNg@mail.gmail.com>
Subject: Re: [syzbot] [mm?] KCSAN: data-race in copy_page_from_iter_atomic / pagecache_isize_extended
To: Marco Elver <elver@google.com>
Cc: syzkaller <syzkaller@googlegroups.com>, 
	syzbot <syzbot+189d4742d07e937d68ea@syzkaller.appspotmail.com>, 
	akpm@linux-foundation.org, baolin.wang@linux.alibaba.com, hughd@google.com, 
	linux-kernel@vger.kernel.org, linux-mm@kvack.org, 
	syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Stat-Signature: aq1g3c7xrdr3d1wfpnwj1dzfroejsmdm
X-Rspam-User: 
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 9877F40005
X-HE-Tag: 1747154599-444906
X-HE-Meta: U2FsdGVkX19h3Y0P59TGKgMQirdJJHHX++AWR0aLtbNKkZRMk9Y4EEM2FiWEgZdP1eqd5lixxQJNi+z2qKijvdBMh6vX5PRdcvGQoaXn5j3mg97g/ZWzBIQp5B48bOiQP5PHbDA4H/m3ENAdUw87P0UJeu87GigKk3y9urnS9P8/XgP+/LmoaT1yKhxBv19pOdUMsTaS4df311p3Zm/uVQkLIyS7zKoSUM00/AnCwfT2ODQxmzT7F93+JBitnYcAIt0uaaxN/YMGMST0sqFOm2OvTfr0YcliQLSz1qMwq10P0Qwan6Q6wmuRQyO5l96b1sftPMKooHTy03BdhVBHN2gdom/rZrshs0JyZNEP00KtPXs/85OgbVGBs8t972+nJjUzfd2Pfzb2obK9U86Y34H83IvLvAkibqtWaJT0Upvv14hipECzUy8IR6ZuNyBh18w/CHBy2FTY0ITfC9kz5Ok5GFf1G1kU5NWL5o5V6ge1p//l55BzCjTS90vcDTsgSazkCgqZZbAyhL3buGlLc9NZi6KWIX19aKfSBRl3qO0Clx9pf5teYujiPtyeS3ejh6KQ9kZPkJCq+HK6ObDUSK5xdM/QyRi2U0MC4vOw0176wkWUoHsoRkT0GMSNQpETcyAt1Rrqosp9spSjU4YxJbyo0ajxriLppYXprIOxdil+3Uj0tpuwwjljFUiB70dNcXnAR0dNubtt3DssRJDAX/TpfrhPXEL9DZkSShI9A0HWJTzB5GZ2x3dcQ3OomYmJNwTUshKvj6v+AWto8hlv53dDB0W7PRhggKocFvCeMLLQozRR8GjA632az9JyGwMVae5PaIu2Z0OdXdNd+xoPmf+b7hibnu2YsiQ9L7NNpYeBbmGfhU4tF13DuqRsa7hqd7n6P772DA84vEE8WjLbOq2rp4Hx9Ln5Dcmnx5ZMsrjbYomyRwYzBj5yHPf1br7FmDy0GPOdxESLgTCF4Em
 IWFjxx3l
 wUkIMcZF/AHGpusSSu/veUysNvPj+yB8O5zD0MQopQD/Oxx+mKboPyWlsNgCCdr0Etrvs6UdqXxZZOQBb3oyAiZoYO+3gY2Z1WvcHMx4iVeXJ39EHkwBNmYvO4Xv2UVnG+mC8LNUTa3NKWhvktXVUgMhyYjBlk0CgMqrY7HgrttgSH/GoPHt0g0wknMV2vZ0NcMELULSZUiI1/+yXlCSz1P+0DCGxCqFOOAyaKeMKlvQoaliC9RiLWFm72Po6hsB4Ohw+Ef1b4iZlzKsZT7lsr28AbGO+Db9EdA/3K6Ebwd5bqzINU4GtID+ffUqRwG0OxwTQ2/rKobGGcLpkWswmk9lLCLaBhWranhNdgj9JOKafvg9tb8JubChe6Ypn6Yiy/zvAyjMRQSV5P59KVNp0XMunp/ygFhC8KSNxEkhcJolHGl2daKgEeMiyDgFJiYqUuNRfkGX/ku54PcT/Y5y6vExjcG1tQsACmByIUbvRXqHZ5hpJME9Hi0Jin6IywHVP4TMr3DNsx3dPFhJVedlu/ho4ivphIQnPMxXFIqPVXOU0v8bCQ6Rt+XtrGIKj/u8qdzZXRKwajUqCrgZVE342J64gCzpgxZWVc0mE9PYrXlM36jFl+VDhgXpIFS2hLyygEod0Fh2Fi20dZG8J1fcmlbNyayUjS46kLmNFRl4ZhrmNtobTOgvmhR5n44jmS0+fcoAX
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Mon, May 12, 2025 at 10:52=E2=80=AFPM Marco Elver <elver@google.com> wro=
te:
> On Mon, 12 May 2025 at 20:33, 'Jann Horn' via syzkaller-bugs
> <syzkaller-bugs@googlegroups.com> wrote:
> >
> > On Mon, May 12, 2025 at 7:44=E2=80=AFPM Jann Horn <jannh@google.com> wr=
ote:
> > > On Tue, May 6, 2025 at 9:52=E2=80=AFAM syzbot
> > > <syzbot+189d4742d07e937d68ea@syzkaller.appspotmail.com> wrote:
> > > > HEAD commit:    01f95500a162 Merge tag 'uml-for-linux-6.15-rc6' of =
git://g..
> > > > git tree:       upstream
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D17abbb6=
8580000
> > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=3D6154604=
431d9aaf9
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3D189d4742d=
07e937d68ea
> > > > compiler:       Debian clang version 20.1.2 (++20250402124445+58df0=
ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
> > > [...]
> > > > IMPORTANT: if you fix the issue, please add the following tag to th=
e commit:
> > > > Reported-by: syzbot+189d4742d07e937d68ea@syzkaller.appspotmail.com
> > > >
> > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > > > BUG: KCSAN: data-race in copy_page_from_iter_atomic / pagecache_isi=
ze_extended
> > >
> > > I think this is a problem with the KCSAN implementation.
> > >
> > > This is a race between writing to a userspace-owned page and reading
> > > from a userspace-owned page.
> > >
> > > This kind of pattern should be fairly trivial to trigger: If userspac=
e
> > > tells the kernel to read from a GUP'd page or pagecache on one thread=
,
> > > and simultaneously tells the kernel to write to the same page on
> > > another thread, we'll get a data race. This is not really a kernel
> > > data race; it is more like a userspace race whose memory accesses
> > > happen to go through the kernel.
> > >
> > > So I think the fix would be for KCSAN to ignore anything in such
> > > pages. The hard part is, I'm not sure how to tell what kind of page
> > > we're dealing with from the kernel, some MM people might know...
> >
> > Or alternatively, if we really do want data_race() operations around
> > any memset() or memcpy() on userspace-controlled pages, I guess we'd
> > have to pepper a lot of those around the kernel.
> >
> > Also, I didn't really think about some of what I wrote here - we
> > certainly wouldn't want to ignore unannotated accesses to some struct
> > located in pagecache that userspace can concurrently write to.
> >
> > Maybe it would actually make sense to do the opposite of what I said
> > to some extent, special-case userspace-mapped pages such that KCSAN
> > _always_ alerts on plain access to them...
> >
> > > distinguishing normal pagecache/anon pages from other pages might be
> > > doable, but I guess it probably gets hard when thinking about
> > > driver-allocated pages that were mapped into userspace vs
> > > driver-allocated pages that are used internally in the driver...
>
> There have been cases where user space was doing something unsafe, and
> KCSAN caught it. While technically it's user space's bug to keep,
> KCSAN is still telling us something's wrong here.
>
> In the past we'd just ignore these bugs (never release them from
> syzbot), but I think we recently changed the rules for some of these
> to be sent to the mailing list. They can safely be ignored if deemed
> "user space is doing something stupid".
>
> I do think we want to surface such issues in one-off testing
> scenarios. However, in the fuzzing/CI context it's not so helpful, so
> we might need a way to suppress them. If there's a way to tell by
> looking at the stacktrace, we could teach syzbot to ignore such data
> races entirely.

Hmm. I think it probably requires a kernel config flag then, I don't
think you can easily filter by stacktrace. In fuzzing builds you could
maybe do some basic checks on the folio to see if it's pagecache, an
anon folio, or a folio mapped into userspace... that would filter out
_most_ but not all cases.