From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56F27C47258 for ; Wed, 17 Jan 2024 20:08:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DC3DB6B0089; Wed, 17 Jan 2024 15:08:57 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D72C06B008C; Wed, 17 Jan 2024 15:08:57 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C3A836B0092; Wed, 17 Jan 2024 15:08:57 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id B538D6B0089 for ; Wed, 17 Jan 2024 15:08:57 -0500 (EST) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 8BC5EA0229 for ; Wed, 17 Jan 2024 20:08:57 +0000 (UTC) X-FDA: 81689891514.30.02C2F1B Received: from mx0a-00364e01.pphosted.com (mx0a-00364e01.pphosted.com [148.163.135.74]) by imf20.hostedemail.com (Postfix) with ESMTP id 737651C001A for ; Wed, 17 Jan 2024 20:08:55 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b="QgC0I5/d"; spf=pass (imf20.hostedemail.com: domain of gr2547@columbia.edu designates 148.163.135.74 as permitted sender) smtp.mailfrom=gr2547@columbia.edu; dmarc=pass (policy=none) header.from=columbia.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705522135; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=lcYhwFF5EvoQXBEXPoR0fblqi9AX0FfQN8cMMY2Y0W8=; b=0ET/V/zbJwgMtM8YoPAZTr+MEihf/AS+8nZUfmet0qY+i5eX6xYwRIo8xoP4sgJJduW7kp BBUgz3dUQh+9JaNudblOGn4Saa6Aj4tA5zGQjj29tL4vpTcuRMsdgjnx5h5Zoq0zBaehA9 /Qcw3T4JlEx4FRGIP7qgchoI8HkQ1qg= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=columbia.edu header.s=pps01 header.b="QgC0I5/d"; spf=pass (imf20.hostedemail.com: domain of gr2547@columbia.edu designates 148.163.135.74 as permitted sender) smtp.mailfrom=gr2547@columbia.edu; dmarc=pass (policy=none) header.from=columbia.edu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705522135; a=rsa-sha256; cv=none; b=gg8XUOVyXZcQPriK2Qty6dFJ7k9/ojxY87d1A0ebUB0Gpz8Zf5luOZNMeisobOIyCxP8Ic e4ZGEOrio0CAKuu6SevAOb4y4fvpFZEUuOGeRB5LL/RvrrsnaxL0u4CzYu1BzhKC66Dwl0 d/OaP1Klc2EGuaBSyLHr8Qx3yMB0tc8= Received: from pps.filterd (m0167072.ppops.net [127.0.0.1]) by mx0a-00364e01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 40HK0Ys5029369 for ; Wed, 17 Jan 2024 15:08:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h=mime-version : from : date : message-id : subject : to : content-type; s=pps01; bh=lcYhwFF5EvoQXBEXPoR0fblqi9AX0FfQN8cMMY2Y0W8=; b=QgC0I5/dA5sOkz31cpIVZIGUUiEQ/5dEoax4FflmB0Yoob2QMqLZDxPIpdoaGBdLcTLD ka2WES0fNUSSC8AX3O2wN2j/HcdBez9Lgz0ISDf/j0XFALvR39ethAmOBdp1HvMP0YC/ 3wpUAr9J6e+sByp2pdNk079HpHE87KwGHK5Xo38lXQoKcR6OglDePYod33DAbJCgoDe7 Qsk4MiUiJHwCg7Dm+ZU2LZJv5WsyotH1h+Lkxcb3HlC/K+6hmP+cGSkTK1LYk0Mn8sXm M85+SNG3JSwTIuPaDP3+6+xNtsyrgovbEeecKXfEAt0F4mVFPygPjA09fb8erizgPfa3 uQ== Received: from mail-oa1-f72.google.com (mail-oa1-f72.google.com [209.85.160.72]) by mx0a-00364e01.pphosted.com (PPS) with ESMTPS id 3vkqk1tcec-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 17 Jan 2024 15:08:54 -0500 Received: by mail-oa1-f72.google.com with SMTP id 586e51a60fabf-204047a3789so16052294fac.3 for ; Wed, 17 Jan 2024 12:08:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705522133; x=1706126933; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=lcYhwFF5EvoQXBEXPoR0fblqi9AX0FfQN8cMMY2Y0W8=; b=PacQeDVzutcx4ICdUrbDXzgL/e+24XQVrYVoSsLa6Jhpi68HrRJWpAzsNkSwY8wI0B YQZoMOjaRwZIPE2VIdsxsnHjkSuxzSOonG7Bd99bvy2Zl5sZo8BBJfdQ3f+OtruE5enW aSSs8rQtVYCDAoR3zg7CN8HRscPJAO8kzrrkicxLTr/1QfVMgfsh+I2cZvgqF4G6YfSn SratUR2WFbOg2na4IO21ryhLFDD7bm7x6RgpZ0+Qkw66ia1wOsXM30b1fk33t44ea4SV 0t+p9PEhGzZYar7/AcDf+8pfcwKVkrgBXc8OYiH1oNo2md6KZuiXxIjsAN+HIx36CdU1 pJ+Q== X-Gm-Message-State: AOJu0YwYwMabYGkt/k0GCoZvC3cLl7HaoTCzStKQXtwyob3rzLL1PZHJ cbn/ZhZJuAEZG7po5vJQOolwB5lNqAoGmQhrM+F35wV/9ZlKPsBYHdwIUAxEMdwFW4FjRAcYWrU SFOVF1fZOzIjw+/fGAi1EM7BrV2ErjxM= X-Received: by 2002:a05:6870:d8ca:b0:210:b1ce:5546 with SMTP id of10-20020a056870d8ca00b00210b1ce5546mr565413oac.32.1705522133173; Wed, 17 Jan 2024 12:08:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IGuUTZOr/+bF2e3qagDw4tzRa0jwLepywSobVGMEXiXOe7gjyQRe16dwTtNzVMDeOQTdAU3JVBczQqns3pFVzk= X-Received: by 2002:a05:6870:d8ca:b0:210:b1ce:5546 with SMTP id of10-20020a056870d8ca00b00210b1ce5546mr565405oac.32.1705522133000; Wed, 17 Jan 2024 12:08:53 -0800 (PST) MIME-Version: 1.0 From: Gabriel Ryan Date: Wed, 17 Jan 2024 15:08:47 -0500 Message-ID: Subject: Race in mm/readahead.c:140 file_ra_state_init / block/ioctl.c:497 blkdev_common_ioctl To: Matthew Wilcox , Andrew Morton , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" X-Proofpoint-GUID: t4kutdwOPS-hcbnXPHWQ81nz8W8atWjT X-Proofpoint-ORIG-GUID: t4kutdwOPS-hcbnXPHWQ81nz8W8atWjT X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-17_12,2024-01-17_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 lowpriorityscore=10 mlxscore=0 malwarescore=0 clxscore=1011 priorityscore=1501 impostorscore=10 mlxlogscore=700 adultscore=0 phishscore=0 suspectscore=0 bulkscore=10 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2401170146 X-Rspamd-Queue-Id: 737651C001A X-Rspam-User: X-Stat-Signature: 5nhu8y4p4rkaz5q16sjhcs4p3oiwzgkp X-Rspamd-Server: rspam01 X-HE-Tag: 1705522135-572120 X-HE-Meta: U2FsdGVkX1+tqOwvgQny6pduntQLWkKoVFO2yHC8oJh80YQ+T9Yn+NJsL6xAqIIWcJPn26na+sbsdHbD1h/iPrTf+K18wXwk076VIXmcqhMhxUMy61GeFpMz1F3CEOHp9tK64Q4Hy7jkH6EG5ukkeqxzCPY/8f+rO6sUdEEruxsyQwGEdIYOFjgb9xVq/OGwMz+tJyzoOsWsIVZH+aeSC7bYaQUXJezM9reKFADsYE0j9r2uydnMLSyDayl/6Btc6EhG8TUnu4axMq4o/XjgQYXB5n5OSDQG4IbaYGmBIklEiVjXRIOUGwrZC2tQW9qhAiZoIJaCXW3OZB17LvHfcVdwXTLCQy6akI3WxZrQvsGdBUZ9Wk57IhaKT1tclrPK0B3MSvaZnusQcwqj/6p2Q5DAnrGCaMM9jTNEKbaOvyEdR3zNYC8s/Kz3Dru9Xa+KUXSv9x0js7+YX1AnIs43j1S0A63kxeh/O1Iy8eR9GWSHxi8Ka/Wx5zj9ZeaoYBgWGJ3MX/hwZWXlrbRYH0s4YHTfuudYq3+SfujhMU783YxfdO3df9nsuxPbf1xP/ZoAwnB/waF+2lOA/27CbPyi6R/KFktyg/Ba3xORXQTkev/XtgUwSMDVI/+j77a3pBHDhGlcG46TJnuh04XJRHrt5vEVj4rQRmIt122ebhFZcYhq8+WmyP0+Z10BC21mFW0Xv83vorusCoApgQiGYk5bpem0xjWeNRnWmKQCgyi2W0QaiBDEIWQPoURHXkhofNaDqd0+yKKpkuJTS7dssgY2ESA6s8xyDZ+lEU26i7oP3EPqB6NKW/oTG7GcYVRy4w81deTHrqO/tKJukq4j29PZVMVoDX2RQKpRZJ9iVUJ3yaI+Pe/sv4tn+503+y/pvGjyVOC8ph740QPfuYDmM0TsKwLVbteUV3jL/lYcE77YY5DFVs7lcPOjIPZGQWCU1er9BbJDXx6xhljLG35Ira3 M27a+kQO ZR2oTq3pPCB9CLUSxEvqkvWTwoqdJ9ZHYuHY58j2vUQQKu0+0lUtwOlVe7VQ/UAIAXcwV5ekjm2oxmVqlyyvA1NQ5DWMc20zbHYK6G9OdhIieAMjdyw5sPlO8rk/nJ4CNLllp4NIC15RQqWB+UkX2XmtdX5FY/OKi41kZSx6uxQ1tvIhulVEfbHyIuZAstokLbUh+EmLRATTb/F9+xmwwU+jLZBDH2av0RLE9YlCIn6PXhnf74TFxc+BYvetpCJOyXiRquX2ziTz9e/h43N9OsGUC3b6ppCpCQ9aZnRGCOtuI5Wu5d6swEX9s/l1ME3YfJym4qBJ4pkbRJUtDoEt7BXiRdoylH/n6LfMbL9cHh7CFAYMIA7SfDDSNgve0/cZ79p0AFpZMR/+st72lP/Ec7MAZESNzl2dl64DA/YADL+lDvqxgvzcQKLPRhoQOsKGoQcV/TV9iN+AP1sd4/jYRXuq+uc0mPkJuJ68AeY6FOt8F+6guSpgza59GMA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000053, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi, We found a race in the mm subsystem in kernel version v5.18-rc5 that appears to be potentially harmful using a race testing tool we are developing. The race occurs between: mm/readahead.c:140 file_ra_state_init ra->ra_pages = inode_to_bdi(mapping->host)->ra_pages; block/ioctl.c:497 blkdev_common_ioctl bdev->bd_disk->bdi->ra_pages = (arg * 512) / PAGE_SIZE; which both set the ra->ra_pages value. It appears this race could lead to undefined behavior, if multiple threads set ra->ra_pages to different values simultaneously for a single file inode. Best, Gabe