From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E450C3ABAA for ; Mon, 5 May 2025 18:06:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7E85F6B0085; Mon, 5 May 2025 14:06:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 793716B0088; Mon, 5 May 2025 14:06:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 65C436B008A; Mon, 5 May 2025 14:06:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 479D16B0085 for ; Mon, 5 May 2025 14:06:37 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 41B87BEE73 for ; Mon, 5 May 2025 18:06:37 +0000 (UTC) X-FDA: 83409634434.24.8ABE500 Received: from mail-qt1-f178.google.com (mail-qt1-f178.google.com [209.85.160.178]) by imf21.hostedemail.com (Postfix) with ESMTP id 76A3D1C0011 for ; Mon, 5 May 2025 18:06:35 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ySAys6ue; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf21.hostedemail.com: domain of edumazet@google.com designates 209.85.160.178 as permitted sender) smtp.mailfrom=edumazet@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746468395; a=rsa-sha256; cv=none; b=Ds9mPfs0QI5YgTvhiMY/nzq/V6WZSEncZt9ZzK9OuhDfAaWtpCfBBsfjEMTk3G0qYL48Gu hepabfaCscLtinVoNC9S151M6rGlCMLwq6lQooGhBOpwIETG6JQ8+O+Ux3KrE80wgxuNx7 kUa0LBbBXkPr9FhJ3L+0yd5NKjc/LfU= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ySAys6ue; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf21.hostedemail.com: domain of edumazet@google.com designates 209.85.160.178 as permitted sender) smtp.mailfrom=edumazet@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746468395; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Swj8xv+CvK8GwQKDrfM8nYLpl6Lcb5KgxzPXic4IwRk=; b=AoiS4tQpmUmrozk/zl7DUmFGW/RohV+o8/6IRzNnp5QArahCMs/GyoxZkfMTF/HXZhDvg4 TsDYObw7HDsI5RhPB048j1rdn1lhW13rqc5neVc4UvR8rxTSsC+qBGD5AW8j/ux7jpuHto RRfMyXS+cPCwGfwE7PJq2X2MAJooFrU= Received: by mail-qt1-f178.google.com with SMTP id d75a77b69052e-4766631a6a4so61858111cf.2 for ; Mon, 05 May 2025 11:06:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1746468394; x=1747073194; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Swj8xv+CvK8GwQKDrfM8nYLpl6Lcb5KgxzPXic4IwRk=; b=ySAys6ueQtmjB8Fbbfyo9Yt3gAnJfdDHGr3kUxv62y5h8NVREygRSqv7/OBCmzo/1s w7gPCWrPYd0f185Qym0fLBMFgsdQv7Zg3LKxc0EjxMM7aLSXKT5dKdXaJ90o6Wb8f/EN 6rGyeggy1Q9y5WhYcXt0w6Lthb5UsS7DND8koKjXbe3cxD70Bm6Td/Iyq8SJBUJFK5IV eFp2oq78aTGVfLqdESdnuW+Tx/8rXHmRSAqcvhqztS1UZh9b3wxUC5GKkcN+p1P3TQ6f UdlT1MijuQ9rIcBg3eXyUzdgG6xS5lr8LxVzDZqV6PSQzs3pAgJixeil9eT8zRBzw5T/ Ob3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746468394; x=1747073194; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Swj8xv+CvK8GwQKDrfM8nYLpl6Lcb5KgxzPXic4IwRk=; b=MoteZZxREprQ1DOryhwLJ1QlRnxd6cgqtM9sUHdQnhTynlyGydfKkcCZznQ9IJl/Xd +HEg1Ex0U97qlOq+cMymkiCoNHwUmcaevWxUHWiLQ7e4BcY0FpI6c4GtaMfr0czY/hho 7k9Rnyr4idikwGK2FwQY/RUSWcC1ntiR5+2sr2ORgy2G+8616PAJtMpxDpDvErHwnI44 UlLggfe3w0d+gI/lvLT7wPOn8uq9emmkPjfrY0PhSD9d723PYFgeWE6u2mYhJIklAraM uE7p9R9l9/L3dBmxuEAUWf76KObfEFK9MXoK9kEYdcQyKU4c/1eUh8UYIlhlO+fOJQBf 1jVg== X-Forwarded-Encrypted: i=1; AJvYcCVfFl5oJ3H3zM/auMxVVOec7/Hu/hkQKCcTlueH7jo2uoaQEs1CFjWsmQOC99z1F4l1G6tTYaVS4Q==@kvack.org X-Gm-Message-State: AOJu0YyrTXFogDnW/MTEz4TkBP/84jMIMfeTfYd8hn27fUav3HuelvOL VpPlJELZxE0wbrdWkzj00BTSx5MkXnfthgWKSdbq/Z5w0KwW7XcEc8PSTfaNyaZ9Sn+IJn9SimO yMtUWwJdJYF+/gSupcxGRTP5UyOV4HP5Tw6xTGLWuSLWAW6KsAprS X-Gm-Gg: ASbGncuvOV6O15gE+XbPRRkwfgNzZmZufb5K+/nXxS6HO31wTOhc/sc/UXnabya4Bhu Mr8jtGKaBqh6Lx54Tp8deU0PzsogRfTEBVPfdjNASO75j/4BH3KtYYm54yYGwqpZk2XnStUp26r GFmurodpgutL/mfW+D0zxH7MQI3etimQ== X-Google-Smtp-Source: AGHT+IE+0rMM7kY07DRyIRHMXvbXKs24lzYachx2Siix7kFU/j2UUwv6Q7ZzNjLJXrh91Ebui0d21FXvVkAD7BY9DuU= X-Received: by 2002:a05:622a:307:b0:476:903a:b7f0 with SMTP id d75a77b69052e-48d5dd6c5ccmr151157591cf.49.1746468393837; Mon, 05 May 2025 11:06:33 -0700 (PDT) MIME-Version: 1.0 References: <20250505171948.24410-1-aha310510@gmail.com> In-Reply-To: <20250505171948.24410-1-aha310510@gmail.com> From: Eric Dumazet Date: Mon, 5 May 2025 11:06:22 -0700 X-Gm-Features: ATxdqUHgfoh3-NxsvTQSivZbaep8sPJ1h-gcDPSGMbStAQQh7YxdOEg5Q_IolMQ Message-ID: Subject: Re: [PATCH] mm/vmalloc: fix data race in show_numa_info() To: Jeongjun Park Cc: akpm@linux-foundation.org, urezki@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 76A3D1C0011 X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: jkuyhhjocgmjjmmoa1cn9ty8obf1jyda X-HE-Tag: 1746468395-91178 X-HE-Meta: U2FsdGVkX188pv9LDzERzQgWfoB19OxOyDKpSKb0rESjKZy7G6Jn5A9i/B0RBUXyOY+J/xcSs56IeC5S7l9DxaxzL/WyXayXvXhLC+ksDnhyp3ERukMdyL7cBTQ++6jmn0mHk38BEwR2zFQ5H6bjIe/PTQ9q8zn2BEsj1T9E9C9XwisTU0jxpAT8FKmg0ufmUA4esNn9Np+/2/I6nQ+zU6ftaRLcqeHWQbPTBDke93eGkN3OYN/EMdn6+QsKvfincihDWwNzBIa3i9e31RdqcOCoFtsWI7YxF07uoEX8zo51g74LmWi29DsmjVenBTFw2jw3e1MalYhtAD9gmLeTfMwPVG3ndzAjaKmYGwTrg+zb645lrJiL/O+uVfqHCdZw26yK8GIELbn2fFfXMtkxE3k6iPfo5gJk6h5LBR4dcvoHsB+OaZZWNZoJfykLl15MHLbFoj8O2QIOqn2XGbvH+YxgfCtlRvyrwOFA8GzFatcYFYAzhLHvp0rstpK9kG5i7pR5UUeYamE/vY2mJvJwrfFuf20Es+6dGI2osnwxK7yrF+XQZ6mhYlNpkUH1Z74SvBnPkqz5ODcC9YDGSHs2JUJVsqUScK1TyUO4JGHhl8GuiDmFZnx1XKHrQxzXF8aKFvTwg9SyrvMZlmF00oQ3WzlK5wz0i5/pzYvg6e42PwxarAN6hUaW41ECW1HYjfA/J/NKyznA+x0lA0pn3IFgfwhcia9/pS1nYTNAU9xIMiIpJm2kDVFEbdzD0vd1xZW9OaC6PiXMNBUbDlrlADHBTux6GooEnJd4C3Gmi5F7Sk0ZQz0hmEKYTjgsHcvYfjvH6zgNSytjY5/ydYjF0YmOS7+j2BPQbx5QaVlr6kZT9gBFFqsgf0DVjEywMVHxUza/Dn5VE0eeNSHhQQ6JrE0gVHDQgxaMbK7HAlq38xmyrXRXmEG+nyVA5qifN/lsOtOGlHnK7YFu+o0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, May 5, 2025 at 10:20=E2=80=AFAM Jeongjun Park = wrote: > > The following data-race was found in show_numa_info(): > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show > > r > value changed: 0x0000008f -> 0x00000000 > > Reported by Kernel Concurrency Sanitizer on: > CPU: 1 UID: 0 PID: 8287 Comm: syz.0.411 Not tainted 6.15.0-rc4-00256-g95d= 3481af6dc-dirty #1 PREEMPT(voluntary) > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/0= 1/2014 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > There is a read/write data-race in counter[]. This seems to be happening > because only read memory barriers are currently applied, so we need to > modify the write operation to counters[] to be handled atomically. > > Fixes: a47a126ad5ea ("vmallocinfo: add NUMA information") > Signed-off-by: Jeongjun Park > --- > mm/vmalloc.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index 3ed720a787ec..d93fa535bc21 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -4917,7 +4917,8 @@ bool vmalloc_dump_obj(void *object) > static void show_numa_info(struct seq_file *m, struct vm_struct *v) > { > if (IS_ENABLED(CONFIG_NUMA)) { > - unsigned int nr, *counters =3D m->private; > + atomic_t *counters =3D m->private; > + unsigned int nr; > unsigned int step =3D 1U << vm_area_page_order(v); > > if (!counters) > @@ -4931,10 +4932,10 @@ static void show_numa_info(struct seq_file *m, st= ruct vm_struct *v) > memset(counters, 0, nr_node_ids * sizeof(unsigned int)); > > for (nr =3D 0; nr < v->nr_pages; nr +=3D step) > - counters[page_to_nid(v->pages[nr])] +=3D step; > + atomic_add(step, &counters[page_to_nid(v->pages[n= r])]); > for_each_node_state(nr, N_HIGH_MEMORY) > - if (counters[nr]) > - seq_printf(m, " N%u=3D%u", nr, counters[n= r]); > + if (atomic_read(&counters[nr])) > + seq_printf(m, " N%u=3D%u", nr, atomic_rea= d(&counters[nr])); > } > } > > -- This patch looks bogus to me. The race is about using m->private for storage, while the same file can be read from multiple threads. Using atomic_t is going to silence syzbot, but the bug is still there.