From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1322EC3ABAA for ; Mon, 5 May 2025 20:09:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 38BF66B009D; Mon, 5 May 2025 16:09:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 33A506B009E; Mon, 5 May 2025 16:09:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1B62E6B009F; Mon, 5 May 2025 16:09:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id E9BCB6B009D for ; Mon, 5 May 2025 16:09:54 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 00A5C5BBA5 for ; Mon, 5 May 2025 20:09:54 +0000 (UTC) X-FDA: 83409945150.12.6A34B43 Received: from mail-qk1-f178.google.com (mail-qk1-f178.google.com [209.85.222.178]) by imf29.hostedemail.com (Postfix) with ESMTP id 05C3812000C for ; Mon, 5 May 2025 20:09:52 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=eCRWakUj; spf=pass (imf29.hostedemail.com: domain of edumazet@google.com designates 209.85.222.178 as permitted sender) smtp.mailfrom=edumazet@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746475793; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fxCMhylbSk6ettTVACRoHKvtfRVQ8d3xi92DaTsXptA=; b=Yq6HWNDj+YZxBijqyR7u+imcWyYVAFfNOLtbbkDuMShEb+KxH8mDk126npdwgNDf36wjyI 6d1MoVZw6eJ6MJ3OR22kz4+FXkCqKWAWLls5chp3mm157sDdx8bamppmn+YQVMVk0sWh9o DV7ezQV6cnPVvch28Kq48JmnvLP7WQ0= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=eCRWakUj; spf=pass (imf29.hostedemail.com: domain of edumazet@google.com designates 209.85.222.178 as permitted sender) smtp.mailfrom=edumazet@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746475793; a=rsa-sha256; cv=none; b=6vNO+GGhatvlX/VCwcEOCABgvDZ1KCilat0Mos/0YQpHdu9QU1Rnk7ifFwPrGwxoHkUx7w EeM8QfNVzoYbWZgMkyd+kVw7e3xQVBiAaC2D8S2DwU/woFoYU+MA5RDjpe95GaFG5Wlz2c u6FJEMLNKFrOsulLn5etydP5IFEBJCs= Received: by mail-qk1-f178.google.com with SMTP id af79cd13be357-7cad57f88eeso211717785a.2 for ; Mon, 05 May 2025 13:09:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1746475792; x=1747080592; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=fxCMhylbSk6ettTVACRoHKvtfRVQ8d3xi92DaTsXptA=; b=eCRWakUjaWlXhZ8pBvBLn4+8i6ZIdaDQdJqkGDKmnVXLSDmKcGNDR37a33iQq8JIZP RvF7u36Du9nx0T2dYsJ5TAP96Aw8AoOokm5qJ+p1E6X/XBbmTtvCdH0xTCeQpTYG+9aW MD6PC+S5im4AbWKMp9Bp2RltsS5i0fpV1HQiZ/rba4qwhes7Qv/cZ0Cxh+E/2y8oGP+5 zqHzRDKNtyo3GX+d5jYR08JTlfm1lHHxG5bdRNypa04O8eT8PcE57HT84qlwQVmHZgoi S5baxuSqUaIgoznqHvhzwrYACop37QNbZT83nW9nBqwOPkQk8RkfaCAVusPBTNVc0NJQ SUMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746475792; x=1747080592; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fxCMhylbSk6ettTVACRoHKvtfRVQ8d3xi92DaTsXptA=; b=BkI/KX2geKLXZJyL98//491efSCb0sbrqQ0S2wgZ2ncBzvs7R1Gb9DoaxzyZuVD92k vE7Bu3u7zpB0YMjPDM+e6IFnEXmrWvek5GiYZyy3ZflEegmar9y/Q/f+yyN7PfT9X5lF GKYNE1kLATywZZgdRZ+355OzifWJLLYY3PQWjyBF94gH5Ht6+o0SfEioEgBZ2ac8Qycl WfhYNvc3In83rEI0wSt80LK1pLEQotmEwjrk7YsQlggIMhvjJ+jnmFhO5jggQDJXcGda Tz9/CCZUVFdSJU5lXrbba9MVkWuPSv2JbNe2blyVKhR/k/TqeoLhZIDI9wGcrOYvY3hY JcSQ== X-Forwarded-Encrypted: i=1; AJvYcCWRzhPm2cYK9rqZ+d5Jg9Ecfm77VN7cnD2JeNoLm6Eny7JNqsrQgqypeeMe9FlXbocU4QhvIgc9rg==@kvack.org X-Gm-Message-State: AOJu0YxGNO6RyFNo2hFi+yZFOxA2zrUFfGsGi6+GiYs4bkhWxvvfr/Jt gI54JdrZ2FoBC0mBcUbk6iB27lnsDW+6dlHEbJOGiAkXgGFDQ4/fn0whUe/JOkV47ANpp0JQoV5 Dzht44hIMPTg7yiIL8yV4KFYHtP4J05ROxB5k X-Gm-Gg: ASbGncu3b07w4+IniwGgVOcr19XiRLwJKq8paBoCFesa9NT1B3JfxK95TPUYPnEKvt5 44WZS4vmXcf477wIfkxJ9vWziDTreXPZSdonYWPzuKjfL7ArbqKKYfMx53JUSV9S9GcjwR9729+ G7dChGKdHtgMEL5MGmETI= X-Google-Smtp-Source: AGHT+IEwYffEkbgbhPlj54yQtRtoBY5URgxuVSejax3boETmX5gY9r1XV3zoKuswGJbtNaqElvftxIE6SWgDerOA7mE= X-Received: by 2002:a05:620a:3949:b0:7c5:49ee:86aa with SMTP id af79cd13be357-7cae3a883fcmr998822985a.4.1746475791814; Mon, 05 May 2025 13:09:51 -0700 (PDT) MIME-Version: 1.0 References: <20250505171948.24410-1-aha310510@gmail.com> In-Reply-To: From: Eric Dumazet Date: Mon, 5 May 2025 13:09:39 -0700 X-Gm-Features: ATxdqUEdBTIZw-HtuQPMX3t5ugIml_n1WXxemHW3wUeEqy1U8nMdOSA3cgfpvVA Message-ID: Subject: Re: [PATCH] mm/vmalloc: fix data race in show_numa_info() To: Jeongjun Park Cc: akpm@linux-foundation.org, urezki@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 05C3812000C X-Stat-Signature: 3ji1ucb1ehtmt7s8p187n9gfg17og15t X-HE-Tag: 1746475792-267604 X-HE-Meta: U2FsdGVkX1+/sUp0ji9+RlvMqcqSXMYX35kHvLOj9t8EFI3Ogj0XckuOkRVy2pipn18w4MLWuCdHbaAsPZ5ctotue47Ci1Ti5HzvPhcMbFNbIP0sFsZBqvLTZa+uA1TZbSvXvL4r/L3mrT03UoJbzpi00HMJ0zksM8C0zrSs20HtJOhMOfVHkdiLBvlhEdJU/Kcp0brl2Fv0SOBWjgvU1JGAzL9FIwk9FLSmXixeR/1WGP3B4muZzl1wMiDH1h6AOKtzA/sfw87CwaLqHuQ5Yob/+QqlrejY+rfR3cT8c0SVHD7BC+QNlldXL7iAdN4OSlba/tARPxWgC1NLiWlu0BuSx67xu4RJyZHF15RQ/pjgCmSzMlN6i/63YQtYu8NK5afCeq+KZ2ep7PJ2CdOw6f6yKyBIbde2Xv3aGwOE2fJVnaxSaM1HOvXD/BtXUJ/ZFjsm9RwuT+16gzxJ9ZY8AZbEvNph9z1nzh4c6nJghxdzwkAbPg52WrInuavsFVklrU2fgkFUrQW+43Ekhp/FjojK43SyRiJyO5ni+dQ93dPKwjV84M7TrPQZCs25/2CqBpQwJZQl343uHJrJlDYLVR6Mco3v8FlTeBBmiFl8exMkP6awP6PlSqCLROXvhW+yciX3SD59TprR1MJeaDgKdIPBAojjhy3lmzjJARW5/yzb38iFVw+OPcby48ZUnMPcBk0TOE6Y4hVGBE7ekvE2WbfvD3AeGr27YxXHcyZJkZG8aVSKi/sYCV+qYDKVg8zgVY+OG8aOQgtsyE1rjCjMNcE8L+aXqb0kHFwpmtYpysloI3ZrUbreuB3zWvftOOBFDz3WjvAGzZLziBytDURJ9ebOWVKWjrRGewJHYneGy2MucGIxQCjti3duOVK66UyfEUqCLD862KJ4AizgeRdclhN8gxCdCI/OfY+2mXESXP0ABFGLwyqDD/d9w1A5bh0hwhRM/6vbi1uIYcROdgj j4E16rWX LvI3hNWzEZnICsqjk8C+zc+imtyCVCSOKL5zBk2Eh8tKdTxpLC6ISN8opWHkBSuODyqstbQKbbMcMEuuOEsQfV6Y0wUl0mwVtMezN6Z+hpKqCxhTU7XP3OjWEg+BvSBu0n+k0CbdGPaIpsxWll8CFMqU4FEI10TblNoPdZb4kSfylRLs5EKqBNMRM+5q3r5K9f8aHHXFZfRNbxyV0SIXDGbrm0CSEgHTcHO4oIA70EGRuS8+U+eJ7bbjbZ81x4M8L/CCW7OLIPQoJ9b+LpF8VLeoWY4GTKbbvP0EY X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, May 5, 2025 at 11:06=E2=80=AFAM Eric Dumazet = wrote: > > On Mon, May 5, 2025 at 10:20=E2=80=AFAM Jeongjun Park wrote: > > > > The following data-race was found in show_numa_info(): > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show > > > > r > > value changed: 0x0000008f -> 0x00000000 > > > > Reported by Kernel Concurrency Sanitizer on: > > CPU: 1 UID: 0 PID: 8287 Comm: syz.0.411 Not tainted 6.15.0-rc4-00256-g9= 5d3481af6dc-dirty #1 PREEMPT(voluntary) > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04= /01/2014 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > There is a read/write data-race in counter[]. This seems to be happenin= g > > because only read memory barriers are currently applied, so we need to > > modify the write operation to counters[] to be handled atomically. > > > > Fixes: a47a126ad5ea ("vmallocinfo: add NUMA information") > > Signed-off-by: Jeongjun Park > > --- > > mm/vmalloc.c | 9 +++++---- > > 1 file changed, 5 insertions(+), 4 deletions(-) > > > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > > index 3ed720a787ec..d93fa535bc21 100644 > > --- a/mm/vmalloc.c > > +++ b/mm/vmalloc.c > > @@ -4917,7 +4917,8 @@ bool vmalloc_dump_obj(void *object) > > static void show_numa_info(struct seq_file *m, struct vm_struct *v) > > { > > if (IS_ENABLED(CONFIG_NUMA)) { > > - unsigned int nr, *counters =3D m->private; > > + atomic_t *counters =3D m->private; > > + unsigned int nr; > > unsigned int step =3D 1U << vm_area_page_order(v); > > > > if (!counters) > > @@ -4931,10 +4932,10 @@ static void show_numa_info(struct seq_file *m, = struct vm_struct *v) > > memset(counters, 0, nr_node_ids * sizeof(unsigned int))= ; > > > > for (nr =3D 0; nr < v->nr_pages; nr +=3D step) > > - counters[page_to_nid(v->pages[nr])] +=3D step; > > + atomic_add(step, &counters[page_to_nid(v->pages= [nr])]); > > for_each_node_state(nr, N_HIGH_MEMORY) > > - if (counters[nr]) > > - seq_printf(m, " N%u=3D%u", nr, counters= [nr]); > > + if (atomic_read(&counters[nr])) > > + seq_printf(m, " N%u=3D%u", nr, atomic_r= ead(&counters[nr])); > > } > > } > > > > -- > > This patch looks bogus to me. > > The race is about using m->private for storage, while the same file > can be read from multiple threads. > > Using atomic_t is going to silence syzbot, but the bug is still there. A more correct fix would be : diff --git a/mm/vmalloc.c b/mm/vmalloc.c index a6e7acebe9adf5e6c8abd52dcf7d02a6a1bc3030..cb69b44587d2032a6192f3ceb51= 8490a05eff541 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4921,24 +4921,24 @@ bool vmalloc_dump_obj(void *object) static void show_numa_info(struct seq_file *m, struct vm_struct *v) { if (IS_ENABLED(CONFIG_NUMA)) { - unsigned int nr, *counters =3D m->private; + unsigned int nr, *counters; unsigned int step =3D 1U << vm_area_page_order(v); + if (v->flags & VM_UNINITIALIZED) + return; + counters =3D kcalloc(nr_node_ids, sizeof(unsigned int), GFP_KERNEL); if (!counters) return; - if (v->flags & VM_UNINITIALIZED) - return; /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ smp_rmb(); - memset(counters, 0, nr_node_ids * sizeof(unsigned int)); - for (nr =3D 0; nr < v->nr_pages; nr +=3D step) counters[page_to_nid(v->pages[nr])] +=3D step; for_each_node_state(nr, N_HIGH_MEMORY) if (counters[nr]) seq_printf(m, " N%u=3D%u", nr, counters[nr]= ); + kfree(counters); } } @@ -5032,13 +5032,7 @@ static int vmalloc_info_show(struct seq_file *m, voi= d *p) static int __init proc_vmalloc_init(void) { - void *priv_data =3D NULL; - - if (IS_ENABLED(CONFIG_NUMA)) - priv_data =3D kmalloc(nr_node_ids * sizeof(unsigned int), GFP_KERNEL); - - proc_create_single_data("vmallocinfo", - 0400, NULL, vmalloc_info_show, priv_data); + proc_create_single("vmallocinfo", 0400, NULL, vmalloc_info_show); return 0; }