From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F27C8C3ABCB for ; Mon, 12 May 2025 20:52:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 100FF6B0083; Mon, 12 May 2025 16:52:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0B2C96B0085; Mon, 12 May 2025 16:52:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E6C676B0088; Mon, 12 May 2025 16:52:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id C4AD86B0083 for ; Mon, 12 May 2025 16:52:25 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id B1FCF160A2F for ; Mon, 12 May 2025 20:52:25 +0000 (UTC) X-FDA: 83435453850.21.D1877D9 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by imf07.hostedemail.com (Postfix) with ESMTP id C239840008 for ; Mon, 12 May 2025 20:52:23 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=cAFOieVU; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf07.hostedemail.com: domain of elver@google.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=elver@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747083143; a=rsa-sha256; cv=none; b=GbOd080irnJ27OpEwghfo2emOQGZom+wmER6RC78H9ofTgwx1AsS1FqWbCnxppAw6FGiRk kmfDrZ5nca9zFnJ0ddOQolt0ZB7t1zEIXwH7a0JBqssY5I2La1As6Ej5ohch7KMshYPZGD QBXgvk7WMdLt67w8MhgYwiJOIjYqyzE= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=cAFOieVU; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf07.hostedemail.com: domain of elver@google.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=elver@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747083143; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=G6GfG77UG8viHHy3JjsFKWwYJM2sK4hIIVI1IRpSg0M=; b=ZjCmQGqSyNujjQ+9A9pv7Mm75Oo60ITxPJ2O0yzzamQ94IWueCXf2X9LAR/hXH6hmyaT5z 0z2T6O9yxcRcBCfX0KvIEpFGD597F8bPdyGQAQppAvaTBCEh4BxAwrdQyXPMXJca3GxDC7 i7GOVO1/ZnI0DWx8rnI3F4gGp/wfYIY= Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-22e09f57ed4so61844885ad.0 for ; Mon, 12 May 2025 13:52:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747083142; x=1747687942; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=G6GfG77UG8viHHy3JjsFKWwYJM2sK4hIIVI1IRpSg0M=; b=cAFOieVUQNH+z7lyk7ZWZv+J/t5fMEly/NkdCWx8wMmSADnElzFB6fdWP91h0k5zXC 7byGRLr8ASUSOaBFnCqDaf9LKhSUIg5GChfOXp0taCGrBreYwlcYUvyfq8m9ELhoka1V 7i7HTMcZtIhO71mxoFd3AHeAJ1Yk2xtdSf+GxdXSvX2pN+jj5+5O+d0ZBc10ssst3m17 GDUM3VW8QIG3dbX6BQ3lohbtTTcmF+ZVnarxClfK/Hzav0O4gdyyPgbNb6EeBShw4P7V bkXXFsJkn+yguSzJGPeJMQ4twpepZNEc4Iqnju9PjvwXuvC5TINonBDzschQkXHSbqGa RsIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747083142; x=1747687942; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G6GfG77UG8viHHy3JjsFKWwYJM2sK4hIIVI1IRpSg0M=; b=quIg0sLQUVQTmAUpwEVQTEnADWK5DQ9Lx+gL66//RSUzF/iBV3PCzEcM8s9Q62lqLr BoGL4zvcGbrYVmJFOtwkyhfrQ5Snk5SBmudhFaHqfSauEdTdQPTXN5CGfTkW7/kLRVR/ 8rznAtQ9Qk+oilgekoPpf+F3AqpFOBSyFKarqXFwvAXZlCe/jabdx1dKMZ2RfCpEA+9z BrOdl4B70EAyVSQctchUELYbsjpr+ZCWCqQnb7G3GXNJGuPqDzGB789LdIYn9KadMU4v Z/zftCR/JvMj2Mm9961xmWWUHip3aGwls6llCG9DUS6j5EUi86uCrxqLDoRecXEBeRA8 /G+Q== X-Forwarded-Encrypted: i=1; AJvYcCWWTslV5P2eVhk4KyNR0ItjEm13Gmw3+iwtLtXieOwYX8PFc7AT74FXxGLnha+HOx8PY40X34v3Dw==@kvack.org X-Gm-Message-State: AOJu0YwIe0hFDWpoVsfHDP5gpY6H5EOoO8Z2QQe8Xruetw8vNZGhXfTk K3lpI31t+bPKXNdbh1eNV3VuqCSPaV0P5POrktXPYXLoFGVeY1g/eoXQW0vGc0DK3FjfEnIgZhJ ZXQaJhIH2VrplICA/SjMNWBWFHSvWWjIC5J0J X-Gm-Gg: ASbGncvo5DnhRxv1rbz9uQjnJhR+uj2lVL9aeqqJkbKGHM6XZLGa9n4gQIf/THCouf7 RbacDrQUc5uOG59j5Q0s3guQ5GwDoVq1WmPpN626kD6cRLW/K+aHUBIWkqOBLkaq/us19FwJMPa 4CyjMHKv+Esl1q3NkifpU/jv/j5014GbqJsm570CEHdgxY0FNb5+qCcmqeHa8TUrYB9p/Z2u4T9 4I= X-Google-Smtp-Source: AGHT+IGo2KrNVqFb05TdeI8WCkeexr8CftNps0Qtdv4Bfo49NwNSA5PN4nlI0133onAbxaqKWw7drqw42px2KtffUHs= X-Received: by 2002:a17:902:da8d:b0:215:44fe:163d with SMTP id d9443c01a7336-2317cb2dc85mr13244745ad.17.1747083142020; Mon, 12 May 2025 13:52:22 -0700 (PDT) MIME-Version: 1.0 References: <6819bfbb.050a0220.a19a9.0007.GAE@google.com> In-Reply-To: From: Marco Elver Date: Mon, 12 May 2025 22:51:45 +0200 X-Gm-Features: AX0GCFvfPlropsZjoLvfDKTlcfOKWVq_01p3Kd9Jy3_xPGlE_YqBOORK_txQXlY Message-ID: Subject: Re: [syzbot] [mm?] KCSAN: data-race in copy_page_from_iter_atomic / pagecache_isize_extended To: Jann Horn Cc: syzkaller , syzbot , akpm@linux-foundation.org, baolin.wang@linux.alibaba.com, hughd@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: gmkzat5b1j9zk9a9yxuwsrz9488rsw4k X-Rspam-User: X-Rspamd-Queue-Id: C239840008 X-Rspamd-Server: rspam06 X-HE-Tag: 1747083143-373873 X-HE-Meta: U2FsdGVkX19ZOZY5AVVzf80QWYvdRc0MJ9QkfJ1baeWvMFFQNRua4KOSZXG5bC9/bn/T05jklKddUp/vxvCPQNUujF6wDdz6RjLArljxu6P02GJXKp32x/oa4DEWDjRkq0tclJiEZyldfS8ehHsBD6y8LWpOhtooIhkVtMyo+2S3j8kSDwVe0uiRweGMFgyCXnlQAgnzCF92XqTnnwcYRqxI6Bs2NECwSsjwkAmYSktJ7Y+Yg8Q5D3DC51CL5Jlldxx50oTCW0D4K5kQSB4f9R6sVrtjYKoUsJ9JAu7BRVLMhV2t3uy6/EgEDLzgC1P6Vp75iyog5tshimPy+FxkqJVzR8Ca/+Dyk+hSmPeNf75QJurXLV3TziozRFGixaYNx2HIWnq/rAX7y6kwmn+z9H6dkU1jARQUGW78KialOJ85kPRdcm1H4kcMQ05PSI4B/MkHsHsbvlPlPiFs5O7Juambu6R/K6yjdzr92k2952OTKu0PiiZ5jv75Meb4GsgZvGqo5QgwE044sTaCINwYlZPg6lsOWzAJDGSMtTjeSuvf+dE9TaPX7W5sNYXe8Gwaiois0Q0jgE0p9/d2SyS7cnVpxwDWN637K4J5HUAyVSdnZlmSnyVMlRdhRsdcj8Yq18r5V55rodDvyHEsdiwnrHnRbY40av76xnijZuVWZZYLBEyZcejkRGygHuD5y91qa3OSt7MdgNMUeIdG8x96VRechBSKOrYS/LTCcxiG+d6chC+c23fqTik6wBblaMPWYP/hVMYZiGyed0Kq4p9PYyCnfvP48zWmC314zWcKqGwQoh75M8j1vBIFhxqOnzb2ay0L/D2pKZrHP1Exp/zx+IeGU2j0ajNseujeXGxFPJv+eT36gSihpjLGKLW3HhY3/U4SM2F78cuL2OjHIbXgK1l8wZo+Lmy8pWiJkygn191Grh4ic0wbjOGJBSys12vPlfXA/KUiSlyk3G4Vq6U q3669q2H ujc08EWQALlHtCfA0d1PL2Y+SNL27r/4IHCbwqBAQM3BgLTMniq8gVlLYyr5pLMQmU1JDYibIH4MwH0mge28Sw0q9UixJ7e9o9i/91Ov76nOB0urz9g6eb1cBvwI6IVu8oqdY/3v3RFrofvIwIpOR/J++IFT8kkZxlMl/5DNM+2BCDE4PQcE/a9dS4IAIAijcK7I0Ua4KzGzMJxsUDKmnBKzu7ANUbblDbsFdA1RdtjycjBHlQ7iL02wsbxG9li7yAJO5k4iH/g1ay1gts/DxFi3VPCDCfVGNpsCPa7GMBgIvbOsBEBDmEBNJoBLbRwba8N1YkV6kX8wHMN9vjatjo40d0YQyTboNKJoA45WWIDYaGccz/pHRZIWtuOCNfoie8AWn2byC2MqmI/dMfRIXN/uxqSwzarHptyLK4WrOU7ld4mGfPNwDdBX3qnLkd6qz/mu5O3LvxvkJG48Yv1bByU9q9A3KGFn2VH+bcgGDvojqnPLEA2mpp1fAVzJT2ul4fZxkNZJ79Z72NLr1m1q62hEM89SkklClWqHExa2+FFMQGuGQrFF18N0B0LBcpi3Jm4W659et/SWKb03fWUKeohB4l2li8YMtnxIuWcLZlzL2q34e8fqvUhaJDQy+ob+YtmZW7Bl5fR5h1igfSgYxhXTPnCRfyc2Md36Ruw8rZX/uEoi9X91npuiPaQ2Uy1auqv2i X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, 12 May 2025 at 20:33, 'Jann Horn' via syzkaller-bugs wrote: > > On Mon, May 12, 2025 at 7:44=E2=80=AFPM Jann Horn wrot= e: > > On Tue, May 6, 2025 at 9:52=E2=80=AFAM syzbot > > wrote: > > > HEAD commit: 01f95500a162 Merge tag 'uml-for-linux-6.15-rc6' of gi= t://g.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D17abbb685= 80000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D615460443= 1d9aaf9 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3D189d4742d07= e937d68ea > > > compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef= 89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2 > > [...] > > > IMPORTANT: if you fix the issue, please add the following tag to the = commit: > > > Reported-by: syzbot+189d4742d07e937d68ea@syzkaller.appspotmail.com > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > BUG: KCSAN: data-race in copy_page_from_iter_atomic / pagecache_isize= _extended > > > > I think this is a problem with the KCSAN implementation. > > > > This is a race between writing to a userspace-owned page and reading > > from a userspace-owned page. > > > > This kind of pattern should be fairly trivial to trigger: If userspace > > tells the kernel to read from a GUP'd page or pagecache on one thread, > > and simultaneously tells the kernel to write to the same page on > > another thread, we'll get a data race. This is not really a kernel > > data race; it is more like a userspace race whose memory accesses > > happen to go through the kernel. > > > > So I think the fix would be for KCSAN to ignore anything in such > > pages. The hard part is, I'm not sure how to tell what kind of page > > we're dealing with from the kernel, some MM people might know... > > Or alternatively, if we really do want data_race() operations around > any memset() or memcpy() on userspace-controlled pages, I guess we'd > have to pepper a lot of those around the kernel. > > Also, I didn't really think about some of what I wrote here - we > certainly wouldn't want to ignore unannotated accesses to some struct > located in pagecache that userspace can concurrently write to. > > Maybe it would actually make sense to do the opposite of what I said > to some extent, special-case userspace-mapped pages such that KCSAN > _always_ alerts on plain access to them... > > > distinguishing normal pagecache/anon pages from other pages might be > > doable, but I guess it probably gets hard when thinking about > > driver-allocated pages that were mapped into userspace vs > > driver-allocated pages that are used internally in the driver... There have been cases where user space was doing something unsafe, and KCSAN caught it. While technically it's user space's bug to keep, KCSAN is still telling us something's wrong here. In the past we'd just ignore these bugs (never release them from syzbot), but I think we recently changed the rules for some of these to be sent to the mailing list. They can safely be ignored if deemed "user space is doing something stupid". I do think we want to surface such issues in one-off testing scenarios. However, in the fuzzing/CI context it's not so helpful, so we might need a way to suppress them. If there's a way to tell by looking at the stacktrace, we could teach syzbot to ignore such data races entirely.