From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D729C02197 for ; Wed, 5 Feb 2025 16:25:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 02E2F28000A; Wed, 5 Feb 2025 11:25:57 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id F2059280003; Wed, 5 Feb 2025 11:25:56 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DE87828000A; Wed, 5 Feb 2025 11:25:56 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id BA920280003 for ; Wed, 5 Feb 2025 11:25:56 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 6BE5D1203AD for ; Wed, 5 Feb 2025 16:25:56 +0000 (UTC) X-FDA: 83086417512.08.091648B Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by imf02.hostedemail.com (Postfix) with ESMTP id 6A74580015 for ; Wed, 5 Feb 2025 16:25:54 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Mks5BS7u; spf=pass (imf02.hostedemail.com: domain of elver@google.com designates 209.85.214.170 as permitted sender) smtp.mailfrom=elver@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738772754; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=g398mAw+koE/7rvCUsGrdTu6hqyc6MVi7/IgF/fwk5M=; b=iKZQ4+/yTR4MelKz9INZAgFds5Tvz4pQjxB2F6fe4ALcr1lTjpdk7Nzp/0fA6VJWSPnfcr MboWzFCdMGGaGTKx5VXCIntCDg75fU6Kppsz50uk1WNhX1G0gMOj5Gf78RpSYYLcVxubHA QXwUwdHmJTLRllnZm4mjNLIgt9DycZI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738772754; a=rsa-sha256; cv=none; b=lAgK2+svUwLzc/6/UkQloknKzKNmsJtuiqm5/hkXQyn2BmGIu5jlofeMzE30lrdoVMyynO BmYdD1e2n2wgtU3a+dsvNHJxcCXdDXQs6arB41FZiVvD5MLlR4A7oItHwN/s8SUHoZcLJD nKeNDUzmHrNwcqDAA1EkjakjE3ilMAo= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Mks5BS7u; spf=pass (imf02.hostedemail.com: domain of elver@google.com designates 209.85.214.170 as permitted sender) smtp.mailfrom=elver@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-21c2f1b610dso84835ad.0 for ; Wed, 05 Feb 2025 08:25:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738772753; x=1739377553; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=g398mAw+koE/7rvCUsGrdTu6hqyc6MVi7/IgF/fwk5M=; b=Mks5BS7uZC3g12ZKfWrok0kc5xinb6+2HFqBpNDlUSNJky+LwaNllh/WMFFjOtjfXI ptUnZVL5C4ET64GZwlqPRzFGdl33w12j+v6mdkSyJzkVfO3Rhf1rBFJ/Y4xC3q1RRYlT 8Q1UVrU3xBfQIP6DZ7Isd549FylobMFcPqjtvHCncxy55eVLztnQgKLaslJtx7byRfy3 Xul53UJl89G8Hl9YqwQCwxvY91uLZHtwn673A/k2+fpo0172PUX9oaVio0lHDBH7fwnP h+FGXjWBJmUL4NHV6JfNEKroTcjVc1W8ftrVnksMxe/xYlc4G3W9UiBRuxxaB1+3NgKV T9gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738772753; x=1739377553; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=g398mAw+koE/7rvCUsGrdTu6hqyc6MVi7/IgF/fwk5M=; b=pJFhx6fplUfLVqNI0y0NDCBn3UoDKNGnfaE+oTw1kYp1xH9aCxuPY6gp6QzC+aMnqE WbmRZnhxpcyz0UmnLUvZ8d0eEi1REwfJBzKIKqAiFCQLDpLQjIjYNukV1oN2rKkSYVAq VD8Cdin7f2fdtxXUpjZrqB3+JtHtcGNXp295IFO/4kzWk4a67nHMkD3uQ8FK22mUq9PL OVi1i1vnLF/fuobeIr6vUbhsg9dgLNLfZ97/7sFLse1MA8ubbkDlo67SBMH6jIe5HvIS GG8rxRTL0xp40KPZaIgxu5OrA5FKPlqkKIA7MiRoDtDtGESt2Nz+8aVlhYtpM7STo42V almw== X-Forwarded-Encrypted: i=1; AJvYcCVxBkobUQ4fEDVPZw29/eH4VO1eibOLzgZZXLMDjzvDbHueITEFfBVg6p78rgW7JvXBiEnKhyDGNQ==@kvack.org X-Gm-Message-State: AOJu0Yx//+4LvFDLnVlZDBiH8l4xxJmMg78OTEn4RLmyo8sWVx9zqWUF aFxKPHfyQARszH8a3PwBn3UUjgfNyy5mIceegJzIBxRuM9BsvEHTAGDq2i1Sq/5+E3ZxASF8r2C FaEBQ/2Npgr4q+637SLXyEa3BMgJAT/a/mNpbaA3/MfVxbLamUjY9 X-Gm-Gg: ASbGncv+xRhfbOJiTTSzKB/vinNrzuLrEa+gO8pPEnqJw8fR7tjgiiGp4Ad9tuLbx6d 9OLfo+cCXLJYbF9zlWAdKweGIJ8iKr1nK6gyv60XHpKc1F5av0pmrwIxx6jxZAEpf0tXCUQqp30 ZhCv1nyB02OASKmsw/VaQIcwynFIrY X-Google-Smtp-Source: AGHT+IGO+lHifIAmBbiQp609wZPwjqvDK16S2Y6u0ij8ggOirZZDpqz0X3E/XK82rQGtxlAc3yX3pxNNptrvQCQ81iU= X-Received: by 2002:a17:902:c941:b0:216:1543:196c with SMTP id d9443c01a7336-21f17e29df5mr55523525ad.27.1738772753013; Wed, 05 Feb 2025 08:25:53 -0800 (PST) MIME-Version: 1.0 References: <67a34e60.050a0220.50516.0040.GAE@google.com> <13bb4bbf-92e7-4c45-a3a8-a52312015f92@lucifer.local> <097c6249-e86e-42c9-9f43-bb9f8a865ce4@lucifer.local> In-Reply-To: <097c6249-e86e-42c9-9f43-bb9f8a865ce4@lucifer.local> From: Marco Elver Date: Wed, 5 Feb 2025 17:25:16 +0100 X-Gm-Features: AWEUYZmG35h_UiR1ojQSynQoXweyk_XDmkOgHg5WfWz_e1HpijYkRgKLrDkrxBg Message-ID: Subject: Re: [syzbot] [mm?] KCSAN: data-race in mprotect_fixup / try_to_migrate_one To: Lorenzo Stoakes Cc: Jann Horn , syzbot , Liam.Howlett@oracle.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, vbabka@suse.cz, "Paul E. McKenney" Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: gtz4qtozdnswfqybr5ztcadf5obhn5mp X-Rspamd-Queue-Id: 6A74580015 X-Rspam-User: X-Rspamd-Server: rspam06 X-HE-Tag: 1738772754-767228 X-HE-Meta: U2FsdGVkX1+Wib1k3BXnsgV2kUUEUNmXIqHu9NJfYUHl5R0SMl0Lz+PaUjPkI2C6l7eg0JOBYnHnAkn+XfRBs7A6SiA2R/8iC4p3JWVO2bmC2r0eBzzFWUhsJN17xvY0hrrRm3uEi95/Eil1JUi+DImL5K9Z+D66nL/q/Leg1FEifliyoNnQlZpsJpraByWDmcKlmkAYlrZtSkH0iCADtNKTdIvaNUGgRMs5mPaln1S/kSvtegmHkgxjSRxMKbZbN17A8ElDgHgvIcCxCBdwpWX0yw6RYNgwFJ1WvzbMxI4LdG5BUSwvNWNQP/37f+dy8ZlXyKJlCqM2wYMLVlWkbWx9N+3BkSYjFhp8S7xW2Ndh/JrnEXONDkiUw8qtLDUOvGkmdDuu1qpUMwFmXsHpQmfgB5IYjDLlvc56pJ7zWYuhABT/5yih4+TDfiyXTmxfIrGXJH2WUB7qYbzxnwkzAQXbKFaZTkMe2t4x4IZn3zph2L5taKLCjuBPzsLh5JsiP+tid1bPLXT4m1g7JQ9oVNp8nz03GsplurnpxKbTACt3SnGDojDsxvSBwtP9r54ko8HO37aA8N/dgK7yLAecgAnqrm4b0gLQEYCex5MbXzr3aP/jkvVtAR5Bdmlugn5DJOm4sbm+I3MSPNBQVwRldlP0azUIQ/77Z1IjK4QXs3JrVDlDzGfludksj7xPhvVxo0ZBUjE9Y2UMvjLZegFNT4qq1ZsyrUyqhdfh/w9YBBp9SmbHX5z+c5xMMmvR72U+5B0An5IfWeEa9dcSiwE/R+oJYCPNGCTqGya4pW2PmPCR3ybHsDrzyrSUchyuREfAMjWLyGp55CVwrfqAoB6VUTI7BJaZiHzL2Pe5THJOT4djwsZKxhTFDeh1NaTE8TRPrP4SGN2dr5Lsv34KoEqK67bCzgkN2nFf6TLByHVTxpexz7R8Pz//rJBFAe81C3lIjFTUeN5t3FhNduiGGCW eFHigu9A eO1+8Ok6SLrN4i4v1iAMuezueysgppJRoFfH/WHYs7Fu1vschbS/0nv/7zuyZY2mDiwY527t4oQZWaXFimkiLzm/kun8HIhzJ2dOhK89sIRmMpAvwL6kOvmJFWkVty7GXirQFttUAWALkTryn6RemhRBCWvZGeUQH/Me+kQps8SNbvVowewi3fpOe7zfpV0d8Lhw/SQSlTtkRNkOScOI6QlDC/lMLHvD0GGL5Ppl2+32XKhxI1Z8lZulA7cYPmOT0TWgg2Izzox/Bo7OA0nCcWR0pcVm7+kigym1eKE2Fyu81PMGeCoqzF9rWUbFtR4ZeclTKLtejV3alzp3Yrmx53D4iqL8/B8oLW/Jt5IjrBmbxjamF7WwkMKKk13xGyRJ5wcGTwQYXwaEJ+FnamWWbugzVGriftOCKinT0pIR0c42xSZP4UJ7YULJ6WfLU6IrZ0lTBtn9SkjKf7s+GuZB9FrCYGov+pUaYZhQ90UOSOdAGCwXFpWFO+uGE0+jIZsn1l7G5aMgbVApvy+aMAFnZ4Y3GAQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.077561, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 5 Feb 2025 at 16:51, Lorenzo Stoakes wrote: [...] > > [...] > > > I hate that we have these landmines waiting for us. Be good to find a way > > > to explicitly annotate this, or at least comment somehow. > > > > > > But agreed, probably adding a READ_ONCE()/WRITE_ONCE() is appropriate at > > > least for the proximate thing. > > > > > > It's a wonder these things don't trigger more, except you need probably > > > very precise timing to do it... > > > > They do trigger, but we don't send all of them to LKML. > > When we first introduced KCSAN, the notion of "data race" was still > > poorly understood. At the time we decided to pre-review a number of > > them (but our time to do so has been going down :-/), or let willing > > maintainers deal with them directly. A number of articles followed, > > We very much appreciate your efforts :) > > We are definitely willing to see these in mm, and as you can see from the > discussion here, the interaction between the rmap locks and other locks is > complicated (see also the docs I wrote on them at [0]). Tangentially, I've been trying to work out how to bring this [1] Clang feature to the kernel: it's more or less a simple "capability system" [2] to express "acquire this before doing that / don't hold this thing here / etc.". Locking rules are an obvious application. It's been on a number of people's radar over the years, but nothing materialized. Sparse's locking analysis is much weaker, nor easy (i.e. quick) to use. [1] https://clang.llvm.org/docs/ThreadSafetyAnalysis.html [2] https://www.cs.cornell.edu/talc/papers/capabilities.pdf The current work-in-progress is here: https://git.kernel.org/pub/scm/linux/kernel/git/melver/linux.git/log/?h=cap-analysis It lacks documentation, and proper commit messages, but is otherwise usable (see example enablements for kfence, kcov, and stackdepot and lib/test_capability-analysis.c). An official RFC will follow, but the hard part of writing documentation is in the works. ;-) There are also other questions, such as: can a subset of the analysis be applied tree-wide (vs. current selective enablement), as it would help find more bugs faster. However, the reality of it is that using this system would be opting into a "dialect of C with capability analysis" with its own set of restrictions, and I don't know if everyone is willing to pay this cost. What I'd be curious about is, if some of the complex rules you mention above can be expressed so that Clang's "capability analysis" can point out some bugs. I suspect not everything can be expressed, but even if we get 50% there, we could catch a huge amount of bugs statically at compile-time. I let this cat out the bag, because this thread seems like a good way to get super-early high-level feedback. :-) It'll be a while before the first RFC. Thanks, -- Marco