From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E23CBC83030 for ; Thu, 3 Jul 2025 05:19:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 723926B00DA; Thu, 3 Jul 2025 01:19:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6D3F36B00DB; Thu, 3 Jul 2025 01:19:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5C2736B00FE; Thu, 3 Jul 2025 01:19:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 4AF746B00DA for ; Thu, 3 Jul 2025 01:19:49 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BE93EB9A9E for ; Thu, 3 Jul 2025 05:19:48 +0000 (UTC) X-FDA: 83621801256.08.79FCD68 Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by imf16.hostedemail.com (Postfix) with ESMTP id EBED5180004 for ; Thu, 3 Jul 2025 05:19:46 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=biRYeR2d; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf16.hostedemail.com: domain of aha310510@gmail.com designates 209.85.216.49 as permitted sender) smtp.mailfrom=aha310510@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751519987; a=rsa-sha256; cv=none; b=o67tjETcv51bdWmP4RV8rPen3y40I2I6PkYes2jLfKiTDxf9S5c5emJAGLQU2rhNYUWys8 0mQwveOi4qcfvUN3NMWK4pDjwbMKC79Zvyb+flL0+X573VcJupDdckfWN6mS4xHVP3CFhU /K+kGSLF3TqC9xizGo55iXIcVdlqTxs= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=biRYeR2d; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf16.hostedemail.com: domain of aha310510@gmail.com designates 209.85.216.49 as permitted sender) smtp.mailfrom=aha310510@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751519987; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uTNZE7ZOTAyF8MCYIIhkbiCDNGq9g1xy3OOHBzUTllI=; b=yv4QIbpXs8oLVZWuu0EdwKhEKNKxqGiqzs8+63+zzI/05pT4BwCz62/jHHr9nxK1xOjp5N yQJHIwV5k62WNL+oE60vlP409Vbbx19D8BSmP7kbzuaFxT2N2fclj3jH/EPJENECo5dx44 zDRyMmrAoEcGy1rYA+3E1kgV2noAJYc= Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-312e747d2d8so494559a91.0 for ; Wed, 02 Jul 2025 22:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751519986; x=1752124786; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=uTNZE7ZOTAyF8MCYIIhkbiCDNGq9g1xy3OOHBzUTllI=; b=biRYeR2dLZbTt6IIZdPDnJOAIM0FTKCjE6JSi5cNxZxgQzPO3XxRLed3m2hLNBf/e5 cI16VOJsj/IzpfrfwvzRKx1c4aUilrIiJ0IYqzEFLk0zF3P1FL9zB/U09jArAdQBpUIp ItveJ1ZfxLOJcwEYrZ+uXtVR3740ULINbuIzZaABZCqORMzuliHibBLl2u6KNdHB3yTT bCBKgSITT3+FK8Z0DILiUOYMG1JYlbJDBdjaCsVJ1THYlrlbnSaoWUwADNcovi0oFApd N5MyxDjl9jByuq0fhmY7EEVq4uIaZPICz1TddZ3QeMG2CQJk1ttAj4501m6HAEyOrtCk 0v3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751519986; x=1752124786; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uTNZE7ZOTAyF8MCYIIhkbiCDNGq9g1xy3OOHBzUTllI=; b=fxPRNu86Sc7eltKoUU8VzVQT82iSPGKb007so8HlifN6fOVA62TDt6+jzRVbKecDwW c1+9UQi0DWQNhh2Go83+/hxXbJ4yIZ2LRvWUyr4C2VOf8D39KVI5pj6rQRRWd6MleHOA 1J7G1bqhVbb5jEEDl2QKPzly38UNuXp049fOK1PyO0pAWhX0/5a7kUUepB8qwCkvFyXN ndhE9r20mslJoTeTSh32ARXt9EpQsisiPu0H2yqR6ewtC4La/qfq9H3Btvhzip8Zrk99 9GuMJ27qDBob/xVNHTYDU/P0ocukwJwBDmNDGgbGDz+RWx8L+Z1HWhg9dYfv0e911M4F oVpA== X-Forwarded-Encrypted: i=1; AJvYcCXMJ4oBRBECebFE1ht9P+WMLOasRmG+gfvq2H2bmhn8UdtdsdU1y3NJOX0ZPyVQm9+VcAN87lorkw==@kvack.org X-Gm-Message-State: AOJu0YyUusmKgOMuglcAxHfLX65Ls7qSCX8QRpouQhY5dhNbuoDHfrfa JZxiTXPyBk6COSvRfkckxwViqx438yTDNHg8Lp2UKRDhM+mIMfK/B+Alra+Etj4/inyZ5uN4tco L7cZ/+ffmnaGljIaadiJvIoI5lNXA6e4= X-Gm-Gg: ASbGncsNrY+aNnr3DvjBwKN3RT1aVwjeH7uSAQOF3xErBXCy2oPWPaeXp81yQA9jP2W kaUsq9YGFik7spALsm7QU2odt08gGKKH8iBW7Ssp+78yGxy4ltqNNpMeq6I8yA6N4yGPz1mgKm1 c0czP1C4/v0FHrytVWqLj/QuvmQzXXDN5tjmn8L5mhE6MsgtJ7fyMrRA== X-Google-Smtp-Source: AGHT+IGgdXq3dC7nvHfpeeyjETEksLiNdeVE+3KovLApGAJDmKuuYvYO9wE2H4ql7W1/liJS4uslOTBEJsnSlLcA8MU= X-Received: by 2002:a17:90b:5544:b0:313:d361:73d7 with SMTP id 98e67ed59e1d1-31a9f8127b7mr1120325a91.13.1751519985793; Wed, 02 Jul 2025 22:19:45 -0700 (PDT) MIME-Version: 1.0 References: <20250702082749.141616-1-aha310510@gmail.com> In-Reply-To: From: Jeongjun Park Date: Thu, 3 Jul 2025 14:19:34 +0900 X-Gm-Features: Ac12FXwXCy772mUmdzXg1-YI6W9xVBQJrqHiDhqhYUpNPGpGqu4oM7JO2tLJ3SA Message-ID: Subject: Re: [PATCH] mm/percpu: prevent concurrency problem for pcpu_nr_populated read with spin lock To: Shakeel Butt Cc: dennis@kernel.org, tj@kernel.org, cl@gentwo.org, akpm@linux-foundation.org, vbabka@suse.cz, rientjes@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, syzbot+e5bd32b79413e86f389e@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: EBED5180004 X-Stat-Signature: qdmiozhx7r8koy3ay96juyt86dm6wsny X-Rspam-User: X-HE-Tag: 1751519986-896989 X-HE-Meta: U2FsdGVkX1/YPmsCiWT45oGaAcATusqqvz/SopuTrnl26yb3rYsDxAOwbK7i6vYD061YMrpjCm/o3nypWLHYm5DBL/LTRME+3Z4lC4eodgTkAY4gHPYzZsiwQB+/3VKQZOJtA2XKu4Hwh3Z9LjcFnv/LN2nHuIJLMnBo97TDqnVmrHPYJ0HScX5fvhUtSHa7pKUSdSobIShn3wTsJ8a5BicH1ZR9Qw9ufdAyg+2SaOG0/lirJ4U50vZ+w7/NfmsYLxxc0bI7HJaj621ifPCzjm+NNCCAraYH1n6/jMTa70hbNtiNZFiWO1SrI+BPfurg9y/zw1Xq0r90qpRWs+66oOX32SY/NtQCzFdOwiBZIBkoOCr4X4JOjM6TxTV0nQ/7xIQOMOsQaJbMYN3p0LgLiU9vw925iSlKkceAx7QUV9CbiO3JXQwvcdPIbEs3IXsEOJLDHuDGnaXwr2VDS6BHkN/8rrYCb129jaFbOtexP8f5fr1teJ3kWS08T8u24nyIh7aYZ2oY21ZsJSo5enm2w9EDghNlx+7xsCxvgBgR9IumYGSgxhaB8M5wJdzdhZ7J4bmuDAV26eJ3sV9RP3GvBWHSdZWT62BIiLWSjwHlJrF+SDbo3X640g7Sa2rfCmPnMWwIaq5IAiKYxgdvugKlSmctDvLQPgTU1b78cBemrFcMDl4oj2d5JQIjO4qAmySB1Cjbl0HKxqoZ/VcJL54Z8ICkxcR5c8UmaJmfXU/7ZHi/oxgmiBV7HALduEOA2GwFYuqis3BR4Pn4g0/1fI3lJ7X/q3TQYMXe0eGo+GXKEd/XDeDZThnaQgh5GW/oRbvufEK8NjpXGfceItS4MH31mGNTfePKDBIBjRikDmVM4DAaeY299uacrqbo1iJ9nPxBoukW/4PdP1nJRLoUGAfwxlGHtOlMDsVxEBKRFZwv4TiZIEKgYzoYm8WeOdWjL44iDhshvPi78t1PiKgigsV bh15/m/T U+RmrBzekg/ezK0iBXLeH56MsTCTLT7Xp2ALqDb64MRVYfcRxbbOSmJewRuuvZAcPAVe26ODcaQXvNB3z1xRYEsvSl77CvXScHgIU8xKtDYz2wonR/jCuRbMt8tYrPpKoOq2+cT00i0wChSicXFoPm+/lHCBGHSPQciJO4GD7PPK5dXHvCdgDtbxwo6sL0WsWRPpWkA8cFOxRlgxYO75DH2as7Va+v1TgDIB5h6sW0dNMi4UmCKu56+s1VePMk/vH1dzolb8ziATWyQJ8rU+ltboN8/lim/qyvi95zMzP4CUt6K0lt0/txImOPEemRPpo9qVJ15CI24UsedHHoc4FkZ6rZc4YI+ZWwfqvpexmgUQD3QRJwZmk5FHORRdteIuz2JkeBJdl0s9tw3Hz2cCCYBCJ3cswOTKIMdoF/8uCGtiK0wuH3PFnlUv6TR3Dc/cLUQxAZM99A79Lu0rsjeetP5BgN3Iq1+NX9pymjw+A0/uNy8x8THwJoc36rTTxNZhrJt3yR8LX+JIlENOVUpTPYxB/M/U90qBt65RbT2DeHJpAcx1IK9ihJlHkXhwaPfBj4XGX2AL0TDGUQMCN0VZgwN9Q9koFnVPDkqJd8+JBkFPMvOs= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Shakeel Butt wrote: > > On Wed, Jul 02, 2025 at 05:27:49PM +0900, Jeongjun Park wrote: > > Read/Write to pcpu_nr_populated should be performed while protected > > by pcpu_lock. However, pcpu_nr_pages() reads pcpu_nr_populated without any > > protection, which causes a data race between read/write. > > > > Therefore, when reading pcpu_nr_populated in pcpu_nr_pages(), it should be > > modified to be protected by pcpu_lock. > > > > Reported-by: syzbot+e5bd32b79413e86f389e@syzkaller.appspotmail.com > > Fixes: 7e8a6304d541 ("/proc/meminfo: add percpu populated pages count") > > Signed-off-by: Jeongjun Park > > --- > > mm/percpu.c | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/mm/percpu.c b/mm/percpu.c > > index b35494c8ede2..0f98b857fb36 100644 > > --- a/mm/percpu.c > > +++ b/mm/percpu.c > > @@ -3355,7 +3355,13 @@ void __init setup_per_cpu_areas(void) > > */ > > unsigned long pcpu_nr_pages(void) > > { > > - return pcpu_nr_populated * pcpu_nr_units; > > No need for the lock as I think race is fine here. Use something like > the following and add a comment. > > data_race(READ_ONCE(pcpu_nr_populated)) * pcpu_nr_units; > This race itself is not a critical security vuln, but it is a read/write race that actually occurs. Writing to pcpu_nr_populated is already systematically protected through pcpu_lock, so why do you think you can ignore the data race only when reading? -- Regards, Jeongjun Park