From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06199C3ABBC for ; Tue, 6 May 2025 05:44:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 883016B000A; Tue, 6 May 2025 01:44:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 833E16B0082; Tue, 6 May 2025 01:44:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6F8986B0085; Tue, 6 May 2025 01:44:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 523F36B000A for ; Tue, 6 May 2025 01:44:27 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id C42A6121913 for ; Tue, 6 May 2025 05:44:27 +0000 (UTC) X-FDA: 83411392974.21.B820B64 Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by imf05.hostedemail.com (Postfix) with ESMTP id DDDA2100006 for ; Tue, 6 May 2025 05:44:25 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=eH2yU+ky; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf05.hostedemail.com: domain of aha310510@gmail.com designates 209.85.215.171 as permitted sender) smtp.mailfrom=aha310510@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746510265; a=rsa-sha256; cv=none; b=iO+7M5lvQFQIVn+epbZxkRPVZg8LcQYdrIYB/ApaeRrnjQTJ9XvgfnqB8EHmfebhm2sEVr g1xI2OcdV4lAps39YJr6YBbSL0iUCHo3tMV49IMrG6AwAIMg2KdPaw+FEk1UlGsbEvHUH0 7R1iz3P9gvMUnt1iOL8ZzocxCygMjDo= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=eH2yU+ky; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf05.hostedemail.com: domain of aha310510@gmail.com designates 209.85.215.171 as permitted sender) smtp.mailfrom=aha310510@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746510265; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GNr9n7yrjlAA8esoJnmBNRXYidokO5rrsMXCXfOcgbM=; b=lxd0gs48hv7ii5fSw+g3kxBXcdHok3Z2+NnlLel6i5aGEQiNQKPw1wOeNLZinwyTiG4cnD vHHqTn6flsPHO5UmIPmjROipbNdu0v45U7vwdQ+CsxoctEb2up3d02cA6fYalZ3FIBlEd9 V4eLuW1Zybjo50RB6C8bcGLMm1/toC4= Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-b0b2d1f2845so3698971a12.3 for ; Mon, 05 May 2025 22:44:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746510265; x=1747115065; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=GNr9n7yrjlAA8esoJnmBNRXYidokO5rrsMXCXfOcgbM=; b=eH2yU+ky4aL6dm/KmN39UatXOD+SEcNN3W7gb4uP6ERP6rQ7NMjDwjkPOhOH8a7TsG Wd1Jka5ap4frwf2jf0y+TYnNQ8tC+56RSm2eZI2qcUprzV8Cu9kjO7Tq76MCcGs8w03b 6Dw2EsdtDlFnk10hlNnmCvbTLPefiO7BhbV5OWxOuqPXPSMI7w8tzyv5VokfZOYCa0nK G1WSNfts6cXyMji0o2jgLGrKpyYQvWtZozIBWc2UpiXBnw6k2uWI4XP8ZaBoyjqcKFMp e0nhQ//73wcgpzhSNK/ktwwyHtlQKXnlXnI6Ycou2d8m0GaS+wngyzDxYioZTOyk66ZX Ix9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746510265; x=1747115065; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GNr9n7yrjlAA8esoJnmBNRXYidokO5rrsMXCXfOcgbM=; b=QsanMq2/DXHc8BLyBEmZushneBt9arPzvxnb494F2Wam9l6oX7DOHeTUgTpRA6glLN Vxm/raf8UKR8wtT1bbI1+/+2oVc5r+fn7SZaGFljFeb/QVH2cxcD57eGX1XCpb3HnjJt TU9spbQ1kuY5NS/HgrBr8I4ObOpGcL+vs3I+d+Wi9QJk2WgbkNCGV6ROO0/yvW3CBBQR RNVeklyVLlB725RPrR/OqbMHizxV5PYU6aTkoO+Db/0bfDlu/spvFmMS3a2oZ5ZGn+Fu RrGGvE3S5vycxmsoKpavVY4BMOSaVwVVS8MmitYByCqT+MpdUeAPsQohkY+y1CQ2HmIj Kr6A== X-Forwarded-Encrypted: i=1; AJvYcCXhhA6fihrPsQJdpgCEwwVrevvZR2fKjF7G0KMTHg9DZRJcdAwwXkKGZaT+1J26t99S9ZAvapN15Q==@kvack.org X-Gm-Message-State: AOJu0Yzio9iLJxhpiOqhS9RYxtf4tPdvm80CRm8n+hjaKjJfk+PnPmWt orvIXmkvV4nM1y9pGyKP88pkXeF1jRrzt8qTQb9hogM5N6PCQOw5R075vjczMZ7LZUjBaXzRaJ8 XQSr1Q/95AAFJlDrjHBsiFaP9INQjziMp9Dc= X-Gm-Gg: ASbGncsyUxMN1RJCFssBMLl4ri0EXRSakkD267UOGk2k0IJRW6GopP7Deh/hcV3aaYp K4ebP0Z4zYRUwsSOb+EgiKwHLGYk3aeFoN76lGu2rgHTpwgrwOAVPzZCkC+ZdjmzEfC43oKLL9Q MgZ64Dkf1u5GtRkp0XX3/ELBE3 X-Google-Smtp-Source: AGHT+IHstKrKthb+J+68aMtz+LTMO7Akm5jSagj3AGtcVJvnmKNj0jmcY+I6dvoApyJfSXXIJ/9DiftB1wTwUouxgoM= X-Received: by 2002:a17:90b:5785:b0:30a:3dde:6af4 with SMTP id 98e67ed59e1d1-30a4e6925dbmr20979137a91.31.1746510264552; Mon, 05 May 2025 22:44:24 -0700 (PDT) MIME-Version: 1.0 References: <20250505171948.24410-1-aha310510@gmail.com> In-Reply-To: From: Jeongjun Park Date: Tue, 6 May 2025 14:44:15 +0900 X-Gm-Features: ATxdqUG0EqDNzLp09M_BNbZXfu12F6SQH0C5f93L28Mn5AmV3TfdD61_J-k2BSk Message-ID: Subject: Re: [PATCH] mm/vmalloc: fix data race in show_numa_info() To: Eric Dumazet Cc: akpm@linux-foundation.org, urezki@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: DDDA2100006 X-Rspamd-Server: rspam04 X-Stat-Signature: qsstab9askswmhg8e9x5f1jzdpa8o5r4 X-HE-Tag: 1746510265-446051 X-HE-Meta: U2FsdGVkX1+LuRiVF1387/LdTOUJKvsBe0CcuGll2TtN4KDIxFtvsX189goJa+ouAx5oWeIX0NQWYMqOvfIewesi7jwA4+wDX8yPyX8jCtq1qcTDz7seiiOC0EiljA1A0sqNGbnE8tUm4oels5E91RudMazKzinOzQ23whfUlgCc1p3suRmLvxZJLl/tWSDhftFLZD31Lja7NFKACtVhwwUf3AxOWgRflrTHOvJ51meiJ8ykzIVvvDGCd3MdEzuqCJCQM0leSeenhG7TX9S/L2HeJks/66ZXlzce8fDdQF8DN6S/ws8P2T2mIkDEN89C+8+S44dT1Moab6DZCGTjVaRzq98JAuQF1feFHFHZqM5SX2bwBlTozC0f3ajYT7JhQ2/iWZuMX5+bOm8QkbLJyxVdbOmesjZyI2yNAJHnu2lcuUb7oy0mKbLOZ3C1/KgiIV1+Gw5akcCqxgN+Vg7p0tslOxzOGFRNoA66KwyZBJGP2b3e2WcEfHH2WioxEqngdtlVd80+1J+sOYd2Kcn9SrereZh2ueJn/8C/YH8mxJwQU3QkBju4OY19ul0XNz1yCaONsl9q01b/8Ih5XGPA5OVODdO3KOa24xVQaOz4DJ1KVJhi0jJYjAi1S+A8spPmGltnWB+uq2s4fc/gTSPjs4bcckwMEoCH0MNzhjV0fyMKFNu/A0NE9J/fUxOkWIjoQzzTHfhNcSRgr56+KF79VeiPQjzHR5rjEosfhlTxKfNlMOHHpUeMBR8WPJKzrJlDCkeZDpsNk7c0Pb6rfkZpLcldIobJ3HWxTbNDK1KaAkFlfiLSCzwftgWxJDZtOu1tLv6SaCANo8iEoLI2vHnKXvRyxmNggiAk03vLDf4Fxr1pTBgaAbZ0l3uuwf/LAFhGqOQDA94AEefFYasVZ9gx99FuiB4BEWDYhzDhOHI07Dka7emA0Ok+JHRiJfKSFXil0UF/gFJErcmjY0G5LV4 Lap8tpkp jm76zXDlvL9TsRgQVI7zvC9TQLxpdMWx/e/oGzGCZLQokpAOYd0jbpKdHZgU922mJvcWTchn0lMBDxboEBcp9SyGhxV9X9G6KK9O2Qo4SH8HbbreZXoT6ba11iO35Q1fcqn7v6B1rKu8YPdBjGq7oENbSgXsb3uYCnOclh9m86kIIdyK81p/eP4qN/vA8Vwka2gfX1R5bDGr9rsLOXU5eS3QrSXlCQU5+DCkitoK9RUcAldH8E62ctBG5byRtEFVvVMylp1wUt2Lm5oXGKBRswaNJbzsWyx6H4v6jMMu/xWcNZqKPmim475GeoEskyj3CZVerp2cy/Z8DbWRvvC2EmAhyNXWDRlDAwWg1ZycP0x14Zy9lOqWWaKcDOV62/oTFGS0P9BASLn8RXb+zYhE1WDVjRar5sLbVNPxj X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Eric Dumazet wrote: > > On Mon, May 5, 2025 at 11:06=E2=80=AFAM Eric Dumazet wrote: > > > > On Mon, May 5, 2025 at 10:20=E2=80=AFAM Jeongjun Park wrote: > > > > > > The following data-race was found in show_numa_info(): > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show > > > > > > r > > > value changed: 0x0000008f -> 0x00000000 > > > > > > Reported by Kernel Concurrency Sanitizer on: > > > CPU: 1 UID: 0 PID: 8287 Comm: syz.0.411 Not tainted 6.15.0-rc4-00256-= g95d3481af6dc-dirty #1 PREEMPT(voluntary) > > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 = 04/01/2014 > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > > > There is a read/write data-race in counter[]. This seems to be happen= ing > > > because only read memory barriers are currently applied, so we need t= o > > > modify the write operation to counters[] to be handled atomically. > > > > > > Fixes: a47a126ad5ea ("vmallocinfo: add NUMA information") > > > Signed-off-by: Jeongjun Park > > > --- > > > mm/vmalloc.c | 9 +++++---- > > > 1 file changed, 5 insertions(+), 4 deletions(-) > > > > > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > > > index 3ed720a787ec..d93fa535bc21 100644 > > > --- a/mm/vmalloc.c > > > +++ b/mm/vmalloc.c > > > @@ -4917,7 +4917,8 @@ bool vmalloc_dump_obj(void *object) > > > static void show_numa_info(struct seq_file *m, struct vm_struct *v) > > > { > > > if (IS_ENABLED(CONFIG_NUMA)) { > > > - unsigned int nr, *counters =3D m->private; > > > + atomic_t *counters =3D m->private; > > > + unsigned int nr; > > > unsigned int step =3D 1U << vm_area_page_order(v); > > > > > > if (!counters) > > > @@ -4931,10 +4932,10 @@ static void show_numa_info(struct seq_file *m= , struct vm_struct *v) > > > memset(counters, 0, nr_node_ids * sizeof(unsigned int= )); > > > > > > for (nr =3D 0; nr < v->nr_pages; nr +=3D step) > > > - counters[page_to_nid(v->pages[nr])] +=3D step= ; > > > + atomic_add(step, &counters[page_to_nid(v->pag= es[nr])]); > > > for_each_node_state(nr, N_HIGH_MEMORY) > > > - if (counters[nr]) > > > - seq_printf(m, " N%u=3D%u", nr, counte= rs[nr]); > > > + if (atomic_read(&counters[nr])) > > > + seq_printf(m, " N%u=3D%u", nr, atomic= _read(&counters[nr])); > > > } > > > } > > > > > > -- > > > > This patch looks bogus to me. > > > > The race is about using m->private for storage, while the same file > > can be read from multiple threads. > > > > Using atomic_t is going to silence syzbot, but the bug is still there. > > A more correct fix would be : > Thanks for your suggestion! It definitely looks much better this way. I'll do some refactoring on show_numa_info() and send out a v2 patch. Regards, Jeongjun Park > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index a6e7acebe9adf5e6c8abd52dcf7d02a6a1bc3030..cb69b44587d2032a6192f3ceb= 518490a05eff541 > 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -4921,24 +4921,24 @@ bool vmalloc_dump_obj(void *object) > static void show_numa_info(struct seq_file *m, struct vm_struct *v) > { > if (IS_ENABLED(CONFIG_NUMA)) { > - unsigned int nr, *counters =3D m->private; > + unsigned int nr, *counters; > unsigned int step =3D 1U << vm_area_page_order(v); > > + if (v->flags & VM_UNINITIALIZED) > + return; > + counters =3D kcalloc(nr_node_ids, sizeof(unsigned int), > GFP_KERNEL); > if (!counters) > return; > > - if (v->flags & VM_UNINITIALIZED) > - return; > /* Pair with smp_wmb() in clear_vm_uninitialized_flag() *= / > smp_rmb(); > > - memset(counters, 0, nr_node_ids * sizeof(unsigned int)); > - > for (nr =3D 0; nr < v->nr_pages; nr +=3D step) > counters[page_to_nid(v->pages[nr])] +=3D step; > for_each_node_state(nr, N_HIGH_MEMORY) > if (counters[nr]) > seq_printf(m, " N%u=3D%u", nr, counters[n= r]); > + kfree(counters); > } > } > > @@ -5032,13 +5032,7 @@ static int vmalloc_info_show(struct seq_file *m, v= oid *p) > > static int __init proc_vmalloc_init(void) > { > - void *priv_data =3D NULL; > - > - if (IS_ENABLED(CONFIG_NUMA)) > - priv_data =3D kmalloc(nr_node_ids * sizeof(unsigned > int), GFP_KERNEL); > - > - proc_create_single_data("vmallocinfo", > - 0400, NULL, vmalloc_info_show, priv_data); > + proc_create_single("vmallocinfo", 0400, NULL, vmalloc_info_show); > > return 0; > }