From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E2D8CF9C73 for ; Tue, 24 Sep 2024 02:26:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8276E6B0085; Mon, 23 Sep 2024 22:26:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7AF346B0088; Mon, 23 Sep 2024 22:26:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 650826B0089; Mon, 23 Sep 2024 22:26:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 41DF56B0085 for ; Mon, 23 Sep 2024 22:26:26 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id AE4921416DD for ; Tue, 24 Sep 2024 02:26:25 +0000 (UTC) X-FDA: 82598042730.23.56883BB Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf17.hostedemail.com (Postfix) with ESMTP id 7F25640004 for ; Tue, 24 Sep 2024 02:26:23 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=rZfh1b+E; spf=none (imf17.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727144749; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZDTM9dgz3joIOALKhYHslbayqUZJuS6PKZj5p9gHktU=; b=kFVggFMx4lBz1l16VFzaZnFDr85955wDe8hywRUMaJs6vE5yF0UHcWDdYItmNq+3hu2sUK PYY51twhVluswcZuFcC0ragiV1ytDrofPPaHFDwIMl6rZfdm4WzXVSflzo9bNNOiDCW+Nn 6zp/OrkfQ9To2WF3GqyeOtymTiPlMho= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=rZfh1b+E; spf=none (imf17.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727144749; a=rsa-sha256; cv=none; b=HsV8OviOeU5xy5GFtaR4dMzEZiIC5yRuLQ6sVkS++D9EUj2iMAZmpZ8WNCgF+C60I31dsG RTHwJB5Krw7GAgyRuRaPrNhafHiG43qshZcO0ZsBwi/0uuAPRkDFIPfu4KwZf4it1AA40E +V8icF4ZcCfTsFzISY2G4aR8fUc1qhs= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=ZDTM9dgz3joIOALKhYHslbayqUZJuS6PKZj5p9gHktU=; b=rZfh1b+E7V34Xo+laExYEWrKfh kKwq0PjG6UHW8YGhbWgVBfkH38g5uUGy6SSiolrvneBDmK2THVCDutrGeGxNkC9JJGHiTnzsVwdoV RSN/hyapHRfyu1Eigx1/0RQHmiSY0GFZxJbgWLinbKVKg2m6FGCixOeE+Q03o3wB+VEO5UpaNd3m2 ubctfg0hs651ObHGNqu8Q13JBE2fTpWd7MD5uFwUcqOPfX6UZF0lvQK2/oMC3KiASU61PBkuO1+YF nGpD+i/VWerlXH2a/AxqF/Rp0DK6EbOuixfd6PvNVWPBObGi1gM1/TlHpXwLZQiAEBORrjCZ+32cZ vy8OLjSA==; Received: from willy by casper.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1ssvFl-00000000BB7-3eH4; Tue, 24 Sep 2024 02:26:13 +0000 Date: Tue, 24 Sep 2024 03:26:13 +0100 From: Matthew Wilcox To: Jeongjun Park Cc: David Hildenbrand , akpm@linux-foundation.org, wangkefeng.wang@huawei.com, ziy@nvidia.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, syzbot Subject: Re: [PATCH] mm: migrate: fix data-race in migrate_folio_unmap() Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspam-User: X-Stat-Signature: mk8j9nummerbzh94au5ttmti9zhmp9qq X-Rspamd-Queue-Id: 7F25640004 X-Rspamd-Server: rspam11 X-HE-Tag: 1727144783-332619 X-HE-Meta: U2FsdGVkX1+031QG20juNM74M4lqNP1x1iGkUokYhNxh6Mg+1GZSAS+AByf/OAHCEmlvJsM/TAKwFjGiQmwLpC4ynej34PUciE+5lJkoaQyv9Lsidt7KjCsxnp4MFKrej97RsXROxxO6f4yGXnD2HnM0r+cTZHmT2eb6tIF7KBv2+8BXNch2LSaL4CdOYQGGYavnabrSA+BwJBHgAJPPuVJcD+c4komKrsavRN5paCmEGtyeIM2Xai3i+aJBeankDdtGk1DL9CiI28PTyNWYuZbckU0rs5Wn6unr/Kf9MfAKEgKXHFUZLPtpwxCSrbjy2g6J4YO5FpMX9BqgJgXbB4jcgaJjhvTzEwULnAvEVZFczzc2NtcRc5KYR1MNEADQAeMV0rfzNn8vk11UnMhoH/REumZnblqDvhZ72HZAack593D2xQAEQnDdaqXo7vxz5Bu4TPpeSoXinyweE4S1ZWyiX2iGswiZr7zHqSLEFe9/w4aHZeW21PBgctCxcB/0/aSHfCN4d2GVrZc4wiSRIQ0ArEc+4qiXUvNoIeDPrfnlraIcxskKynZ5TmWoTTn9VIpJb1meG/2I5mng3Y1YOq0rBb25cAuE5wb5rF9go8Qv/+Ql1mC1JNU94Q7g7DVzcoQ8cuFCf9A/gOYevS/BCi5Ii4IM4zzmQfAv5KyRoC4kKLjCEADT2EEcS6pjJcctnM9AfoSzn20Kab1IzmQI1kjrg/QNsTZHdmd6B1Y1Q9jxy61ZgWaEdTDVlDKfNDYHaLk/4DXVbfL0+cGLpJBkwxZVA2cS+Gk6anZ/9Et07KSXeipbsiCga1h5OVWhwbOsQ20559BXrTlvIph1HoJtVvkNSALW/5i9T+CRe9cv+a8giQT8T3ilsX+QdToBdD3/okoHU93kd6OvVYV41FA7xKtvrEzv2VI2aRW+tu9z2ypCoQeH9o9JlJ7++9AUqGjxUurerWCnlwagAfroYCi 9UgSz7FO 49zQ2hBlZF+rlK1mbIj04xKYcOstq52DhKZ3bPktNk9NLId5NzpZn9o1KKoP9E/QrG4sNMTURqKl/Nl94tt4Lv8PstwVQ8HeGP4JYBzTckaf/WOiYMYS5OqG+PZXLxLVNB1aoFV4Kgcz0wWzVTVLWTd68iyxnDn3C7z9ZCF5ysNDfqKgrab7BwQBx1eFSqZ6OyqN15xl+f1YZRkaA1zh9QA304wbURrGLj4GLaEw8tzl//fHKHBpg5YO72aDlUzuCTuaekqEh4Go/TC1HrEWjkj+OREimUxnOxPw7cbx3+73FwMwqSJRDTcJdvGQ3HM3005rGmbh811DSBw+9dRylHw2NDdPAg0OAEV2gy5adRAFyBu0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Sep 24, 2024 at 09:28:44AM +0900, Jeongjun Park wrote: > > Matthew Wilcox wrote: > > > > On Mon, Sep 23, 2024 at 05:56:40PM +0200, David Hildenbrand wrote: > >>> On 22.09.24 17:17, Jeongjun Park wrote: > >>> I found a report from syzbot [1] > >>> > >>> When __folio_test_movable() is called in migrate_folio_unmap() to read > >>> folio->mapping, a data race occurs because the folio is read without > >>> protecting it with folio_lock. > >>> > >>> This can cause unintended behavior because folio->mapping is initialized > >>> to a NULL value. Therefore, I think it is appropriate to call > >>> __folio_test_movable() under the protection of folio_lock to prevent > >>> data-race. > >> > >> We hold a folio reference, would we really see PAGE_MAPPING_MOVABLE flip? > >> Hmm > > > > No; this shows a page cache folio getting truncated. It's fine; really > > a false alarm from the tool. I don't think the proposed patch > > introduces any problems, but it's all a bit meh. > > > > Well, I still don't understand why it's okay to read folio->mapping > without folio_lock . Because it can't be changed in a way which changes the value of __folio_test_movable(). We have a refcount on the folio at this point, so it can't be freed. And __folio_set_movable() happens at allocation.