From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E152C3ABBF for ; Tue, 6 May 2025 11:55:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7F6966B0088; Tue, 6 May 2025 07:55:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 759046B0089; Tue, 6 May 2025 07:55:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5F8556B008A; Tue, 6 May 2025 07:55:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 405886B0088 for ; Tue, 6 May 2025 07:55:46 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 3175A16012D for ; Tue, 6 May 2025 11:55:46 +0000 (UTC) X-FDA: 83412328692.27.04F3E59 Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com [209.85.208.179]) by imf15.hostedemail.com (Postfix) with ESMTP id 33BDDA000F for ; Tue, 6 May 2025 11:55:43 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=hA209cZ+; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf15.hostedemail.com: domain of urezki@gmail.com designates 209.85.208.179 as permitted sender) smtp.mailfrom=urezki@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746532544; a=rsa-sha256; cv=none; b=X1BIIu9C8lGYD38m5OvJ7x2dUYC16nWcW/DMSirbST1X3JtzmUX53bpRd3xHOtkoYMlbpo XLNetiOrKkYNhK7GGMnDq1a/KBH8uQksu/KpcgivKNmBenjRrWMsPKKW3Q9OZ1xEI1eiPy exJHpI9uaC0Tkr6OjQ1oNdCUMdG8mC4= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=hA209cZ+; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf15.hostedemail.com: domain of urezki@gmail.com designates 209.85.208.179 as permitted sender) smtp.mailfrom=urezki@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746532544; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Crh33s5odmDcmUH7zaHEyWwCZ73pPpLq4AVQUaMDOP4=; b=vT6RDwX5tgwTb3dMCLGXHPEgAJahzmDx2lkTStbXzlM1lsRRMkxGwoxX36iZmX6cXhi8E/ PTR+DbQiTPwECuBEnEwA3Zv7j78jhZxKsd4w7PLa7Iuzy3QMnZ2N6ur4Do8DxhKYVJV9iq M5hgPRJqYE8WjlanBD709CEGdgXCvhQ= Received: by mail-lj1-f179.google.com with SMTP id 38308e7fff4ca-30bfe0d2b6dso51165031fa.3 for ; Tue, 06 May 2025 04:55:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746532542; x=1747137342; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:from:to:cc:subject:date:message-id:reply-to; bh=Crh33s5odmDcmUH7zaHEyWwCZ73pPpLq4AVQUaMDOP4=; b=hA209cZ+HXdRKkgLh3tt2gE6OssrmmZBNqwHuRUEwde1KrZi39ZTX4H1KIJVe332hW iYvYyiSLPYekYelLd2BIE1ukCHkcBIbm7bPraZgRXaBOSJle3oLP7lw5B5AAhM5ku92O 1C+nRWbHrIftXDrOGxOERFqpjx37asuk8Q0NdhPmtvSxZgQYN7zyL9NbjU4ce60BufgS Q4/8K+iz/INjQEb+eW1cpc9NLjh695Rxwy+xjHSnOQOQ53GKDhISRWkU9EZiD3iWRocu 5jQlE5VViMzgmsJwBKY6Y9MbjtxqOJgGc3FYGmHetJO8C9qrYnjzUVFClH026TBZ3UC6 vDeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746532542; x=1747137342; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Crh33s5odmDcmUH7zaHEyWwCZ73pPpLq4AVQUaMDOP4=; b=da+M+vHd/LldJe51XANKWzX9kGyewEwjygSkny4yf8r4EKKnznzHW5xuhBQW/4f4Gm HJxi9xrp85/UeP5orK6A+/XOpfU48O15lXhqfGdiYIaVKmCHQJltqYyyfk92I25ScYEg vTBDbNXKaxS1BEcwy17+soDQVTgPkIiks4qzbiolqq5SNQTtX87HoPvOyzgfFfOtMUBR qRb+YzorU2BbNNYZdEU+vbYW+4zk9DcDQ0l9nmVkMbUpwXWUhSD35UfdTOmE+Y6Cz872 k7V/o22FKSmg7wUvLSxEGpl6s/IdfnL5OkKc7MeUNJ0w+l/icV1aOFsIfo1tYGCWQl1N z/tg== X-Forwarded-Encrypted: i=1; AJvYcCV69Zrri7zI37HnVM2BlUqjg4zQKX8So53c4FilOElGzCpZV/PZxN+vVeDeQyZHToB9G8JrpnXIrg==@kvack.org X-Gm-Message-State: AOJu0YwXh3PIlC7496xsQM3ben5OlOMiQXDbdth2X9f1Otz1Sr5MjEbp wkU5xqkWJqp68dnKH2Z2hvQr6SIRX0X0DJQPmcDfjN/vxTT0LMYD X-Gm-Gg: ASbGnctOptwZ4Td5lFd09GWKofbJbZRnG2DP7mMXb/pl/7+ZN8iHx3L71OA4fRlxQ4L 3M0i8F1Lh4WXZ7WGImc0VNL4OKZ9msiV1RgXT6i7QNj1pzsxK432YZ9qPN0Elkv7ccLS9q50kDs IAxuwOfICcCa1CXFcNsAmyTOG/dSlVB4cRc2Gl1IlaRklA0KXspM73s7amBIbuIZF5LfwW9N5mw U55+QN4xpu7yV1tWypeDG6RB3IPyxZzREG6w9tuX75EfahS+CIgaiZc+EQ6Y8NKHldYM1nTOkxp QfuLf7X6j2VX9py15tb3SeOw+9nZHQ1+v+R77aMgxt9zAq4U+0qv6pLfSEap7hRl/MtRSYH/B9A giss= X-Google-Smtp-Source: AGHT+IGVVspd/1uOxqE6l9hGFvhjEDKvNt/3J+RFEmbCQXyzg7F2oN/Dg1ndiK5dW2/9Z4+UR9isfw== X-Received: by 2002:a2e:7019:0:b0:30a:2a8a:e4b5 with SMTP id 38308e7fff4ca-3235201a3c7mr26588281fa.27.1746532541900; Tue, 06 May 2025 04:55:41 -0700 (PDT) Received: from pc636 (host-95-203-26-253.mobileonline.telia.com. [95.203.26.253]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-3202a89f33bsm21226421fa.72.2025.05.06.04.55.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 May 2025 04:55:40 -0700 (PDT) From: Uladzislau Rezki X-Google-Original-From: Uladzislau Rezki Date: Tue, 6 May 2025 13:55:38 +0200 To: Jeongjun Park Cc: akpm@linux-foundation.org, urezki@gmail.com, edumazet@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] mm/vmalloc: fix data race in show_numa_info() Message-ID: References: <20250506082520.84153-1-aha310510@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250506082520.84153-1-aha310510@gmail.com> X-Rspam-User: X-Rspamd-Queue-Id: 33BDDA000F X-Rspamd-Server: rspam04 X-Stat-Signature: 1njf8pigd6rmkw5gjjt8g7sum86y9xtr X-HE-Tag: 1746532543-344683 X-HE-Meta: U2FsdGVkX19QXLRsUjeDHEx8q8B7W1EBxPaiiFznfAzZe/Dd4Tf+BKM9o3ZxQWYuO3HXnBqcmu/39JpVQsyHt00FQt05cv0CCJFXCXKW1OjPZgRsl6c27mXMwPewUURa1NDgdr1FgjA6fv6eC1w+dm74NLmJa2dj2DOFbbig3o9gnetC3bte37nazYwyAS78WUQzFO/lQOhj1aOJ1xIzl/LYSdmV1NpTVV/nkSuH2+c15ExmQXiYMof1cbf14wPspdO19/NZWiqqjwO7I3vFwV6Y2bDWY0xyJDmBviyYISp6tfAFECc4FQd+YlvIfExl9dh9cRhcHWq8NzPVZV6J6pCalz1RlY3vHts27XV//e2rYpHuanZuihZzmoemNaX4Y14ovDnnsmWj5z+FYZ2sKQqGLU+FY0oQHPTFgjtJuAXCiytYlH91Dw0Tvm8mOs3R8XagH164Hj1ZhXbcZb9QnKSipmo9B4qznqmZ6aFN8vcHv7PWM4mVikRmOyjjygwLnFWeUoVS2cHUhELFxK8LzwYWQvismtk3fJ/eFqsD4cjVc+lQXXuxjBPaPh+jqHvmjHpWYbzf4whX3XoFTxjtwBeViySqME9tdxoGbvcvsmHNYpNCPKF5HaQgf7RI4B2/TQ/bvxowMndBWO0cWJ6IHH6bRuEsbOxcoDzQgoVUPR9flNM+oydinlUyYgDjinHM1itZx1D8hpm6ng0T1ugXiw2/HYEO71LRMd0XXO9yJasXOpoBpPrd74hc7fav6A9ZuwZYwxoLENFtW7oXlEJxGcMoD9qxrNyoiqZt0K9Th/jRXsZPlLDJ4YFHWckeAUtj3Lsn1vMMa5tcr6ogC7wJxm+LRpXZgWtGTS5HiFc2Z/YoGdzDpzs7Dw+rh81H6SjnYt3pxzSFpHxuk/aYXqjpP9VQdPT61m+EsSAtbtQUJ7LhjbYyA/LWA/syVBYTy8vD8SqHEy0A2HZ/bnnT++V TCgYzYgs kh8VRX2p6mMi9MMgObBF+1xsQJGT3WvnD+P6ZJ9YuuiiQsz0a+QmBbkXYKLHQsSmNIsh1VR3npOb17qv+L2vHbKobZ+gQZGUYjfgnmE29aYoXVnyAF1CMKupKIfXYDZQ185ScRJ7AV9Y8vmfgF/tqwri8Lsbi9QOKffEy1TFlhecY26a/DS+nw3MJDTx7mhJmwkb1crTTDW6Qyj51qrnGr8roSx86UFoCTO/qyeTIJL4uWKOnD0ylcjDDpeazl2HZeR2cE7wS7tu//XAu/l7UHNwbzhZPAB/mNECtVPCAjmNwZy4tNH5HMi6hyItBr9MaoMRePNSvH3Ekbu5I7ercaSKNTdZi2n5QSW4R4ggVydls7LT0eqOI5yJHKR7vt7JLCAONrf+iKd37RZnKoaA7ak51zCGBFgBX8EAkKd1X81da58by8yBakpzIF6NyBTM4PeCPFTE+4LkhHwcl3d/gLvLItUr8fe/KXAyh/rhmVH8KiKHgwqipPb4i7cSStW40Of0k X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, May 06, 2025 at 05:25:19PM +0900, Jeongjun Park wrote: > The following data-race was found in show_numa_info(): > > ================================================================== > BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show > > read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0: > show_numa_info mm/vmalloc.c:4936 [inline] > vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016 > seq_read_iter+0x373/0xb40 fs/seq_file.c:230 > proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 > new_sync_read fs/read_write.c:489 [inline] > vfs_read+0x5b4/0x740 fs/read_write.c:570 > ksys_read+0xbe/0x190 fs/read_write.c:713 > __do_sys_read fs/read_write.c:722 [inline] > __se_sys_read fs/read_write.c:720 [inline] > __x64_sys_read+0x41/0x50 fs/read_write.c:720 > x64_sys_call+0x1729/0x1fd0 arch/x86/include/generated/asm/syscalls_64.h:1 > do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] > do_syscall_64+0xa6/0x1b0 arch/x86/entry/syscall_64.c:94 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1: > show_numa_info mm/vmalloc.c:4934 [inline] > vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016 > seq_read_iter+0x373/0xb40 fs/seq_file.c:230 > proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 > new_sync_read fs/read_write.c:489 [inline] > vfs_read+0x5b4/0x740 fs/read_write.c:570 > ksys_read+0xbe/0x190 fs/read_write.c:713 > __do_sys_read fs/read_write.c:722 [inline] > __se_sys_read fs/read_write.c:720 [inline] > __x64_sys_read+0x41/0x50 fs/read_write.c:720 > x64_sys_call+0x1729/0x1fd0 arch/x86/include/generated/asm/syscalls_64.h:1 > do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] > do_syscall_64+0xa6/0x1b0 arch/x86/entry/syscall_64.c:94 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > value changed: 0x0000008f -> 0x00000000 > ================================================================== > > According to this report, there is a read/write data-race because m->private > is accessible to multiple CPUs. To fix this, instead of allocating the heap > in proc_vmalloc_init() and passing the heap address to m->private, > show_numa_info() should allocate the heap. > > One thing to note is that show_numa_info() is called in a critical section > of a spinlock, so it must be allocated on the heap with GFP_ATOMIC flag. > > Fixes: a47a126ad5ea ("vmallocinfo: add NUMA information") > Suggested-by: Eric Dumazet > Signed-off-by: Jeongjun Park > --- > v2: Refactoring some functions and fix patch as per Eric Dumazet suggestion > - Link to v1: https://lore.kernel.org/all/20250505171948.24410-1-aha310510@gmail.com/ > --- > mm/vmalloc.c | 50 +++++++++++++++++++++++++------------------------- > 1 file changed, 25 insertions(+), 25 deletions(-) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index 3ed720a787ec..a5e795346141 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -4914,28 +4914,32 @@ bool vmalloc_dump_obj(void *object) > #endif > > #ifdef CONFIG_PROC_FS > + > +/* > + * Print number of pages allocated on each memory node. > + * > + * This function can only be called if CONFIG_NUMA is enabled > + * and VM_UNINITIALIZED bit in v->flags is disabled. > + */ > static void show_numa_info(struct seq_file *m, struct vm_struct *v) > { > - if (IS_ENABLED(CONFIG_NUMA)) { > - unsigned int nr, *counters = m->private; > - unsigned int step = 1U << vm_area_page_order(v); > + unsigned int nr, *counters; > + unsigned int step = 1U << vm_area_page_order(v); > > - if (!counters) > - return; > + counters = kcalloc(nr_node_ids, sizeof(unsigned int), GFP_ATOMIC); > + if (!counters) > + return; > > - if (v->flags & VM_UNINITIALIZED) > - return; > - /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ > - smp_rmb(); > + /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ > + smp_rmb(); > > - memset(counters, 0, nr_node_ids * sizeof(unsigned int)); > + for (nr = 0; nr < v->nr_pages; nr += step) > + counters[page_to_nid(v->pages[nr])] += step; > + for_each_node_state(nr, N_HIGH_MEMORY) > + if (counters[nr]) > + seq_printf(m, " N%u=%u", nr, counters[nr]); > > - for (nr = 0; nr < v->nr_pages; nr += step) > - counters[page_to_nid(v->pages[nr])] += step; > - for_each_node_state(nr, N_HIGH_MEMORY) > - if (counters[nr]) > - seq_printf(m, " N%u=%u", nr, counters[nr]); > - } > + kfree(counters); > } > > static void show_purge_info(struct seq_file *m) > @@ -5013,7 +5017,10 @@ static int vmalloc_info_show(struct seq_file *m, void *p) > if (is_vmalloc_addr(v->pages)) > seq_puts(m, " vpages"); > > - show_numa_info(m, v); > + if (!(v->flags & VM_UNINITIALIZED) && > I think it makes sense to move the VM_UNINITIALIZED check before: v = va->vm; seq_printf(m, "0x%pK-0x%pK %7ld", v->addr, v->addr + v->size, v->size); because it can be still un-initialized, thus flags like "nr_pages", etc will not be valid. Any thoughts? It has nothing to do with a patch, because it fixes other race issue and what i propose might well be a separate patch if we agree. Thanks! -- Uladzislau Rezki