From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF5D8C3ABBF for ; Tue, 6 May 2025 11:56:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1D5046B008A; Tue, 6 May 2025 07:56:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 15BAC6B008C; Tue, 6 May 2025 07:56:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F18936B0092; Tue, 6 May 2025 07:56:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id CDCB26B008A for ; Tue, 6 May 2025 07:56:25 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id A13C6B73C1 for ; Tue, 6 May 2025 11:56:25 +0000 (UTC) X-FDA: 83412330330.07.3BA36BE Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by imf18.hostedemail.com (Postfix) with ESMTP id B44471C000B for ; Tue, 6 May 2025 11:56:23 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=GdRz3XgW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf18.hostedemail.com: domain of mjguzik@gmail.com designates 209.85.128.52 as permitted sender) smtp.mailfrom=mjguzik@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746532583; a=rsa-sha256; cv=none; b=K2ctaSMLpzpHgs7Bcn2bu0Ee0KkZHA3wnZ/wWJfa3+S/vJG7CUgnqJ0R0E9OLAIepO8u6s bGMSmGK5FBjlo4LtJVJ/vC8vwLpYRggnF0rH9E4VN8DNjbD/nWV1C/hdJB8UqWD7gmshnK UpW6RblkN87fYBDo3CYggrwdxy4G7Rk= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=GdRz3XgW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf18.hostedemail.com: domain of mjguzik@gmail.com designates 209.85.128.52 as permitted sender) smtp.mailfrom=mjguzik@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746532583; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PSp23uKg30FosdR57Aue+EjwAXnVYQPmW9iMNcd6hw0=; b=Jdblp5M1xBlEgrQp2otxZ/q0CfuQ9b5Gub2XVw/MgPvWIV+eTVU2egXNhkH0N+simHMdM+ fx7lTTDF1/t+bn3aYwcS8xnW7C7CzAYzLErD3UkI1rHgLpIPcAbvs8vErWlmFK3PdpXknn VaFWvAD75ABg0j8Az4i5+cGlVeyR8/8= Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-43cfe63c592so51761205e9.2 for ; Tue, 06 May 2025 04:56:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746532582; x=1747137382; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=PSp23uKg30FosdR57Aue+EjwAXnVYQPmW9iMNcd6hw0=; b=GdRz3XgWp7448/+SavLoiSLc61xgJJ8qRx82745BcDk0mONxTMR7tWJwGrc4eB/NCh BJVUSRcLlYneapGZS0A3iKkJIxHhE5EFRtVdbOa+EDTfjZ0ae4hWfcq3IM11DwOgf832 f+qgg0KjmrmLex9PkSe63sP5JfR0wemRpnO5ikTrS2JBIdtKmBKnYpz/v7OxNZ+FWKnQ mh5NwpLevdNvCU2MzopJ6l4iINkJXLggQJO4Bq4jfFi+/0qRzdzom5SwIwcGDKJj+cPG RrdicYBtne1bpluj0ZQNqBzFzEv2Jo/UqxBCVng33f3eMHC/HjKfZ7DHDLuIwkOe2vbT 2Qaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746532582; x=1747137382; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PSp23uKg30FosdR57Aue+EjwAXnVYQPmW9iMNcd6hw0=; b=wwQ7hUNWMBq+MMk12CiEXEZ5XrDFtby10PdHkkozUSJydKnUndCn+/UO7Dlo9qavRB 9H++IdHjYynF/bSAgFqRFFiYMPiX6rNYfANRV91nxm93b/MetbAjim8aELUmXXy3n8XJ WnetQSK3PlojBSCkahbGslJBPiNRc7b+VWbppBXejjT5V7wIPBbnL1jkEKF4tcKrmLZr cXQK6fqKBaeru0htOG4mJRCCAhjT2RbcpYhevwoRLkabDg3wHq1159H5/vqbMtsVDC3j UWfl+wQwVOF3Xf8OeD1lR53k2XayXeHbOeQ/Htj5OVeHBzxrJ5OvD2mVf1hKmbQVYJ9E jOFg== X-Forwarded-Encrypted: i=1; AJvYcCWwqXXcn04Gl2rbj9SulLauiHxTWSPpiE27epvuo9allqipf3x7nWrnnCWfZ36fc+/Z9Msmyq75Fw==@kvack.org X-Gm-Message-State: AOJu0YyV+p+NqHak22m7p/yZd7oP5ES49JCdXbUIqHllJd6QXSGsSvO1 W/T3vVvt+uayTSDZaIjpLIljjMH1FZN0UI6KnaFbkDTwRQbAlBq5 X-Gm-Gg: ASbGncu4miVlLMKGV4fsP+RXtBKFXxuE77QIia45E2W3sb0vefuohkRYnRNNUN05Dkg 7Cgtn47VK+HDkjBII3sBd70+MKaq5FPdxwSn36oB9EHIZE+aep+CzGKyjGJ7cwQxfWjZ8iui8TS uSnA/QJYOeisWDZUbN/2CqIPrqjK/3tzW5EDMJAuPOH9gG4S5BDUpD05u6jn6R6pNesuymFrUHV Oj2oaOZbLR9cZim5sbE3um7t7VhEIzK+uXesT96XTnmZ68hi8BwkzHMIbbKTsnxx4hDA0cAbSGH i7HZFGVVeFyuC4fciBgSkrsQpQeBXQ94K1VFPq/VV4n05gockEcQcTQi6frKhg== X-Google-Smtp-Source: AGHT+IEUE9rYhVi250wDtV5/V82hfsptu/C5vtWowRF13T50+FQmQCJ1nlvMwA+hON9plMr6424SeA== X-Received: by 2002:a05:6000:1a89:b0:38f:2413:2622 with SMTP id ffacd0b85a97d-3a09fde46c2mr8312683f8f.47.1746532581784; Tue, 06 May 2025 04:56:21 -0700 (PDT) Received: from f (cst-prg-3-11.cust.vodafone.cz. [46.135.3.11]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-441b89ed4d4sm164477165e9.19.2025.05.06.04.56.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 May 2025 04:56:20 -0700 (PDT) Date: Tue, 6 May 2025 13:56:13 +0200 From: Mateusz Guzik To: Jeongjun Park Cc: dennis@kernel.org, tj@kernel.org, cl@linux.com, akpm@linux-foundation.org, jack@suse.cz, hughd@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] lib/percpu_counter: fix data race in __percpu_counter_limited_add() Message-ID: References: <20250506102402.88141-1-aha310510@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20250506102402.88141-1-aha310510@gmail.com> X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: B44471C000B X-Stat-Signature: q4usopd7xpjr155e87db9wus4c7yzyy9 X-Rspam-User: X-HE-Tag: 1746532583-250187 X-HE-Meta: U2FsdGVkX1/cLtrf6rYYxUOhq/w3AYptu/jeIp6WG78z0g9y3ALWyd1cFadbimj+NtSbdeHpJw06Eb37VAyEJH2xnRXbk9ttqeZHsC2OmB4P1o/nt0YgJhv6Os9nZGMMCstd/lEDMRfewkwcOMXZHi2Wh2MtaW7xMTJniU/oCYmeuGXZSxdI2jk/9UredVNda/SU/h20WLn+JQpp8muL0cuVBr2rrVYMvfgNowmI+TMslgHtQ/b2jm3URuVjvzENGx9dVH4fI67kJJ1kh7UvAcWWv71jdy8QV15teLRGNp187h8X0Rc4RKScapY9mDT7Ee48WM+pI+fzogZdHlW2yPs9wlQqrU659T0C+wr8lckr2d3TJdUbzwEjiThC7NdC5s7oTj6PnssnX0fEcCqRkZ/2a55y2Kcai4g3kF9ANSmuKg7sg77WNwJzMFfnJYP8BCHFzP0uiBHhfqzA4+ABqMk0ssPUDxEXpe5FjAYWZIuqCUF3ExjFBeoinJM7JoiNs/3sX/RMncDgSq4RkmZ9aUtW32xRsaGxTtn1ksbLaYA7go02PCcQ5QD6GjaIgQHAXYAgH8VWJ4QOYyuYZvwoVDK0pNGSVstyIQuV0BrPIQRTodkFE9F4zjD6xbQwu9qE93j7yQzMqC93pziCKaEFsK1Wdh0VS9Hqih8C4juc3AkGdfiNDVfC4dpkdZ+Lbi0zuF2xxVJAxgSrq1W/o/BQMnnCan5O0W5rp6H/wkHtwsGnt865xpaOXpNwpFNujyJRF6gUh7DkqgNyCBEeLdqhDFECo1zGIVgVYYSZNNQ1vytKuevfoUND+e7osjIa20sNoyurQqBxaaIY/VsZklKIoiV8BkkwqJ902014qSfU8QwbNZpeGiI5OONPd7xDMbyHsoW0Z7CaZCN8kD8/QH2LdEtYe3Gd5ziqRjL/a5oWgxev4ChiA+NcQ9CtjMoVXoiH8tn8Ka97+NMaDdg2iTY lcjnTLB2 SANcTRBe9SVuYrR1y/JafgdmXy5BpD42yVsr3IwyZW5lq9MPKL/CZpdUg0G1U8TnsNqzyMddYRkxOzhhpIeiPweJCzSu7jm5GkQN5NWw9bs3vbnETeGDTWvJVhAT2Aha/q4qdyw2umO+r+/CWcrvAkBthCMLSSaEjVLnrAvi5yq4h8BL5ZWE64FPrsN/Lu7rYCFY7qkoQj1gLKGnuyVFJGUAJJMq2DwkjB1KurYibL70TccBrJcnq4yFrCGY++FQJiZJsj2JO95KyNrqgeG8su7ILnn4d09D6JZxzaJE0BLpXzsU6I8lloxoxFDKMlbOw/npHWRrWIxa0e7wp48V7TR/jOQPjFYLZViaE8ynJ1x8X2RIxk6JE3ApawgRyxhIk/KP7pJlPuNVSx7UxXdTl+QVBHCG6Lch5Rleg9AzVVfUn6Tk383brmyxnEGHEKOvWvj1gFasuq242LglC1u3AaWj9ih/m/81hSSf656xX7fzu3uA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, May 06, 2025 at 07:24:02PM +0900, Jeongjun Park wrote: > The following data-race was found in __percpu_counter_limited_add(): > > ================================================================== > BUG: KCSAN: data-race in __percpu_counter_limited_add / __percpu_counter_limited_add > > write to 0xffff88801f417e50 of 8 bytes by task 6663 on cpu 0: > __percpu_counter_limited_add+0x388/0x4a0 lib/percpu_counter.c:386 > percpu_counter_limited_add include/linux/percpu_counter.h:77 [inline] > shmem_inode_acct_blocks+0x10e/0x230 mm/shmem.c:233 > shmem_alloc_and_add_folio mm/shmem.c:1923 [inline] > shmem_get_folio_gfp.constprop.0+0x87f/0xc90 mm/shmem.c:2533 > shmem_get_folio mm/shmem.c:2639 [inline] > .... > > read to 0xffff88801f417e50 of 8 bytes by task 6659 on cpu 1: > __percpu_counter_limited_add+0xc8/0x4a0 lib/percpu_counter.c:344 > percpu_counter_limited_add include/linux/percpu_counter.h:77 [inline] > shmem_inode_acct_blocks+0x10e/0x230 mm/shmem.c:233 > shmem_alloc_and_add_folio mm/shmem.c:1923 [inline] > shmem_get_folio_gfp.constprop.0+0x87f/0xc90 mm/shmem.c:2533 > shmem_get_folio mm/shmem.c:2639 [inline] > .... > > value changed: 0x000000000000396d -> 0x000000000000398e > ================================================================== > > __percpu_counter_limited_add() should protect fbc via raw_spin_lock(), > but it calls spinlock in the wrong place. This causes a data-race, > so we need to fix it to call raw_spin_lock() a bit earlier. > > Fixes: beb986862844 ("shmem,percpu_counter: add _limited_add(fbc, limit, amount)") > Signed-off-by: Jeongjun Park > --- > lib/percpu_counter.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lib/percpu_counter.c b/lib/percpu_counter.c > index 2891f94a11c6..17f9fc12b409 100644 > --- a/lib/percpu_counter.c > +++ b/lib/percpu_counter.c > @@ -336,6 +336,7 @@ bool __percpu_counter_limited_add(struct percpu_counter *fbc, > return true; > > local_irq_save(flags); > + raw_spin_lock(&fbc->lock); > unknown = batch * num_online_cpus(); > count = __this_cpu_read(*fbc->counters); > > @@ -344,11 +345,10 @@ bool __percpu_counter_limited_add(struct percpu_counter *fbc, > ((amount > 0 && fbc->count + unknown <= limit) || > (amount < 0 && fbc->count - unknown >= limit))) { > this_cpu_add(*fbc->counters, amount); > - local_irq_restore(flags); > - return true; > + good = true; > + goto out; > } > > - raw_spin_lock(&fbc->lock); > count = fbc->count + amount; > > /* Skip percpu_counter_sum() when safe */ > -- > As this always takes the centralized lock in the fast path this defeats the point of using a per-cpu counter in the first place. I noted this thing is buggy almost a year ago: https://lore.kernel.org/linux-mm/5eemkb4lo5eefp7ijgncgogwmadyzmvjfjmmmvfiki6cwdskfs@hi2z4drqeuz6/ per the e-mail I don't believe existence of this routine is warranted. shmem is still the only consumer.