Message ID | 20200130145649.1240-1-cai@lca.pw (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [-next] mm/util: annotate an intentional data race | expand |
On Thu, 30 Jan 2020, Qian Cai wrote > "vm_committed_as.count" could be accessed concurrently as reported by > KCSAN, Acked-by: Christoph Lameter <cl@linux.com>
On Thu, Jan 30, 2020 at 09:56:49AM -0500, Qian Cai wrote: > "vm_committed_as.count" could be accessed concurrently as reported by > KCSAN, > > read to 0xffffffff923164f8 of 8 bytes by task 1268 on cpu 38: > __vm_enough_memory+0x43/0x280 mm/util.c:801 > mmap_region+0x1b2/0xb90 mm/mmap.c:1726 > do_mmap+0x45c/0x700 > vm_mmap_pgoff+0xc0/0x130 > vm_mmap+0x71/0x90 > elf_map+0xa1/0x1b0 > load_elf_binary+0x9de/0x2180 > search_binary_handler+0xd8/0x2b0 > __do_execve_file+0xb61/0x1080 > __x64_sys_execve+0x5f/0x70 > do_syscall_64+0x91/0xb47 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > write to 0xffffffff923164f8 of 8 bytes by task 1265 on cpu 41: > percpu_counter_add_batch+0x83/0xd0 lib/percpu_counter.c:91 > exit_mmap+0x178/0x220 include/linux/mman.h:68 > mmput+0x10e/0x270 > flush_old_exec+0x572/0xfe0 > load_elf_binary+0x467/0x2180 > search_binary_handler+0xd8/0x2b0 > __do_execve_file+0xb61/0x1080 > __x64_sys_execve+0x5f/0x70 > do_syscall_64+0x91/0xb47 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > The warning is almost impossible to trigger according to the commit > 82f71ae4a2b8 ("mm: catch memory commitment underflow") but leave it for > now to catch any possible unbalanced vm_unacct_memory() in the future. > Since only the read is operating as lockless, mark it as an intentional > data race using the data_race() macro. > > Signed-off-by: Qian Cai <cai@lca.pw> > --- > mm/util.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/mm/util.c b/mm/util.c > index 988d11e6c17c..528d2c710771 100644 > --- a/mm/util.c > +++ b/mm/util.c > @@ -798,8 +798,8 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) > { > long allowed; > > - VM_WARN_ONCE(percpu_counter_read(&vm_committed_as) < > - -(s64)vm_committed_as_batch * num_online_cpus(), > + VM_WARN_ONCE(data_race(percpu_counter_read(&vm_committed_as) < > + -(s64)vm_committed_as_batch * num_online_cpus()), > "memory commitment underflow"); > > vm_acct_memory(pages); > -- > 2.21.0 (Apple Git-122.2) > Acked-by: Dennis Zhou <dennis@kernel.org> Thanks, Dennis
> On Jan 30, 2020, at 3:02 PM, Dennis Zhou <dennis@kernel.org> wrote: > > Acked-by: Dennis Zhou <dennis@kernel.org> Andrew, you might forget to pick up this patch?
diff --git a/mm/util.c b/mm/util.c index 988d11e6c17c..528d2c710771 100644 --- a/mm/util.c +++ b/mm/util.c @@ -798,8 +798,8 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) { long allowed; - VM_WARN_ONCE(percpu_counter_read(&vm_committed_as) < - -(s64)vm_committed_as_batch * num_online_cpus(), + VM_WARN_ONCE(data_race(percpu_counter_read(&vm_committed_as) < + -(s64)vm_committed_as_batch * num_online_cpus()), "memory commitment underflow"); vm_acct_memory(pages);
"vm_committed_as.count" could be accessed concurrently as reported by KCSAN, read to 0xffffffff923164f8 of 8 bytes by task 1268 on cpu 38: __vm_enough_memory+0x43/0x280 mm/util.c:801 mmap_region+0x1b2/0xb90 mm/mmap.c:1726 do_mmap+0x45c/0x700 vm_mmap_pgoff+0xc0/0x130 vm_mmap+0x71/0x90 elf_map+0xa1/0x1b0 load_elf_binary+0x9de/0x2180 search_binary_handler+0xd8/0x2b0 __do_execve_file+0xb61/0x1080 __x64_sys_execve+0x5f/0x70 do_syscall_64+0x91/0xb47 entry_SYSCALL_64_after_hwframe+0x49/0xbe write to 0xffffffff923164f8 of 8 bytes by task 1265 on cpu 41: percpu_counter_add_batch+0x83/0xd0 lib/percpu_counter.c:91 exit_mmap+0x178/0x220 include/linux/mman.h:68 mmput+0x10e/0x270 flush_old_exec+0x572/0xfe0 load_elf_binary+0x467/0x2180 search_binary_handler+0xd8/0x2b0 __do_execve_file+0xb61/0x1080 __x64_sys_execve+0x5f/0x70 do_syscall_64+0x91/0xb47 entry_SYSCALL_64_after_hwframe+0x49/0xbe The warning is almost impossible to trigger according to the commit 82f71ae4a2b8 ("mm: catch memory commitment underflow") but leave it for now to catch any possible unbalanced vm_unacct_memory() in the future. Since only the read is operating as lockless, mark it as an intentional data race using the data_race() macro. Signed-off-by: Qian Cai <cai@lca.pw> --- mm/util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)