From patchwork Fri Feb 7 17:21:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qian Cai X-Patchwork-Id: 11370831 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 23C8992A for ; Fri, 7 Feb 2020 17:22:28 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id D76762082E for ; Fri, 7 Feb 2020 17:22:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lca.pw header.i=@lca.pw header.b="ku1eaJ8N" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D76762082E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lca.pw Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 22AFB6B0003; Fri, 7 Feb 2020 12:22:27 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1DB226B0006; Fri, 7 Feb 2020 12:22:27 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0F1746B0007; Fri, 7 Feb 2020 12:22:27 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0045.hostedemail.com [216.40.44.45]) by kanga.kvack.org (Postfix) with ESMTP id EC4EC6B0003 for ; Fri, 7 Feb 2020 12:22:26 -0500 (EST) Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 8DD95180AD804 for ; Fri, 7 Feb 2020 17:22:26 +0000 (UTC) X-FDA: 76463999892.15.pan08_15488ba70044b X-Spam-Summary: 2,0,0,6206d642dddc714a,d41d8cd98f00b204,cai@lca.pw,:akpm@linux-foundation.org:hannes@cmpxchg.org:mhocko@kernel.org:vdavydov.dev@gmail.com:elver@google.com:cgroups@vger.kernel.org::linux-kernel@vger.kernel.org:cai@lca.pw,RULES_HIT:41:355:379:541:800:960:966:973:988:989:1260:1345:1437:1535:1543:1711:1730:1747:1777:1792:2196:2199:2393:2559:2562:2918:3138:3139:3140:3141:3142:3353:3865:3866:3867:3868:3870:3871:3872:4117:4250:4321:4385:4605:5007:6238:6261:6653:7903:7904:8603:8784:8957:9163:10004:11026:11473:11657:11658:11914:12043:12296:12297:12438:12517:12519:12555:12679:12740:12895:12986:13161:13229:13870:14018:14104:14181:14394:14721:21067:21080:21220:21444:21627:21990:30029:30054:30056,0,RBL:209.85.160.195:@lca.pw:.lbl8.mailshell.net-62.2.0.100 66.100.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none X-HE-Tag: pan08_15488ba70044b X-Filterd-Recvd-Size: 6237 Received: from mail-qt1-f195.google.com (mail-qt1-f195.google.com [209.85.160.195]) by imf10.hostedemail.com (Postfix) with ESMTP for ; Fri, 7 Feb 2020 17:22:26 +0000 (UTC) Received: by mail-qt1-f195.google.com with SMTP id v25so2406274qto.7 for ; Fri, 07 Feb 2020 09:22:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id; bh=vQB77v92IwZwqEzds5lYvt972FWysZSlX36ikp3H76A=; b=ku1eaJ8NHCTWizII24U5UbU0csBtEmjMxQvt7dpGLUa8/W+XjzGZd/NFKogIsGZhUW tjhf4CR1FJHrzjD/EWNc1tk8poFJ3nZIy6kGGJIIlLYdBGWjEhJYaW1eQjfitjHv3joe KzJHUzfS5CyCWZUsphRKJpaLtuy0L9yErzUxM67g/QlmywjJHV3gK7cPj1Fh0oMxPGEG 31OTjs0wW+rLs4kw96NtfPgAO1JXPQFStKBAdUIavloHPE+DBN35FPZb2sFKkxxeoldC seB6ahNNJoji0z3RlTKkXXOcYbXPoG0W39FL4OLgJCO4T1HvN5zibh2NFWiq8CFbgSso ppAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=vQB77v92IwZwqEzds5lYvt972FWysZSlX36ikp3H76A=; b=aXPe4sIl/hyiQnSQCQcIdsGDRgphxY9bliedjFm/SxmKJe+9A5xXuZHs153NIUUirh nTGqBL9fvfemQKBZzE76TKHMw3vF3knd8dq+Sj3OAJIp3kCpQj6ZeD3IiucCmYiO8+OX 7Lx8RORmCZNIbWMWA/Fo9iIagIaT7d0XaXlESXbVQMETYLJcqjHd5W9XSo2KdKPoJzY4 AqoKQUVZCg36OyZ1P/KMBjSZNPMwSwVPKn4XnppoRVHkuzKFO9sBxo6zf9oW6f5bY4xr ifIHSfO4rb9y4omDfMdUdY9xtk8QFpEceXkjZTBZNmtuyXrideUHpA/43ZV6eYku4Sgl 7heA== X-Gm-Message-State: APjAAAUEgbXVJ0HQEjCqdiFNPcTklEtHZJEPgVnwJmDjMB/aSlt/lDNs vJraYEXlBBhNR/QztGz4TIyGaQ== X-Google-Smtp-Source: APXvYqwYzX+5Y/qFVobmc9Tc5YUyGFVZoUD0dW9jpbXeaWdgbBPas6sppQz4atm4xMNhogkqpMrmvA== X-Received: by 2002:ac8:5208:: with SMTP id r8mr8375434qtn.131.1581096145499; Fri, 07 Feb 2020 09:22:25 -0800 (PST) Received: from qcai.nay.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id y194sm1600745qkb.113.2020.02.07.09.22.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Feb 2020 09:22:24 -0800 (PST) From: Qian Cai To: akpm@linux-foundation.org Cc: hannes@cmpxchg.org, mhocko@kernel.org, vdavydov.dev@gmail.com, elver@google.com, cgroups@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH v2] mm/memcontrol: fix a data race in scan count Date: Fri, 7 Feb 2020 12:21:59 -0500 Message-Id: <1581096119-13593-1-git-send-email-cai@lca.pw> X-Mailer: git-send-email 1.8.3.1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: struct mem_cgroup_per_node mz.lru_zone_size[zone_idx][lru] could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in lruvec_lru_size / mem_cgroup_update_lru_size write to 0xffff9c804ca285f8 of 8 bytes by task 50951 on cpu 12: mem_cgroup_update_lru_size+0x11c/0x1d0 mem_cgroup_update_lru_size at mm/memcontrol.c:1266 isolate_lru_pages+0x6a9/0xf30 shrink_active_list+0x123/0xcc0 shrink_lruvec+0x8fd/0x1380 shrink_node+0x317/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 read to 0xffff9c804ca285f8 of 8 bytes by task 50964 on cpu 95: lruvec_lru_size+0xbb/0x270 mem_cgroup_get_zone_lru_size at include/linux/memcontrol.h:536 (inlined by) lruvec_lru_size at mm/vmscan.c:326 shrink_lruvec+0x1d0/0x1380 shrink_node+0x317/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_current+0xa6/0x120 alloc_slab_page+0x3b1/0x540 allocate_slab+0x70/0x660 new_slab+0x46/0x70 ___slab_alloc+0x4ad/0x7d0 __slab_alloc+0x43/0x70 kmem_cache_alloc+0x2c3/0x420 getname_flags+0x4c/0x230 getname+0x22/0x30 do_sys_openat2+0x205/0x3b0 do_sys_open+0x9a/0xf0 __x64_sys_openat+0x62/0x80 do_syscall_64+0x91/0xb47 entry_SYSCALL_64_after_hwframe+0x49/0xbe Reported by Kernel Concurrency Sanitizer on: CPU: 95 PID: 50964 Comm: cc1 Tainted: G W O L 5.5.0-next-20200204+ #6 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 The write is under lru_lock, but the read is done as lockless. The scan count is used to determine how aggressively the anon and file LRU lists should be scanned. Load tearing could generate an inefficient heuristic, so fix it by adding READ_ONCE() for the read and WRITE_ONCE() for the writes. Signed-off-by: Qian Cai --- v2: also have WRITE_ONCE() in the writer which is necessary. include/linux/memcontrol.h | 2 +- mm/memcontrol.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h index a7a0a1a5c8d5..e8734dabbc61 100644 --- a/include/linux/memcontrol.h +++ b/include/linux/memcontrol.h @@ -533,7 +533,7 @@ unsigned long mem_cgroup_get_zone_lru_size(struct lruvec *lruvec, struct mem_cgroup_per_node *mz; mz = container_of(lruvec, struct mem_cgroup_per_node, lruvec); - return mz->lru_zone_size[zone_idx][lru]; + return READ_ONCE(mz->lru_zone_size[zone_idx][lru]); } void mem_cgroup_handle_over_high(void); diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 6f6dc8712e39..daf375cc312c 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -1263,7 +1263,7 @@ void mem_cgroup_update_lru_size(struct lruvec *lruvec, enum lru_list lru, lru_size = &mz->lru_zone_size[zid][lru]; if (nr_pages < 0) - *lru_size += nr_pages; + WRITE_ONCE(*lru_size, *lru_size + nr_pages); size = *lru_size; if (WARN_ONCE(size < 0, @@ -1274,7 +1274,7 @@ void mem_cgroup_update_lru_size(struct lruvec *lruvec, enum lru_list lru, } if (nr_pages > 0) - *lru_size += nr_pages; + WRITE_ONCE(*lru_size, *lru_size + nr_pages); } /**