From patchwork Mon Sep 13 11:35:43 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marco Elver <elver@google.com>
X-Patchwork-Id: 12488597
Return-Path: <SRS0=Ij3b=OD=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-26.2 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id ED6EAC433F5
	for <linux-mm@archiver.kernel.org>; Mon, 13 Sep 2021 11:36:23 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 948DB60F9F
	for <linux-mm@archiver.kernel.org>; Mon, 13 Sep 2021 11:36:23 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 948DB60F9F
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 391226B0071; Mon, 13 Sep 2021 07:36:23 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 319606B0072; Mon, 13 Sep 2021 07:36:23 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 1E351900002; Mon, 13 Sep 2021 07:36:23 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0117.hostedemail.com
 [216.40.44.117])
	by kanga.kvack.org (Postfix) with ESMTP id 0F1746B0071
	for <linux-mm@kvack.org>; Mon, 13 Sep 2021 07:36:23 -0400 (EDT)
Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id AEA8D8249980
	for <linux-mm@kvack.org>; Mon, 13 Sep 2021 11:36:22 +0000 (UTC)
X-FDA: 78582347004.30.1177D34
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	by imf25.hostedemail.com (Postfix) with ESMTP id 670E8B000188
	for <linux-mm@kvack.org>; Mon, 13 Sep 2021 11:36:22 +0000 (UTC)
Received: by mail-wm1-f73.google.com with SMTP id
 n17-20020a7bc5d1000000b002f8ca8bacdeso1576982wmk.3
        for <linux-mm@kvack.org>; Mon, 13 Sep 2021 04:36:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:message-id:mime-version:subject:from:to:cc;
        bh=bSTKtlz5vNtVKimr2bFb/fQDhWY54+Y9NMMcBs2WGw4=;
        b=n6H74Olasmc94WeVrsI2xPj0QmitddSGAzXlHY1m6h98KxPqhp/OTPLd70kpNYOTn1
         EoLNEYyyYgzBUskSPsTKBIfsDUX0hynxclQNYEdF0kxmWeTqnRyAejt1oEXIcgWc7BFM
         mOabxo8uY6F24qND4gxaJpafo5+rweOi8LCIYV0TtIkS6kvXaNIv91/Gjz0amReW2alA
         PrmETMbMR25SboppWmKBj/JaLcIse2uBiK5G+d7n19QhRvd7SYagRTUii8y9/PDRJCrU
         PltrzXQqz3uzvn42VFAyUjVoNJfo6rj/AVrq3PoeMO/BfsiCKTTLcTjGeHrLDENJGXzr
         6Wdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
        bh=bSTKtlz5vNtVKimr2bFb/fQDhWY54+Y9NMMcBs2WGw4=;
        b=GKkpf0lliNbfOb3Pgc7+RJH8HWCjlW+TjXQOJPZfuIHQ3gXk9B8uiv67tz4Gc8v+8/
         9x5gqKxbY4FQlG0swQW0LsUHiuILIH1XQiHJDwoO4olsM5cq42GGonUBLPv1NAvLl6+n
         pEaRyJuFf/i+RsHL9cp7EhFYc3Y9/02sI9ZI9oAognbd0gTdbA1+vLoWg1sdG4ql6Edn
         uD/KgC0/Ui5X4tTwIMcRW2qXNdafbL0sRg3CWXNBvv3a72l7m/addBpHglL9kzJX4UTb
         9+LVYF5pS84o5svQuMw1iMFrWhZLcf51V2QuycD+yAk9g1gbRISjKErRG0BxMM68JaZg
         RPuw==
X-Gm-Message-State: AOAM5338ZWWZOpnKzC4uIHygPGFDHMzvSaHtLSsMcjvrplE75VD1/5id
	T5NMsHuKxsn7Q96WwaqtK4JRgZlsOg==
X-Google-Smtp-Source: 
 ABdhPJwQ5Je8nwY9tzaKcsKe5dMu6MzJFIb8KutO7phtgxvT7cF3sx8B6Pv3NcXy6K3w8ofGZGPAn/j1Sg==
X-Received: from elver.muc.corp.google.com
 ([2a00:79e0:15:13:1f19:d46:38c8:7e48])
 (user=elver job=sendgmr) by 2002:a05:600c:3203:: with SMTP id
 r3mr10555555wmp.175.1631532981131; Mon, 13 Sep 2021 04:36:21 -0700 (PDT)
Date: Mon, 13 Sep 2021 13:35:43 +0200
Message-Id: <20210913113542.2658064-1-elver@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.33.0.309.g3052b89438-goog
Subject: [PATCH] mm: fix data race in PagePoisoned()
From: Marco Elver <elver@google.com>
To: elver@google.com, Andrew Morton <akpm@linux-foundation.org>,
 linux-mm@kvack.org,
	Will Deacon <will@kernel.org>,
 "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
	kernel test robot <oliver.sang@intel.com>
X-Rspamd-Server: rspam01
X-Rspamd-Queue-Id: 670E8B000188
Authentication-Results: imf25.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=n6H74Ola;
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf25.hostedemail.com: domain of
 3tTc_YQUKCDISZjSfUccUZS.QcaZWbil-aaYjOQY.cfU@flex--elver.bounces.google.com
 designates 209.85.128.73 as permitted sender)
 smtp.mailfrom=3tTc_YQUKCDISZjSfUccUZS.QcaZWbil-aaYjOQY.cfU@flex--elver.bounces.google.com
X-Stat-Signature: m8qtjwwtdi5tmcua7qqa6qdbioaf9gj3
X-HE-Tag: 1631532982-591208
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

PagePoisoned() accesses page->flags which can be updated concurrently:

  | BUG: KCSAN: data-race in next_uptodate_page / unlock_page
  |
  | write (marked) to 0xffffea00050f37c0 of 8 bytes by task 1872 on cpu 1:
  |  instrument_atomic_write           include/linux/instrumented.h:87 [inline]
  |  clear_bit_unlock_is_negative_byte include/asm-generic/bitops/instrumented-lock.h:74 [inline]
  |  unlock_page+0x102/0x1b0           mm/filemap.c:1465
  |  filemap_map_pages+0x6c6/0x890     mm/filemap.c:3057
  |  ...
  | read to 0xffffea00050f37c0 of 8 bytes by task 1873 on cpu 0:
  |  PagePoisoned                   include/linux/page-flags.h:204 [inline]
  |  PageReadahead                  include/linux/page-flags.h:382 [inline]
  |  next_uptodate_page+0x456/0x830 mm/filemap.c:2975
  |  ...
  | CPU: 0 PID: 1873 Comm: systemd-udevd Not tainted 5.11.0-rc4-00001-gf9ce0be71d1f #1

To avoid the compiler tearing or otherwise optimizing the access, use
READ_ONCE() to access flags.

Link: https://lore.kernel.org/all/20210826144157.GA26950@xsang-OptiPlex-9020/
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Marco Elver <elver@google.com>
Cc: Will Deacon <will@kernel.org>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 include/linux/page-flags.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h
index a558d67ee86f..628ab237665e 100644
--- a/include/linux/page-flags.h
+++ b/include/linux/page-flags.h
@@ -206,7 +206,7 @@ static __always_inline int PageCompound(struct page *page)
 #define	PAGE_POISON_PATTERN	-1l
 static inline int PagePoisoned(const struct page *page)
 {
-	return page->flags == PAGE_POISON_PATTERN;
+	return READ_ONCE(page->flags) == PAGE_POISON_PATTERN;
 }
 
 #ifdef CONFIG_DEBUG_VM