From patchwork Thu Feb 6 13:17:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qian Cai X-Patchwork-Id: 11368423 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D255C109A for ; Thu, 6 Feb 2020 13:18:10 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9F3CB217F4 for ; Thu, 6 Feb 2020 13:18:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lca.pw header.i=@lca.pw header.b="tFWWvENZ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9F3CB217F4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lca.pw Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id DA83D6B0007; Thu, 6 Feb 2020 08:18:09 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id D59786B0008; Thu, 6 Feb 2020 08:18:09 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C95AF6B000A; Thu, 6 Feb 2020 08:18:09 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0093.hostedemail.com [216.40.44.93]) by kanga.kvack.org (Postfix) with ESMTP id B198B6B0007 for ; Thu, 6 Feb 2020 08:18:09 -0500 (EST) Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 533092827 for ; Thu, 6 Feb 2020 13:18:09 +0000 (UTC) X-FDA: 76459755498.24.swing33_cee2d82bfd2e X-Spam-Summary: 2,0,0,cf8dd935d3c7bff6,d41d8cd98f00b204,cai@lca.pw,:akpm@linux-foundation.org:jhubbard@nvidia.com:ira.weiny@intel.com:dan.j.williams@intel.com:jack@suse.cz:elver@google.com::linux-kernel@vger.kernel.org:cai@lca.pw,RULES_HIT:41:355:379:421:541:800:960:973:988:989:1260:1345:1437:1535:1542:1711:1730:1747:1777:1792:2198:2199:2393:2559:2562:2693:2918:3138:3139:3140:3141:3142:3353:3865:3866:3867:3868:3870:3872:3874:4321:4605:5007:6238:6261:6653:7903:7904:8784:8957:9036:9163:10004:11026:11473:11658:11914:12043:12296:12297:12438:12517:12519:12555:12679:12740:12895:12986:13870:14018:14096:14181:14394:14721:21080:21220:21444:21451:21627:21990:30029:30054:30056:30070,0,RBL:209.85.222.196:@lca.pw:.lbl8.mailshell.net-62.2.0.100 66.100.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:30,LUA_SUMMARY:none X-HE-Tag: swing33_cee2d82bfd2e X-Filterd-Recvd-Size: 5362 Received: from mail-qk1-f196.google.com (mail-qk1-f196.google.com [209.85.222.196]) by imf50.hostedemail.com (Postfix) with ESMTP for ; Thu, 6 Feb 2020 13:18:08 +0000 (UTC) Received: by mail-qk1-f196.google.com with SMTP id n184so659826qkn.1 for ; Thu, 06 Feb 2020 05:18:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id; bh=ij9zh2Fk/nM0oE+nmBPWJrs7hJT7Ohtzqp7VhxNOgEw=; b=tFWWvENZgXMeUBTPLirkGTKiJo1/9BR1r1j5bawrE7mMiFlA2ER1lgLmCOlXG04Bd+ vDRC6QlgknoKXgQKWT6ajeaMKaWELFcccb0H499rMtSxIhn0nIN4ytrOK6g8DC1NGyTF PHqeOBzMwZ4DKSAWlGxdIXCuqDUQwJsmonAN7KuFkJ4g2yePx/TlxMRyzbzJd9SW/JYm DcuKOspROWKJHJNHx7jObKAJm7f4knoSkHrgJ8BkTsfWvadTDDc8w23EhkUuxHEXx7dR xWqrL326W2vZ53EZiLTJGPL/K7Z5vg+AxLg2E7rs2Ge2qgk82L//dnsTTmnDz2A2NuOc ISaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=ij9zh2Fk/nM0oE+nmBPWJrs7hJT7Ohtzqp7VhxNOgEw=; b=BOxlrBlx3sVwqEZyCaALo44DkxZT4I0aIYDhvpMl3wCTXm6klq1DkVuPrY/fFR2RnA vcy0jha5XjeS/L0eI9pHS+524ggmhHz4ndwu1SPFgeyWl+VasW0s0z1SwcMAwqbjv2EE TaRag813qZ/8tcLurv4cAQHj3rQajrY7v3k6fWLy7s8L2GzrxKfnOqX+QGnBB6pg7RMR CQXR8HozZY9dqxW8gTRwrJCTerte5yon8K73x6d5M4UyYmSSEBKQXuHuIQPcdhCRtg+3 c/fbraJD+3GxRtJhw/XOa6Y46fZBk4qcElynXAdAVzKtsRoZUcPOE+C5U8afpVq9PElk ANxw== X-Gm-Message-State: APjAAAX2rWk6T0DxoHcJ1QV7MYcXlAGWdw1IoVLUGzsY19kjuYxxODQ5 6Pz/4W/tL+sHT+tMWFg7BYhfhw== X-Google-Smtp-Source: APXvYqw2Ul5gH3QtRlvsUnOJ9sP1jJ5Rm5F3nofsswufI0dYo9OfEyPUqnxdVPQsK4yL6w4/c+ImEA== X-Received: by 2002:a05:620a:13fa:: with SMTP id h26mr2459891qkl.150.1580995088053; Thu, 06 Feb 2020 05:18:08 -0800 (PST) Received: from qcai.nay.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id m16sm1352738qka.8.2020.02.06.05.18.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Feb 2020 05:18:07 -0800 (PST) From: Qian Cai To: akpm@linux-foundation.org Cc: jhubbard@nvidia.com, ira.weiny@intel.com, dan.j.williams@intel.com, jack@suse.cz, elver@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH] mm: fix a data race in put_page() Date: Thu, 6 Feb 2020 08:17:50 -0500 Message-Id: <1580995070-25139-1-git-send-email-cai@lca.pw> X-Mailer: git-send-email 1.8.3.1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: page->flags could be accessed concurrently as noticied by KCSAN, BUG: KCSAN: data-race in page_cpupid_xchg_last / put_page write (marked) to 0xfffffc0d48ec1a00 of 8 bytes by task 91442 on cpu 3: page_cpupid_xchg_last+0x51/0x80 page_cpupid_xchg_last at mm/mmzone.c:109 (discriminator 11) wp_page_reuse+0x3e/0xc0 wp_page_reuse at mm/memory.c:2453 do_wp_page+0x472/0x7b0 do_wp_page at mm/memory.c:2798 __handle_mm_fault+0xcb0/0xd00 handle_pte_fault at mm/memory.c:4049 (inlined by) __handle_mm_fault at mm/memory.c:4163 handle_mm_fault+0xfc/0x2f0 handle_mm_fault at mm/memory.c:4200 do_page_fault+0x263/0x6f9 do_user_addr_fault at arch/x86/mm/fault.c:1465 (inlined by) do_page_fault at arch/x86/mm/fault.c:1539 page_fault+0x34/0x40 read to 0xfffffc0d48ec1a00 of 8 bytes by task 94817 on cpu 69: put_page+0x15a/0x1f0 page_zonenum at include/linux/mm.h:923 (inlined by) is_zone_device_page at include/linux/mm.h:929 (inlined by) page_is_devmap_managed at include/linux/mm.h:948 (inlined by) put_page at include/linux/mm.h:1023 wp_page_copy+0x571/0x930 wp_page_copy at mm/memory.c:2615 do_wp_page+0x107/0x7b0 __handle_mm_fault+0xcb0/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 69 PID: 94817 Comm: systemd-udevd Tainted: G W O L 5.5.0-next-20200204+ #6 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 Both the read and write are done only with the non-exclusive mmap_sem held. Since the read will check for specific bits (up to three bits for now) in the flag, load tearing could in theory trigger a logic bug. To fix it, it could introduce put_page_lockless() in those places but that could be an overkill, and difficult to use. Thus, just add READ_ONCE() for the read in page_zonenum() for now where it should not affect the performance and correctness with a small trade-off that compilers might generate less efficient optimization in some places. Signed-off-by: Qian Cai --- include/linux/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index 52269e56c514..f8529aa971c0 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -920,7 +920,7 @@ vm_fault_t alloc_set_pte(struct vm_fault *vmf, struct mem_cgroup *memcg, static inline enum zone_type page_zonenum(const struct page *page) { - return (page->flags >> ZONES_PGSHIFT) & ZONES_MASK; + return (READ_ONCE(page->flags) >> ZONES_PGSHIFT) & ZONES_MASK; } #ifdef CONFIG_ZONE_DEVICE