Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3270060ybl; Mon, 20 Jan 2020 20:13:28 -0800 (PST) X-Google-Smtp-Source: APXvYqwz5+9gRfsHHU6+2fob1FpbcWlnIg02wFRbKQEFdlGizT7rVVmBU9hvPiefJPUSOUO26UHY X-Received: by 2002:aca:5490:: with SMTP id i138mr1598089oib.69.1579580007983; Mon, 20 Jan 2020 20:13:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579580007; cv=none; d=google.com; s=arc-20160816; b=gGV4rcevaVYzP1N7Ev9i7cv0/mgmbbRoFOZ2hPWX3TtBvuLiOOZSHoKNpifz05Sn25 pzoE+f/3Sbfs2f8CvUikzP0k5SPKqjZFKALZ36ihxwKLeAJwAMRgoc7EiD61KRXGtXhS F4HdSGEWIMUP1SNpvMNqA63rVDwU0v3OLcLUfGO95fUMumO8dXZ8CfVjN3ChcJH7UQyE x6mHE1xL/sFwJuv6p7XIHaf5oSuggN5WOgfT2SpXGfg940pkG2AdBtzNy8pK4GWOvT8T k/pZ3KBaHudHXYNRsZq968J1sqQiQPYQuMBq8HAIrEbd2dr2QF/Cu9TZwYQCsbmS37pW BGvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=zAi8wBwQtdv/htMLe3u3FcIw3h3KwZj8juXiFcTYGYs=; b=GlBFsWP1pNRnhe2IDSPxE4+rla87DKuD9nwmFAL1SXTSiJ03Vf+Z99MUO4G3MgeC35 4SqBjyFU3v4WGib6Vvy4QwykK8zwpKYhsfz9wosYY8QK3lYE0DPNXHvyA8HYdIAqhMFS l1+gcDNYMLvm5Za++2IRjKTXnI8+rxBWxzgcFIMAVfDnMYzbse7dXJ2/AZW83zzR0obn ObX1ZyQ8ADcJt5nZEG3vfKPuGDspmj5xCtMihS0B55s8k7i3cAslTRdKqSTxGz2R9VbB FA5nJ6Az7retZPe3LXj6I/hDJHt6sMcBSRKQx7IL8RIyMlbvFgAe2c+EAg/V7oC43rhw MA1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lca.pw header.s=google header.b="ZDK/UqEw"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u62si19317194oig.29.2020.01.20.20.13.12; Mon, 20 Jan 2020 20:13:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@lca.pw header.s=google header.b="ZDK/UqEw"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728596AbgAUEMM (ORCPT + 99 others); Mon, 20 Jan 2020 23:12:12 -0500 Received: from mail-qv1-f66.google.com ([209.85.219.66]:46028 "EHLO mail-qv1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727009AbgAUEMM (ORCPT ); Mon, 20 Jan 2020 23:12:12 -0500 Received: by mail-qv1-f66.google.com with SMTP id l14so819715qvu.12 for ; Mon, 20 Jan 2020 20:12:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=zAi8wBwQtdv/htMLe3u3FcIw3h3KwZj8juXiFcTYGYs=; b=ZDK/UqEw0XqiZnYO+Pky67ulRYAWc1L5B6GP6w5ao6rISw8tZp9p64KZt1+uYotG60 Lb1UJMTpR08GeLxPirtTO3I2jBnzDWOd8taSYJ+qCL/v9Ev6JJBH8o+44xI929H2ybh/ Gu8JOMZdyrWUnGdVgmnAfFemEwgnFFps2z+GZO42PjXRZPeED4w23AYNTi+6yacPmRSb wc18GflbmLgFOQlUVXBUePxieneLesJQlzspGzfR0d4Cq0IGw1tE1nbrO3f72v1eUnGA +SnZ1x+yxGVXDb/qZJYfCw7XGIKvkC+755MWXk3ZuXcznI3KXxuu/T0TLF78VF4iR9A0 amEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=zAi8wBwQtdv/htMLe3u3FcIw3h3KwZj8juXiFcTYGYs=; b=HMAetbQhmIRpQrYN1KFn6faw39oFZbmD9sv1DdPlH5GK7Kxjj7oRDVklrOY9ehDfZo gpYOW02v2SzzOUFcBrcZxchE3X/wzhPm1W8yQ2WNnfdsDzaDD0jJ+YepY55Dnru6KvuO F1Pd3eoMsDxIvVelq7ed2rnBx1HAoPM0U9vzMQubRxM3V/rXrUjClEjapzg14it2KRl/ rtiLHyLKrt3ZETp8y2ncMXCHmxwzmw9Rj2tTfw9uD4CszIVIE9RIFNBWn3TNgUuyqqn0 rTkFSHvwyKeAhBPjX/slnVlij4t6Eq4G24mjn9+rGZpE8/ThPwGbOYD6tzO/YNLjBgaX 2Flg== X-Gm-Message-State: APjAAAX+A/DmxI8sUh1YjzUUJcu/BpPsRKk5Naftm1oJkL4Bt17irZGl rU8Tb0qwNDqNEV6RUSihsBKBoQ== X-Received: by 2002:a0c:904b:: with SMTP id o69mr3089139qvo.218.1579579931501; Mon, 20 Jan 2020 20:12:11 -0800 (PST) Received: from ovpn-123-97.rdu2.redhat.com (pool-71-184-117-43.bstnma.fios.verizon.net. [71.184.117.43]) by smtp.gmail.com with ESMTPSA id y18sm16566705qki.0.2020.01.20.20.12.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Jan 2020 20:12:10 -0800 (PST) From: Qian Cai To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de Cc: dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, elver@google.com, x86@kernel.org, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH -next] x86/mm/pat: fix a data race in cpa_inc_4k_install Date: Mon, 20 Jan 2020 23:12:00 -0500 Message-Id: <20200121041200.2260-1-cai@lca.pw> X-Mailer: git-send-email 2.21.0 (Apple Git-122.2) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Macro Elver mentioned, "Yes. I was finally able to reproduce this data race on linux-next (my system doesn't crash though, maybe not enough cores?). Here is a trace with line numbers: read to 0xffffffffaa59a000 of 8 bytes by interrupt on cpu 7: cpa_inc_4k_install arch/x86/mm/pat/set_memory.c:131 [inline] __change_page_attr+0x10cf/0x1840 arch/x86/mm/pat/set_memory.c:1514 __change_page_attr_set_clr+0xce/0x490 arch/x86/mm/pat/set_memory.c:1636 __set_pages_np+0xc4/0xf0 arch/x86/mm/pat/set_memory.c:2148 __kernel_map_pages+0xb0/0xc8 arch/x86/mm/pat/set_memory.c:2178 kernel_map_pages include/linux/mm.h:2719 [inline] write to 0xffffffffaa59a000 of 8 bytes by task 1 on cpu 6: cpa_inc_4k_install arch/x86/mm/pat/set_memory.c:131 [inline] __change_page_attr+0x10ea/0x1840 arch/x86/mm/pat/set_memory.c:1514 __change_page_attr_set_clr+0xce/0x490 arch/x86/mm/pat/set_memory.c:1636 __set_pages_p+0xc4/0xf0 arch/x86/mm/pat/set_memory.c:2129 __kernel_map_pages+0x2e/0xc8 arch/x86/mm/pat/set_memory.c:2176 kernel_map_pages include/linux/mm.h:2719 [inline] Both accesses are due to the same "cpa_4k_install++" in cpa_inc_4k_install. Now you can see that a data race here could be potentially undesirable: depending on compiler optimizations or how x86 executes a non-LOCK'd increment, you may lose increments, corrupt the counter, etc. Since this counter only seems to be used for printing some stats, this data race itself is unlikely to cause harm to the system though." This will generate a lot of noise on a debug kernel with debug_pagealloc with KCSAN enabled which could render the system unusable. Fix it by adding a pair of READ_ONCE() and WRITE_ONCE(). Signed-off-by: Qian Cai --- arch/x86/mm/pat/set_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 20823392f4f2..31e4a73ae70e 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -128,7 +128,7 @@ static inline void cpa_inc_2m_checked(void) static inline void cpa_inc_4k_install(void) { - cpa_4k_install++; + WRITE_ONCE(cpa_4k_install, READ_ONCE(cpa_4k_install) + 1); } static inline void cpa_inc_lp_sameprot(int level) -- 2.21.0 (Apple Git-122.2)