Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp474166ybl; Wed, 29 Jan 2020 04:06:13 -0800 (PST) X-Google-Smtp-Source: APXvYqwDdsFaB6WQ+OGGirS3h2hg3lKQET+F3RfGUXi08y+Hsf1EqYTOQ8xKgEiZqBvwhWWdCC62 X-Received: by 2002:a9d:1706:: with SMTP id i6mr11228419ota.151.1580299573311; Wed, 29 Jan 2020 04:06:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580299573; cv=none; d=google.com; s=arc-20160816; b=kr9qLnborPyZNxGKj+w5si7iKcqZFaXWqbcwqEEDkv7KoXyu0/JEOnuS+ZiB7xJq5R /gEPbgDstOC0KsNSpCK4ts832C0B2GdlCq9stYxdiQ9yvbOW5VUGYYkQRA1HjHFBHbM9 0IypH6h6e77ycrvDsNhEp0iS/FbjKuDrO4IRJO8XEPAQd8V9I0SLPz9MGiBbCptnjPvs i8jBO/KRhzPGlHZt7seFErmhuCR1UCUsoFYwv71NPFBEpe7nLyFWuN49A7SxvGROX+VD lqVh8bvcZpBQAzFoU3n6agUZF8dw2cUMJ/V4jvO48g8NxmcXtT1Qa7hgzJ+wNvynBlxZ v+nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=iHDiP2KDmNSPElT+l6SlS2SaHDShy9m3wLYtfmsohOA=; b=J2ebFFv3GHEKjiFg47PFFkGCAAaW7vFaJSiFyE2Xs9uOWjE3dLANOovsvtUafxIu7L obWIr9eogj/mpzYsuPbuV2NdP2Sa8AgLaTw1VfKQqYAN1qBmhih3WR51LpqRGxdrDX+m tTonKBPKElMewy6R5qh8AKQf3vy4vrGbbJRYj78OtTlagvLpFToR61ka7/Jh4NH94DTm 43DV04wE1xnJB1aBf6OQgtZrfVl83KKBz0T2shLgT7xBSQoZGqxFuMGhr6UVmUeMPYAK FYhUQPH/sIbgajxvPEye88rKQeSfS2ZPP36IadC7erAz2KexQlbP6hgQD4MuysOcfAuR GbzA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y6si846093oih.217.2020.01.29.04.05.59; Wed, 29 Jan 2020 04:06:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726339AbgA2MDF (ORCPT + 99 others); Wed, 29 Jan 2020 07:03:05 -0500 Received: from mail-wr1-f68.google.com ([209.85.221.68]:44254 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726068AbgA2MDF (ORCPT ); Wed, 29 Jan 2020 07:03:05 -0500 Received: by mail-wr1-f68.google.com with SMTP id m16so239729wrx.11 for ; Wed, 29 Jan 2020 04:03:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=iHDiP2KDmNSPElT+l6SlS2SaHDShy9m3wLYtfmsohOA=; b=WXSWIQ3rPahkwmneejLfXWCgoWEfjr3lOKB9jhEVYA13KJ+0FjYuh/6J1t2+vhgU5H qABaXlYjBPYbi6T+FROTb6mEV11X8H32vEn0uxTUtW5KWp45oltCPN9auE2tbUFI2S+z vTzgv/w098TXToeJq1UYMMVN6Pz93SWMpee188HrGPaKuzwTTUOP0XyZmHlZS7qUN0pc CNcXVg/VU2z1yBfzF80ifnltblCvMEYvi8l2bkqBEcupvaFGgcE5NIiwXPujL+w/0hRa 12/v//tqukzNhUAKzWW4DNV7WYiVue1NXHJVgYO5QsmYn1Wyd3PCZzchmdjJ0Qd86ev8 Gm3A== X-Gm-Message-State: APjAAAVrquXbgtFf8RbtWWGBgN4c8O8BU925RJqYJNqsuSPUSosFycim 7bQAlmvRO9QUbgYWN5BQXmQ= X-Received: by 2002:a5d:40c9:: with SMTP id b9mr36565133wrq.419.1580299384093; Wed, 29 Jan 2020 04:03:04 -0800 (PST) Received: from localhost (prg-ext-pat.suse.com. [213.151.95.130]) by smtp.gmail.com with ESMTPSA id y185sm2183463wmg.2.2020.01.29.04.03.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2020 04:03:03 -0800 (PST) Date: Wed, 29 Jan 2020 13:03:02 +0100 From: Michal Hocko To: Qian Cai Cc: akpm@linux-foundation.org, hannes@cmpxchg.org, elver@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm/page_counter: fix various data races Message-ID: <20200129120302.GJ24244@dhcp22.suse.cz> References: <20200129105224.4016-1-cai@lca.pw> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200129105224.4016-1-cai@lca.pw> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed 29-01-20 05:52:24, Qian Cai wrote: > The commit 3e32cb2e0a12 ("mm: memcontrol: lockless page counters") could > had memcg->memsw->watermark been accessed concurrently as reported by > KCSAN, > > Reported by Kernel Concurrency Sanitizer on: > BUG: KCSAN: data-race in page_counter_try_charge / page_counter_try_charge > > read to 0xffff8fb18c4cd190 of 8 bytes by task 1081 on cpu 59: > page_counter_try_charge+0x4d/0x150 mm/page_counter.c:138 > try_charge+0x131/0xd50 mm/memcontrol.c:2405 > __memcg_kmem_charge_memcg+0x58/0x140 > __memcg_kmem_charge+0xcc/0x280 > __alloc_pages_nodemask+0x1e1/0x450 > alloc_pages_current+0xa6/0x120 > pte_alloc_one+0x17/0xd0 > __pte_alloc+0x3a/0x1f0 > copy_p4d_range+0xc36/0x1990 > copy_page_range+0x21d/0x360 > dup_mmap+0x5f5/0x7a0 > dup_mm+0xa2/0x240 > copy_process+0x1b3f/0x3460 > _do_fork+0xaa/0xa20 > __x64_sys_clone+0x13b/0x170 > do_syscall_64+0x91/0xb47 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > write to 0xffff8fb18c4cd190 of 8 bytes by task 1153 on cpu 120: > page_counter_try_charge+0x5b/0x150 mm/page_counter.c:139 > try_charge+0x131/0xd50 mm/memcontrol.c:2405 > mem_cgroup_try_charge+0x159/0x460 > mem_cgroup_try_charge_delay+0x3d/0xa0 > wp_page_copy+0x14d/0x930 > do_wp_page+0x107/0x7b0 > __handle_mm_fault+0xce6/0xd40 > handle_mm_fault+0xfc/0x2f0 > do_page_fault+0x263/0x6f9 > page_fault+0x34/0x40 > > Since watermark could be compared or set to garbage due to load or > store tearing which would change the code logic, fix it by adding a pair > of READ_ONCE() and WRITE_ONCE() in those places. There is no actual problem and the report is false positive, right? While compilers are free to do all sorts of stuff do we have any actual proof that this particular path would ever be problematic. I do not oppose to the patch. {READ,WRITE}_ONCE actually makes some sense to me, but the changelog should be more clear on how serious this is. > Fixes: 3e32cb2e0a12 ("mm: memcontrol: lockless page counters") > Signed-off-by: Qian Cai Acked-by: Michal Hocko > --- > mm/page_counter.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/mm/page_counter.c b/mm/page_counter.c > index de31470655f6..a17841150906 100644 > --- a/mm/page_counter.c > +++ b/mm/page_counter.c > @@ -82,8 +82,8 @@ void page_counter_charge(struct page_counter *counter, unsigned long nr_pages) > * This is indeed racy, but we can live with some > * inaccuracy in the watermark. > */ > - if (new > c->watermark) > - c->watermark = new; > + if (new > READ_ONCE(c->watermark)) > + WRITE_ONCE(c->watermark, new); > } > } > > @@ -135,8 +135,8 @@ bool page_counter_try_charge(struct page_counter *counter, > * Just like with failcnt, we can live with some > * inaccuracy in the watermark. > */ > - if (new > c->watermark) > - c->watermark = new; > + if (new > READ_ONCE(c->watermark)) > + WRITE_ONCE(c->watermark, new); > } > return true; > > -- > 2.21.0 (Apple Git-122.2) -- Michal Hocko SUSE Labs