Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp4120192ybv;
        Mon, 10 Feb 2020 12:45:34 -0800 (PST)
X-Google-Smtp-Source: APXvYqwdsZF9jmwDjCqpcDMzo43Xb+Mzt8Rk7P/JMtWmdwIZfgA3A7yAmO/NW5MgFFCJABDYsLBO
X-Received: by 2002:a9d:7e99:: with SMTP id m25mr2436955otp.212.1581367534034;
        Mon, 10 Feb 2020 12:45:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581367534; cv=none;
        d=google.com; s=arc-20160816;
        b=z4O7stnmueIbc/07if+ngAsGsTkkC5IVrMuaK0420CN0Tww8iRY/XT+VcsgacTkjn7
         n1j0Nx1juSjUnMciviPXxNtZyk/nfhdRLTeTsZCQE+VUVIVAeli1TdNrCSutL9Sw2fIf
         yHC6NN7g+DbzSgOvxCRE91cVQBz7F7yzbHUWI3zZKevAImXSld8Kuhns3TleGrAu9s1v
         Ygk6Kl6GAN2DTiYwyOqT6gu361Gk1h+iITLoGGAvmNsxHLGd9iwWy3Rffip3A86Q77q3
         5flUqGIm+INw8ZzEhzRplcald7HT8h8j+6foFM9cneAAhYP29D08OC+pjHTplFVS5WwD
         Sfbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=LfSzqarGyzjK5g9zOwnGoHsxJ7bhaam0WuaTghWmBsA=;
        b=DdmNWn09IH6492jKCpt7GXd3fiCQpRiCxSnm+ZyWYygodWLHTTW/Cn2orBMAVxil6S
         aSklX19aXqGzL8ZLrSJaotDNxbOJ1oeUS8N1ZCegNNgH6aqhp3hLFuBAsJE5P4U4f+2E
         wv3YHwMQEE8yc1uWrg6QWyz2guVSRKJLJBWy/6EnT0OxsTSGSlRx6sUiPBQlFakwm9Ex
         nxW92I0FNrcXphVHLDRAUQW/JdFscwtq7MxRWS040LpLySFAQod8ocC8M09oQgPD1gXe
         ElM4BjZiplNjIFSURjQpsU8ONYzK6/LMuPp0MespK8mMlNfxivf0JgbI7xoR5k9gaBNg
         m0DQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="R/fyo5zV";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s22si618857oij.35.2020.02.10.12.45.21;
        Mon, 10 Feb 2020 12:45:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="R/fyo5zV";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727330AbgBJUpL (ORCPT <rfc822;7819ynot@gmail.com> + 99 others);
        Mon, 10 Feb 2020 15:45:11 -0500
Received: from mail-ot1-f65.google.com ([209.85.210.65]:34449 "EHLO
        mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726563AbgBJUpL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Feb 2020 15:45:11 -0500
Received: by mail-ot1-f65.google.com with SMTP id a15so7842138otf.1
        for <linux-kernel@vger.kernel.org>; Mon, 10 Feb 2020 12:45:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=LfSzqarGyzjK5g9zOwnGoHsxJ7bhaam0WuaTghWmBsA=;
        b=R/fyo5zVfADZJo7Tpjb53UIIzvJfGoUB7gqXf4ge2dEpoAr00vAxg/cyCQto0McPQg
         BB8PlP8GEEWafyvg6+WW/zlF61EgAnWKiNAvF5LnMMEpiwTfOoDQlljP836tExcPaeVC
         VD+Hr8l2gbCc66iuQmK2FhlJ4KUSeKFBfseMg7rgO3d7ViGoJrshrue4PD0YleIpV651
         bzkn+ZvFBPYWctmQqOFrqi5tu7uzY29cXz5jrrGXlS1I0rT4dKaB9nuLt7Zcm2zQ/UGJ
         Vs+GbjT7i8M7BSTubXeGEQ9Ze/zr57PexYSVxz0kic/riC1dqfDi1tfLnzvwx0tRg6JQ
         zTpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=LfSzqarGyzjK5g9zOwnGoHsxJ7bhaam0WuaTghWmBsA=;
        b=asojKSv3NiBKFFCk4eOi09pnrVbIlSBUvA1Facvbg896RZ6Bba/0/zTA9x6fmIvAhQ
         l9o/Ae5SRnot5oBzujrw8GSop6Wf3X63mOmU2YmtY2QB7L8yb1HkqNzK9cbUps8m2IZz
         1AHbnZ9g8Ji5hlQwn1erE5HJTpBFKnSRmzComqKrg9pNfmMH3EFuhS3rudEc3dz756NP
         d4zcC897rg1/jBKRIHVPgflWbEMAknAj3VsOrHDbV19juX5GL0IUXn2uAniWTEQIBODv
         mui4OXAPycKeZr4vIbdSrubHeTNIxhPpx7PpHJwNqprZN8N0YBwGZoQ9f7yvt7690EdF
         VGBQ==
X-Gm-Message-State: APjAAAUBDbGVhlAYszH2WRj2gGrezeIPGfy7POPS7ohMP0tk6fqcgePZ
        y2uJ9CVtS4bvi6DnMb6RTqMGZFeYqMhHx3BdJ6DJ2IMv
X-Received: by 2002:a9d:7f12:: with SMTP id j18mr2628214otq.17.1581367509151;
 Mon, 10 Feb 2020 12:45:09 -0800 (PST)
MIME-Version: 1.0
References: <1581354029-20154-1-git-send-email-cai@lca.pw> <20200210172511.GL8731@bombadil.infradead.org>
 <1581362448.7365.38.camel@lca.pw> <20200210192155.GM8731@bombadil.infradead.org>
 <1581366529.7365.49.camel@lca.pw>
In-Reply-To: <1581366529.7365.49.camel@lca.pw>
From:   Marco Elver <elver@google.com>
Date:   Mon, 10 Feb 2020 21:44:58 +0100
Message-ID: <CANpmjNOHNp3hSk85F3yJeM9dyU6ias2sxSvF+oegyQC=8XJ+cQ@mail.gmail.com>
Subject: Re: [PATCH -next] mm/filemap: fix a data race in filemap_fault()
To:     Qian Cai <cai@lca.pw>
Cc:     Matthew Wilcox <willy@infradead.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linux Memory Management List <linux-mm@kvack.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 10 Feb 2020 at 21:28, Qian Cai <cai@lca.pw> wrote:
>
> On Mon, 2020-02-10 at 11:21 -0800, Matthew Wilcox wrote:
> > On Mon, Feb 10, 2020 at 02:20:48PM -0500, Qian Cai wrote:
> > > On Mon, 2020-02-10 at 09:25 -0800, Matthew Wilcox wrote:
> > > > On Mon, Feb 10, 2020 at 12:00:29PM -0500, Qian Cai wrote:
> > > > > @@ -2622,7 +2622,7 @@ void filemap_map_pages(struct vm_fault *vmf,
> > > > >                 if (page->index >= max_idx)
> > > > >                         goto unlock;
> > > > >
> > > > > -               if (file->f_ra.mmap_miss > 0)
> > > > > +               if (data_race(file->f_ra.mmap_miss > 0))
> > > > >                         file->f_ra.mmap_miss--;
> > > >
> > > > How is this safe?  Two threads can each see 1, and then both decrement the
> > > > in-memory copy, causing it to end up at -1.
> > >
> > > Well, I meant to say it is safe from *data* races rather than all other races,
> > > but it is a good catch for the underflow cases and makes some sense to fix them
> > > together (so we don't need to touch the same lines over and over again).
> >
> > My point is that this is a legitimate warning from the sanitiser.
> > The point of your patches should not be to remove all the warnings!
>
> The KCSAN will assume the write is "atomic" if it is aligned and within word-
> size which is the case for "ra->mmap_miss", so I somehow skip auditing the
> locking around the concurrent writers, but I got your point. Next time, I'll
> spend a bit more time looking.

Note: the fact that we assume writes aligned up to word-size are
atomic is based on current preferences we were told about. Just
because the tool won't complain right now (although a simple config
switch will make it complain again), we don't want to forget the
writes entirely. If it is a simple write, do the WRITE_ONCE if it
makes sense. I, for one, still can't prove if all compilers won't
screw up a write due to an omitted WRITE_ONCE somehow. [Yes, for more
complex ops like 'var++', turning them into 'WRITE_ONCE(var, var + 1)'
isn't as readable, so these are a bit tricky until we get primitives
to properly deal with them.]