Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp5821984ybv;
        Tue, 18 Feb 2020 04:41:58 -0800 (PST)
X-Google-Smtp-Source: APXvYqyDGmrkF04HrcVZ2DT+/0uV1Jn/4DeSPtBXppR9yhcx0mgqXkjHN0y7nnNDVlFevCTGYLFd
X-Received: by 2002:a9d:6a85:: with SMTP id l5mr16396014otq.231.1582029717993;
        Tue, 18 Feb 2020 04:41:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582029717; cv=none;
        d=google.com; s=arc-20160816;
        b=QvS20xIfdz2s98gp79BVXLuz5IE4GwRzyDIMbnn9zjNDiwMy2VuIbQTnB3Lqgdmg+B
         pu6dYVJS0P6HoNUpmREcxSGAOa85hqFPVsw4lq+JYNRyjkCyADRvpg+yFc7P1hS+PUBM
         gth2TCYi/AoDufk/uqpoxY7SXVL6Epj0O6gHU/ZyGMzJp1AUdRWe0JhIBn3l0WvjP4PB
         sncRmjLi1mJoODXSwUfjIn32C2pjkAx3pKrpG02x5x4C9Go9XiGaZvol89qDFIpAwdnl
         VUcXnHWg0L2ZL9wmWfzMZUbqjwElUBStyrKGgVP3cx+KfszsEYZZtSHvNLMIQNVUPFYH
         DiMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id
         :date:subject:mime-version:from:content-transfer-encoding
         :dkim-signature;
        bh=LWli3K53CEX1HNi+Tv/g1jNkXhayZEjclQo7y9gNLIg=;
        b=mjSdQGvhmc27Rn5wax7UOa8k2mT39U74eQqJ0l+P3asQhUvEHKO8wfARJzdyO9COi1
         WIn8hYjGp/UZh+DHwgknTxTFWFzN/t/bH0KGJgwa5wAGkNm6qA4qBebBXKjdaCvErkjI
         t/tme5UphtOrswY6ruFXnT4fr5x1MpFsSQbo+W1X2sHhRPRFxb57lqS4/pwWI4hKu4tH
         c8e3MHrF2fnv9VOqs0jW8mzQw6s87HoGFQWgAdHRu3rXTALyZHxEKZ4dl5ZiM23o/n0v
         IdosPRMTLXNG7KnM1jBjxo/tsZKewRXRgycx6DqWFZW0C4v5n8TX6PHUUoij414CZnoT
         jvjQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lca.pw header.s=google header.b="GB/rqqA7";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g25si1712808otj.198.2020.02.18.04.41.45;
        Tue, 18 Feb 2020 04:41:57 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lca.pw header.s=google header.b="GB/rqqA7";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726595AbgBRMkJ (ORCPT <rfc822;sbrunau@gmail.com> + 99 others);
        Tue, 18 Feb 2020 07:40:09 -0500
Received: from mail-qk1-f176.google.com ([209.85.222.176]:43859 "EHLO
        mail-qk1-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726363AbgBRMkJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Feb 2020 07:40:09 -0500
Received: by mail-qk1-f176.google.com with SMTP id p7so19290537qkh.10
        for <linux-kernel@vger.kernel.org>; Tue, 18 Feb 2020 04:40:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=lca.pw; s=google;
        h=content-transfer-encoding:from:mime-version:subject:date:message-id
         :references:cc:in-reply-to:to;
        bh=LWli3K53CEX1HNi+Tv/g1jNkXhayZEjclQo7y9gNLIg=;
        b=GB/rqqA7hJJg58RQqIcDEtDMUPNqc/+XnLUPmx/2fCLTZN+/K/5yEloHg1bvKV9zlC
         AA/KMkY98nxFljPtm17Vm0ox83jDH5DsVGWLqwHhwrVbmI9/KQST8UGrV0H7CQQSvPzi
         7tzCdVtXXWD7ONqp6UnggxilWwkOnD++koYl+FbVKiIM+aeH3Jz8GZNzDFOzBopfQQjR
         Y6UpifbOccA1y2UyL1AmVasK4x3ljvvSdCyux4ACz7XKr1W7xlC49rEpOFEKbwrRvkyX
         DMDRmLEOb4xW6cPwTKzM1Q8sUsyAOdhjk3xDaaFRCoHn2NLSLMwa9GRDQCosW3n+2tHH
         Ym1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:content-transfer-encoding:from:mime-version
         :subject:date:message-id:references:cc:in-reply-to:to;
        bh=LWli3K53CEX1HNi+Tv/g1jNkXhayZEjclQo7y9gNLIg=;
        b=bZ72aR9UVvEOm1KxcTbIr0GpiCjs+ssefMuTW1P++k9WNrDFRTewOPw1bfard2oH41
         eT99kEnfFpv1Lsz1QkyjyNqCNF8sX4F0+rx8Nf/cepsInFCzuSNLRhfBpVvO7mNLMlTZ
         K9d/5A1BkvDkLJ51yM6IYa1BzSFRifvPJ4FshgRSWO/o6gWzyu0gWbQLOkrSzln5TnuD
         zWnHIt1L6KMZ9S25zqJ1xa5uKFtU1JPEKz1Ou2wVFA2dq+5RVt7wyE85/4yLAKgGlYtP
         TCDJI5g4wtWOKlMShGTfcuHPtJsrgaRngkae9U+faCf4Ix2yKbEEVoSklLvl6nm7czVl
         ceGA==
X-Gm-Message-State: APjAAAVEtgI3muzfF4q4Trm8g+bbMX4pxWIIFF710osCIvWJ17+qyMr3
        x9o+/WfgiQGPQlGED68xj3FHiWfTcl/3lA==
X-Received: by 2002:a05:620a:4cc:: with SMTP id 12mr18079991qks.153.1582029608059;
        Tue, 18 Feb 2020 04:40:08 -0800 (PST)
Received: from [192.168.1.183] (pool-71-184-117-43.bstnma.fios.verizon.net. [71.184.117.43])
        by smtp.gmail.com with ESMTPSA id p18sm1846908qkp.47.2020.02.18.04.40.07
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 18 Feb 2020 04:40:07 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From:   Qian Cai <cai@lca.pw>
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH -next] fork: annotate a data race in vm_area_dup()
Date:   Tue, 18 Feb 2020 07:40:06 -0500
Message-Id: <93E6B243-9A0F-410C-8EE4-9D57E28AF5AF@lca.pw>
References: <20200218103002.6rtjreyqjepo3yxe@box>
Cc:     Andrew Morton <akpm@linux-foundation.org>, elver@google.com,
        linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        peterz@infradead.org,
        syzbot+c034966b0b02f94f7f34@syzkaller.appspotmail.com,
        syzkaller-bugs@googlegroups.com
In-Reply-To: <20200218103002.6rtjreyqjepo3yxe@box>
To:     "Kirill A. Shutemov" <kirill@shutemov.name>
X-Mailer: iPhone Mail (17D50)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Feb 18, 2020, at 5:29 AM, Kirill A. Shutemov <kirill@shutemov.name> wro=
te:
>=20
> I think I've got this:
>=20
> vm_area_dup() blindly copies all fields of orignal VMA to the new one.
> This includes coping vm_area_struct::shared.rb which is normally protected=

> by i_mmap_lock. But this is fine because the read value will be
> overwritten on the following __vma_link_file() under proper protectection.=


Right, multiple processes could share the same file-based address space wher=
e those vma have been linked into address_space::i_mmap via vm_area_struct::=
shared.rb. Thus, the reader could see its shared.rb linkage pointers got upd=
ated by other processes.

>=20
> So the fix is correct, but justificaiton is lacking.
>=20
> Also, I would like to more fine-grained annotation: marking with
> data_race() 200 bytes copy may hide other issues.

That is the harder part where I don=E2=80=99t think we have anything for tha=
t today. Macro, any suggestions? ASSERT_IGNORE_FIELD()?=