Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2439480pxa; Mon, 24 Aug 2020 14:23:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz19fIWgfi0T0w5Hm3ZBY5VyWqOy1jEUBV/VJ1Z9RrbdsdI36E8+SeIqctIfJBgW5DaBs1N X-Received: by 2002:a17:906:7752:: with SMTP id o18mr7236897ejn.150.1598304187407; Mon, 24 Aug 2020 14:23:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598304187; cv=none; d=google.com; s=arc-20160816; b=ZAMBgxtzcv4rOVXp7i95YCotTaSKW7U3A3kzWTBEEaUDt9d8hu+1V0RqsmquBKjzhL C6k+sVyEy6A4aNRNfLH1Ku/OmrjNMq8fwtLV9SQRwSgPxUfwP02KrEqnyov52kqfD4rH /z4kw2B7+kM8NFl0XN+5znTdjxswzBUSNjBLe0G4f6rHNk2k4cL8QnVN7PMtcoeCMMdu QzktNrFP2MNi79YtFfC1S+PLJpHNaAEhyBaZSvJy8FRUV27OuJHYzFBVnn0vmSeAwMmr M8JyGZ/wWDtbAn+kMTl5ZpxHtIiRGmtMqhNeuQOCei7ITp0dvnOcJQc7PK+Cyhxy9iI7 Ch2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=fpRDC2bHPNF6m/pB8XIxeOQ3WPtTDRkGmvzUK9xLqGE=; b=jXtJdXE9qzyCjwKeH6wX5soC4JbiFCLJ9tkq+Aj4HF2hP4xsoOlSTR1jFQ7R9I0Sn7 Jh31IHWX0d0ZZ1xxNnkK19hZobN3IiX4ugXocgRpOFgxT1HiruMfybd5MEvMNgch8//b CgHcI/BmoVehXr6yFXWKKHtLhYy/oHn0/l+Y0UXDhQuRagB0gG9NTYYSE/VG583twJRJ nk+qllceNMsd3sN+G4XcqiU+uqJ+COqpohq4FFVx/jxtGAdmDcQcZqCTTkNSMVhVEgbt Kj/jSqMKER15T8U6ObSPlZURwtnGIN5lKO3h/NZWeGbM4KdIxFYZR5jmY0MNMXh5Cnkb pKhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=hrKzx0va; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f8si7243496edy.251.2020.08.24.14.22.44; Mon, 24 Aug 2020 14:23:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=hrKzx0va; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727973AbgHXVVa (ORCPT + 99 others); Mon, 24 Aug 2020 17:21:30 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:55088 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727053AbgHXVVU (ORCPT ); Mon, 24 Aug 2020 17:21:20 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 07OLJC6H023009; Mon, 24 Aug 2020 21:21:10 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2020-01-29; bh=fpRDC2bHPNF6m/pB8XIxeOQ3WPtTDRkGmvzUK9xLqGE=; b=hrKzx0vaQAcliZjQUlO+QnsL9u/LZuZD93HwLF6LVBoJ6ju5M0Xmv53S3WP9Y0BW4PTJ zbZPoreVAQOs+6zHMpxEQjsUhnC8+B90ygGBKVt4W+OQMnPZAysSSY1lN02fXbJbpUBV L72ZEzKz2ezbDjAqmTVE5jOWm82lbuScjRs1ryVGxwuUjrcK5RL5NLIJlFYvU/9yXeNq wZytV/aYpjjsqQx4G0jBrKCM8f1X1lRFCP8OMWDXuHVjmN93/+sjoOrAQJXhfeSYW23T eL9g3glZcf5EXpTSRbVqlISB7F5FKobngrjia7PL5X5B+0VwXYAj90DWTJYVzcv/OHae GQ== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2120.oracle.com with ESMTP id 333w6tnhp9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 24 Aug 2020 21:21:10 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 07OLAYsY146623; Mon, 24 Aug 2020 21:19:10 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userp3020.oracle.com with ESMTP id 333rtx1gcb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 24 Aug 2020 21:19:10 +0000 Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 07OLJ8Hn023370; Mon, 24 Aug 2020 21:19:08 GMT Received: from [192.168.2.112] (/50.38.35.18) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 24 Aug 2020 14:19:08 -0700 Subject: Re: [PATCH] mm/hugetlb: Fix a race between hugetlb sysctl handlers To: Andrew Morton , Muchun Song Cc: npiggin@suse.de, agl@us.ibm.com, ak@linux.intel.com, nacc@us.ibm.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org References: <20200822095328.61306-1-songmuchun@bytedance.com> <20200824135924.b485e000d358cee817c4f05c@linux-foundation.org> From: Mike Kravetz Message-ID: <79800508-54c9-4cda-02de-29b1a6912e75@oracle.com> Date: Mon, 24 Aug 2020 14:19:06 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20200824135924.b485e000d358cee817c4f05c@linux-foundation.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9723 signatures=668679 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 adultscore=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008240166 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9723 signatures=668679 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 impostorscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 malwarescore=0 spamscore=0 priorityscore=1501 clxscore=1011 mlxscore=0 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008240167 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/24/20 1:59 PM, Andrew Morton wrote: > On Sat, 22 Aug 2020 17:53:28 +0800 Muchun Song wrote: > >> There is a race between the assignment of `table->data` and write value >> to the pointer of `table->data` in the __do_proc_doulongvec_minmax(). > > Where does __do_proc_doulongvec_minmax() write to table->data? > > I think you're saying that there is a race between the assignment of > ctl_table->table in hugetlb_sysctl_handler_common() and the assignment > of the same ctl_table->table in hugetlb_overcommit_handler()? > > Or not, maybe I'm being thick. Can you please describe the race more > carefully and completely? > I too am looking at this now and do not completely understand the race. It could be that: hugetlb_sysctl_handler_common ... table->data = &tmp; and, do_proc_doulongvec_minmax() ... return __do_proc_doulongvec_minmax(table->data, table, write, ... with __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, ... ... i = (unsigned long *) data; ... *i = val; So, __do_proc_doulongvec_minmax can be dereferencing and writing to the pointer in one thread when hugetlb_sysctl_handler_common is setting it in another? Another confusing part of the message is the stack trace which includes ... ? set_max_huge_pages+0x3da/0x4f0 ? alloc_pool_huge_page+0x150/0x150 which are 'downstream' from these routines. I don't understand why these are in the trace. If the race is with the pointer set and dereference/write, then this type of fix is OK. However, if you really have two 'sysadmin type' global operations racing then one or both are not going to get what they expected. Instead of changing the code to 'handle the race', I think it might be acceptable to just put a big semaphore around it. -- Mike Kravetz