Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp3648711iog; Tue, 21 Jun 2022 03:07:46 -0700 (PDT) X-Google-Smtp-Source: AGRyM1s1TzYb2xwNN+laJu0LKvXmQ3uq16w9BYd6uxDddlJno1IQVrV+QFbEgAQ83kSNTzA4CAo3 X-Received: by 2002:a05:6402:5309:b0:435:6431:f9dc with SMTP id eo9-20020a056402530900b004356431f9dcmr24728729edb.14.1655806066430; Tue, 21 Jun 2022 03:07:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655806066; cv=none; d=google.com; s=arc-20160816; b=T5KgijTZDDmpBG+/h9UVl2HcXjvUVp50nzZPeCD+ThXUAXktcmADkt98WAOfm2F//d wWiJon53eqyZZV7g5xwfd6hLes1xGOqx7KVdXrKrcYc26ueW7BUCMrShvw5G0XFco57S XxTUNrzuWsZ8fiRZMDucJ1P+LtrmNXVymE+N2kZzcER86LAIla/InAszlThoJuGCgjpU 06k8sQKvD4l5aEUge9rWP/1iWqJXHJuzWNxZ1bAZq3b3jYYPm7Nq7FywgvtZDmxC51So OD7B0pPKZnS3Eyonx2KkAi4tFm4WFou/WSatjnAIq+y4WbazhjAdSo1lWb/8Yu3XR7xn agyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:date:from:dkim-signature; bh=ifnIPViM69Gn0EtfiMceiQQ3U5cbSISeqEVjR7goDIQ=; b=jWonEUJRC9PHnzOyqYMltEzUVknCTutWV/10eMlWJtPO5kk0+X7ZC9mSea0esqx9ES PoCjgOzYrcJw7u0A6cJgKiYoKReFvmdHJteadRgK6zuwz6yAZ5A/gRO2IHCFro03AxoK GCBaXw8NWJouQ8zPakpeW7KH2NVaMcJQrmhjz8R4Ewbw8AS5tHFONMqMZqb8pEluuHTW mntdbzhTo1VdYr/feXBQU7Hp6bUfJKhCxZAj7odegEm+ZzfvducjCl+uafMLcAw3ezYg qWacD2sBXSYz5nYSQpsaP2usl9g5Tnv+uRnwFWC9OjQ8CdFMpT48/q02wQtswFmWnSbX C7EQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=dRU8sRBP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nc20-20020a1709071c1400b007121e14ce82si17409720ejc.286.2022.06.21.03.07.20; Tue, 21 Jun 2022 03:07:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=dRU8sRBP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348730AbiFUJ1E (ORCPT + 99 others); Tue, 21 Jun 2022 05:27:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38644 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347928AbiFUJ1C (ORCPT ); Tue, 21 Jun 2022 05:27:02 -0400 Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 967C2240A0 for ; Tue, 21 Jun 2022 02:27:01 -0700 (PDT) Received: by mail-lf1-x12c.google.com with SMTP id c2so21381850lfk.0 for ; Tue, 21 Jun 2022 02:27:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ifnIPViM69Gn0EtfiMceiQQ3U5cbSISeqEVjR7goDIQ=; b=dRU8sRBPetUucKScVySr3WRQ0R4LCu1DEpsBwORL7FYFPBN5BGy3HuK9y49XOmz8Td DUfO/e1VAjE+mzdyDbSi6N/NvsKm+3Kx2vew3EsD94+ptUZiWS9XY7HEyAiB+IP74Epo 3lorCqyPNzIYRm3Xrrr+OQpGe8gNCAjk/jM0Nz+OJv593D9uCLHx+kof9N1l5MTaHWTr 6m47+eiioV/r1dvLj2pz0IwzFytqV+/8nJuKABLj+HYrRArlic0M67GaNRA78SeKpWjc 7IUbdd8WHobLYqdml//X3FipOi0fPzhrrJ5Dj0X5vhheKEeA/fC3OXN1uiuGPoDSvWVb temQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ifnIPViM69Gn0EtfiMceiQQ3U5cbSISeqEVjR7goDIQ=; b=R2ADJ7kAMW07T1ozj5XDEJGrSyCVEebcIROoTph390v5NpohJnQMmTTUXbbN6shI7L Jq6dQh/MqtWeyxeR2xxVabSi6sdv+t1hq6Wpfds/rjSHouCrCuJSDKWm/8mKtWpmfMGY 7T1GUMlLokpKIACE4IdQ1kaj9fSA6iP21jexyxrDGmU+RPxnELKbQYNdeCuTqs3zFBhS YfxbPVJwCYukRDj3ydC/E32kI2LTq0Na0nqEx5cTONRCp41A0ovaIVXmsAS3E69BTaMS 3J1eTKTC+slifEdYhcuSXDASIdrKW7kBuMsJehxUZj0+92hq4uey5URPXi81EROhWx+J HLcQ== X-Gm-Message-State: AJIora/mwlF6UPdzlPHui20L1f4NSc0Ob2mXFS+i6WG3ZHDHHHlwjgMr qa8YzaplqdUecfsnA1RpWS8= X-Received: by 2002:a05:6512:2292:b0:47f:68b3:3c21 with SMTP id f18-20020a056512229200b0047f68b33c21mr7188798lfu.316.1655803619701; Tue, 21 Jun 2022 02:26:59 -0700 (PDT) Received: from pc638.lan ([155.137.26.201]) by smtp.gmail.com with ESMTPSA id n8-20020a2e7208000000b0024f3d1daeaasm1934476ljc.50.2022.06.21.02.26.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Jun 2022 02:26:59 -0700 (PDT) From: Uladzislau Rezki X-Google-Original-From: Uladzislau Rezki Date: Tue, 21 Jun 2022 11:26:57 +0200 To: Zhaoyang Huang Cc: Uladzislau Rezki , "zhaoyang.huang" , Andrew Morton , "open list:MEMORY MANAGEMENT" , LKML , Ke Wang , Christoph Hellwig Subject: Re: [PATCH] mm: fix racing of vb->va when kasan enabled Message-ID: References: <1653447164-15017-1-git-send-email-zhaoyang.huang@unisoc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Mon, Jun 20, 2022 at 6:44 PM Uladzislau Rezki wrote: > > > > > > > > > > > Is it easy to reproduce? If so could you please describe the steps? As i see > > > > the freeing of the "vb" is RCU safe whereas vb->va is not. But from the first > > > > glance i do not see how it can accessed twice. Hm.. > > > It was raised from a monkey test on A13_k515 system and got 1/20 pcs > > > failed. IMO, vb->va which out of vmap_purge_lock protection could race > > > with a concurrent ra freeing within __purge_vmap_area_lazy. > > > > > Do you have exact steps how you run "monkey" test? > There are about 30+ kos inserted during startup which could be a > specific criteria for reproduction. Do you have doubts about the test > result or the solution? > > I do not have any doubt about your test results, so if you can trigger it then there is an issue at least on the 5.4.161-android12 kernel. 1. With your fix we get expanded mutex range, thus the worst case of vmalloc allocation can be increased when it fails and repeat. Because it also invokes the purge_vmap_area_lazy() that access the same mutex. 2. You run 5.4.161-android12 kernel what is quite old. Could you please retest with latest kernel? I am asking because on the latest kernel with CONFIG_KASAN i am not able to reproduce it. I do a lot of: vm_map_ram()/vm_unmap_ram()/vmalloc()/vfree() in parallel by 64 kthreads on my 64 CPUs test system. Could you please confirm that you can trigger an issue on the latest kernel? Thanks! -- Uladzislau Rezki