Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp1709719lqm;
        Fri, 3 May 2024 04:28:14 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCX1UY/4UQ/ggLIoqDrD3Vr2aJTU5zSSFwUJLUbczUgJW2jgy7QgVaqG4l00dpIAt6n6CUmYz8M34u0+kU18RQD+ZLuUHyjqr4/KZR9QVw==
X-Google-Smtp-Source: AGHT+IGTByIqho2NC4BtXy0xRdFwSTM9MEpqByz7bcsgxca3qXlrozOxFx6l+wd58Srf3BvoFtSe
X-Received: by 2002:a05:6359:4594:b0:186:162b:50b5 with SMTP id no20-20020a056359459400b00186162b50b5mr2357151rwb.4.1714735694671;
        Fri, 03 May 2024 04:28:14 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1714735694; cv=pass;
        d=google.com; s=arc-20160816;
        b=cKk8xNvobYjxX7nOJufORzSs27Z7zJ0sGz9EINtJbZInQBpkwtgWamUlTJSSVW/vy1
         Z4c6+VWPMb3LAQ4gb7apvcCQ4SFAnA9JbJXD5AZM682AZlOSwqXlYP8gs547mUG3sPzl
         rp5juzD2FnkkgJFY23w4i7Zd49zu28twWtprR04LKH/AhEpGjWc3kes5NRtMqpuEAegK
         LuNTAYgUG89SRIizV4iR9F34Bqf87p4QOtKX3gOOmxO2KwjYp9xiGEKFlAlKi6bPQOvg
         EXcs2dJufenEpqs2gbfFLjA2NxSo2VLEzhnnU7UASzKashd3a4iu8L9jxslV2H3oJqu4
         /oxw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature:dkim-signature;
        bh=UXpjzV5DWrRABNO+vO47pjlZXBhvnc1hWU3ZO34EKqg=;
        fh=UdGv0x6NTzevoH1E6Lm1maGPFcWMQDPafifvkjXUtQs=;
        b=zbWUVCzDP6hhdSEtX9oOKL3ngq4mN5gbaSvxQMo8BfmVEpy9bYvz3bfCQWPG1buMQc
         fGAiHyONzTLtAKmX+GeHx7sPTkmGryV+XQgeewKbZkgXCygiQAJGQKe4VCvxhtj3AKfe
         vg52U5zPZq1bThWht8QDynbMb9hkQL5iP1nuFwhO91vkeGLYA9MwOcSPv7UxdIikCFaG
         uGqa4CdX0C5JOPI5aUq5RFfTnHAGLXqV3Em0HIVj/iw3Y/uqJpn2J3i/Hh8Tk12GWNjh
         mExs1OMMAsm4kMNQdYFvbb6nrcwm/ukMNjIHfhsN8pxpGvojc/I+xUi18sB17Kkcl4Ay
         654w==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=Rx8vmp8Z;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=Rx8vmp8Z;
       arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com);
       spf=pass (google.com: domain of linux-kernel+bounces-167581-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-167581-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Return-Path: <linux-kernel+bounces-167581-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id m62-20020a632641000000b0061b770f5ab1si1978116pgm.849.2024.05.03.04.28.14
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 03 May 2024 04:28:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-167581-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=Rx8vmp8Z;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=Rx8vmp8Z;
       arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com);
       spf=pass (google.com: domain of linux-kernel+bounces-167581-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-167581-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 463E7B220F7
	for <linux.lists.archive@gmail.com>; Fri,  3 May 2024 11:27:55 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 9438E152523;
	Fri,  3 May 2024 11:27:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="Rx8vmp8Z";
	dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="Rx8vmp8Z"
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B69A3152197;
	Fri,  3 May 2024 11:27:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1714735666; cv=none; b=EAVIg5Rukm0oebCHxDapvtugk3xhzCxI9syRD/9tPgxlqw8rRN1rgCBfmBowvPZY3VTv1MB62r0FJr6dVV7bNZIzJ+fqB6epWCNrIJilYlxF88frmNX2AtmOClMLNCTrwdsYzmy7cS4dtPPtjq6jnnbWYGkTmm1IdpvTgLKHaiE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1714735666; c=relaxed/simple;
	bh=sZMYPxJX/4mfiHqJ/Yi9H75a1iIpwoT/ry5Fbko4snQ=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=AVccwHL04nlIBzLRozQzZN7CFAfjb9kuz+kJ+UY4K6DSR4dADFOaxRP4C48BDBaGpivdh0Y54bwD1z3JQcZX1awPRVncnrOVz8OOVaJLSHV6ZR4PWi7tSi2hjS3pVqJh1IdrrjBjkHK5r00ja6slC2Z2o+HY5EzB1esokjwUwbM=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=Rx8vmp8Z; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=Rx8vmp8Z; arc=none smtp.client-ip=195.135.223.130
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id B99F23387A;
	Fri,  3 May 2024 11:27:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1714735662; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=UXpjzV5DWrRABNO+vO47pjlZXBhvnc1hWU3ZO34EKqg=;
	b=Rx8vmp8Zigf3yHzGm1pm9Kmc0A6srYlVYDeWNYIw+gz2cyITTJE9exIDiHErn8Hc6h3ZVf
	TBVOYBBkck1vthjzNSpb170SUsJQUYxiZRJVelC8VbtQtYBiLottbMnvOM2tj5CB5cNnXn
	BJYpuaOQUzp7OBFNN2QiCivdXHFBgRE=
Authentication-Results: smtp-out1.suse.de;
	dkim=pass header.d=suse.com header.s=susede1 header.b=Rx8vmp8Z
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1714735662; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=UXpjzV5DWrRABNO+vO47pjlZXBhvnc1hWU3ZO34EKqg=;
	b=Rx8vmp8Zigf3yHzGm1pm9Kmc0A6srYlVYDeWNYIw+gz2cyITTJE9exIDiHErn8Hc6h3ZVf
	TBVOYBBkck1vthjzNSpb170SUsJQUYxiZRJVelC8VbtQtYBiLottbMnvOM2tj5CB5cNnXn
	BJYpuaOQUzp7OBFNN2QiCivdXHFBgRE=
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 9F2AF139CB;
	Fri,  3 May 2024 11:27:42 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id G6nZIy7KNGZgWQAAD6G6ig
	(envelope-from <mhocko@suse.com>); Fri, 03 May 2024 11:27:42 +0000
Date: Fri, 3 May 2024 13:27:41 +0200
From: Michal Hocko <mhocko@suse.com>
To: Breno Leitao <leitao@debian.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Shakeel Butt <shakeel.butt@linux.dev>,
	Muchun Song <muchun.song@linux.dev>,
	Andrew Morton <akpm@linux-foundation.org>, leit@meta.com,
	"open list:CONTROL GROUP - MEMORY RESOURCE CONTROLLER (MEMCG)" <cgroups@vger.kernel.org>,
	"open list:CONTROL GROUP - MEMORY RESOURCE CONTROLLER (MEMCG)" <linux-mm@kvack.org>,
	open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] memcg: Fix data-race KCSAN bug in rstats
Message-ID: <ZjTKLVjxuUJwwFPg@tiehlicka>
References: <20240424125940.2410718-1-leitao@debian.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240424125940.2410718-1-leitao@debian.org>
X-Spam-Flag: NO
X-Spam-Score: -6.01
X-Rspamd-Action: no action
X-Rspamd-Queue-Id: B99F23387A
X-Spam-Level: 
X-Rspamd-Server: rspamd2.dmz-prg2.suse.org
X-Spamd-Result: default: False [-6.01 / 50.00];
	BAYES_HAM(-3.00)[100.00%];
	DWL_DNSWL_MED(-2.00)[suse.com:dkim];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	MID_RHS_NOT_FQDN(0.50)[];
	R_DKIM_ALLOW(-0.20)[suse.com:s=susede1];
	NEURAL_HAM_SHORT(-0.20)[-1.000];
	MIME_GOOD(-0.10)[text/plain];
	MX_GOOD(-0.01)[];
	DKIM_SIGNED(0.00)[suse.com:s=susede1];
	FUZZY_BLOCKED(0.00)[rspamd.com];
	RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	MIME_TRACE(0.00)[0:+];
	ARC_NA(0.00)[];
	FROM_HAS_DN(0.00)[];
	TO_DN_SOME(0.00)[];
	RCPT_COUNT_SEVEN(0.00)[10];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:106:10:150:64:167:received];
	MISSING_XM_UA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	DKIM_TRACE(0.00)[suse.com:+];
	DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.com:dkim,suse.com:email]

On Wed 24-04-24 05:59:39, Breno Leitao wrote:
> A data-race issue in memcg rstat occurs when two distinct code paths
> access the same 4-byte region concurrently. KCSAN detection triggers the
> following BUG as a result.
> 
> 	BUG: KCSAN: data-race in __count_memcg_events / mem_cgroup_css_rstat_flush
> 
> 	write to 0xffffe8ffff98e300 of 4 bytes by task 5274 on cpu 17:
> 	mem_cgroup_css_rstat_flush (mm/memcontrol.c:5850)
> 	cgroup_rstat_flush_locked (kernel/cgroup/rstat.c:243 (discriminator 7))
> 	cgroup_rstat_flush (./include/linux/spinlock.h:401 kernel/cgroup/rstat.c:278)
> 	mem_cgroup_flush_stats.part.0 (mm/memcontrol.c:767)
> 	memory_numa_stat_show (mm/memcontrol.c:6911)
> <snip>
> 
> 	read to 0xffffe8ffff98e300 of 4 bytes by task 410848 on cpu 27:
> 	__count_memcg_events (mm/memcontrol.c:725 mm/memcontrol.c:962)
> 	count_memcg_event_mm.part.0 (./include/linux/memcontrol.h:1097 ./include/linux/memcontrol.h:1120)
> 	handle_mm_fault (mm/memory.c:5483 mm/memory.c:5622)
> <snip>
> 
> 	value changed: 0x00000029 -> 0x00000000
> 
> The race occurs because two code paths access the same "stats_updates"
> location. Although "stats_updates" is a per-CPU variable, it is remotely
> accessed by another CPU at
> cgroup_rstat_flush_locked()->mem_cgroup_css_rstat_flush(), leading to
> the data race mentioned.
> 
> Considering that memcg_rstat_updated() is in the hot code path, adding
> a lock to protect it may not be desirable, especially since this
> variable pertains solely to statistics.
> 
> Therefore, annotating accesses to stats_updates with READ/WRITE_ONCE()
> can prevent KCSAN splats and potential partial reads/writes.
> 
> Suggested-by: Shakeel Butt <shakeel.butt@linux.dev>
> Signed-off-by: Breno Leitao <leitao@debian.org>

Acked-by: Michal Hocko <mhocko@suse.com>

It is worth mentioning that the race is harmless.

Thanks!

> ---
>  mm/memcontrol.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/mm/memcontrol.c b/mm/memcontrol.c
> index fabce2b50c69..3c99457b36a1 100644
> --- a/mm/memcontrol.c
> +++ b/mm/memcontrol.c
> @@ -715,6 +715,7 @@ static inline void memcg_rstat_updated(struct mem_cgroup *memcg, int val)
>  {
>  	struct memcg_vmstats_percpu *statc;
>  	int cpu = smp_processor_id();
> +	unsigned int stats_updates;
>  
>  	if (!val)
>  		return;
> @@ -722,8 +723,9 @@ static inline void memcg_rstat_updated(struct mem_cgroup *memcg, int val)
>  	cgroup_rstat_updated(memcg->css.cgroup, cpu);
>  	statc = this_cpu_ptr(memcg->vmstats_percpu);
>  	for (; statc; statc = statc->parent) {
> -		statc->stats_updates += abs(val);
> -		if (statc->stats_updates < MEMCG_CHARGE_BATCH)
> +		stats_updates = READ_ONCE(statc->stats_updates) + abs(val);
> +		WRITE_ONCE(statc->stats_updates, stats_updates);
> +		if (stats_updates < MEMCG_CHARGE_BATCH)
>  			continue;
>  
>  		/*
> @@ -731,9 +733,9 @@ static inline void memcg_rstat_updated(struct mem_cgroup *memcg, int val)
>  		 * redundant. Avoid the overhead of the atomic update.
>  		 */
>  		if (!memcg_vmstats_needs_flush(statc->vmstats))
> -			atomic64_add(statc->stats_updates,
> +			atomic64_add(stats_updates,
>  				     &statc->vmstats->stats_updates);
> -		statc->stats_updates = 0;
> +		WRITE_ONCE(statc->stats_updates, 0);
>  	}
>  }
>  
> @@ -5845,7 +5847,7 @@ static void mem_cgroup_css_rstat_flush(struct cgroup_subsys_state *css, int cpu)
>  			}
>  		}
>  	}
> -	statc->stats_updates = 0;
> +	WRITE_ONCE(statc->stats_updates, 0);
>  	/* We are in a per-cpu loop here, only do the atomic write once */
>  	if (atomic64_read(&memcg->vmstats->stats_updates))
>  		atomic64_set(&memcg->vmstats->stats_updates, 0);
> -- 
> 2.43.0
> 

-- 
Michal Hocko
SUSE Labs