From: Andrew Morton <akpm@linux-foundation.org>
To: akpm@linux-foundation.org, cai@lca.pw, elver@google.com,
konrad.wilk@oracle.com, linux-mm@kvack.org,
mm-commits@vger.kernel.org, torvalds@linux-foundation.org
Subject: [patch 28/39] mm/list_lru: fix a data race in list_lru_count_one
Date: Fri, 14 Aug 2020 17:31:41 -0700 [thread overview]
Message-ID: <20200815003141.4hj3fazIS%akpm@linux-foundation.org> (raw)
In-Reply-To: <20200814172939.55d6d80b6e21e4241f1ee1f3@linux-foundation.org>
From: Qian Cai <cai@lca.pw>
Subject: mm/list_lru: fix a data race in list_lru_count_one
struct list_lru_one l.nr_items could be accessed concurrently as noticed
by KCSAN,
BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move
write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39:
list_lru_isolate_move+0xf9/0x130
list_lru_isolate_move at mm/list_lru.c:180
inode_lru_isolate+0x12b/0x2a0
__list_lru_walk_one+0x122/0x3d0
list_lru_walk_one+0x75/0xa0
prune_icache_sb+0x8b/0xc0
super_cache_scan+0x1b8/0x250
do_shrink_slab+0x256/0x6d0
shrink_slab+0x41b/0x4a0
shrink_node+0x35c/0xd80
balance_pgdat+0x652/0xd90
kswapd+0x396/0x8d0
kthread+0x1e0/0x200
ret_from_fork+0x27/0x50
read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56:
list_lru_count_one+0x116/0x2f0
list_lru_count_one at mm/list_lru.c:193
super_cache_count+0xe8/0x170
do_shrink_slab+0x95/0x6d0
shrink_slab+0x41b/0x4a0
shrink_node+0x35c/0xd80
do_try_to_free_pages+0x1f7/0xa10
try_to_free_pages+0x26c/0x5e0
__alloc_pages_slowpath+0x458/0x1290
__alloc_pages_nodemask+0x3bb/0x450
alloc_pages_vma+0x8a/0x2c0
do_anonymous_page+0x170/0x700
__handle_mm_fault+0xc9f/0xd00
handle_mm_fault+0xfc/0x2f0
do_page_fault+0x263/0x6f9
page_fault+0x34/0x40
Reported by Kernel Concurrency Sanitizer on:
CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4
Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019
A shattered l.nr_items could affect the shrinker behaviour due to a data
race. Fix it by adding READ_ONCE() for the read. Since the writes are
aligned and up to word-size, assume those are safe from data races to
avoid readability issues of writing WRITE_ONCE(var, var + val).
Link: http://lkml.kernel.org/r/1581114679-5488-1-git-send-email-cai@lca.pw
Signed-off-by: Qian Cai <cai@lca.pw>
Cc: Marco Elver <elver@google.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
mm/list_lru.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/list_lru.c~mm-list_lru-fix-a-data-race-in-list_lru_count_one
+++ a/mm/list_lru.c
@@ -180,7 +180,7 @@ unsigned long list_lru_count_one(struct
rcu_read_lock();
l = list_lru_from_memcg_idx(nlru, memcg_cache_id(memcg));
- count = l->nr_items;
+ count = READ_ONCE(l->nr_items);
rcu_read_unlock();
return count;
_
next prev parent reply other threads:[~2020-08-15 22:11 UTC|newest]
Thread overview: 152+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-15 0:29 incoming Andrew Morton
2020-08-15 0:30 ` [patch 01/39] asm-generic: pgalloc.h: use correct #ifdef to enable pud_alloc_one() Andrew Morton
2020-08-15 0:30 ` [patch 02/39] Revert "mm/vmstat.c: do not show lowmem reserve protection information of empty zone" Andrew Morton
2020-08-15 0:30 ` [patch 03/39] lz4: fix kernel decompression speed Andrew Morton
2020-08-15 0:30 ` [patch 04/39] exec: restore EACCES of S_ISDIR execve() Andrew Morton
2020-08-15 0:30 ` [patch 05/39] selftests/exec: add file type errno tests Andrew Morton
2020-08-15 0:30 ` [patch 06/39] mailmap: add entry for Greg Kurz Andrew Morton
2020-08-15 0:30 ` [patch 07/39] mm: store compound_nr as well as compound_order Andrew Morton
2020-08-15 0:30 ` [patch 08/39] mm: move page-flags include to top of file Andrew Morton
2020-08-15 0:30 ` [patch 09/39] mm: add thp_order Andrew Morton
2020-08-15 0:30 ` [patch 10/39] mm: add thp_size Andrew Morton
2020-08-15 0:30 ` [patch 11/39] mm: replace hpage_nr_pages with thp_nr_pages Andrew Morton
2020-08-15 0:30 ` [patch 12/39] mm: add thp_head Andrew Morton
2020-08-15 0:30 ` [patch 13/39] mm: introduce offset_in_thp Andrew Morton
2020-08-15 0:30 ` [patch 14/39] fs: autofs: delete repeated words in comments Andrew Morton
2020-08-15 0:30 ` [patch 15/39] mm/madvise: pass task and mm to do_madvise Andrew Morton
2020-08-15 0:30 ` [patch 16/39] pid: move pidfd_get_pid() to pid.c Andrew Morton
2020-08-15 0:30 ` [patch 17/39] mm/madvise: introduce process_madvise() syscall: an external memory hinting API Andrew Morton
2020-08-16 8:12 ` Christian Brauner
2020-08-17 15:10 ` Minchan Kim
2020-08-15 0:31 ` [patch 18/39] mm/madvise: check fatal signal pending of target process Andrew Morton
2020-08-15 2:53 ` Linus Torvalds
2020-08-15 2:53 ` Linus Torvalds
2020-08-15 4:59 ` Minchan Kim
2020-08-15 14:57 ` Linus Torvalds
2020-08-15 14:57 ` Linus Torvalds
2020-08-15 18:34 ` Minchan Kim
2020-08-16 1:43 ` Linus Torvalds
2020-08-16 1:43 ` Linus Torvalds
2020-08-16 5:58 ` Minchan Kim
2020-08-15 0:31 ` [patch 19/39] all arch: remove system call sys_sysctl Andrew Morton
2020-08-15 0:31 ` [patch 20/39] mm/kmemleak: silence KCSAN splats in checksum Andrew Morton
2020-08-15 0:31 ` [patch 21/39] mm/frontswap: mark various intentional data races Andrew Morton
2020-08-15 0:31 ` [patch 22/39] mm/page_io: " Andrew Morton
2020-08-15 0:31 ` [patch 23/39] mm/swap_state: " Andrew Morton
2020-08-15 0:31 ` [patch 24/39] mm/filemap.c: fix a data race in filemap_fault() Andrew Morton
2020-08-15 0:31 ` [patch 25/39] mm/swapfile: fix and annotate various data races Andrew Morton
2020-08-15 0:31 ` [patch 26/39] mm/page_counter: fix various data races at memsw Andrew Morton
2020-08-15 0:31 ` [patch 27/39] mm/memcontrol: fix a data race in scan count Andrew Morton
2020-08-15 0:31 ` Andrew Morton [this message]
2020-08-15 0:31 ` [patch 29/39] mm/mempool: fix a data race in mempool_free() Andrew Morton
2020-08-15 0:31 ` [patch 30/39] mm/rmap: annotate a data race at tlb_flush_batched Andrew Morton
2020-08-15 0:31 ` [patch 31/39] mm/swap.c: annotate data races for lru_rotate_pvecs Andrew Morton
2020-08-15 0:31 ` [patch 32/39] mm: annotate a data race in page_zonenum() Andrew Morton
2020-08-15 0:31 ` [patch 33/39] include/asm-generic/vmlinux.lds.h: align ro_after_init Andrew Morton
2020-08-15 0:32 ` [patch 34/39] sh: clkfwk: remove r8/r16/r32 Andrew Morton
2020-08-15 0:32 ` [patch 35/39] sh: use generic strncpy() Andrew Morton
2020-08-15 0:32 ` [patch 36/39] iomap: constify ioreadX() iomem argument (as in generic implementation) Andrew Morton
2020-08-15 0:32 ` [patch 37/39] rtl818x: " Andrew Morton
2020-08-15 0:32 ` [patch 38/39] ntb: intel: " Andrew Morton
2020-08-15 0:32 ` [patch 39/39] virtio: pci: " Andrew Morton
2020-08-18 23:03 ` + mailmap-add-andi-kleen.patch added to -mm tree Andrew Morton
2020-08-18 23:05 ` + mm-account-pmd-tables-like-pte-tables.patch " Andrew Morton
2020-08-18 23:09 ` + mm-remove-activate_page-from-unuse_pte.patch " Andrew Morton
2020-08-18 23:09 ` + mm-remove-superfluous-__clearpageactive.patch " Andrew Morton
2020-08-18 23:09 ` + mm-remove-superfluous-__clearpagewaiters.patch " Andrew Morton
2020-08-18 23:49 ` + mm-madvise-introduce-process_madvise-syscall-an-external-memory-hinting-api-fix.patch " Andrew Morton
2020-08-18 23:50 ` + mm-slab-remove-duplicate-include.patch " Andrew Morton
2020-08-18 23:53 ` + mm-memory-fix-typo-in-__do_fault-comment.patch " Andrew Morton
2020-08-18 23:56 ` + proc-add-struct-mount-struct-super_block-addr-in-lx-mounts-command.patch " Andrew Morton
2020-08-18 23:56 ` + tasks-add-headers-and-improve-spacing-format.patch " Andrew Morton
2020-08-18 23:57 ` + mm-memoryc-replace-vmf-vma-with-variable-vma.patch " Andrew Morton
2020-08-19 1:30 ` + mm-page_reporting-drop-stale-list-head-check-in-page_reporting_cycle.patch " Andrew Morton
2020-08-19 1:31 ` + checkpatch-add-kconfig-prefix.patch " Andrew Morton
2020-08-19 1:32 ` + mm-memory-failure-do-pgoff-calculation-before-for_each_process.patch " Andrew Morton
2020-08-19 1:41 ` + hugetlb_cgroup-convert-comma-to-semicolon.patch " Andrew Morton
2020-08-19 1:42 ` + checkpatch-move-repeated-word-test.patch " Andrew Morton
2020-08-19 1:55 ` + mmap-locking-api-add-mmap_lock_is_contended.patch " Andrew Morton
2020-08-19 1:55 ` + mm-smaps-extend-smap_gather_stats-to-support-specified-beginning.patch " Andrew Morton
2020-08-19 1:55 ` + mm-proc-smaps_rollup-do-not-stall-write-attempts-on-mmap_lock.patch " Andrew Morton
2020-08-19 2:18 ` + romfs-fix-uninitialized-memory-leak-in-romfs_dev_read.patch " Andrew Morton
2020-08-19 2:23 ` + mm-util-update-the-kerneldoc-for-kstrdup_const.patch " Andrew Morton
2020-08-19 2:39 ` + kernel-relayc-fix-memleak-on-destroy-relay-channel.patch " Andrew Morton
2020-08-19 2:44 ` + device-dax-fix-mismatches-of-request_mem_region.patch " Andrew Morton
2020-08-19 2:49 ` + uprobes-__replace_page-avoid-bug-in-munlock_vma_page.patch " Andrew Morton
2020-08-19 2:55 ` + mm-page_alloc-tweak-comments-in-has_unmovable_pages.patch " Andrew Morton
2020-08-19 2:55 ` + mm-page_isolation-exit-early-when-pageblock-is-isolated-in-set_migratetype_isolate.patch " Andrew Morton
2020-08-19 2:55 ` + mm-page_isolation-drop-warn_on_once-in-set_migratetype_isolate.patch " Andrew Morton
2020-08-19 2:55 ` + mm-page_isolation-cleanup-set_migratetype_isolate.patch " Andrew Morton
2020-08-19 2:55 ` + virtio-mem-dont-special-case-zone_movable.patch " Andrew Morton
2020-08-19 2:55 ` + mm-document-semantics-of-zone_movable.patch " Andrew Morton
2020-08-19 3:09 ` + mm-gup_benchmark-use-pin_user_pages-for-foll_longterm-flag.patch " Andrew Morton
2020-08-19 3:13 ` + squashfs-avoid-bio_alloc-failure-with-1mbyte-blocks.patch " Andrew Morton
2020-08-19 3:19 ` + mm-include-cma-pages-in-lowmem_reserve-at-boot.patch " Andrew Morton
2020-08-19 3:21 ` + mm-dmapoolc-replace-open-coded-list_for_each_entry_safe.patch " Andrew Morton
2020-08-19 3:21 ` + mm-dmapoolc-replace-hard-coded-function-name-with-__func__.patch " Andrew Morton
2020-08-19 3:27 ` + mm-slub-branch-optimization-in-free-slowpath.patch " Andrew Morton
2020-08-19 3:39 ` [to-be-updated] mm-page_alloc-keep-memoryless-cpuless-node-0-offline.patch removed from " Andrew Morton
2020-08-19 3:39 ` [to-be-updated] powerpc-numa-set-numa_node-for-all-possible-cpus.patch " Andrew Morton
2020-08-19 3:39 ` [to-be-updated] powerpc-numa-prefer-node-id-queried-from-vphn.patch " Andrew Morton
2020-08-19 3:50 ` + mm-memcg-warning-on-memcg-after-readahead-page-charged.patch added to " Andrew Morton
2020-08-19 3:50 ` + mm-memcg-remove-useless-check-on-page-mem_cgroup.patch " Andrew Morton
2020-08-19 3:50 ` + mm-thp-move-lru_add_page_tail-func-to-huge_memoryc.patch " Andrew Morton
2020-08-19 3:50 ` + mm-thp-clean-up-lru_add_page_tail.patch " Andrew Morton
2020-08-19 3:50 ` + mm-thp-remove-code-path-which-never-got-into.patch " Andrew Morton
2020-08-19 3:50 ` + mm-thp-narrow-lru-locking.patch " Andrew Morton
2020-08-19 3:56 ` + mm-slub-fix-missing-alloc_slowpath-stat-when-bulk-alloc.patch " Andrew Morton
2020-08-19 17:20 ` + mm-mmap-add-inline-munmap_vma_range-for-code-readability.patch " Andrew Morton
2020-08-19 17:20 ` + mm-mmap-add-inline-vma_next-for-readability-of-mmap-code.patch " Andrew Morton
2020-08-19 17:47 ` + mm-gup-dont-permit-users-to-call-get_user_pages-with-foll_longterm.patch " Andrew Morton
2020-08-19 18:20 ` + mm-memory_hotplug-inline-__offline_pages-into-offline_pages.patch " Andrew Morton
2020-08-19 18:20 ` + mm-memory_hotplug-enforce-section-granularity-when-onlining-offlining.patch " Andrew Morton
2020-08-19 18:20 ` + mm-memory_hotplug-simplify-page-offlining.patch " Andrew Morton
2020-08-19 18:20 ` + mm-page_alloc-simplify-__offline_isolated_pages.patch " Andrew Morton
2020-08-19 18:20 ` + mm-memory_hotplug-drop-nr_isolate_pageblock-in-offline_pages.patch " Andrew Morton
2020-08-19 18:20 ` + mm-page_isolation-simplify-return-value-of-start_isolate_page_range.patch " Andrew Morton
2020-08-19 18:20 ` + mm-memory_hotplug-simplify-page-onlining.patch " Andrew Morton
2020-08-19 18:20 ` + mm-page_alloc-drop-stale-pageblock-comment-in-memmap_init_zone.patch " Andrew Morton
2020-08-19 18:21 ` + mm-pass-migratetype-into-memmap_init_zone-and-move_pfn_range_to_zone.patch " Andrew Morton
2020-08-19 18:21 ` + mm-memory_hotplug-mark-pageblocks-migrate_isolate-while-onlining-memory.patch " Andrew Morton
2020-08-19 18:31 ` + mm-migrate-avoid-possible-unnecessary-process-right-check-in-kernel_move_pages.patch " Andrew Morton
2020-08-19 18:34 ` + mm-fix-missing-function-declaration.patch " Andrew Morton
2020-08-19 18:36 ` + ia64-fix-build-error-with-coredump.patch " Andrew Morton
2020-08-19 19:01 ` + mm-debug-do-not-dereference-i_ino-blindly.patch " Andrew Morton
2020-08-19 19:02 ` + mm-highmem-clean-up-endif-comments.patch " Andrew Morton
2020-08-19 19:27 ` + kvm-ppc-book3s-hv-simplify-kvm_cma_reserve.patch " Andrew Morton
2020-08-19 19:27 ` + dma-contiguous-simplify-cma_early_percent_memory.patch " Andrew Morton
2020-08-19 19:27 ` + arm-xtensa-simplify-initialization-of-high-memory-pages.patch " Andrew Morton
2020-08-19 19:27 ` + arm64-numa-simplify-dummy_numa_init.patch " Andrew Morton
2020-08-19 19:27 ` + h8300-nds32-openrisc-simplify-detection-of-memory-extents.patch " Andrew Morton
2020-08-19 19:27 ` + riscv-drop-unneeded-node-initialization.patch " Andrew Morton
2020-08-19 19:27 ` + mircoblaze-drop-unneeded-numa-and-sparsemem-initializations.patch " Andrew Morton
2020-08-19 19:27 ` + memblock-make-for_each_memblock_type-iterator-private.patch " Andrew Morton
2020-08-19 19:27 ` + memblock-make-memblock_debug-and-related-functionality-private.patch " Andrew Morton
2020-08-19 19:27 ` + memblock-make-memblock_debug-and-related-functionality-private-fix.patch " Andrew Morton
2020-08-19 19:27 ` + memblock-reduce-number-of-parameters-in-for_each_mem_range.patch " Andrew Morton
2020-08-19 19:27 ` + arch-mm-replace-for_each_memblock-with-for_each_mem_pfn_range.patch " Andrew Morton
2020-08-19 19:27 ` + arch-drivers-replace-for_each_membock-with-for_each_mem_range.patch " Andrew Morton
2020-08-19 19:28 ` + x86-setup-simplify-initrd-relocation-and-reservation.patch " Andrew Morton
2020-08-19 19:28 ` + x86-setup-simplify-reserve_crashkernel.patch " Andrew Morton
2020-08-19 19:28 ` + memblock-remove-unused-memblock_mem_size.patch " Andrew Morton
2020-08-19 19:28 ` + memblock-implement-for_each_reserved_mem_region-using-__next_mem_region.patch " Andrew Morton
2020-08-19 19:28 ` + memblock-use-separate-iterators-for-memory-and-reserved-regions.patch " Andrew Morton
2020-08-19 19:31 ` + fs-ocfs2-delete-repeated-words-in-comments.patch " Andrew Morton
2020-08-19 19:32 ` + fs-configfs-delete-repeated-words-in-comments.patch " Andrew Morton
2020-08-19 19:37 ` + mm-slub-make-add_full-condition-more-explicit.patch " Andrew Morton
2020-08-19 19:39 ` + memremap-convert-devmap-static-branch-to-incdec.patch " Andrew Morton
2020-08-19 19:53 ` + scripts-tagssh-exclude-tools-directory-from-tags-generation.patch " Andrew Morton
2020-08-19 19:54 ` + docs-vm-fix-mm_count-vs-mm_users-counter-confusion.patch " Andrew Morton
2020-08-19 20:08 ` + mm-thp-swap-fix-allocating-cluster-for-swapfile-by-mistake.patch " Andrew Morton
2020-08-19 20:14 ` + mm-mmap-rename-__vma_unlink_common-to-__vma_unlink.patch " Andrew Morton
2020-08-19 20:14 ` + mm-mmap-leverage-vma_rb_erase_ignore-to-implement-vma_rb_erase.patch " Andrew Morton
2020-08-19 20:19 ` + mm-slub-re-initialize-randomized-freelist-sequence-in-calculate_sizes.patch " Andrew Morton
2020-08-19 20:32 ` + mm-dump_page-rename-head_mapcount-head_compound_mapcount.patch " Andrew Morton
2020-08-19 20:35 ` + bitops-simplify-get_count_order_long.patch " Andrew Morton
2020-08-19 20:35 ` + bitops-use-the-same-mechanism-for-get_count_order.patch " Andrew Morton
2020-08-19 21:14 ` + panic-dump-registers-on-panic_on_warn.patch " Andrew Morton
2020-08-19 21:29 ` + mm-slub-re-initialize-randomized-freelist-sequence-in-calculate_sizes-fix.patch " Andrew Morton
2020-08-19 21:31 ` + checkpatch-add-test-for-comma-use-that-should-be-semicolon.patch " Andrew Morton
2020-08-19 21:43 ` + mm-memcontrol-use-flex_array_size-helper-in-memcpy.patch " Andrew Morton
2020-08-19 21:43 ` + mm-memcontrol-use-the-preferred-form-for-passing-the-size-of-a-structure-type.patch " Andrew Morton
2020-08-19 23:09 ` mmotm 2020-08-19-16-09 uploaded Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200815003141.4hj3fazIS%akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=cai@lca.pw \
--cc=elver@google.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mm-commits@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.