From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=wawx=37=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,
	SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1A01CC352A3
	for <linux-mm@archiver.kernel.org>; Tue, 11 Feb 2020 13:24:42 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id CF77C20675
	for <linux-mm@archiver.kernel.org>; Tue, 11 Feb 2020 13:24:41 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=shutemov-name.20150623.gappssmtp.com header.i=@shutemov-name.20150623.gappssmtp.com header.b="SEjkpW4U"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CF77C20675
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=shutemov.name
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 7338A6B02CF; Tue, 11 Feb 2020 08:24:41 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6E59F6B02D1; Tue, 11 Feb 2020 08:24:41 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5AB706B02D2; Tue, 11 Feb 2020 08:24:41 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0156.hostedemail.com [216.40.44.156])
	by kanga.kvack.org (Postfix) with ESMTP id 4339E6B02CF
	for <linux-mm@kvack.org>; Tue, 11 Feb 2020 08:24:41 -0500 (EST)
Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id CB1AF2C8B
	for <linux-mm@kvack.org>; Tue, 11 Feb 2020 13:24:40 +0000 (UTC)
X-FDA: 76477915920.12.bears51_45e3c07a5671f
X-HE-Tag: bears51_45e3c07a5671f
X-Filterd-Recvd-Size: 5724
Received: from mail-lf1-f67.google.com (mail-lf1-f67.google.com [209.85.167.67])
	by imf43.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Tue, 11 Feb 2020 13:24:40 +0000 (UTC)
Received: by mail-lf1-f67.google.com with SMTP id 9so6975235lfq.10
        for <linux-mm@kvack.org>; Tue, 11 Feb 2020 05:24:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=shutemov-name.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:content-transfer-encoding:in-reply-to;
        bh=CzyQ7mq5ghTZ5xEThA6Ei5Juwb2NrNUehuG+dmrZpzc=;
        b=SEjkpW4UWIzqRSvYDXsP/MCzrSB8iaydRpotrd4hRSCFYSLIQljvUtObehx0GhDJOo
         djsrIQm3V4q/onh+FRWn6pRjJIgCw29GCPAiDQB683wNJE536vkGlOSsBLYb+MuzhrZl
         n6icHfoKVg3L6CN4R+n1Ee47GcK79QbthOkTutb0slayCzIkDphEI26o70aj3/SYVvS4
         ofHpZzy2C9NTqQW9fUeR753Vraoy+RSEoa68MxhhJBH7nZOp4bzvUFUcNewkqFfe7OuG
         VbIKiXKKHpZBnIsJKMbChEa2QFEY95Lor99Ip20UwCSwd49bq1yCaAYDcbDeq78gf3TE
         YK4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:content-transfer-encoding
         :in-reply-to;
        bh=CzyQ7mq5ghTZ5xEThA6Ei5Juwb2NrNUehuG+dmrZpzc=;
        b=VKLRuV2leHjqpyxzM382qkEcBc98GeUIBsxSoULuilDXU87YYYlQWj8/GzeqB/RlaU
         ICcD9bWgQkAwQJYbT4tx+1Oqj8un9bU9xYt8kz0f2fCq65SYwL2phuc49tHo8L01GJk3
         a/vc+oR3xnH9+H6Lhko+XMPL/2DqLFQYeZwWX4T/fycTjor6/yKYCeliSTiwcZBJzePQ
         wnbHUAt+bEyJXMz2CbqBHiChBtulWbBnx23bbPNPyDVBRIRRQD+oxGc4qZLsz5h62JJk
         Xl0CoTyuBu4VLq72fyikF5t/MtXR8ITaMlkiCKIk3aiD7jVRjgUUKRx9FMl7Z8gSLDsQ
         s90Q==
X-Gm-Message-State: APjAAAWHKG9j9ltWh+cRD/3cIpnu/ZerSWmjePWLZVEUV+em4M3ito1D
	FrMK4IpewRcXCJOQ6DVv/lLedQ==
X-Google-Smtp-Source: APXvYqxlKj3CQFqFaZuwztEevYydMW5Fb8mKtS0DRyHpzvNf53lkneGX+jdyLqQQXslCCEjTI2Uggg==
X-Received: by 2002:a19:550d:: with SMTP id n13mr3695093lfe.48.1581427479014;
        Tue, 11 Feb 2020 05:24:39 -0800 (PST)
Received: from box.localdomain ([86.57.175.117])
        by smtp.gmail.com with ESMTPSA id f8sm1813962lfc.22.2020.02.11.05.24.38
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 11 Feb 2020 05:24:38 -0800 (PST)
Received: by box.localdomain (Postfix, from userid 1000)
	id 46EEC100AFB; Tue, 11 Feb 2020 16:24:57 +0300 (+03)
Date: Tue, 11 Feb 2020 16:24:57 +0300
From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: Qian Cai <cai@lca.pw>
Cc: Matthew Wilcox <willy@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Marco Elver <elver@google.com>,
	Linux Memory Management List <linux-mm@kvack.org>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] mm/filemap: fix a data race in filemap_fault()
Message-ID: <20200211132457.uhkbh6hyljry4zpo@box>
References: <20200211030134.1847-1-cai@lca.pw>
 <20200211034900.GQ8731@bombadil.infradead.org>
 <2EFC8936-4569-418F-82EC-6F7868BEEAE2@lca.pw>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <2EFC8936-4569-418F-82EC-6F7868BEEAE2@lca.pw>
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Feb 10, 2020 at 10:55:45PM -0500, Qian Cai wrote:
>=20
>=20
> > On Feb 10, 2020, at 10:49 PM, Matthew Wilcox <willy@infradead.org> wr=
ote:
> >=20
> > On Mon, Feb 10, 2020 at 10:01:34PM -0500, Qian Cai wrote:
> >> struct file_ra_state ra.mmap_miss could be accessed concurrently dur=
ing
> >> page faults as noticed by KCSAN,
> >>=20
> >> BUG: KCSAN: data-race in filemap_fault / filemap_map_pages
> >>=20
> >> write to 0xffff9b1700a2c1b4 of 4 bytes by task 3292 on cpu 30:
> >>  filemap_fault+0x920/0xfc0
> >>  do_sync_mmap_readahead at mm/filemap.c:2384
> >>  (inlined by) filemap_fault at mm/filemap.c:2486
> >>  __xfs_filemap_fault+0x112/0x3e0 [xfs]
> >>  xfs_filemap_fault+0x74/0x90 [xfs]
> >>  __do_fault+0x9e/0x220
> >>  do_fault+0x4a0/0x920
> >>  __handle_mm_fault+0xc69/0xd00
> >>  handle_mm_fault+0xfc/0x2f0
> >>  do_page_fault+0x263/0x6f9
> >>  page_fault+0x34/0x40
> >>=20
> >> read to 0xffff9b1700a2c1b4 of 4 bytes by task 3313 on cpu 32:
> >>  filemap_map_pages+0xc2e/0xd80
> >>  filemap_map_pages at mm/filemap.c:2625
> >>  do_fault+0x3da/0x920
> >>  __handle_mm_fault+0xc69/0xd00
> >>  handle_mm_fault+0xfc/0x2f0
> >>  do_page_fault+0x263/0x6f9
> >>  page_fault+0x34/0x40
> >>=20
> >> Reported by Kernel Concurrency Sanitizer on:
> >> CPU: 32 PID: 3313 Comm: systemd-udevd Tainted: G        W    L 5.5.0=
-next-20200210+ #1
> >> Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A=
40 07/10/2019
> >>=20
> >> ra.mmap_miss is used to contribute the readahead decisions, a data r=
ace
> >> could be undesirable. Both the read and write is only under
> >> non-exclusive mmap_sem, two concurrent writers could even overflow t=
he
> >> counter. Fixing the underflow by writing to a local variable before
> >> committing a final store to ra.mmap_miss given a small inaccuracy of=
 the
> >> counter should be acceptable.
> >>=20
> >> Suggested-by: Kirill A. Shutemov <kirill@shutemov.name>
> >> Signed-off-by: Qian Cai <cai@lca.pw>
> >=20
> > That's more than Suggested-by.  The correct way to submit this patch =
is:
> >=20
> > From: Kirill A. Shutemov <kirill@shutemov.name>
> > (at the top of the patch, so it gets credited to Kirill)
>=20
> Sure, if Kirill is going to provide his Signed-off-by in the first plac=
e, I=E2=80=99ll be happy to
> submit it on his behalf.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>

--=20
 Kirill A. Shutemov