Re: [PATCH] mm/page_counter: fix various data races

Marco Elver <elver@xxxxxxxxxx> · Wed, 29 Jan 2020 13:21:49 +0100

On Wed, 29 Jan 2020 at 13:13, Tetsuo Handa
<penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On 2020/01/29 21:03, Michal Hocko wrote:
> >> Fixes: 3e32cb2e0a12 ("mm: memcontrol: lockless page counters")
> >> Signed-off-by: Qian Cai <cai@xxxxxx>
> >
> > Acked-by: Michal Hocko <mhocko@xxxxxxxx>
>
> Please include
>
> Reported-by: syzbot+f36cfe60b1006a94f9dc@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> for https://syzkaller.appspot.com/bug?id=744097b8b91cecd8b035a6f746bb12e4efc7669f .
>
> By the way, can READ_ONCE()/WRITE_ONCE() really solve this warning?
> The link above says read/write on the same location ( mm/page_counter.c:129 ).
> I don't know how READ_ONCE()/WRITE_ONCE() can solve the race.

It avoids the *data* race, with *_ONCE telling the compiler to not
optimize the accesses in concurrency-unfriendly ways.  Since *_ONCE is
used, it conveys clear intent that the code here is meant to be
concurrent, and KCSAN stops complaining (and assumes that the *logic*
is correct).

The race itself is still there, but as per comment in the file,
apparently fine and not a logic bug.

> >
> >> ---
> >>  mm/page_counter.c | 8 ++++----
> >>  1 file changed, 4 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/mm/page_counter.c b/mm/page_counter.c
> >> index de31470655f6..a17841150906 100644
> >> --- a/mm/page_counter.c
> >> +++ b/mm/page_counter.c
> >> @@ -82,8 +82,8 @@ void page_counter_charge(struct page_counter *counter, unsigned long nr_pages)
> >>               * This is indeed racy, but we can live with some
> >>               * inaccuracy in the watermark.
> >>               */
> >> -            if (new > c->watermark)
> >> -                    c->watermark = new;
> >> +            if (new > READ_ONCE(c->watermark))
> >> +                    WRITE_ONCE(c->watermark, new);
> >>      }
> >>  }
> >>
> >> @@ -135,8 +135,8 @@ bool page_counter_try_charge(struct page_counter *counter,
> >>               * Just like with failcnt, we can live with some
> >>               * inaccuracy in the watermark.
> >>               */
> >> -            if (new > c->watermark)
> >> -                    c->watermark = new;
> >> +            if (new > READ_ONCE(c->watermark))
> >> +                    WRITE_ONCE(c->watermark, new);
> >>      }
> >>      return true;
> >>
> >> --
> >> 2.21.0 (Apple Git-122.2)
> >
>