[PATCH -next] mm/rmap: annotate a data race at tlb_flush_batched

From: Qian Cai
Date: Tue Feb 11 2020 - 14:54:46 EST

Next message: Ronald TschalÃr: "[PATCH] serdev: Fix detection of UART devices on Apple machines."
Previous message: Vasily Gorbik: "Re: [PATCH] s390/time: Fix clk type in get_tod_clock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

mm->tlb_flush_batched could be accessed concurrently as noticed by
KCSAN,

BUG: KCSAN: data-race in flush_tlb_batched_pending / try_to_unmap_one

write to 0xffff93f754880bd0 of 1 bytes by task 822 on cpu 6:
try_to_unmap_one+0x59a/0x1ab0
set_tlb_ubc_flush_pending at mm/rmap.c:635
(inlined by) try_to_unmap_one at mm/rmap.c:1538
rmap_walk_anon+0x296/0x650
rmap_walk+0xdf/0x100
try_to_unmap+0x18a/0x2f0
shrink_page_list+0xef6/0x2870
shrink_inactive_list+0x316/0x880
shrink_lruvec+0x8dc/0x1380
shrink_node+0x317/0xd80
balance_pgdat+0x652/0xd90
kswapd+0x396/0x8d0
kthread+0x1e0/0x200
ret_from_fork+0x27/0x50

read to 0xffff93f754880bd0 of 1 bytes by task 6364 on cpu 4:
flush_tlb_batched_pending+0x29/0x90
flush_tlb_batched_pending at mm/rmap.c:682
change_p4d_range+0x5dd/0x1030
change_pte_range at mm/mprotect.c:44
(inlined by) change_pmd_range at mm/mprotect.c:212
(inlined by) change_pud_range at mm/mprotect.c:240
(inlined by) change_p4d_range at mm/mprotect.c:260
change_protection+0x222/0x310
change_prot_numa+0x3e/0x60
task_numa_work+0x219/0x350
task_work_run+0xed/0x140
prepare_exit_to_usermode+0x2cc/0x2e0
ret_from_intr+0x32/0x42

Reported by Kernel Concurrency Sanitizer on:
CPU: 4 PID: 6364 Comm: mtest01 Tainted: G W L 5.5.0-next-20200210+ #5
Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019

flush_tlb_batched_pending() is under PTL but the write is not, but
mm->tlb_flush_batched is only a bool type, so the value is unlikely to
be shattered. Thus, mark it as an intentional data race by using the
data race macro.

Signed-off-by: Qian Cai <cai@xxxxxx>
---
mm/rmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/rmap.c b/mm/rmap.c
index b3e381919835..6983f5d5b114 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -679,7 +679,7 @@ static bool should_defer_flush(struct mm_struct *mm, enum ttu_flags flags)
*/
void flush_tlb_batched_pending(struct mm_struct *mm)
{
- if (mm->tlb_flush_batched) {
+ if (data_race(mm->tlb_flush_batched)) {
flush_tlb_mm(mm);

/*
--
1.8.3.1

Next message: Ronald TschalÃr: "[PATCH] serdev: Fix detection of UART devices on Apple machines."
Previous message: Vasily Gorbik: "Re: [PATCH] s390/time: Fix clk type in get_tod_clock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]