• Kirill A. Shutemov's avatar
    mm/filemap.c: fix a data race in filemap_fault() · e630bfac
    Kirill A. Shutemov authored
    struct file_ra_state ra.mmap_miss could be accessed concurrently during
    page faults as noticed by KCSAN,
    
     BUG: KCSAN: data-race in filemap_fault / filemap_map_pages
    
     write to 0xffff9b1700a2c1b4 of 4 bytes by task 3292 on cpu 30:
      filemap_fault+0x920/0xfc0
      do_sync_mmap_readahead at mm/filemap.c:2384
      (inlined by) filemap_fault at mm/filemap.c:2486
      __xfs_filemap_fault+0x112/0x3e0 [xfs]
      xfs_filemap_fault+0x74/0x90 [xfs]
      __do_fault+0x9e/0x220
      do_fault+0x4a0/0x920
      __handle_mm_fault+0xc69/0xd00
      handle_mm_fault+0xfc/0x2f0
      do_page_fault+0x263/0x6f9
      page_fault+0x34/0x40
    
     read to 0xffff9b1700a2c1b4 of 4 bytes by task 3313 on cpu 32:
      filemap_map_pages+0xc2e/0xd80
      filemap_map_pages at mm/filemap.c:2625
      do_fault+0x3da/0x920
      __handle_mm_fault+0xc69/0xd00
      handle_mm_fault+0xfc/0x2f0
      do_page_fault+0x263/0x6f9
      page_fault+0x34/0x40
    
     Reported by Kernel Concurrency Sanitizer on:
     CPU: 32 PID: 3313 Comm: systemd-udevd Tainted: G        W    L 5.5.0-next-20200210+ #1
     Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019
    
    ra.mmap_miss is used to contribute the readahead decisions, a data race
    could be undesirable.  Both the read and write is only under non-exclusive
    mmap_sem, two concurrent writers could even underflow the counter.  Fix
    the underflow by writing to a local variable before committing a final
    store to ra.mmap_miss given a small inaccuracy of the counter should be
    acceptable.
    Signed-off-by: default avatarKirill A. Shutemov <kirill@shutemov.name>
    Signed-off-by: default avatarQian Cai <cai@lca.pw>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Tested-by: default avatarQian Cai <cai@lca.pw>
    Reviewed-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
    Cc: Marco Elver <elver@google.com>
    Link: http://lkml.kernel.org/r/20200211030134.1847-1-cai@lca.pwSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    e630bfac
filemap.c 99.7 KB