All of lore.kernel.org
 help / color / mirror / Atom feed
From: Hao Ge <hao.ge@linux.dev>
To: sashiko-reviews@lists.linux.dev, Brendan Jackman <jackmanb@google.com>
Cc: linux-kernel@vger.kernel.org, linux-rt-devel@lists.linux.dev,
	Andrew Morton <akpm@linux-foundation.org>,
	Suren Baghdasaryan <surenb@google.com>
Subject: Re: [PATCH v3 15/16] mm: replace __GFP_NO_CODETAG with ALLOC_NO_CODETAG
Date: Tue, 30 Jun 2026 12:34:14 +0800	[thread overview]
Message-ID: <7a53b311-92f8-4058-bd92-73b4e64a96d7@linux.dev> (raw)
In-Reply-To: <20260629155637.A59241F000E9@smtp.kernel.org>


CC Andrew and Suren


On 2026/6/29 23:56, sashiko-bot@kernel.org wrote:
> Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
>
> New issues:
> - [Low] The fallback `#else` definition of `pgalloc_tag_add` was not updated to accept `unsigned int alloc_flags`.
>
> Pre-existing issues:
> - [Critical] TOCTOU race in `__alloc_tag_add_early_pfn` leading to an out-of-bounds array write.
> --
>
> commit ccee7f6d4bcf9d00da38c878e97dd852c5e649b3
> Author: Brendan Jackman <jackmanb@google.com>
>
> mm: replace __GFP_NO_CODETAG with ALLOC_NO_CODETAG
>
> This commit replaces the mm-internal __GFP_NO_CODETAG flag with a
> new alloc_flags bit, ALLOC_NO_CODETAG. It plumbs alloc_flags through
> several allocator functions to allow passing this flag directly to the
> alloc_tag code.
>
>> diff --git a/mm/alloc_tag.c b/mm/alloc_tag.c
>> index d9be1cf5187d9..a32a94e759b94 100644
>> --- a/mm/alloc_tag.c
>> +++ b/mm/alloc_tag.c
> [ ... ]
>> @@ -806,7 +795,8 @@ static void __init __alloc_tag_add_early_pfn(unsigned long pfn)
>>   	do {
>>   		pool = READ_ONCE(current_pfn_pool);
>>   		if (!pool || atomic_read(&pool->count) >= PFN_POOL_SIZE) {
>> -			struct page *new_page = alloc_page(__GFP_HIGH | __GFP_NO_CODETAG);
>> +			struct page *new_page = __alloc_pages(__GFP_HIGH, 0, numa_mem_id(),
>> +							      NULL, ALLOC_NO_CODETAG);
>>   			struct pfn_pool *new;
> [Severity: Critical]
> This is a pre-existing issue, but is there a time-of-check to time-of-use
> race condition here?
>
> If multiple CPUs are active during the deferred init window, could they
> concurrently observe the same remaining capacity?
>
> CPU1:
>      if (!pool || atomic_read(&pool->count) >= PFN_POOL_SIZE)
>
> CPU2:
>      if (!pool || atomic_read(&pool->count) >= PFN_POOL_SIZE)
>
> If both see 1 remaining slot, won't they both proceed to call
> atomic_fetch_add() on the pool counter further down in this function?
> This could cause an out-of-bounds array write at pool->pfns[PFN_POOL_SIZE].


It's interesting.

I didn't get this warning from Sashiko when I submitted the patch earlier,

I'm not sure what changed on its end to trigger it now.

No worries though, unless I've overlooked some detail,

I believe this is a false positive


Even if both CPUs see 1 remaining slot and both skip the pool-growing 
branch,

they still have to go through atomic_cmpxchg to actually claim it.

static void __init __alloc_tag_add_early_pfn(unsigned long pfn)
{
     struct pfn_pool *pool;
     int idx;

     do {
         pool = READ_ONCE(current_pfn_pool);
         if (!pool || atomic_read(&pool->count) >= PFN_POOL_SIZE) {
         .........
         }
         idx = atomic_read(&pool->count);
         if (idx >= PFN_POOL_SIZE)
             continue;
         if (atomic_cmpxchg(&pool->count, idx, idx + 1) == idx)
             break;
     } while (1);

     pool->pfns[idx] = pfn;
}


Only one wins, the other gets a CAS failure and loops back.

There's no path where both write to pfns[PFN_POOL_SIZE].


Given that, I think we can ignore this Sashiko report and

move forward with Brendan's patch.


Thanks

Best Regards

Hao


> [ ... ]
>> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
>> index 026f33f217036..803b32e5a5e47 100644
>> --- a/mm/page_alloc.c
>> +++ b/mm/page_alloc.c
> [ ... ]
>> @@ -1263,17 +1263,17 @@ void __pgalloc_tag_add(struct page *page, struct task_struct *task,
>>   		alloc_tag_add_early_pfn(page_to_pfn(page), alloc_flags);
>>   		if (task->alloc_tag)
>>   			alloc_tag_set_inaccurate(task->alloc_tag);
>>   	}
>>   }
>>   
>>   static inline void pgalloc_tag_add(struct page *page, struct task_struct *task,
>> -				   unsigned int nr, gfp_t gfp_flags)
>> +				   unsigned int nr, unsigned int alloc_flags)
>>   {
>>   	if (mem_alloc_profiling_enabled())
>> -		__pgalloc_tag_add(page, task, nr, gfp_flags);
>> +		__pgalloc_tag_add(page, task, nr, alloc_flags);
>>   }
> [Severity: Low]
> Does this change miss updating the fallback definition of pgalloc_tag_add()
> when memory allocation profiling is disabled?
>
> If the kernel is compiled without mem-alloc profiling, the dummy function
> signature appears to still use the old type:
>
> static inline void pgalloc_tag_add(struct page *page, struct task_struct *task,
>                     unsigned int nr, gfp_t gfp_flags) {}
>
> Since callers like post_alloc_hook() are now passing an unsigned int
> for alloc_flags, won't this cause a Sparse type mismatch warning because
> gfp_t is a restricted bitwise type?
>

  reply	other threads:[~2026-06-30  4:34 UTC|newest]

Thread overview: 65+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-29 13:11 [PATCH v3 00/16] mm: Some cleanups for page allocator APIs Brendan Jackman
2026-06-29 13:11 ` [PATCH v3 01/16] mm/page_alloc: rename ALLOC_TRYLOCK -> ALLOC_NOLOCK Brendan Jackman
2026-06-30 12:27   ` Vlastimil Babka (SUSE)
2026-06-29 13:11 ` [PATCH v3 02/16] mm/page_alloc: some renames to clarify alloc_flags scopes Brendan Jackman
2026-06-30 12:38   ` Vlastimil Babka (SUSE)
2026-06-30 17:25     ` Brendan Jackman
2026-07-01 16:41   ` JP Kobryn
2026-06-29 13:11 ` [PATCH v3 03/16] mm: name some args in a function declaration Brendan Jackman
2026-06-30 12:43   ` Vlastimil Babka (SUSE)
2026-06-29 13:11 ` [PATCH v3 04/16] mm: Split out internal page_alloc.h Brendan Jackman
2026-06-29 14:16   ` sashiko-bot
2026-06-30 13:54   ` Vlastimil Babka (SUSE)
2026-06-29 13:11 ` [PATCH v3 05/16] mm/page_alloc: unify __alloc_frozen_pages[_nolock]_noprof() Brendan Jackman
2026-06-29 14:29   ` sashiko-bot
2026-06-29 15:27     ` Brendan Jackman
2026-06-30 13:36   ` Harry Yoo
2026-06-30 15:34     ` Vlastimil Babka (SUSE)
2026-06-30 16:56       ` Brendan Jackman
2026-07-01  2:10         ` Harry Yoo
2026-06-30 17:04     ` Brendan Jackman
2026-07-01  2:21       ` Harry Yoo
2026-07-01  8:40         ` Brendan Jackman
2026-06-30 16:16   ` Vlastimil Babka (SUSE)
2026-06-30 18:47     ` Brendan Jackman
2026-06-29 13:11 ` [PATCH v3 06/16] mm/page_alloc: relax GFP WARN in nolock allocs Brendan Jackman
2026-06-30 13:52   ` Harry Yoo
2026-06-30 16:42   ` Vlastimil Babka (SUSE)
2026-06-29 13:11 ` [PATCH v3 07/16] mm: move some stuff to mm/page_alloc.h Brendan Jackman
2026-06-30 16:42   ` Vlastimil Babka (SUSE)
2026-06-29 13:11 ` [PATCH v3 08/16] perf/x86/intel: Use higher-level allocator API Brendan Jackman
2026-07-01  7:50   ` Vlastimil Babka (SUSE)
2026-06-29 13:11 ` [PATCH v3 09/16] KVM: VMX: " Brendan Jackman
2026-06-29 15:31   ` -EXT-[PATCH " Soderlund, David
2026-07-01  7:50   ` [PATCH " Vlastimil Babka (SUSE)
2026-06-29 13:11 ` [PATCH v3 10/16] x86/virt: " Brendan Jackman
2026-07-01  7:51   ` Vlastimil Babka (SUSE)
2026-06-29 13:12 ` [PATCH v3 11/16] sgi-xp: " Brendan Jackman
2026-06-29 15:04   ` sashiko-bot
2026-06-29 18:47   ` Steve Wahl
2026-07-01  7:52   ` Vlastimil Babka (SUSE)
2026-07-01  8:51     ` Brendan Jackman
2026-06-29 13:12 ` [PATCH v3 12/16] net/funeth: Switch to " Brendan Jackman
2026-07-01  7:53   ` Vlastimil Babka (SUSE)
2026-06-29 13:12 ` [PATCH v3 13/16] mm: Remove __alloc_pages_node() Brendan Jackman
2026-06-29 15:27   ` sashiko-bot
2026-07-01  7:54   ` Vlastimil Babka (SUSE)
2026-06-29 13:12 ` [PATCH v3 14/16] mm: Move __alloc_pages() to mm/page_alloc.h Brendan Jackman
2026-07-01  8:08   ` Vlastimil Babka (SUSE)
2026-06-29 13:12 ` [PATCH v3 15/16] mm: replace __GFP_NO_CODETAG with ALLOC_NO_CODETAG Brendan Jackman
2026-06-29 15:56   ` sashiko-bot
2026-06-30  4:34     ` Hao Ge [this message]
2026-06-30  1:55   ` Hao Ge
2026-06-30 10:10     ` Brendan Jackman
2026-07-01  1:47       ` Hao Ge
2026-07-01  1:52         ` Zi Yan
2026-06-30 12:01     ` Brendan Jackman
2026-07-01  8:30   ` Vlastimil Babka (SUSE)
2026-06-29 13:12 ` [PATCH v3 16/16] mm: remove the __GFP_NO_OBJ_EXT flag Brendan Jackman
2026-06-29 16:02   ` sashiko-bot
2026-06-30 10:04     ` Brendan Jackman
2026-07-01  8:32   ` Vlastimil Babka (SUSE)
2026-07-01  9:10     ` Brendan Jackman
2026-06-29 14:00 ` [PATCH v3 00/16] mm: Some cleanups for page allocator APIs Mike Rapoport
2026-06-29 14:30   ` Brendan Jackman
2026-06-29 15:05     ` Brendan Jackman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7a53b311-92f8-4058-bd92-73b4e64a96d7@linux.dev \
    --to=hao.ge@linux.dev \
    --cc=akpm@linux-foundation.org \
    --cc=jackmanb@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-rt-devel@lists.linux.dev \
    --cc=sashiko-reviews@lists.linux.dev \
    --cc=surenb@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.