From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 097E5C77B61 for ; Mon, 24 Apr 2023 14:11:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 623D56B0071; Mon, 24 Apr 2023 10:11:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5D4426B0074; Mon, 24 Apr 2023 10:11:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 475B26B0075; Mon, 24 Apr 2023 10:11:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 33E7F6B0071 for ; Mon, 24 Apr 2023 10:11:06 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id DF74D120200 for ; Mon, 24 Apr 2023 14:11:05 +0000 (UTC) X-FDA: 80716471290.26.5A85C7D Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf29.hostedemail.com (Postfix) with ESMTP id D2978120025 for ; Mon, 24 Apr 2023 14:11:01 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=p7qYCXJO; spf=none (imf29.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1682345462; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Bq3FErVwk6M7hagQ0GD1FNXKEMmm/PaaMbSDlReCnio=; b=cyK1AxTviIKJXqBI3wNkzwyq6bY/uC5FrTWFWW1XDVGEaU2tT91V05818rYiRZ6Hur8tnm Lxu15cfXUZ9xxhUXnUof0fQuGGdRAFIMI7ynV1S0JyMb2SgwTpv+NulR4KE/m82iH5XBKZ /V4evYRYX8bsErC2E/lu0s+xftXWkTA= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=p7qYCXJO; spf=none (imf29.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682345462; a=rsa-sha256; cv=none; b=YLD7f6v/w5etttJ/iID/b33NvPrQTYy7RPlNL615xdxBPFktUr4O7cNekOHo9M1vICv9ke OV2qyrf4gOqPKLWVE8bJx6cDbD3pJDweyWuVhFlpGDQcjsbPe4C4r2uAwAwTYvcOulPDm0 tMNv3WAEb1zumRZGNAr3EAdx4RdN97w= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Bq3FErVwk6M7hagQ0GD1FNXKEMmm/PaaMbSDlReCnio=; b=p7qYCXJOFKoCGTxABU4EaERCCa IKkL5LC9IPoxExAgJqEmtn9q9ogp/aaNGh31JpFf1IVut/3jxVphxoKIP4j0g5etvfZZ4AXAmAxbq hvJIpfn+GNdLGVPtQY1mDRV6wqoZcS0Sofn05kw8Z2CuqlI1sTdQU6Ggo6Y5H67VTReqf/AslgE7k yp63l+AZ28HKIPxG5dqMTlNKmorvKbsizZOwQ9YNNQ4Zq0kENk+sst6QEDXCglYoSy8oN7JJizslE OscwY4fgTcJdMSA7qH0ulSPDp8bMqyd3Ti8KuuqL91T0LALbfqODRhj/PbJBcdrW/OHjJHZtqi3YO hiV9fITQ==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1pqwu4-000W5P-S6; Mon, 24 Apr 2023 14:10:52 +0000 Date: Mon, 24 Apr 2023 15:10:52 +0100 From: Matthew Wilcox To: Dmitry Vyukov Cc: syzbot , djwong@kernel.org, hch@infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-xfs@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [fs?] [mm?] KCSAN: data-race in __filemap_remove_folio / folio_mapping (2) Message-ID: References: <000000000000d0737c05fa0fd499@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: D2978120025 X-Stat-Signature: jma46bznuto6cta96npud5nc63ofyybx X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1682345461-351384 X-HE-Meta: U2FsdGVkX19sskuflfHDdjZkxj/dInAJ8SK0sWvCcchiCGBTfYbMZm8fJELCzf+roksFPAnfwsVFYFEYrsCpjckRy4oZ4DBatHpNvfARF5/WYo0PDBJuhz7kYl7voKj7dmEYAlV0gpr9bqAxw1rC407NclVeXHGDeZd9SvW6yV66jvLz6RV51QHk4XIVsrzaU85pArZSg7nEaSeVgmzItULp3JFxtU5v7ntNKCV1pQsLsmUcPHj7FO+FPUtdHqewAysuHtSOB/dUrnt85cHHfuXGwYtMLZN1FFoasVfhuFsgAX+203s2ibKZxYtWjaAUxoJjTjGaVjeoCgI6y9axqAk3odoUji4uL62IIvib/25DXLW5s/XezXeFB+u5gN6RxIbPYCjZahi1tProjaktn5GJmqBdEJA+vxXYCARfnVwuTDeOuZV08TvhE2uLUv9HQMrNbjAAYm/N5GqyYSTWkHsWAtbDFKPawtyJS03egrewWW5QBUItafujdR8Vejvw1c65zR3RQGAGMtjdYkU0/lO238SbXHBUBW3IpR+vW2ba4hkEktU2LiFjWfBp1gUf0MOksR3Q6BhW0gVkYmZoCp434XZpwe3TtKXHq8qY+4W4YwuMl09sAheLIRXmkXI/GTyBsWIC92chCyej3xng91RNyJozoGwDApe6PmICQV6vt0YiScMUa7yDaIqHSRGeRS67m6BeJQyc4VDXZBbs4QUIBUJE2J1Cz1i+RETYg0GbNKoJzQYxJcpwqBI8ejiWDEecmc+zTKa7MMWT3Z+ODNUaH/OrKWtchbo5fDmhF4jU9KqRcPRKjiroWlFM7Z9QJ6TyBix7h3lnBy1UQsF00ytTZhuyju7CBxNf/++AWIQs0sgS16C5XSQ6U3S+5etiKHsBLMb7lEReD74DWsBT3ebCEgYnUfJop2Ty99LnxF8Rfg5uLfkRA2kP2tD/Z7CkalZsEcuqbOLi1Yx8TDI S7xCeXzz r+mX8X29PBd05alaFmTT97kPT96JX71GCKcE99a8X5pA23b30eas+1VPDOQpB/x8JAiAVgNfv1LJH0ec1RSl6ewmqenUs80EtbPE6Qi7PsfyIfrfVowzOY9kzBNKaCT60S55tHmtz0bW/h8RictSBBCTVAgYnu/Jx/hpSNVhzJnvWJeapMGAF+vq7P4hItTk4JJZ+R5rI/ai3KyVMI+112gypBhixEocCbWTdg/ocJ84E53o0AMMhoqwEniiAiJiZZukpy0v9rV5v7MOGtzeLLYVQUg1z7TV3qqZnP4s9yQWlATWTzPsDmroNfh2k177+KEbY2CnWmYEqj3P8WMX83qv7+l97AwOZYdT2jYfnXSgtWNUxirIOfOMBG9gJF0yMEE9X6RR+6uzjIBkFT+uiUhLdhlh0OGfEx2ATys3RuiI2uDpAdYCQk5Hw+yAN3yQ7yu0P X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Apr 24, 2023 at 03:49:04PM +0200, Dmitry Vyukov wrote: > On Mon, 24 Apr 2023 at 15:21, Matthew Wilcox wrote: > > > > On Mon, Apr 24, 2023 at 09:38:43AM +0200, Dmitry Vyukov wrote: > > > On Mon, 24 Apr 2023 at 09:19, syzbot > > > wrote: > > > If I am reading this correctly, it can lead to NULL derefs in > > > folio_mapping() if folio->mapping is read twice. I think > > > folio->mapping reads/writes need to use READ/WRITE_ONCE if racy. > > > > You aren't reading it correctly. > > > > mapping = folio->mapping; > > if ((unsigned long)mapping & PAGE_MAPPING_FLAGS) > > return NULL; > > > > return mapping; > > > > The racing write is storing NULL. So it might return NULL or it might > > return the old mapping, or it might return NULL. Either way, the caller > > has to be prepared for NULL to be returned. > > > > It's a false posiive, but probably worth silencing with a READ_ONCE(). > > Yes, but the end of the function does not limit effects of races. I I thought it did. I was under the impression that the compiler was not allowed to extract loads from within the function and move them outside. Maybe that changed since C99. > to this: > > if (!((unsigned long)folio->mapping & PAGE_MAPPING_FLAGS) && folio->mapping) > if (test_bit(AS_UNEVICTABLE, &folio->mapping->flags)) > > which does crash. Yes, if the compiler is allowed to do that, then that's a possibility.