From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-180.mta0.migadu.com (out-180.mta0.migadu.com [91.218.175.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6087632AABD for ; Thu, 25 Jun 2026 01:32:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.180 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782351182; cv=none; b=RQCpF45D9KQydGRj9X975yNHZ6+/5h/PLFZmmnnr2aK7lKNrK/X3ezXwMXZAiVRkUluVMT0NrFORlSn5xmgBqgkCqpPjLvJDhANhchQDZaIxado+hCrj8jL9dSQTtC8kc4Pcpva/wHDrWkDqK4eLwMS9jfxjeqGpomSDRa810hk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782351182; c=relaxed/simple; bh=l7yUF6iUan2H5+Y8D5DzVy/8fquTG1CRx+UkMrm8fGs=; h=MIME-Version:Date:Content-Type:From:Message-ID:Subject:To:Cc: In-Reply-To:References; b=NjN4lEsNzsyTh/89RT8pJr3e82cFYtQuWmYN/oaakn2pIYyk+KVkoXb2C4CCEoACmQgEvNhOFQB0X2gSJzqik+EFc9P2kn7L53R8wnbzOvX9loW4td8rhrQHbq9oiDUxyAexXHaAJMrIKiuOASgkS6OThFCQH2sxf20fS/J4ObM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=lgI7gvgu; arc=none smtp.client-ip=91.218.175.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="lgI7gvgu" Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1782351175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DZGtCqgsXrr13qIHByA1VHU34o5Uf7Cq8eAoTpcsoR4=; b=lgI7gvguAJlE1AGlGy2emZi3GmquktUv5NaqJjQLJGjw4syCzwXTEJkc8YHh8czWD/oVfS vEQIzUYp0mkqumnTkrfWsYM6XxRJjmG50+6njmXZ2rizyRB/glIF4yi2Ro+PJ4QVHcFTJl u4Im053yJmqP6hDvXRXY/2CoUdnnzto= Date: Thu, 25 Jun 2026 01:32:49 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: "Hui Zhu" Message-ID: <20bd8bbbd5a8cc52d267f550fc0314cd0d81a223@linux.dev> TLS-Required: No Subject: Re: [PATCH v2] mm: avoid KCSAN false positive in memdesc_nid() To: "Andrew Morton" Cc: "David Hildenbrand" , "Lorenzo Stoakes" , "Liam R. Howlett" , "Vlastimil Babka" , "Mike Rapoport" , "Suren Baghdasaryan" , "Michal Hocko" , linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Hui Zhu" In-Reply-To: <20260624140104.eacc15e291eec123bc7b3349@linux-foundation.org> References: <20260623084432.701120-1-hui.zhu@linux.dev> <20260624140104.eacc15e291eec123bc7b3349@linux-foundation.org> X-Migadu-Flow: FLOW_OUT >=20 >=20On Tue, 23 Jun 2026 16:44:32 +0800 Hui Zhu wrote: >=20 >=20>=20 >=20> From: Hui Zhu > >=20=20 >=20> KCSAN reports a data race between page_to_nid()/folio_nid() readin= g > > page->flags and folio_trylock()/folio_lock() concurrently doing > > test_and_set_bit_lock(PG_locked, ...) on the same word, e.g.: > >=20=20 >=20> BUG: KCSAN: data-race in __lruvec_stat_mod_folio / shmem_get_folio= _gfp > >=20=20 >=20> The node id occupies a fixed bit-range of page->flags that is set > > once at page init and never modified afterwards, so it can never > > overlap with the low PG_locked/PG_waiters bits touched by the folio > > lock path. > >=20=20 >=20> Use ASSERT_EXCLUSIVE_BITS() in memdesc_nid() to scope the exemptio= n > > to just the node-id bits, consistent with how memdesc_zonenum() > > already handles the same class of race for the zone-id bits. > >=20=20 >=20> ... > >=20 >=20> --- a/include/linux/mm.h > > +++ b/include/linux/mm.h > > @@ -2290,6 +2290,7 @@ int memdesc_nid(memdesc_flags_t mdf); > > #else > > static inline int memdesc_nid(memdesc_flags_t mdf) > > { > > + ASSERT_EXCLUSIVE_BITS(mdf.f, NODES_MASK << NODES_PGSHIFT); > > return (mdf.f >> NODES_PGSHIFT) & NODES_MASK; > > } > > #endif > >=20 >=20It seems weird to be doing this against a local variable within a > random function, seemingly unrelated to the problematic functions which > you've identified. >=20 >=20Seems that it fooled Sashiko: > https://sashiko.dev/#/patchset/20260623084432.701120-1-hui.zhu@linux.d= ev >=20 >=20I'm wondering what the heck is going on here? > Hi Andrew, Good catch. ASSERT_EXCLUSIVE_BITS(mdf.f, ...) is checking a by-value copy of the flags word inside memdesc_nid(), not the actual shared page->flags/folio->flags being modified by folio_trylock(). Whatever made it appear to suppress the KCSAN report is likely an artifact of inlining/codegen (kcsan_atomic_next() happening to land on the real load after inlining), not a principled fix - so Sashiko's pass is not reassuring here. I'll move the assertion to where the real dereference happens (at the page_to_nid()/folio_nid() call sites) instead of inside the by-value helper. This probably also applies to the existing memdesc_zonenum() pattern - is that one actually verified to work, or does it have the same issue? Best, Hui