diff mbox series

[v3,1/2] mm/swapfile: fix possible data races of inuse_pages

Message ID 20220625093346.48894-2-linmiaohe@huawei.com (mailing list archive)
State New
Headers show
Series A few cleanup and fixup patches for swap | expand

Commit Message

Miaohe Lin June 25, 2022, 9:33 a.m. UTC 
si->inuse_pages could still be accessed concurrently now. The plain reads
outside si->lock critical section, i.e. swap_show and si_swapinfo, which
results in data races. READ_ONCE and WRITE_ONCE is used to fix such data
races. Note these data races should be ok because they're just used for
showing swap info.

Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
---
 mm/swapfile.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Huang, Ying June 27, 2022, 1:29 a.m. UTC | #1 
Miaohe Lin <linmiaohe@huawei.com> writes:

> si->inuse_pages could still be accessed concurrently now. The plain reads
> outside si->lock critical section, i.e. swap_show and si_swapinfo, which
> results in data races. READ_ONCE and WRITE_ONCE is used to fix such data
> races. Note these data races should be ok because they're just used for
> showing swap info.
>
> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>

Reviewed-by: "Huang, Ying" <ying.huang@intel.com>

Thanks!

Best Regards,
Huang, Ying

> ---
>  mm/swapfile.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/mm/swapfile.c b/mm/swapfile.c
> index edc3420d30e7..5c8681a3f1d9 100644
> --- a/mm/swapfile.c
> +++ b/mm/swapfile.c
> @@ -695,7 +695,7 @@ static void swap_range_alloc(struct swap_info_struct *si, unsigned long offset,
>  		si->lowest_bit += nr_entries;
>  	if (end == si->highest_bit)
>  		WRITE_ONCE(si->highest_bit, si->highest_bit - nr_entries);
> -	si->inuse_pages += nr_entries;
> +	WRITE_ONCE(si->inuse_pages, si->inuse_pages + nr_entries);
>  	if (si->inuse_pages == si->pages) {
>  		si->lowest_bit = si->max;
>  		si->highest_bit = 0;
> @@ -732,7 +732,7 @@ static void swap_range_free(struct swap_info_struct *si, unsigned long offset,
>  			add_to_avail_list(si);
>  	}
>  	atomic_long_add(nr_entries, &nr_swap_pages);
> -	si->inuse_pages -= nr_entries;
> +	WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries);
>  	if (si->flags & SWP_BLKDEV)
>  		swap_slot_free_notify =
>  			si->bdev->bd_disk->fops->swap_slot_free_notify;
> @@ -2641,7 +2641,7 @@ static int swap_show(struct seq_file *swap, void *v)
>  	}
>  
>  	bytes = si->pages << (PAGE_SHIFT - 10);
> -	inuse = si->inuse_pages << (PAGE_SHIFT - 10);
> +	inuse = READ_ONCE(si->inuse_pages) << (PAGE_SHIFT - 10);
>  
>  	file = si->swap_file;
>  	len = seq_file_path(swap, file, " \t\n\\");
> @@ -3260,7 +3260,7 @@ void si_swapinfo(struct sysinfo *val)
>  		struct swap_info_struct *si = swap_info[type];
>  
>  		if ((si->flags & SWP_USED) && !(si->flags & SWP_WRITEOK))
> -			nr_to_be_unused += si->inuse_pages;
> +			nr_to_be_unused += READ_ONCE(si->inuse_pages);
>  	}
>  	val->freeswap = atomic_long_read(&nr_swap_pages) + nr_to_be_unused;
>  	val->totalswap = total_swap_pages + nr_to_be_unused;
Qian Cai June 27, 2022, 12:43 p.m. UTC | #2 
On Sat, Jun 25, 2022 at 05:33:45PM +0800, Miaohe Lin wrote:
> si->inuse_pages could still be accessed concurrently now. The plain reads
> outside si->lock critical section, i.e. swap_show and si_swapinfo, which
> results in data races. READ_ONCE and WRITE_ONCE is used to fix such data
> races. Note these data races should be ok because they're just used for
> showing swap info.

Was this found by kcsan? If so, it would be useful to record the exact
kscan report in the commit message.
Miaohe Lin June 27, 2022, 1:27 p.m. UTC | #3 
On 2022/6/27 20:43, Qian Cai wrote:
> On Sat, Jun 25, 2022 at 05:33:45PM +0800, Miaohe Lin wrote:
>> si->inuse_pages could still be accessed concurrently now. The plain reads
>> outside si->lock critical section, i.e. swap_show and si_swapinfo, which
>> results in data races. READ_ONCE and WRITE_ONCE is used to fix such data
>> races. Note these data races should be ok because they're just used for
>> showing swap info.
> 
> Was this found by kcsan? If so, it would be useful to record the exact
> kscan report in the commit message.

Sorry, it's found via code inspection.

Thanks.

> .
>
Qian Cai June 27, 2022, 1:47 p.m. UTC | #4 
On Mon, Jun 27, 2022 at 09:27:43PM +0800, Miaohe Lin wrote:
> On 2022/6/27 20:43, Qian Cai wrote:
> > On Sat, Jun 25, 2022 at 05:33:45PM +0800, Miaohe Lin wrote:
> >> si->inuse_pages could still be accessed concurrently now. The plain reads
> >> outside si->lock critical section, i.e. swap_show and si_swapinfo, which
> >> results in data races. READ_ONCE and WRITE_ONCE is used to fix such data
> >> races. Note these data races should be ok because they're just used for
> >> showing swap info.
> > 
> > Was this found by kcsan? If so, it would be useful to record the exact
> > kscan report in the commit message.
> 
> Sorry, it's found via code inspection.

Well, if we are going to do a WRITE_ONCE() in those places just for
documentation purpose now, I think we will need to fix all places in the mm
subsystem to be consistent.
Huang, Ying June 28, 2022, 1:56 a.m. UTC | #5 
Qian Cai <quic_qiancai@quicinc.com> writes:

> On Mon, Jun 27, 2022 at 09:27:43PM +0800, Miaohe Lin wrote:
>> On 2022/6/27 20:43, Qian Cai wrote:
>> > On Sat, Jun 25, 2022 at 05:33:45PM +0800, Miaohe Lin wrote:
>> >> si->inuse_pages could still be accessed concurrently now. The plain reads
>> >> outside si->lock critical section, i.e. swap_show and si_swapinfo, which
>> >> results in data races. READ_ONCE and WRITE_ONCE is used to fix such data
>> >> races. Note these data races should be ok because they're just used for
>> >> showing swap info.
>> > 
>> > Was this found by kcsan? If so, it would be useful to record the exact
>> > kscan report in the commit message.
>> 
>> Sorry, it's found via code inspection.
>
> Well, if we are going to do a WRITE_ONCE() in those places just for
> documentation purpose now, I think we will need to fix all places in the mm
> subsystem to be consistent.

We have already done this in swapfile.c, please search "WRITE_ONCE"
in that file.

Best Regards,
Huang, Ying
diff mbox series

Patch

diff --git a/mm/swapfile.c b/mm/swapfile.c
index edc3420d30e7..5c8681a3f1d9 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -695,7 +695,7 @@  static void swap_range_alloc(struct swap_info_struct *si, unsigned long offset,
 		si->lowest_bit += nr_entries;
 	if (end == si->highest_bit)
 		WRITE_ONCE(si->highest_bit, si->highest_bit - nr_entries);
-	si->inuse_pages += nr_entries;
+	WRITE_ONCE(si->inuse_pages, si->inuse_pages + nr_entries);
 	if (si->inuse_pages == si->pages) {
 		si->lowest_bit = si->max;
 		si->highest_bit = 0;
@@ -732,7 +732,7 @@  static void swap_range_free(struct swap_info_struct *si, unsigned long offset,
 			add_to_avail_list(si);
 	}
 	atomic_long_add(nr_entries, &nr_swap_pages);
-	si->inuse_pages -= nr_entries;
+	WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries);
 	if (si->flags & SWP_BLKDEV)
 		swap_slot_free_notify =
 			si->bdev->bd_disk->fops->swap_slot_free_notify;
@@ -2641,7 +2641,7 @@  static int swap_show(struct seq_file *swap, void *v)
 	}
 
 	bytes = si->pages << (PAGE_SHIFT - 10);
-	inuse = si->inuse_pages << (PAGE_SHIFT - 10);
+	inuse = READ_ONCE(si->inuse_pages) << (PAGE_SHIFT - 10);
 
 	file = si->swap_file;
 	len = seq_file_path(swap, file, " \t\n\\");
@@ -3260,7 +3260,7 @@  void si_swapinfo(struct sysinfo *val)
 		struct swap_info_struct *si = swap_info[type];
 
 		if ((si->flags & SWP_USED) && !(si->flags & SWP_WRITEOK))
-			nr_to_be_unused += si->inuse_pages;
+			nr_to_be_unused += READ_ONCE(si->inuse_pages);
 	}
 	val->freeswap = atomic_long_read(&nr_swap_pages) + nr_to_be_unused;
 	val->totalswap = total_swap_pages + nr_to_be_unused;