lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202410071223.t0yF8vP8-lkp@intel.com>
Date: Mon, 7 Oct 2024 13:06:49 +0800
From: kernel test robot <lkp@...el.com>
To: Jeongjun Park <aha310510@...il.com>, akpm@...ux-foundation.org
Cc: llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev, kasong@...cent.com,
	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	syzbot+fa43f1b63e3aa6f66329@...kaller.appspotmail.com,
	Jeongjun Park <aha310510@...il.com>
Subject: Re: [PATCH] mm: swap: prevent possible data-race in
 __try_to_reclaim_swap

Hi Jeongjun,

kernel test robot noticed the following build warnings:

[auto build test WARNING on akpm-mm/mm-everything]

url:    https://github.com/intel-lab-lkp/linux/commits/Jeongjun-Park/mm-swap-prevent-possible-data-race-in-__try_to_reclaim_swap/20241004-222733
base:   https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link:    https://lore.kernel.org/r/20241004142504.4379-1-aha310510%40gmail.com
patch subject: [PATCH] mm: swap: prevent possible data-race in __try_to_reclaim_swap
config: x86_64-kexec (https://download.01.org/0day-ci/archive/20241007/202410071223.t0yF8vP8-lkp@intel.com/config)
compiler: clang version 18.1.8 (https://github.com/llvm/llvm-project 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241007/202410071223.t0yF8vP8-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202410071223.t0yF8vP8-lkp@intel.com/

All warnings (new ones prefixed by >>):

>> mm/swapfile.c:203:6: warning: variable 'ret' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
     203 |         if (!folio_trylock(folio))
         |             ^~~~~~~~~~~~~~~~~~~~~
   mm/swapfile.c:254:9: note: uninitialized use occurs here
     254 |         return ret;
         |                ^~~
   mm/swapfile.c:203:2: note: remove the 'if' if its condition is always false
     203 |         if (!folio_trylock(folio))
         |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
     204 |                 goto out;
         |                 ~~~~~~~~
   mm/swapfile.c:190:9: note: initialize the variable 'ret' to silence this warning
     190 |         int ret, nr_pages;
         |                ^
         |                 = 0
   1 warning generated.


vim +203 mm/swapfile.c

bea67dcc5eea0f Barry Song              2024-08-08  177  
a62fb92ac12ed3 Ryan Roberts            2024-04-08  178  /*
a62fb92ac12ed3 Ryan Roberts            2024-04-08  179   * returns number of pages in the folio that backs the swap entry. If positive,
a62fb92ac12ed3 Ryan Roberts            2024-04-08  180   * the folio was reclaimed. If negative, the folio was not reclaimed. If 0, no
a62fb92ac12ed3 Ryan Roberts            2024-04-08  181   * folio was associated with the swap entry.
a62fb92ac12ed3 Ryan Roberts            2024-04-08  182   */
bcd49e86710b42 Huang Ying              2018-10-26  183  static int __try_to_reclaim_swap(struct swap_info_struct *si,
bcd49e86710b42 Huang Ying              2018-10-26  184  				 unsigned long offset, unsigned long flags)
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  185  {
efa90a981bbc89 Hugh Dickins            2009-12-14  186  	swp_entry_t entry = swp_entry(si->type, offset);
862590ac3708e1 Kairui Song             2024-07-30  187  	struct address_space *address_space = swap_address_space(entry);
862590ac3708e1 Kairui Song             2024-07-30  188  	struct swap_cluster_info *ci;
2c3f6194b008b2 Matthew Wilcox (Oracle  2022-09-02  189) 	struct folio *folio;
862590ac3708e1 Kairui Song             2024-07-30  190  	int ret, nr_pages;
862590ac3708e1 Kairui Song             2024-07-30  191  	bool need_reclaim;
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  192  
862590ac3708e1 Kairui Song             2024-07-30  193  	folio = filemap_get_folio(address_space, swap_cache_index(entry));
66dabbb65d673a Christoph Hellwig       2023-03-07  194  	if (IS_ERR(folio))
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  195  		return 0;
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  196  	/*
bcd49e86710b42 Huang Ying              2018-10-26  197  	 * When this function is called from scan_swap_map_slots() and it's
2c3f6194b008b2 Matthew Wilcox (Oracle  2022-09-02  198) 	 * called by vmscan.c at reclaiming folios. So we hold a folio lock
bcd49e86710b42 Huang Ying              2018-10-26  199  	 * here. We have to use trylock for avoiding deadlock. This is a special
2c3f6194b008b2 Matthew Wilcox (Oracle  2022-09-02  200) 	 * case and you should use folio_free_swap() with explicit folio_lock()
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  201  	 * in usual operations.
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  202  	 */
862590ac3708e1 Kairui Song             2024-07-30 @203  	if (!folio_trylock(folio))
862590ac3708e1 Kairui Song             2024-07-30  204  		goto out;
862590ac3708e1 Kairui Song             2024-07-30  205  
b2dbc30a2a909d Jeongjun Park           2024-10-04  206  	/* offset could point to the middle of a large folio */
b2dbc30a2a909d Jeongjun Park           2024-10-04  207  	entry = folio->swap;
b2dbc30a2a909d Jeongjun Park           2024-10-04  208  	offset = swp_offset(entry);
b2dbc30a2a909d Jeongjun Park           2024-10-04  209  	nr_pages = folio_nr_pages(folio);
b2dbc30a2a909d Jeongjun Park           2024-10-04  210  	ret = -nr_pages;
b2dbc30a2a909d Jeongjun Park           2024-10-04  211  
862590ac3708e1 Kairui Song             2024-07-30  212  	need_reclaim = ((flags & TTRS_ANYWAY) ||
2c3f6194b008b2 Matthew Wilcox (Oracle  2022-09-02  213) 			((flags & TTRS_UNMAPPED) && !folio_mapped(folio)) ||
862590ac3708e1 Kairui Song             2024-07-30  214  			((flags & TTRS_FULL) && mem_cgroup_swap_full(folio)));
862590ac3708e1 Kairui Song             2024-07-30  215  	if (!need_reclaim || !folio_swapcache_freeable(folio))
862590ac3708e1 Kairui Song             2024-07-30  216  		goto out_unlock;
862590ac3708e1 Kairui Song             2024-07-30  217  
862590ac3708e1 Kairui Song             2024-07-30  218  	/*
862590ac3708e1 Kairui Song             2024-07-30  219  	 * It's safe to delete the folio from swap cache only if the folio's
862590ac3708e1 Kairui Song             2024-07-30  220  	 * swap_map is HAS_CACHE only, which means the slots have no page table
862590ac3708e1 Kairui Song             2024-07-30  221  	 * reference or pending writeback, and can't be allocated to others.
862590ac3708e1 Kairui Song             2024-07-30  222  	 */
862590ac3708e1 Kairui Song             2024-07-30  223  	ci = lock_cluster_or_swap_info(si, offset);
862590ac3708e1 Kairui Song             2024-07-30  224  	need_reclaim = swap_is_has_cache(si, offset, nr_pages);
862590ac3708e1 Kairui Song             2024-07-30  225  	unlock_cluster_or_swap_info(si, ci);
862590ac3708e1 Kairui Song             2024-07-30  226  	if (!need_reclaim)
862590ac3708e1 Kairui Song             2024-07-30  227  		goto out_unlock;
862590ac3708e1 Kairui Song             2024-07-30  228  
862590ac3708e1 Kairui Song             2024-07-30  229  	if (!(flags & TTRS_DIRECT)) {
862590ac3708e1 Kairui Song             2024-07-30  230  		/* Free through slot cache */
862590ac3708e1 Kairui Song             2024-07-30  231  		delete_from_swap_cache(folio);
862590ac3708e1 Kairui Song             2024-07-30  232  		folio_set_dirty(folio);
862590ac3708e1 Kairui Song             2024-07-30  233  		ret = nr_pages;
862590ac3708e1 Kairui Song             2024-07-30  234  		goto out_unlock;
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  235  	}
862590ac3708e1 Kairui Song             2024-07-30  236  
862590ac3708e1 Kairui Song             2024-07-30  237  	xa_lock_irq(&address_space->i_pages);
862590ac3708e1 Kairui Song             2024-07-30  238  	__delete_from_swap_cache(folio, entry, NULL);
862590ac3708e1 Kairui Song             2024-07-30  239  	xa_unlock_irq(&address_space->i_pages);
862590ac3708e1 Kairui Song             2024-07-30  240  	folio_ref_sub(folio, nr_pages);
862590ac3708e1 Kairui Song             2024-07-30  241  	folio_set_dirty(folio);
862590ac3708e1 Kairui Song             2024-07-30  242  
862590ac3708e1 Kairui Song             2024-07-30  243  	spin_lock(&si->lock);
862590ac3708e1 Kairui Song             2024-07-30  244  	/* Only sinple page folio can be backed by zswap */
862590ac3708e1 Kairui Song             2024-07-30  245  	if (nr_pages == 1)
862590ac3708e1 Kairui Song             2024-07-30  246  		zswap_invalidate(entry);
862590ac3708e1 Kairui Song             2024-07-30  247  	swap_entry_range_free(si, entry, nr_pages);
862590ac3708e1 Kairui Song             2024-07-30  248  	spin_unlock(&si->lock);
862590ac3708e1 Kairui Song             2024-07-30  249  	ret = nr_pages;
862590ac3708e1 Kairui Song             2024-07-30  250  out_unlock:
862590ac3708e1 Kairui Song             2024-07-30  251  	folio_unlock(folio);
862590ac3708e1 Kairui Song             2024-07-30  252  out:
2c3f6194b008b2 Matthew Wilcox (Oracle  2022-09-02  253) 	folio_put(folio);
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  254  	return ret;
c9e444103b5e7a KAMEZAWA Hiroyuki       2009-06-16  255  }
355cfa73ddff2f KAMEZAWA Hiroyuki       2009-06-16  256  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ