[PATCH v3 1/7] kernel/fork: convert vma assignment to a memcpy

Suren Baghdasaryan surenb at google.com
Wed Feb 8 04:23:52 AEDT 2023 

On Tue, Feb 7, 2023 at 9:16 AM Marco Elver <elver at google.com> wrote:
>
> On Thu, Jan 26, 2023 at 09:27AM -0800, Paul E. McKenney wrote:
> > On Wed, Jan 25, 2023 at 05:34:49PM -0800, Andrew Morton wrote:
> > > On Wed, 25 Jan 2023 16:50:01 -0800 Suren Baghdasaryan <surenb at google.com> wrote:
> > >
> > > > On Wed, Jan 25, 2023 at 4:22 PM Andrew Morton <akpm at linux-foundation.org> wrote:
> > > > >
> > > > > On Wed, 25 Jan 2023 15:35:48 -0800 Suren Baghdasaryan <surenb at google.com> wrote:
> > > > >
> > > > > > Convert vma assignment in vm_area_dup() to a memcpy() to prevent compiler
> > > > > > errors when we add a const modifier to vma->vm_flags.
> > > > > >
> > > > > > ...
> > > > > >
> > > > > > --- a/kernel/fork.c
> > > > > > +++ b/kernel/fork.c
> > > > > > @@ -482,7 +482,7 @@ struct vm_area_struct *vm_area_dup(struct vm_area_struct *orig)
> > > > > >                * orig->shared.rb may be modified concurrently, but the clone
> > > > > >                * will be reinitialized.
> > > > > >                */
> > > > > > -             *new = data_race(*orig);
> > > > > > +             memcpy(new, orig, sizeof(*new));
> > > > >
> > > > > The data_race() removal is unchangelogged?
> > > >
> > > > True. I'll add a note in the changelog about that. Ideally I would
> > > > like to preserve it but I could not find a way to do that.
> > >
> > > Perhaps Paul can comment?
> > >
> > > I wonder if KCSAN knows how to detect this race, given that it's now in
> > > a memcpy.  I assume so.
> >
> > I ran an experiment memcpy()ing between a static array and an onstack
> > array, and KCSAN did not complain.  But maybe I was setting it up wrong.
> >
> > This is what I did:
> >
> >       long myid = (long)arg; /* different value for each task */
> >       static unsigned long z1[10] = { 0 };
> >       unsigned long z2[10];
> >
> >       ...
> >
> >       memcpy(z1, z2, ARRAY_SIZE(z1) * sizeof(z1[0]));
> >       for (zi = 0; zi < ARRAY_SIZE(z1); zi++)
> >               z2[zi] += myid;
> >       memcpy(z2, z1, ARRAY_SIZE(z1) * sizeof(z1[0]));
> >
> > Adding Marco on CC for his thoughts.
>
> ( Sorry for not seeing it earlier - just saw this by chance. )
>
> memcpy() data races will be detected as of (given a relatively recent
> Clang compiler):
>
>   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c201739beef
>
> Also beware that the compiler is free to "optimize" things by either
> inlining memcpy() (turning an explicit memcpy() into just a bunch of
> loads/stores), or outline plain assignments into memcpy() calls. So the
> only way to be sure what ends up there is to look at the disassembled
> code.
>
> The data_race() was introduced by:
>
>   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cda099b37d716
>
> It says:
>  "vm_area_dup() blindly copies all fields of original VMA to the new one.
>   This includes coping vm_area_struct::shared.rb which is normally
>   protected by i_mmap_lock. But this is fine because the read value will
>   be overwritten on the following __vma_link_file() under proper
>   protection. Thus, mark it as an intentional data race and insert a few
>   assertions for the fields that should not be modified concurrently."
>
> And as far as I can tell this hasn't changed.

Thanks for the feedback, Marco!
So, IIUC Mel's proposal to use data_race(memcpy(new, orig,
sizeof(*new))); is fine in this case, right?
Thanks,
Suren.

>
> Thanks,
> -- Marco

More information about the Linuxppc-dev mailing list