From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-22.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E5D1C433E0 for ; Thu, 21 May 2020 14:23:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 590512072C for ; Thu, 21 May 2020 14:23:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="b9oWgHML" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729577AbgEUOWc (ORCPT ); Thu, 21 May 2020 10:22:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726965AbgEUOW2 (ORCPT ); Thu, 21 May 2020 10:22:28 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D84BDC061A0E for ; Thu, 21 May 2020 07:22:27 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id y189so5500803ybc.14 for ; Thu, 21 May 2020 07:22:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=PC9Hjj7vUN5/seVEDSBqpv8gGPtTVfQoZ63r2GRfhtk=; b=b9oWgHMLMPUDcUkLR5hWDOERL4TjlhiDvqOjVMt/Iaa5SmFVnalZJBZXxqRYcgYVAt kfPnhvKTzbUUjdfhUvvVr5i1ODWFKXj790mDo1aqFwQD9BdVsBrR+sueZKamlgXpIyzk bil56l8Jq9M4QiO9tNnjgErtQb3Yh7EFIIJDHjMxNMCqgwFdDY/8yjZv2J/7dzs+N+82 fFVXN6tnEbQUejS5s+9AjRj+/3/ZgJhINPiDMwCHUYE8Gi7IDpFMCEnXngtMGBi2ik6x Q9Pm7vTRqx+xNJDT9Ge+EG8TBmN7fwaL3FZeW9sUSnRBgHLqTj8i8+x5GR3tSdrOdg07 2gog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=PC9Hjj7vUN5/seVEDSBqpv8gGPtTVfQoZ63r2GRfhtk=; b=OOHsrQKBC7x9ldlXPMdpK8jpqTaAEg+1rpVZ+z5+BCn3nxWILXye+oNldW763JQbc8 ApLl6O4zrajtMKdOrjskcqCa906FGge7pQRxoHk8gW+O8rBVre1pKX6AG63X4F+wgF8b SFOiiIkKLpueA13MbBhkJrJGveUPQPrSePO1Ry/S6T7MkjV7djdpCBw7EulCvto6sgwz B80T4mNJdN32YVSN/xngIZIMpMjeCBpG9Bs7jBfMp9DpWhI3XMe/epcW9A8Cq9qig0i9 XDdeDld68+bOsQh0DfcftXp8tWfSAJtpJ1bqpSMWLhxn60FKeyUHSCj/c+T5qEcWAIU9 QlpQ== X-Gm-Message-State: AOAM532Wy2/xIR50D2sUd7aOJyxOKjYxTqxmI6lXG00j3vh1MmsQQJzj G8oFGh+MpkDB89fK55wW7NzWGmy/7A== X-Google-Smtp-Source: ABdhPJykRRgTKw2wrff8qaFPUaS3cPqacrZm1fnqddX1IrJPy7ti8gPIW73xGn/Aj3Th+BaVpPs3yA8Xog== X-Received: by 2002:a25:6cd6:: with SMTP id h205mr15954705ybc.404.1590070947070; Thu, 21 May 2020 07:22:27 -0700 (PDT) Date: Thu, 21 May 2020 16:20:39 +0200 In-Reply-To: <20200521142047.169334-1-elver@google.com> Message-Id: <20200521142047.169334-4-elver@google.com> Mime-Version: 1.0 References: <20200521142047.169334-1-elver@google.com> X-Mailer: git-send-email 2.26.2.761.g0e0b3e54be-goog Subject: [PATCH -tip v3 03/11] kcsan: Support distinguishing volatile accesses From: Marco Elver To: elver@google.com Cc: paulmck@kernel.org, dvyukov@google.com, glider@google.com, andreyknvl@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@kernel.org, peterz@infradead.org, will@kernel.org, clang-built-linux@googlegroups.com, bp@alien8.de Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In the kernel, volatile is used in various concurrent context, whether in low-level synchronization primitives or for legacy reasons. If supported by the compiler, we will assume that aligned volatile accesses up to sizeof(long long) (matching compiletime_assert_rwonce_type()) are atomic. Recent versions Clang [1] (GCC tentative [2]) can instrument volatile accesses differently. Add the option (required) to enable the instrumentation, and provide the necessary runtime functions. None of the updated compilers are widely available yet (Clang 11 will be the first release to support the feature). [1] https://github.com/llvm/llvm-project/commit/5a2c31116f412c3b6888be361137efd705e05814 [2] https://gcc.gnu.org/pipermail/gcc-patches/2020-April/544452.html This patch allows removing any explicit checks in primitives such as READ_ONCE() and WRITE_ONCE(). Acked-by: Will Deacon Signed-off-by: Marco Elver --- v2: * Reword Makefile comment. --- kernel/kcsan/core.c | 43 ++++++++++++++++++++++++++++++++++++++++++ scripts/Makefile.kcsan | 5 ++++- 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/kernel/kcsan/core.c b/kernel/kcsan/core.c index a73a66cf79df..15f67949d11e 100644 --- a/kernel/kcsan/core.c +++ b/kernel/kcsan/core.c @@ -789,6 +789,49 @@ void __tsan_write_range(void *ptr, size_t size) } EXPORT_SYMBOL(__tsan_write_range); +/* + * Use of explicit volatile is generally disallowed [1], however, volatile is + * still used in various concurrent context, whether in low-level + * synchronization primitives or for legacy reasons. + * [1] https://lwn.net/Articles/233479/ + * + * We only consider volatile accesses atomic if they are aligned and would pass + * the size-check of compiletime_assert_rwonce_type(). + */ +#define DEFINE_TSAN_VOLATILE_READ_WRITE(size) \ + void __tsan_volatile_read##size(void *ptr) \ + { \ + const bool is_atomic = size <= sizeof(long long) && \ + IS_ALIGNED((unsigned long)ptr, size); \ + if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS) && is_atomic) \ + return; \ + check_access(ptr, size, is_atomic ? KCSAN_ACCESS_ATOMIC : 0); \ + } \ + EXPORT_SYMBOL(__tsan_volatile_read##size); \ + void __tsan_unaligned_volatile_read##size(void *ptr) \ + __alias(__tsan_volatile_read##size); \ + EXPORT_SYMBOL(__tsan_unaligned_volatile_read##size); \ + void __tsan_volatile_write##size(void *ptr) \ + { \ + const bool is_atomic = size <= sizeof(long long) && \ + IS_ALIGNED((unsigned long)ptr, size); \ + if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS) && is_atomic) \ + return; \ + check_access(ptr, size, \ + KCSAN_ACCESS_WRITE | \ + (is_atomic ? KCSAN_ACCESS_ATOMIC : 0)); \ + } \ + EXPORT_SYMBOL(__tsan_volatile_write##size); \ + void __tsan_unaligned_volatile_write##size(void *ptr) \ + __alias(__tsan_volatile_write##size); \ + EXPORT_SYMBOL(__tsan_unaligned_volatile_write##size) + +DEFINE_TSAN_VOLATILE_READ_WRITE(1); +DEFINE_TSAN_VOLATILE_READ_WRITE(2); +DEFINE_TSAN_VOLATILE_READ_WRITE(4); +DEFINE_TSAN_VOLATILE_READ_WRITE(8); +DEFINE_TSAN_VOLATILE_READ_WRITE(16); + /* * The below are not required by KCSAN, but can still be emitted by the * compiler. diff --git a/scripts/Makefile.kcsan b/scripts/Makefile.kcsan index 20337a7ecf54..75d2942b9437 100644 --- a/scripts/Makefile.kcsan +++ b/scripts/Makefile.kcsan @@ -9,7 +9,10 @@ else cc-param = --param -$(1) endif +# Keep most options here optional, to allow enabling more compilers if absence +# of some options does not break KCSAN nor causes false positive reports. CFLAGS_KCSAN := -fsanitize=thread \ - $(call cc-option,$(call cc-param,tsan-instrument-func-entry-exit=0) -fno-optimize-sibling-calls) + $(call cc-option,$(call cc-param,tsan-instrument-func-entry-exit=0) -fno-optimize-sibling-calls) \ + $(call cc-param,tsan-distinguish-volatile=1) endif # CONFIG_KCSAN -- 2.26.2.761.g0e0b3e54be-goog