* [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-08-20 2:49 Daniel Axtens
2019-08-20 2:49 ` Daniel Axtens
` (2 more replies)
0 siblings, 3 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-08-20 2:49 UTC (permalink / raw)
To: christophe.leroy, linux-s390, linux-arch, x86, linuxppc-dev
Cc: kasan-dev, Daniel Axtens
Currently bitops-instrumented.h assumes that the architecture provides
atomic, non-atomic and locking bitops (e.g. both set_bit and __set_bit).
This is true on x86 and s390, but is not always true: there is a
generic bitops/non-atomic.h header that provides generic non-atomic
operations, and also a generic bitops/lock.h for locking operations.
powerpc uses the generic non-atomic version, so it does not have it's
own e.g. __set_bit that could be renamed arch___set_bit.
Split up bitops-instrumented.h to mirror the atomic/non-atomic/lock
split. This allows arches to only include the headers where they
have arch-specific versions to rename. Update x86 and s390.
(The generic operations are automatically instrumented because they're
written in C, not asm.)
Suggested-by: Christophe Leroy <christophe.leroy@c-s.fr>
Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
Documentation/core-api/kernel-api.rst | 17 +-
arch/s390/include/asm/bitops.h | 4 +-
arch/x86/include/asm/bitops.h | 4 +-
include/asm-generic/bitops-instrumented.h | 263 ------------------
.../asm-generic/bitops/instrumented-atomic.h | 100 +++++++
.../asm-generic/bitops/instrumented-lock.h | 81 ++++++
.../bitops/instrumented-non-atomic.h | 114 ++++++++
7 files changed, 317 insertions(+), 266 deletions(-)
delete mode 100644 include/asm-generic/bitops-instrumented.h
create mode 100644 include/asm-generic/bitops/instrumented-atomic.h
create mode 100644 include/asm-generic/bitops/instrumented-lock.h
create mode 100644 include/asm-generic/bitops/instrumented-non-atomic.h
diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
index 08af5caf036d..2e21248277e3 100644
--- a/Documentation/core-api/kernel-api.rst
+++ b/Documentation/core-api/kernel-api.rst
@@ -54,7 +54,22 @@ The Linux kernel provides more basic utility functions.
Bit Operations
--------------
-.. kernel-doc:: include/asm-generic/bitops-instrumented.h
+Atomic Operations
+~~~~~~~~~~~~~~~~~
+
+.. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
+ :internal:
+
+Non-atomic Operations
+~~~~~~~~~~~~~~~~~~~~~
+
+.. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
+ :internal:
+
+Locking Operations
+~~~~~~~~~~~~~~~~~~
+
+.. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
:internal:
Bitmap Operations
diff --git a/arch/s390/include/asm/bitops.h b/arch/s390/include/asm/bitops.h
index b8833ac983fa..0ceb12593a68 100644
--- a/arch/s390/include/asm/bitops.h
+++ b/arch/s390/include/asm/bitops.h
@@ -241,7 +241,9 @@ static inline void arch___clear_bit_unlock(unsigned long nr,
arch___clear_bit(nr, ptr);
}
-#include <asm-generic/bitops-instrumented.h>
+#include <asm-generic/bitops/instrumented-atomic.h>
+#include <asm-generic/bitops/instrumented-non-atomic.h>
+#include <asm-generic/bitops/instrumented-lock.h>
/*
* Functions which use MSB0 bit numbering.
diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
index ba15d53c1ca7..4a2e2432238f 100644
--- a/arch/x86/include/asm/bitops.h
+++ b/arch/x86/include/asm/bitops.h
@@ -389,7 +389,9 @@ static __always_inline int fls64(__u64 x)
#include <asm-generic/bitops/const_hweight.h>
-#include <asm-generic/bitops-instrumented.h>
+#include <asm-generic/bitops/instrumented-atomic.h>
+#include <asm-generic/bitops/instrumented-non-atomic.h>
+#include <asm-generic/bitops/instrumented-lock.h>
#include <asm-generic/bitops/le.h>
diff --git a/include/asm-generic/bitops-instrumented.h b/include/asm-generic/bitops-instrumented.h
deleted file mode 100644
index ddd1c6d9d8db..000000000000
--- a/include/asm-generic/bitops-instrumented.h
+++ /dev/null
@@ -1,263 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-
-/*
- * This file provides wrappers with sanitizer instrumentation for bit
- * operations.
- *
- * To use this functionality, an arch's bitops.h file needs to define each of
- * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
- * arch___set_bit(), etc.).
- */
-#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_H
-#define _ASM_GENERIC_BITOPS_INSTRUMENTED_H
-
-#include <linux/kasan-checks.h>
-
-/**
- * set_bit - Atomically set a bit in memory
- * @nr: the bit to set
- * @addr: the address to start counting from
- *
- * This is a relaxed atomic operation (no implied memory barriers).
- *
- * Note that @nr may be almost arbitrarily large; this function is not
- * restricted to acting on a single-word quantity.
- */
-static inline void set_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- arch_set_bit(nr, addr);
-}
-
-/**
- * __set_bit - Set a bit in memory
- * @nr: the bit to set
- * @addr: the address to start counting from
- *
- * Unlike set_bit(), this function is non-atomic. If it is called on the same
- * region of memory concurrently, the effect may be that only one operation
- * succeeds.
- */
-static inline void __set_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- arch___set_bit(nr, addr);
-}
-
-/**
- * clear_bit - Clears a bit in memory
- * @nr: Bit to clear
- * @addr: Address to start counting from
- *
- * This is a relaxed atomic operation (no implied memory barriers).
- */
-static inline void clear_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- arch_clear_bit(nr, addr);
-}
-
-/**
- * __clear_bit - Clears a bit in memory
- * @nr: the bit to clear
- * @addr: the address to start counting from
- *
- * Unlike clear_bit(), this function is non-atomic. If it is called on the same
- * region of memory concurrently, the effect may be that only one operation
- * succeeds.
- */
-static inline void __clear_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- arch___clear_bit(nr, addr);
-}
-
-/**
- * clear_bit_unlock - Clear a bit in memory, for unlock
- * @nr: the bit to set
- * @addr: the address to start counting from
- *
- * This operation is atomic and provides release barrier semantics.
- */
-static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- arch_clear_bit_unlock(nr, addr);
-}
-
-/**
- * __clear_bit_unlock - Clears a bit in memory
- * @nr: Bit to clear
- * @addr: Address to start counting from
- *
- * This is a non-atomic operation but implies a release barrier before the
- * memory operation. It can be used for an unlock if no other CPUs can
- * concurrently modify other bits in the word.
- */
-static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- arch___clear_bit_unlock(nr, addr);
-}
-
-/**
- * change_bit - Toggle a bit in memory
- * @nr: Bit to change
- * @addr: Address to start counting from
- *
- * This is a relaxed atomic operation (no implied memory barriers).
- *
- * Note that @nr may be almost arbitrarily large; this function is not
- * restricted to acting on a single-word quantity.
- */
-static inline void change_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- arch_change_bit(nr, addr);
-}
-
-/**
- * __change_bit - Toggle a bit in memory
- * @nr: the bit to change
- * @addr: the address to start counting from
- *
- * Unlike change_bit(), this function is non-atomic. If it is called on the same
- * region of memory concurrently, the effect may be that only one operation
- * succeeds.
- */
-static inline void __change_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- arch___change_bit(nr, addr);
-}
-
-/**
- * test_and_set_bit - Set a bit and return its old value
- * @nr: Bit to set
- * @addr: Address to count from
- *
- * This is an atomic fully-ordered operation (implied full memory barrier).
- */
-static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- return arch_test_and_set_bit(nr, addr);
-}
-
-/**
- * __test_and_set_bit - Set a bit and return its old value
- * @nr: Bit to set
- * @addr: Address to count from
- *
- * This operation is non-atomic. If two instances of this operation race, one
- * can appear to succeed but actually fail.
- */
-static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- return arch___test_and_set_bit(nr, addr);
-}
-
-/**
- * test_and_set_bit_lock - Set a bit and return its old value, for lock
- * @nr: Bit to set
- * @addr: Address to count from
- *
- * This operation is atomic and provides acquire barrier semantics if
- * the returned value is 0.
- * It can be used to implement bit locks.
- */
-static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- return arch_test_and_set_bit_lock(nr, addr);
-}
-
-/**
- * test_and_clear_bit - Clear a bit and return its old value
- * @nr: Bit to clear
- * @addr: Address to count from
- *
- * This is an atomic fully-ordered operation (implied full memory barrier).
- */
-static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- return arch_test_and_clear_bit(nr, addr);
-}
-
-/**
- * __test_and_clear_bit - Clear a bit and return its old value
- * @nr: Bit to clear
- * @addr: Address to count from
- *
- * This operation is non-atomic. If two instances of this operation race, one
- * can appear to succeed but actually fail.
- */
-static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- return arch___test_and_clear_bit(nr, addr);
-}
-
-/**
- * test_and_change_bit - Change a bit and return its old value
- * @nr: Bit to change
- * @addr: Address to count from
- *
- * This is an atomic fully-ordered operation (implied full memory barrier).
- */
-static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- return arch_test_and_change_bit(nr, addr);
-}
-
-/**
- * __test_and_change_bit - Change a bit and return its old value
- * @nr: Bit to change
- * @addr: Address to count from
- *
- * This operation is non-atomic. If two instances of this operation race, one
- * can appear to succeed but actually fail.
- */
-static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- return arch___test_and_change_bit(nr, addr);
-}
-
-/**
- * test_bit - Determine whether a bit is set
- * @nr: bit number to test
- * @addr: Address to start counting from
- */
-static inline bool test_bit(long nr, const volatile unsigned long *addr)
-{
- kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
- return arch_test_bit(nr, addr);
-}
-
-#if defined(arch_clear_bit_unlock_is_negative_byte)
-/**
- * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
- * byte is negative, for unlock.
- * @nr: the bit to clear
- * @addr: the address to start counting from
- *
- * This operation is atomic and provides release barrier semantics.
- *
- * This is a bit of a one-trick-pony for the filemap code, which clears
- * PG_locked and tests PG_waiters,
- */
-static inline bool
-clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
-{
- kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
- return arch_clear_bit_unlock_is_negative_byte(nr, addr);
-}
-/* Let everybody know we have it. */
-#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
-#endif
-
-#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_H */
diff --git a/include/asm-generic/bitops/instrumented-atomic.h b/include/asm-generic/bitops/instrumented-atomic.h
new file mode 100644
index 000000000000..18ce3c9e8eec
--- /dev/null
+++ b/include/asm-generic/bitops/instrumented-atomic.h
@@ -0,0 +1,100 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+/*
+ * This file provides wrappers with sanitizer instrumentation for atomic bit
+ * operations.
+ *
+ * To use this functionality, an arch's bitops.h file needs to define each of
+ * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
+ * arch___set_bit(), etc.).
+ */
+#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
+#define _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
+
+#include <linux/kasan-checks.h>
+
+/**
+ * set_bit - Atomically set a bit in memory
+ * @nr: the bit to set
+ * @addr: the address to start counting from
+ *
+ * This is a relaxed atomic operation (no implied memory barriers).
+ *
+ * Note that @nr may be almost arbitrarily large; this function is not
+ * restricted to acting on a single-word quantity.
+ */
+static inline void set_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ arch_set_bit(nr, addr);
+}
+
+/**
+ * clear_bit - Clears a bit in memory
+ * @nr: Bit to clear
+ * @addr: Address to start counting from
+ *
+ * This is a relaxed atomic operation (no implied memory barriers).
+ */
+static inline void clear_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ arch_clear_bit(nr, addr);
+}
+
+/**
+ * change_bit - Toggle a bit in memory
+ * @nr: Bit to change
+ * @addr: Address to start counting from
+ *
+ * This is a relaxed atomic operation (no implied memory barriers).
+ *
+ * Note that @nr may be almost arbitrarily large; this function is not
+ * restricted to acting on a single-word quantity.
+ */
+static inline void change_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ arch_change_bit(nr, addr);
+}
+
+/**
+ * test_and_set_bit - Set a bit and return its old value
+ * @nr: Bit to set
+ * @addr: Address to count from
+ *
+ * This is an atomic fully-ordered operation (implied full memory barrier).
+ */
+static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ return arch_test_and_set_bit(nr, addr);
+}
+
+/**
+ * test_and_clear_bit - Clear a bit and return its old value
+ * @nr: Bit to clear
+ * @addr: Address to count from
+ *
+ * This is an atomic fully-ordered operation (implied full memory barrier).
+ */
+static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ return arch_test_and_clear_bit(nr, addr);
+}
+
+/**
+ * test_and_change_bit - Change a bit and return its old value
+ * @nr: Bit to change
+ * @addr: Address to count from
+ *
+ * This is an atomic fully-ordered operation (implied full memory barrier).
+ */
+static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ return arch_test_and_change_bit(nr, addr);
+}
+
+#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
diff --git a/include/asm-generic/bitops/instrumented-lock.h b/include/asm-generic/bitops/instrumented-lock.h
new file mode 100644
index 000000000000..ec53fdeea9ec
--- /dev/null
+++ b/include/asm-generic/bitops/instrumented-lock.h
@@ -0,0 +1,81 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+/*
+ * This file provides wrappers with sanitizer instrumentation for bit
+ * locking operations.
+ *
+ * To use this functionality, an arch's bitops.h file needs to define each of
+ * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
+ * arch___set_bit(), etc.).
+ */
+#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
+#define _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
+
+#include <linux/kasan-checks.h>
+
+/**
+ * clear_bit_unlock - Clear a bit in memory, for unlock
+ * @nr: the bit to set
+ * @addr: the address to start counting from
+ *
+ * This operation is atomic and provides release barrier semantics.
+ */
+static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ arch_clear_bit_unlock(nr, addr);
+}
+
+/**
+ * __clear_bit_unlock - Clears a bit in memory
+ * @nr: Bit to clear
+ * @addr: Address to start counting from
+ *
+ * This is a non-atomic operation but implies a release barrier before the
+ * memory operation. It can be used for an unlock if no other CPUs can
+ * concurrently modify other bits in the word.
+ */
+static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ arch___clear_bit_unlock(nr, addr);
+}
+
+/**
+ * test_and_set_bit_lock - Set a bit and return its old value, for lock
+ * @nr: Bit to set
+ * @addr: Address to count from
+ *
+ * This operation is atomic and provides acquire barrier semantics if
+ * the returned value is 0.
+ * It can be used to implement bit locks.
+ */
+static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ return arch_test_and_set_bit_lock(nr, addr);
+}
+
+#if defined(arch_clear_bit_unlock_is_negative_byte)
+/**
+ * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
+ * byte is negative, for unlock.
+ * @nr: the bit to clear
+ * @addr: the address to start counting from
+ *
+ * This operation is atomic and provides release barrier semantics.
+ *
+ * This is a bit of a one-trick-pony for the filemap code, which clears
+ * PG_locked and tests PG_waiters,
+ */
+static inline bool
+clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ return arch_clear_bit_unlock_is_negative_byte(nr, addr);
+}
+/* Let everybody know we have it. */
+#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
+#endif
+
+#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H */
diff --git a/include/asm-generic/bitops/instrumented-non-atomic.h b/include/asm-generic/bitops/instrumented-non-atomic.h
new file mode 100644
index 000000000000..95ff28d128a1
--- /dev/null
+++ b/include/asm-generic/bitops/instrumented-non-atomic.h
@@ -0,0 +1,114 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+/*
+ * This file provides wrappers with sanitizer instrumentation for non-atomic
+ * bit operations.
+ *
+ * To use this functionality, an arch's bitops.h file needs to define each of
+ * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
+ * arch___set_bit(), etc.).
+ */
+#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
+#define _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
+
+#include <linux/kasan-checks.h>
+
+/**
+ * __set_bit - Set a bit in memory
+ * @nr: the bit to set
+ * @addr: the address to start counting from
+ *
+ * Unlike set_bit(), this function is non-atomic. If it is called on the same
+ * region of memory concurrently, the effect may be that only one operation
+ * succeeds.
+ */
+static inline void __set_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ arch___set_bit(nr, addr);
+}
+
+/**
+ * __clear_bit - Clears a bit in memory
+ * @nr: the bit to clear
+ * @addr: the address to start counting from
+ *
+ * Unlike clear_bit(), this function is non-atomic. If it is called on the same
+ * region of memory concurrently, the effect may be that only one operation
+ * succeeds.
+ */
+static inline void __clear_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ arch___clear_bit(nr, addr);
+}
+
+/**
+ * __change_bit - Toggle a bit in memory
+ * @nr: the bit to change
+ * @addr: the address to start counting from
+ *
+ * Unlike change_bit(), this function is non-atomic. If it is called on the same
+ * region of memory concurrently, the effect may be that only one operation
+ * succeeds.
+ */
+static inline void __change_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ arch___change_bit(nr, addr);
+}
+
+/**
+ * __test_and_set_bit - Set a bit and return its old value
+ * @nr: Bit to set
+ * @addr: Address to count from
+ *
+ * This operation is non-atomic. If two instances of this operation race, one
+ * can appear to succeed but actually fail.
+ */
+static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ return arch___test_and_set_bit(nr, addr);
+}
+
+/**
+ * __test_and_clear_bit - Clear a bit and return its old value
+ * @nr: Bit to clear
+ * @addr: Address to count from
+ *
+ * This operation is non-atomic. If two instances of this operation race, one
+ * can appear to succeed but actually fail.
+ */
+static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ return arch___test_and_clear_bit(nr, addr);
+}
+
+/**
+ * __test_and_change_bit - Change a bit and return its old value
+ * @nr: Bit to change
+ * @addr: Address to count from
+ *
+ * This operation is non-atomic. If two instances of this operation race, one
+ * can appear to succeed but actually fail.
+ */
+static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
+{
+ kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
+ return arch___test_and_change_bit(nr, addr);
+}
+
+/**
+ * test_bit - Determine whether a bit is set
+ * @nr: bit number to test
+ * @addr: Address to start counting from
+ */
+static inline bool test_bit(long nr, const volatile unsigned long *addr)
+{
+ kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
+ return arch_test_bit(nr, addr);
+}
+
+#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
--
2.20.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v2 2/2] powerpc: support KASAN instrumentation of bitops
2019-08-20 2:49 [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops Daniel Axtens
@ 2019-08-20 2:49 ` Daniel Axtens
2019-08-20 9:55 ` Marco Elver
2019-08-30 5:11 ` Daniel Axtens
2 siblings, 0 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-08-20 2:49 UTC (permalink / raw)
To: christophe.leroy, linux-s390, linux-arch, x86, linuxppc-dev
Cc: kasan-dev, Daniel Axtens, Nicholas Piggin
The powerpc-specific bitops are not being picked up by the KASAN
test suite.
Instrumentation is done via the bitops/instrumented-{atomic,lock}.h
headers. They require that arch-specific versions of bitop functions
are renamed to arch_*. Do this renaming.
For clear_bit_unlock_is_negative_byte, the current implementation
uses the PG_waiters constant. This works because it's a preprocessor
macro - so it's only actually evaluated in contexts where PG_waiters
is defined. With instrumentation however, it becomes a static inline
function, and all of a sudden we need the actual value of PG_waiters.
Because of the order of header includes, it's not available and we
fail to compile. Instead, manually specify that we care about bit 7.
This is still correct: bit 7 is the bit that would mark a negative
byte.
While we're at it, replace __inline__ with inline across the file.
Cc: Nicholas Piggin <npiggin@gmail.com> # clear_bit_unlock_negative_byte
Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Daniel Axtens <dja@axtens.net>
--
v2: Address Christophe review
---
arch/powerpc/include/asm/bitops.h | 51 ++++++++++++++++++-------------
1 file changed, 29 insertions(+), 22 deletions(-)
diff --git a/arch/powerpc/include/asm/bitops.h b/arch/powerpc/include/asm/bitops.h
index 603aed229af7..28dcf8222943 100644
--- a/arch/powerpc/include/asm/bitops.h
+++ b/arch/powerpc/include/asm/bitops.h
@@ -64,7 +64,7 @@
/* Macro for generating the ***_bits() functions */
#define DEFINE_BITOP(fn, op, prefix) \
-static __inline__ void fn(unsigned long mask, \
+static inline void fn(unsigned long mask, \
volatile unsigned long *_p) \
{ \
unsigned long old; \
@@ -86,22 +86,22 @@ DEFINE_BITOP(clear_bits, andc, "")
DEFINE_BITOP(clear_bits_unlock, andc, PPC_RELEASE_BARRIER)
DEFINE_BITOP(change_bits, xor, "")
-static __inline__ void set_bit(int nr, volatile unsigned long *addr)
+static inline void arch_set_bit(int nr, volatile unsigned long *addr)
{
set_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
}
-static __inline__ void clear_bit(int nr, volatile unsigned long *addr)
+static inline void arch_clear_bit(int nr, volatile unsigned long *addr)
{
clear_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
}
-static __inline__ void clear_bit_unlock(int nr, volatile unsigned long *addr)
+static inline void arch_clear_bit_unlock(int nr, volatile unsigned long *addr)
{
clear_bits_unlock(BIT_MASK(nr), addr + BIT_WORD(nr));
}
-static __inline__ void change_bit(int nr, volatile unsigned long *addr)
+static inline void arch_change_bit(int nr, volatile unsigned long *addr)
{
change_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
}
@@ -109,7 +109,7 @@ static __inline__ void change_bit(int nr, volatile unsigned long *addr)
/* Like DEFINE_BITOP(), with changes to the arguments to 'op' and the output
* operands. */
#define DEFINE_TESTOP(fn, op, prefix, postfix, eh) \
-static __inline__ unsigned long fn( \
+static inline unsigned long fn( \
unsigned long mask, \
volatile unsigned long *_p) \
{ \
@@ -138,34 +138,34 @@ DEFINE_TESTOP(test_and_clear_bits, andc, PPC_ATOMIC_ENTRY_BARRIER,
DEFINE_TESTOP(test_and_change_bits, xor, PPC_ATOMIC_ENTRY_BARRIER,
PPC_ATOMIC_EXIT_BARRIER, 0)
-static __inline__ int test_and_set_bit(unsigned long nr,
- volatile unsigned long *addr)
+static inline int arch_test_and_set_bit(unsigned long nr,
+ volatile unsigned long *addr)
{
return test_and_set_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
}
-static __inline__ int test_and_set_bit_lock(unsigned long nr,
- volatile unsigned long *addr)
+static inline int arch_test_and_set_bit_lock(unsigned long nr,
+ volatile unsigned long *addr)
{
return test_and_set_bits_lock(BIT_MASK(nr),
addr + BIT_WORD(nr)) != 0;
}
-static __inline__ int test_and_clear_bit(unsigned long nr,
- volatile unsigned long *addr)
+static inline int arch_test_and_clear_bit(unsigned long nr,
+ volatile unsigned long *addr)
{
return test_and_clear_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
}
-static __inline__ int test_and_change_bit(unsigned long nr,
- volatile unsigned long *addr)
+static inline int arch_test_and_change_bit(unsigned long nr,
+ volatile unsigned long *addr)
{
return test_and_change_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
}
#ifdef CONFIG_PPC64
-static __inline__ unsigned long clear_bit_unlock_return_word(int nr,
- volatile unsigned long *addr)
+static inline unsigned long
+clear_bit_unlock_return_word(int nr, volatile unsigned long *addr)
{
unsigned long old, t;
unsigned long *p = (unsigned long *)addr + BIT_WORD(nr);
@@ -185,15 +185,18 @@ static __inline__ unsigned long clear_bit_unlock_return_word(int nr,
return old;
}
-/* This is a special function for mm/filemap.c */
-#define clear_bit_unlock_is_negative_byte(nr, addr) \
- (clear_bit_unlock_return_word(nr, addr) & BIT_MASK(PG_waiters))
+/*
+ * This is a special function for mm/filemap.c
+ * Bit 7 corresponds to PG_waiters.
+ */
+#define arch_clear_bit_unlock_is_negative_byte(nr, addr) \
+ (clear_bit_unlock_return_word(nr, addr) & BIT_MASK(7))
#endif /* CONFIG_PPC64 */
#include <asm-generic/bitops/non-atomic.h>
-static __inline__ void __clear_bit_unlock(int nr, volatile unsigned long *addr)
+static inline void arch___clear_bit_unlock(int nr, volatile unsigned long *addr)
{
__asm__ __volatile__(PPC_RELEASE_BARRIER "" ::: "memory");
__clear_bit(nr, addr);
@@ -215,14 +218,14 @@ static __inline__ void __clear_bit_unlock(int nr, volatile unsigned long *addr)
* fls: find last (most-significant) bit set.
* Note fls(0) = 0, fls(1) = 1, fls(0x80000000) = 32.
*/
-static __inline__ int fls(unsigned int x)
+static inline int fls(unsigned int x)
{
return 32 - __builtin_clz(x);
}
#include <asm-generic/bitops/builtin-__fls.h>
-static __inline__ int fls64(__u64 x)
+static inline int fls64(__u64 x)
{
return 64 - __builtin_clzll(x);
}
@@ -239,6 +242,10 @@ unsigned long __arch_hweight64(__u64 w);
#include <asm-generic/bitops/find.h>
+/* wrappers that deal with KASAN instrumentation */
+#include <asm-generic/bitops/instrumented-atomic.h>
+#include <asm-generic/bitops/instrumented-lock.h>
+
/* Little-endian versions */
#include <asm-generic/bitops/le.h>
--
2.20.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v2 2/2] powerpc: support KASAN instrumentation of bitops
@ 2019-08-20 2:49 ` Daniel Axtens
0 siblings, 0 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-08-20 2:49 UTC (permalink / raw)
To: christophe.leroy, linux-s390, linux-arch, x86, linuxppc-dev
Cc: Nicholas Piggin, kasan-dev, Daniel Axtens
The powerpc-specific bitops are not being picked up by the KASAN
test suite.
Instrumentation is done via the bitops/instrumented-{atomic,lock}.h
headers. They require that arch-specific versions of bitop functions
are renamed to arch_*. Do this renaming.
For clear_bit_unlock_is_negative_byte, the current implementation
uses the PG_waiters constant. This works because it's a preprocessor
macro - so it's only actually evaluated in contexts where PG_waiters
is defined. With instrumentation however, it becomes a static inline
function, and all of a sudden we need the actual value of PG_waiters.
Because of the order of header includes, it's not available and we
fail to compile. Instead, manually specify that we care about bit 7.
This is still correct: bit 7 is the bit that would mark a negative
byte.
While we're at it, replace __inline__ with inline across the file.
Cc: Nicholas Piggin <npiggin@gmail.com> # clear_bit_unlock_negative_byte
Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Daniel Axtens <dja@axtens.net>
--
v2: Address Christophe review
---
arch/powerpc/include/asm/bitops.h | 51 ++++++++++++++++++-------------
1 file changed, 29 insertions(+), 22 deletions(-)
diff --git a/arch/powerpc/include/asm/bitops.h b/arch/powerpc/include/asm/bitops.h
index 603aed229af7..28dcf8222943 100644
--- a/arch/powerpc/include/asm/bitops.h
+++ b/arch/powerpc/include/asm/bitops.h
@@ -64,7 +64,7 @@
/* Macro for generating the ***_bits() functions */
#define DEFINE_BITOP(fn, op, prefix) \
-static __inline__ void fn(unsigned long mask, \
+static inline void fn(unsigned long mask, \
volatile unsigned long *_p) \
{ \
unsigned long old; \
@@ -86,22 +86,22 @@ DEFINE_BITOP(clear_bits, andc, "")
DEFINE_BITOP(clear_bits_unlock, andc, PPC_RELEASE_BARRIER)
DEFINE_BITOP(change_bits, xor, "")
-static __inline__ void set_bit(int nr, volatile unsigned long *addr)
+static inline void arch_set_bit(int nr, volatile unsigned long *addr)
{
set_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
}
-static __inline__ void clear_bit(int nr, volatile unsigned long *addr)
+static inline void arch_clear_bit(int nr, volatile unsigned long *addr)
{
clear_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
}
-static __inline__ void clear_bit_unlock(int nr, volatile unsigned long *addr)
+static inline void arch_clear_bit_unlock(int nr, volatile unsigned long *addr)
{
clear_bits_unlock(BIT_MASK(nr), addr + BIT_WORD(nr));
}
-static __inline__ void change_bit(int nr, volatile unsigned long *addr)
+static inline void arch_change_bit(int nr, volatile unsigned long *addr)
{
change_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
}
@@ -109,7 +109,7 @@ static __inline__ void change_bit(int nr, volatile unsigned long *addr)
/* Like DEFINE_BITOP(), with changes to the arguments to 'op' and the output
* operands. */
#define DEFINE_TESTOP(fn, op, prefix, postfix, eh) \
-static __inline__ unsigned long fn( \
+static inline unsigned long fn( \
unsigned long mask, \
volatile unsigned long *_p) \
{ \
@@ -138,34 +138,34 @@ DEFINE_TESTOP(test_and_clear_bits, andc, PPC_ATOMIC_ENTRY_BARRIER,
DEFINE_TESTOP(test_and_change_bits, xor, PPC_ATOMIC_ENTRY_BARRIER,
PPC_ATOMIC_EXIT_BARRIER, 0)
-static __inline__ int test_and_set_bit(unsigned long nr,
- volatile unsigned long *addr)
+static inline int arch_test_and_set_bit(unsigned long nr,
+ volatile unsigned long *addr)
{
return test_and_set_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
}
-static __inline__ int test_and_set_bit_lock(unsigned long nr,
- volatile unsigned long *addr)
+static inline int arch_test_and_set_bit_lock(unsigned long nr,
+ volatile unsigned long *addr)
{
return test_and_set_bits_lock(BIT_MASK(nr),
addr + BIT_WORD(nr)) != 0;
}
-static __inline__ int test_and_clear_bit(unsigned long nr,
- volatile unsigned long *addr)
+static inline int arch_test_and_clear_bit(unsigned long nr,
+ volatile unsigned long *addr)
{
return test_and_clear_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
}
-static __inline__ int test_and_change_bit(unsigned long nr,
- volatile unsigned long *addr)
+static inline int arch_test_and_change_bit(unsigned long nr,
+ volatile unsigned long *addr)
{
return test_and_change_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
}
#ifdef CONFIG_PPC64
-static __inline__ unsigned long clear_bit_unlock_return_word(int nr,
- volatile unsigned long *addr)
+static inline unsigned long
+clear_bit_unlock_return_word(int nr, volatile unsigned long *addr)
{
unsigned long old, t;
unsigned long *p = (unsigned long *)addr + BIT_WORD(nr);
@@ -185,15 +185,18 @@ static __inline__ unsigned long clear_bit_unlock_return_word(int nr,
return old;
}
-/* This is a special function for mm/filemap.c */
-#define clear_bit_unlock_is_negative_byte(nr, addr) \
- (clear_bit_unlock_return_word(nr, addr) & BIT_MASK(PG_waiters))
+/*
+ * This is a special function for mm/filemap.c
+ * Bit 7 corresponds to PG_waiters.
+ */
+#define arch_clear_bit_unlock_is_negative_byte(nr, addr) \
+ (clear_bit_unlock_return_word(nr, addr) & BIT_MASK(7))
#endif /* CONFIG_PPC64 */
#include <asm-generic/bitops/non-atomic.h>
-static __inline__ void __clear_bit_unlock(int nr, volatile unsigned long *addr)
+static inline void arch___clear_bit_unlock(int nr, volatile unsigned long *addr)
{
__asm__ __volatile__(PPC_RELEASE_BARRIER "" ::: "memory");
__clear_bit(nr, addr);
@@ -215,14 +218,14 @@ static __inline__ void __clear_bit_unlock(int nr, volatile unsigned long *addr)
* fls: find last (most-significant) bit set.
* Note fls(0) = 0, fls(1) = 1, fls(0x80000000) = 32.
*/
-static __inline__ int fls(unsigned int x)
+static inline int fls(unsigned int x)
{
return 32 - __builtin_clz(x);
}
#include <asm-generic/bitops/builtin-__fls.h>
-static __inline__ int fls64(__u64 x)
+static inline int fls64(__u64 x)
{
return 64 - __builtin_clzll(x);
}
@@ -239,6 +242,10 @@ unsigned long __arch_hweight64(__u64 w);
#include <asm-generic/bitops/find.h>
+/* wrappers that deal with KASAN instrumentation */
+#include <asm-generic/bitops/instrumented-atomic.h>
+#include <asm-generic/bitops/instrumented-lock.h>
+
/* Little-endian versions */
#include <asm-generic/bitops/le.h>
--
2.20.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-08-20 2:49 [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops Daniel Axtens
@ 2019-08-20 9:55 ` Marco Elver
2019-08-20 9:55 ` Marco Elver
2019-08-30 5:11 ` Daniel Axtens
2 siblings, 0 replies; 23+ messages in thread
From: Marco Elver @ 2019-08-20 9:55 UTC (permalink / raw)
To: Daniel Axtens
Cc: christophe.leroy, linux-s390, linux-arch,
the arch/x86 maintainers, linuxppc-dev, kasan-dev
On Tue, 20 Aug 2019 at 04:50, Daniel Axtens <dja@axtens.net> wrote:
>
> Currently bitops-instrumented.h assumes that the architecture provides
> atomic, non-atomic and locking bitops (e.g. both set_bit and __set_bit).
> This is true on x86 and s390, but is not always true: there is a
> generic bitops/non-atomic.h header that provides generic non-atomic
> operations, and also a generic bitops/lock.h for locking operations.
>
> powerpc uses the generic non-atomic version, so it does not have it's
> own e.g. __set_bit that could be renamed arch___set_bit.
>
> Split up bitops-instrumented.h to mirror the atomic/non-atomic/lock
> split. This allows arches to only include the headers where they
> have arch-specific versions to rename. Update x86 and s390.
>
> (The generic operations are automatically instrumented because they're
> written in C, not asm.)
>
> Suggested-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Signed-off-by: Daniel Axtens <dja@axtens.net>
Acked-by: Marco Elver <elver@google.com>
Thanks!
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-08-20 9:55 ` Marco Elver
0 siblings, 0 replies; 23+ messages in thread
From: Marco Elver @ 2019-08-20 9:55 UTC (permalink / raw)
To: Daniel Axtens
Cc: linux-s390, the arch/x86 maintainers, kasan-dev, linux-arch,
linuxppc-dev
On Tue, 20 Aug 2019 at 04:50, Daniel Axtens <dja@axtens.net> wrote:
>
> Currently bitops-instrumented.h assumes that the architecture provides
> atomic, non-atomic and locking bitops (e.g. both set_bit and __set_bit).
> This is true on x86 and s390, but is not always true: there is a
> generic bitops/non-atomic.h header that provides generic non-atomic
> operations, and also a generic bitops/lock.h for locking operations.
>
> powerpc uses the generic non-atomic version, so it does not have it's
> own e.g. __set_bit that could be renamed arch___set_bit.
>
> Split up bitops-instrumented.h to mirror the atomic/non-atomic/lock
> split. This allows arches to only include the headers where they
> have arch-specific versions to rename. Update x86 and s390.
>
> (The generic operations are automatically instrumented because they're
> written in C, not asm.)
>
> Suggested-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Signed-off-by: Daniel Axtens <dja@axtens.net>
Acked-by: Marco Elver <elver@google.com>
Thanks!
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 2/2] powerpc: support KASAN instrumentation of bitops
2019-08-20 2:49 ` Daniel Axtens
@ 2019-08-20 16:34 ` Christophe Leroy
-1 siblings, 0 replies; 23+ messages in thread
From: Christophe Leroy @ 2019-08-20 16:34 UTC (permalink / raw)
To: Daniel Axtens, linux-s390, linux-arch, x86, linuxppc-dev
Cc: kasan-dev, Nicholas Piggin
Le 20/08/2019 à 04:49, Daniel Axtens a écrit :
> The powerpc-specific bitops are not being picked up by the KASAN
> test suite.
>
> Instrumentation is done via the bitops/instrumented-{atomic,lock}.h
> headers. They require that arch-specific versions of bitop functions
> are renamed to arch_*. Do this renaming.
>
> For clear_bit_unlock_is_negative_byte, the current implementation
> uses the PG_waiters constant. This works because it's a preprocessor
> macro - so it's only actually evaluated in contexts where PG_waiters
> is defined. With instrumentation however, it becomes a static inline
> function, and all of a sudden we need the actual value of PG_waiters.
> Because of the order of header includes, it's not available and we
> fail to compile. Instead, manually specify that we care about bit 7.
> This is still correct: bit 7 is the bit that would mark a negative
> byte.
>
> While we're at it, replace __inline__ with inline across the file.
>
> Cc: Nicholas Piggin <npiggin@gmail.com> # clear_bit_unlock_negative_byte
> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Signed-off-by: Daniel Axtens <dja@axtens.net>
Tested-by: Christophe Leroy <christophe.leroy@c-s.fr>
Now, I only have two KASAN tests which do not trigger any message:
kasan test: kasan_alloca_oob_left out-of-bounds to left on alloca
kasan test: kasan_alloca_oob_right out-of-bounds to right on alloca
Christophe
>
> --
> v2: Address Christophe review
> ---
> arch/powerpc/include/asm/bitops.h | 51 ++++++++++++++++++-------------
> 1 file changed, 29 insertions(+), 22 deletions(-)
>
> diff --git a/arch/powerpc/include/asm/bitops.h b/arch/powerpc/include/asm/bitops.h
> index 603aed229af7..28dcf8222943 100644
> --- a/arch/powerpc/include/asm/bitops.h
> +++ b/arch/powerpc/include/asm/bitops.h
> @@ -64,7 +64,7 @@
>
> /* Macro for generating the ***_bits() functions */
> #define DEFINE_BITOP(fn, op, prefix) \
> -static __inline__ void fn(unsigned long mask, \
> +static inline void fn(unsigned long mask, \
> volatile unsigned long *_p) \
> { \
> unsigned long old; \
> @@ -86,22 +86,22 @@ DEFINE_BITOP(clear_bits, andc, "")
> DEFINE_BITOP(clear_bits_unlock, andc, PPC_RELEASE_BARRIER)
> DEFINE_BITOP(change_bits, xor, "")
>
> -static __inline__ void set_bit(int nr, volatile unsigned long *addr)
> +static inline void arch_set_bit(int nr, volatile unsigned long *addr)
> {
> set_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
> }
>
> -static __inline__ void clear_bit(int nr, volatile unsigned long *addr)
> +static inline void arch_clear_bit(int nr, volatile unsigned long *addr)
> {
> clear_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
> }
>
> -static __inline__ void clear_bit_unlock(int nr, volatile unsigned long *addr)
> +static inline void arch_clear_bit_unlock(int nr, volatile unsigned long *addr)
> {
> clear_bits_unlock(BIT_MASK(nr), addr + BIT_WORD(nr));
> }
>
> -static __inline__ void change_bit(int nr, volatile unsigned long *addr)
> +static inline void arch_change_bit(int nr, volatile unsigned long *addr)
> {
> change_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
> }
> @@ -109,7 +109,7 @@ static __inline__ void change_bit(int nr, volatile unsigned long *addr)
> /* Like DEFINE_BITOP(), with changes to the arguments to 'op' and the output
> * operands. */
> #define DEFINE_TESTOP(fn, op, prefix, postfix, eh) \
> -static __inline__ unsigned long fn( \
> +static inline unsigned long fn( \
> unsigned long mask, \
> volatile unsigned long *_p) \
> { \
> @@ -138,34 +138,34 @@ DEFINE_TESTOP(test_and_clear_bits, andc, PPC_ATOMIC_ENTRY_BARRIER,
> DEFINE_TESTOP(test_and_change_bits, xor, PPC_ATOMIC_ENTRY_BARRIER,
> PPC_ATOMIC_EXIT_BARRIER, 0)
>
> -static __inline__ int test_and_set_bit(unsigned long nr,
> - volatile unsigned long *addr)
> +static inline int arch_test_and_set_bit(unsigned long nr,
> + volatile unsigned long *addr)
> {
> return test_and_set_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
> }
>
> -static __inline__ int test_and_set_bit_lock(unsigned long nr,
> - volatile unsigned long *addr)
> +static inline int arch_test_and_set_bit_lock(unsigned long nr,
> + volatile unsigned long *addr)
> {
> return test_and_set_bits_lock(BIT_MASK(nr),
> addr + BIT_WORD(nr)) != 0;
> }
>
> -static __inline__ int test_and_clear_bit(unsigned long nr,
> - volatile unsigned long *addr)
> +static inline int arch_test_and_clear_bit(unsigned long nr,
> + volatile unsigned long *addr)
> {
> return test_and_clear_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
> }
>
> -static __inline__ int test_and_change_bit(unsigned long nr,
> - volatile unsigned long *addr)
> +static inline int arch_test_and_change_bit(unsigned long nr,
> + volatile unsigned long *addr)
> {
> return test_and_change_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
> }
>
> #ifdef CONFIG_PPC64
> -static __inline__ unsigned long clear_bit_unlock_return_word(int nr,
> - volatile unsigned long *addr)
> +static inline unsigned long
> +clear_bit_unlock_return_word(int nr, volatile unsigned long *addr)
> {
> unsigned long old, t;
> unsigned long *p = (unsigned long *)addr + BIT_WORD(nr);
> @@ -185,15 +185,18 @@ static __inline__ unsigned long clear_bit_unlock_return_word(int nr,
> return old;
> }
>
> -/* This is a special function for mm/filemap.c */
> -#define clear_bit_unlock_is_negative_byte(nr, addr) \
> - (clear_bit_unlock_return_word(nr, addr) & BIT_MASK(PG_waiters))
> +/*
> + * This is a special function for mm/filemap.c
> + * Bit 7 corresponds to PG_waiters.
> + */
> +#define arch_clear_bit_unlock_is_negative_byte(nr, addr) \
> + (clear_bit_unlock_return_word(nr, addr) & BIT_MASK(7))
>
> #endif /* CONFIG_PPC64 */
>
> #include <asm-generic/bitops/non-atomic.h>
>
> -static __inline__ void __clear_bit_unlock(int nr, volatile unsigned long *addr)
> +static inline void arch___clear_bit_unlock(int nr, volatile unsigned long *addr)
> {
> __asm__ __volatile__(PPC_RELEASE_BARRIER "" ::: "memory");
> __clear_bit(nr, addr);
> @@ -215,14 +218,14 @@ static __inline__ void __clear_bit_unlock(int nr, volatile unsigned long *addr)
> * fls: find last (most-significant) bit set.
> * Note fls(0) = 0, fls(1) = 1, fls(0x80000000) = 32.
> */
> -static __inline__ int fls(unsigned int x)
> +static inline int fls(unsigned int x)
> {
> return 32 - __builtin_clz(x);
> }
>
> #include <asm-generic/bitops/builtin-__fls.h>
>
> -static __inline__ int fls64(__u64 x)
> +static inline int fls64(__u64 x)
> {
> return 64 - __builtin_clzll(x);
> }
> @@ -239,6 +242,10 @@ unsigned long __arch_hweight64(__u64 w);
>
> #include <asm-generic/bitops/find.h>
>
> +/* wrappers that deal with KASAN instrumentation */
> +#include <asm-generic/bitops/instrumented-atomic.h>
> +#include <asm-generic/bitops/instrumented-lock.h>
> +
> /* Little-endian versions */
> #include <asm-generic/bitops/le.h>
>
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 2/2] powerpc: support KASAN instrumentation of bitops
@ 2019-08-20 16:34 ` Christophe Leroy
0 siblings, 0 replies; 23+ messages in thread
From: Christophe Leroy @ 2019-08-20 16:34 UTC (permalink / raw)
To: Daniel Axtens, linux-s390, linux-arch, x86, linuxppc-dev
Cc: Nicholas Piggin, kasan-dev
Le 20/08/2019 à 04:49, Daniel Axtens a écrit :
> The powerpc-specific bitops are not being picked up by the KASAN
> test suite.
>
> Instrumentation is done via the bitops/instrumented-{atomic,lock}.h
> headers. They require that arch-specific versions of bitop functions
> are renamed to arch_*. Do this renaming.
>
> For clear_bit_unlock_is_negative_byte, the current implementation
> uses the PG_waiters constant. This works because it's a preprocessor
> macro - so it's only actually evaluated in contexts where PG_waiters
> is defined. With instrumentation however, it becomes a static inline
> function, and all of a sudden we need the actual value of PG_waiters.
> Because of the order of header includes, it's not available and we
> fail to compile. Instead, manually specify that we care about bit 7.
> This is still correct: bit 7 is the bit that would mark a negative
> byte.
>
> While we're at it, replace __inline__ with inline across the file.
>
> Cc: Nicholas Piggin <npiggin@gmail.com> # clear_bit_unlock_negative_byte
> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Signed-off-by: Daniel Axtens <dja@axtens.net>
Tested-by: Christophe Leroy <christophe.leroy@c-s.fr>
Now, I only have two KASAN tests which do not trigger any message:
kasan test: kasan_alloca_oob_left out-of-bounds to left on alloca
kasan test: kasan_alloca_oob_right out-of-bounds to right on alloca
Christophe
>
> --
> v2: Address Christophe review
> ---
> arch/powerpc/include/asm/bitops.h | 51 ++++++++++++++++++-------------
> 1 file changed, 29 insertions(+), 22 deletions(-)
>
> diff --git a/arch/powerpc/include/asm/bitops.h b/arch/powerpc/include/asm/bitops.h
> index 603aed229af7..28dcf8222943 100644
> --- a/arch/powerpc/include/asm/bitops.h
> +++ b/arch/powerpc/include/asm/bitops.h
> @@ -64,7 +64,7 @@
>
> /* Macro for generating the ***_bits() functions */
> #define DEFINE_BITOP(fn, op, prefix) \
> -static __inline__ void fn(unsigned long mask, \
> +static inline void fn(unsigned long mask, \
> volatile unsigned long *_p) \
> { \
> unsigned long old; \
> @@ -86,22 +86,22 @@ DEFINE_BITOP(clear_bits, andc, "")
> DEFINE_BITOP(clear_bits_unlock, andc, PPC_RELEASE_BARRIER)
> DEFINE_BITOP(change_bits, xor, "")
>
> -static __inline__ void set_bit(int nr, volatile unsigned long *addr)
> +static inline void arch_set_bit(int nr, volatile unsigned long *addr)
> {
> set_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
> }
>
> -static __inline__ void clear_bit(int nr, volatile unsigned long *addr)
> +static inline void arch_clear_bit(int nr, volatile unsigned long *addr)
> {
> clear_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
> }
>
> -static __inline__ void clear_bit_unlock(int nr, volatile unsigned long *addr)
> +static inline void arch_clear_bit_unlock(int nr, volatile unsigned long *addr)
> {
> clear_bits_unlock(BIT_MASK(nr), addr + BIT_WORD(nr));
> }
>
> -static __inline__ void change_bit(int nr, volatile unsigned long *addr)
> +static inline void arch_change_bit(int nr, volatile unsigned long *addr)
> {
> change_bits(BIT_MASK(nr), addr + BIT_WORD(nr));
> }
> @@ -109,7 +109,7 @@ static __inline__ void change_bit(int nr, volatile unsigned long *addr)
> /* Like DEFINE_BITOP(), with changes to the arguments to 'op' and the output
> * operands. */
> #define DEFINE_TESTOP(fn, op, prefix, postfix, eh) \
> -static __inline__ unsigned long fn( \
> +static inline unsigned long fn( \
> unsigned long mask, \
> volatile unsigned long *_p) \
> { \
> @@ -138,34 +138,34 @@ DEFINE_TESTOP(test_and_clear_bits, andc, PPC_ATOMIC_ENTRY_BARRIER,
> DEFINE_TESTOP(test_and_change_bits, xor, PPC_ATOMIC_ENTRY_BARRIER,
> PPC_ATOMIC_EXIT_BARRIER, 0)
>
> -static __inline__ int test_and_set_bit(unsigned long nr,
> - volatile unsigned long *addr)
> +static inline int arch_test_and_set_bit(unsigned long nr,
> + volatile unsigned long *addr)
> {
> return test_and_set_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
> }
>
> -static __inline__ int test_and_set_bit_lock(unsigned long nr,
> - volatile unsigned long *addr)
> +static inline int arch_test_and_set_bit_lock(unsigned long nr,
> + volatile unsigned long *addr)
> {
> return test_and_set_bits_lock(BIT_MASK(nr),
> addr + BIT_WORD(nr)) != 0;
> }
>
> -static __inline__ int test_and_clear_bit(unsigned long nr,
> - volatile unsigned long *addr)
> +static inline int arch_test_and_clear_bit(unsigned long nr,
> + volatile unsigned long *addr)
> {
> return test_and_clear_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
> }
>
> -static __inline__ int test_and_change_bit(unsigned long nr,
> - volatile unsigned long *addr)
> +static inline int arch_test_and_change_bit(unsigned long nr,
> + volatile unsigned long *addr)
> {
> return test_and_change_bits(BIT_MASK(nr), addr + BIT_WORD(nr)) != 0;
> }
>
> #ifdef CONFIG_PPC64
> -static __inline__ unsigned long clear_bit_unlock_return_word(int nr,
> - volatile unsigned long *addr)
> +static inline unsigned long
> +clear_bit_unlock_return_word(int nr, volatile unsigned long *addr)
> {
> unsigned long old, t;
> unsigned long *p = (unsigned long *)addr + BIT_WORD(nr);
> @@ -185,15 +185,18 @@ static __inline__ unsigned long clear_bit_unlock_return_word(int nr,
> return old;
> }
>
> -/* This is a special function for mm/filemap.c */
> -#define clear_bit_unlock_is_negative_byte(nr, addr) \
> - (clear_bit_unlock_return_word(nr, addr) & BIT_MASK(PG_waiters))
> +/*
> + * This is a special function for mm/filemap.c
> + * Bit 7 corresponds to PG_waiters.
> + */
> +#define arch_clear_bit_unlock_is_negative_byte(nr, addr) \
> + (clear_bit_unlock_return_word(nr, addr) & BIT_MASK(7))
>
> #endif /* CONFIG_PPC64 */
>
> #include <asm-generic/bitops/non-atomic.h>
>
> -static __inline__ void __clear_bit_unlock(int nr, volatile unsigned long *addr)
> +static inline void arch___clear_bit_unlock(int nr, volatile unsigned long *addr)
> {
> __asm__ __volatile__(PPC_RELEASE_BARRIER "" ::: "memory");
> __clear_bit(nr, addr);
> @@ -215,14 +218,14 @@ static __inline__ void __clear_bit_unlock(int nr, volatile unsigned long *addr)
> * fls: find last (most-significant) bit set.
> * Note fls(0) = 0, fls(1) = 1, fls(0x80000000) = 32.
> */
> -static __inline__ int fls(unsigned int x)
> +static inline int fls(unsigned int x)
> {
> return 32 - __builtin_clz(x);
> }
>
> #include <asm-generic/bitops/builtin-__fls.h>
>
> -static __inline__ int fls64(__u64 x)
> +static inline int fls64(__u64 x)
> {
> return 64 - __builtin_clzll(x);
> }
> @@ -239,6 +242,10 @@ unsigned long __arch_hweight64(__u64 w);
>
> #include <asm-generic/bitops/find.h>
>
> +/* wrappers that deal with KASAN instrumentation */
> +#include <asm-generic/bitops/instrumented-atomic.h>
> +#include <asm-generic/bitops/instrumented-lock.h>
> +
> /* Little-endian versions */
> #include <asm-generic/bitops/le.h>
>
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-08-20 2:49 [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops Daniel Axtens
2019-08-20 2:49 ` Daniel Axtens
2019-08-20 9:55 ` Marco Elver
@ 2019-08-30 5:11 ` Daniel Axtens
2019-10-28 13:56 ` Daniel Axtens
2 siblings, 1 reply; 23+ messages in thread
From: Daniel Axtens @ 2019-08-30 5:11 UTC (permalink / raw)
To: christophe.leroy, linux-s390, linux-arch, x86, linuxppc-dev; +Cc: kasan-dev
Daniel Axtens <dja@axtens.net> writes:
> Currently bitops-instrumented.h assumes that the architecture provides
> atomic, non-atomic and locking bitops (e.g. both set_bit and __set_bit).
> This is true on x86 and s390, but is not always true: there is a
> generic bitops/non-atomic.h header that provides generic non-atomic
> operations, and also a generic bitops/lock.h for locking operations.
>
> powerpc uses the generic non-atomic version, so it does not have it's
> own e.g. __set_bit that could be renamed arch___set_bit.
>
> Split up bitops-instrumented.h to mirror the atomic/non-atomic/lock
> split. This allows arches to only include the headers where they
> have arch-specific versions to rename. Update x86 and s390.
This patch should not cause any functional change on either arch.
To verify, I have compiled kernels with and without these. With the
appropriate setting of environment variables and the general assorted
mucking around required for reproducible builds, I have tested:
- s390, without kasan - byte-for-byte identical vmlinux before and after
- x86, without kasan - byte-for-byte identical vmlinux before and after
- s390, inline kasan - byte-for-byte identical vmlinux before and after
- x86, inline kasan - 3 functions in drivers/rtc/dev.o are reordered,
build-id and __ex_table differ, rest is unchanged
The kernels were based on defconfigs. I disabled debug info (as that
obviously changes with code being rearranged) and initrd support (as the
cpio wrapper doesn't seem to take KBUILD_BUILD_TIMESTAMP but the current
time, and that screws things up).
I wouldn't read too much in to the weird result on x86 with inline
kasan: the code I moved about is compiled even without KASAN enabled.
Regards,
Daniel
>
> (The generic operations are automatically instrumented because they're
> written in C, not asm.)
>
> Suggested-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Signed-off-by: Daniel Axtens <dja@axtens.net>
> ---
> Documentation/core-api/kernel-api.rst | 17 +-
> arch/s390/include/asm/bitops.h | 4 +-
> arch/x86/include/asm/bitops.h | 4 +-
> include/asm-generic/bitops-instrumented.h | 263 ------------------
> .../asm-generic/bitops/instrumented-atomic.h | 100 +++++++
> .../asm-generic/bitops/instrumented-lock.h | 81 ++++++
> .../bitops/instrumented-non-atomic.h | 114 ++++++++
> 7 files changed, 317 insertions(+), 266 deletions(-)
> delete mode 100644 include/asm-generic/bitops-instrumented.h
> create mode 100644 include/asm-generic/bitops/instrumented-atomic.h
> create mode 100644 include/asm-generic/bitops/instrumented-lock.h
> create mode 100644 include/asm-generic/bitops/instrumented-non-atomic.h
>
> diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
> index 08af5caf036d..2e21248277e3 100644
> --- a/Documentation/core-api/kernel-api.rst
> +++ b/Documentation/core-api/kernel-api.rst
> @@ -54,7 +54,22 @@ The Linux kernel provides more basic utility functions.
> Bit Operations
> --------------
>
> -.. kernel-doc:: include/asm-generic/bitops-instrumented.h
> +Atomic Operations
> +~~~~~~~~~~~~~~~~~
> +
> +.. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
> + :internal:
> +
> +Non-atomic Operations
> +~~~~~~~~~~~~~~~~~~~~~
> +
> +.. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
> + :internal:
> +
> +Locking Operations
> +~~~~~~~~~~~~~~~~~~
> +
> +.. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
> :internal:
>
> Bitmap Operations
> diff --git a/arch/s390/include/asm/bitops.h b/arch/s390/include/asm/bitops.h
> index b8833ac983fa..0ceb12593a68 100644
> --- a/arch/s390/include/asm/bitops.h
> +++ b/arch/s390/include/asm/bitops.h
> @@ -241,7 +241,9 @@ static inline void arch___clear_bit_unlock(unsigned long nr,
> arch___clear_bit(nr, ptr);
> }
>
> -#include <asm-generic/bitops-instrumented.h>
> +#include <asm-generic/bitops/instrumented-atomic.h>
> +#include <asm-generic/bitops/instrumented-non-atomic.h>
> +#include <asm-generic/bitops/instrumented-lock.h>
>
> /*
> * Functions which use MSB0 bit numbering.
> diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
> index ba15d53c1ca7..4a2e2432238f 100644
> --- a/arch/x86/include/asm/bitops.h
> +++ b/arch/x86/include/asm/bitops.h
> @@ -389,7 +389,9 @@ static __always_inline int fls64(__u64 x)
>
> #include <asm-generic/bitops/const_hweight.h>
>
> -#include <asm-generic/bitops-instrumented.h>
> +#include <asm-generic/bitops/instrumented-atomic.h>
> +#include <asm-generic/bitops/instrumented-non-atomic.h>
> +#include <asm-generic/bitops/instrumented-lock.h>
>
> #include <asm-generic/bitops/le.h>
>
> diff --git a/include/asm-generic/bitops-instrumented.h b/include/asm-generic/bitops-instrumented.h
> deleted file mode 100644
> index ddd1c6d9d8db..000000000000
> --- a/include/asm-generic/bitops-instrumented.h
> +++ /dev/null
> @@ -1,263 +0,0 @@
> -/* SPDX-License-Identifier: GPL-2.0 */
> -
> -/*
> - * This file provides wrappers with sanitizer instrumentation for bit
> - * operations.
> - *
> - * To use this functionality, an arch's bitops.h file needs to define each of
> - * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> - * arch___set_bit(), etc.).
> - */
> -#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_H
> -#define _ASM_GENERIC_BITOPS_INSTRUMENTED_H
> -
> -#include <linux/kasan-checks.h>
> -
> -/**
> - * set_bit - Atomically set a bit in memory
> - * @nr: the bit to set
> - * @addr: the address to start counting from
> - *
> - * This is a relaxed atomic operation (no implied memory barriers).
> - *
> - * Note that @nr may be almost arbitrarily large; this function is not
> - * restricted to acting on a single-word quantity.
> - */
> -static inline void set_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - arch_set_bit(nr, addr);
> -}
> -
> -/**
> - * __set_bit - Set a bit in memory
> - * @nr: the bit to set
> - * @addr: the address to start counting from
> - *
> - * Unlike set_bit(), this function is non-atomic. If it is called on the same
> - * region of memory concurrently, the effect may be that only one operation
> - * succeeds.
> - */
> -static inline void __set_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - arch___set_bit(nr, addr);
> -}
> -
> -/**
> - * clear_bit - Clears a bit in memory
> - * @nr: Bit to clear
> - * @addr: Address to start counting from
> - *
> - * This is a relaxed atomic operation (no implied memory barriers).
> - */
> -static inline void clear_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - arch_clear_bit(nr, addr);
> -}
> -
> -/**
> - * __clear_bit - Clears a bit in memory
> - * @nr: the bit to clear
> - * @addr: the address to start counting from
> - *
> - * Unlike clear_bit(), this function is non-atomic. If it is called on the same
> - * region of memory concurrently, the effect may be that only one operation
> - * succeeds.
> - */
> -static inline void __clear_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - arch___clear_bit(nr, addr);
> -}
> -
> -/**
> - * clear_bit_unlock - Clear a bit in memory, for unlock
> - * @nr: the bit to set
> - * @addr: the address to start counting from
> - *
> - * This operation is atomic and provides release barrier semantics.
> - */
> -static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - arch_clear_bit_unlock(nr, addr);
> -}
> -
> -/**
> - * __clear_bit_unlock - Clears a bit in memory
> - * @nr: Bit to clear
> - * @addr: Address to start counting from
> - *
> - * This is a non-atomic operation but implies a release barrier before the
> - * memory operation. It can be used for an unlock if no other CPUs can
> - * concurrently modify other bits in the word.
> - */
> -static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - arch___clear_bit_unlock(nr, addr);
> -}
> -
> -/**
> - * change_bit - Toggle a bit in memory
> - * @nr: Bit to change
> - * @addr: Address to start counting from
> - *
> - * This is a relaxed atomic operation (no implied memory barriers).
> - *
> - * Note that @nr may be almost arbitrarily large; this function is not
> - * restricted to acting on a single-word quantity.
> - */
> -static inline void change_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - arch_change_bit(nr, addr);
> -}
> -
> -/**
> - * __change_bit - Toggle a bit in memory
> - * @nr: the bit to change
> - * @addr: the address to start counting from
> - *
> - * Unlike change_bit(), this function is non-atomic. If it is called on the same
> - * region of memory concurrently, the effect may be that only one operation
> - * succeeds.
> - */
> -static inline void __change_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - arch___change_bit(nr, addr);
> -}
> -
> -/**
> - * test_and_set_bit - Set a bit and return its old value
> - * @nr: Bit to set
> - * @addr: Address to count from
> - *
> - * This is an atomic fully-ordered operation (implied full memory barrier).
> - */
> -static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - return arch_test_and_set_bit(nr, addr);
> -}
> -
> -/**
> - * __test_and_set_bit - Set a bit and return its old value
> - * @nr: Bit to set
> - * @addr: Address to count from
> - *
> - * This operation is non-atomic. If two instances of this operation race, one
> - * can appear to succeed but actually fail.
> - */
> -static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - return arch___test_and_set_bit(nr, addr);
> -}
> -
> -/**
> - * test_and_set_bit_lock - Set a bit and return its old value, for lock
> - * @nr: Bit to set
> - * @addr: Address to count from
> - *
> - * This operation is atomic and provides acquire barrier semantics if
> - * the returned value is 0.
> - * It can be used to implement bit locks.
> - */
> -static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - return arch_test_and_set_bit_lock(nr, addr);
> -}
> -
> -/**
> - * test_and_clear_bit - Clear a bit and return its old value
> - * @nr: Bit to clear
> - * @addr: Address to count from
> - *
> - * This is an atomic fully-ordered operation (implied full memory barrier).
> - */
> -static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - return arch_test_and_clear_bit(nr, addr);
> -}
> -
> -/**
> - * __test_and_clear_bit - Clear a bit and return its old value
> - * @nr: Bit to clear
> - * @addr: Address to count from
> - *
> - * This operation is non-atomic. If two instances of this operation race, one
> - * can appear to succeed but actually fail.
> - */
> -static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - return arch___test_and_clear_bit(nr, addr);
> -}
> -
> -/**
> - * test_and_change_bit - Change a bit and return its old value
> - * @nr: Bit to change
> - * @addr: Address to count from
> - *
> - * This is an atomic fully-ordered operation (implied full memory barrier).
> - */
> -static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - return arch_test_and_change_bit(nr, addr);
> -}
> -
> -/**
> - * __test_and_change_bit - Change a bit and return its old value
> - * @nr: Bit to change
> - * @addr: Address to count from
> - *
> - * This operation is non-atomic. If two instances of this operation race, one
> - * can appear to succeed but actually fail.
> - */
> -static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - return arch___test_and_change_bit(nr, addr);
> -}
> -
> -/**
> - * test_bit - Determine whether a bit is set
> - * @nr: bit number to test
> - * @addr: Address to start counting from
> - */
> -static inline bool test_bit(long nr, const volatile unsigned long *addr)
> -{
> - kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
> - return arch_test_bit(nr, addr);
> -}
> -
> -#if defined(arch_clear_bit_unlock_is_negative_byte)
> -/**
> - * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
> - * byte is negative, for unlock.
> - * @nr: the bit to clear
> - * @addr: the address to start counting from
> - *
> - * This operation is atomic and provides release barrier semantics.
> - *
> - * This is a bit of a one-trick-pony for the filemap code, which clears
> - * PG_locked and tests PG_waiters,
> - */
> -static inline bool
> -clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
> -{
> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> - return arch_clear_bit_unlock_is_negative_byte(nr, addr);
> -}
> -/* Let everybody know we have it. */
> -#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
> -#endif
> -
> -#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_H */
> diff --git a/include/asm-generic/bitops/instrumented-atomic.h b/include/asm-generic/bitops/instrumented-atomic.h
> new file mode 100644
> index 000000000000..18ce3c9e8eec
> --- /dev/null
> +++ b/include/asm-generic/bitops/instrumented-atomic.h
> @@ -0,0 +1,100 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +/*
> + * This file provides wrappers with sanitizer instrumentation for atomic bit
> + * operations.
> + *
> + * To use this functionality, an arch's bitops.h file needs to define each of
> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> + * arch___set_bit(), etc.).
> + */
> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
> +
> +#include <linux/kasan-checks.h>
> +
> +/**
> + * set_bit - Atomically set a bit in memory
> + * @nr: the bit to set
> + * @addr: the address to start counting from
> + *
> + * This is a relaxed atomic operation (no implied memory barriers).
> + *
> + * Note that @nr may be almost arbitrarily large; this function is not
> + * restricted to acting on a single-word quantity.
> + */
> +static inline void set_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + arch_set_bit(nr, addr);
> +}
> +
> +/**
> + * clear_bit - Clears a bit in memory
> + * @nr: Bit to clear
> + * @addr: Address to start counting from
> + *
> + * This is a relaxed atomic operation (no implied memory barriers).
> + */
> +static inline void clear_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + arch_clear_bit(nr, addr);
> +}
> +
> +/**
> + * change_bit - Toggle a bit in memory
> + * @nr: Bit to change
> + * @addr: Address to start counting from
> + *
> + * This is a relaxed atomic operation (no implied memory barriers).
> + *
> + * Note that @nr may be almost arbitrarily large; this function is not
> + * restricted to acting on a single-word quantity.
> + */
> +static inline void change_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + arch_change_bit(nr, addr);
> +}
> +
> +/**
> + * test_and_set_bit - Set a bit and return its old value
> + * @nr: Bit to set
> + * @addr: Address to count from
> + *
> + * This is an atomic fully-ordered operation (implied full memory barrier).
> + */
> +static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + return arch_test_and_set_bit(nr, addr);
> +}
> +
> +/**
> + * test_and_clear_bit - Clear a bit and return its old value
> + * @nr: Bit to clear
> + * @addr: Address to count from
> + *
> + * This is an atomic fully-ordered operation (implied full memory barrier).
> + */
> +static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + return arch_test_and_clear_bit(nr, addr);
> +}
> +
> +/**
> + * test_and_change_bit - Change a bit and return its old value
> + * @nr: Bit to change
> + * @addr: Address to count from
> + *
> + * This is an atomic fully-ordered operation (implied full memory barrier).
> + */
> +static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + return arch_test_and_change_bit(nr, addr);
> +}
> +
> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
> diff --git a/include/asm-generic/bitops/instrumented-lock.h b/include/asm-generic/bitops/instrumented-lock.h
> new file mode 100644
> index 000000000000..ec53fdeea9ec
> --- /dev/null
> +++ b/include/asm-generic/bitops/instrumented-lock.h
> @@ -0,0 +1,81 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +/*
> + * This file provides wrappers with sanitizer instrumentation for bit
> + * locking operations.
> + *
> + * To use this functionality, an arch's bitops.h file needs to define each of
> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> + * arch___set_bit(), etc.).
> + */
> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
> +
> +#include <linux/kasan-checks.h>
> +
> +/**
> + * clear_bit_unlock - Clear a bit in memory, for unlock
> + * @nr: the bit to set
> + * @addr: the address to start counting from
> + *
> + * This operation is atomic and provides release barrier semantics.
> + */
> +static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + arch_clear_bit_unlock(nr, addr);
> +}
> +
> +/**
> + * __clear_bit_unlock - Clears a bit in memory
> + * @nr: Bit to clear
> + * @addr: Address to start counting from
> + *
> + * This is a non-atomic operation but implies a release barrier before the
> + * memory operation. It can be used for an unlock if no other CPUs can
> + * concurrently modify other bits in the word.
> + */
> +static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + arch___clear_bit_unlock(nr, addr);
> +}
> +
> +/**
> + * test_and_set_bit_lock - Set a bit and return its old value, for lock
> + * @nr: Bit to set
> + * @addr: Address to count from
> + *
> + * This operation is atomic and provides acquire barrier semantics if
> + * the returned value is 0.
> + * It can be used to implement bit locks.
> + */
> +static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + return arch_test_and_set_bit_lock(nr, addr);
> +}
> +
> +#if defined(arch_clear_bit_unlock_is_negative_byte)
> +/**
> + * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
> + * byte is negative, for unlock.
> + * @nr: the bit to clear
> + * @addr: the address to start counting from
> + *
> + * This operation is atomic and provides release barrier semantics.
> + *
> + * This is a bit of a one-trick-pony for the filemap code, which clears
> + * PG_locked and tests PG_waiters,
> + */
> +static inline bool
> +clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + return arch_clear_bit_unlock_is_negative_byte(nr, addr);
> +}
> +/* Let everybody know we have it. */
> +#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
> +#endif
> +
> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H */
> diff --git a/include/asm-generic/bitops/instrumented-non-atomic.h b/include/asm-generic/bitops/instrumented-non-atomic.h
> new file mode 100644
> index 000000000000..95ff28d128a1
> --- /dev/null
> +++ b/include/asm-generic/bitops/instrumented-non-atomic.h
> @@ -0,0 +1,114 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +/*
> + * This file provides wrappers with sanitizer instrumentation for non-atomic
> + * bit operations.
> + *
> + * To use this functionality, an arch's bitops.h file needs to define each of
> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> + * arch___set_bit(), etc.).
> + */
> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
> +
> +#include <linux/kasan-checks.h>
> +
> +/**
> + * __set_bit - Set a bit in memory
> + * @nr: the bit to set
> + * @addr: the address to start counting from
> + *
> + * Unlike set_bit(), this function is non-atomic. If it is called on the same
> + * region of memory concurrently, the effect may be that only one operation
> + * succeeds.
> + */
> +static inline void __set_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + arch___set_bit(nr, addr);
> +}
> +
> +/**
> + * __clear_bit - Clears a bit in memory
> + * @nr: the bit to clear
> + * @addr: the address to start counting from
> + *
> + * Unlike clear_bit(), this function is non-atomic. If it is called on the same
> + * region of memory concurrently, the effect may be that only one operation
> + * succeeds.
> + */
> +static inline void __clear_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + arch___clear_bit(nr, addr);
> +}
> +
> +/**
> + * __change_bit - Toggle a bit in memory
> + * @nr: the bit to change
> + * @addr: the address to start counting from
> + *
> + * Unlike change_bit(), this function is non-atomic. If it is called on the same
> + * region of memory concurrently, the effect may be that only one operation
> + * succeeds.
> + */
> +static inline void __change_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + arch___change_bit(nr, addr);
> +}
> +
> +/**
> + * __test_and_set_bit - Set a bit and return its old value
> + * @nr: Bit to set
> + * @addr: Address to count from
> + *
> + * This operation is non-atomic. If two instances of this operation race, one
> + * can appear to succeed but actually fail.
> + */
> +static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + return arch___test_and_set_bit(nr, addr);
> +}
> +
> +/**
> + * __test_and_clear_bit - Clear a bit and return its old value
> + * @nr: Bit to clear
> + * @addr: Address to count from
> + *
> + * This operation is non-atomic. If two instances of this operation race, one
> + * can appear to succeed but actually fail.
> + */
> +static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + return arch___test_and_clear_bit(nr, addr);
> +}
> +
> +/**
> + * __test_and_change_bit - Change a bit and return its old value
> + * @nr: Bit to change
> + * @addr: Address to count from
> + *
> + * This operation is non-atomic. If two instances of this operation race, one
> + * can appear to succeed but actually fail.
> + */
> +static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
> +{
> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> + return arch___test_and_change_bit(nr, addr);
> +}
> +
> +/**
> + * test_bit - Determine whether a bit is set
> + * @nr: bit number to test
> + * @addr: Address to start counting from
> + */
> +static inline bool test_bit(long nr, const volatile unsigned long *addr)
> +{
> + kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
> + return arch_test_bit(nr, addr);
> +}
> +
> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
> --
> 2.20.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-08-30 5:11 ` Daniel Axtens
@ 2019-10-28 13:56 ` Daniel Axtens
2019-11-14 20:56 ` Marco Elver
0 siblings, 1 reply; 23+ messages in thread
From: Daniel Axtens @ 2019-10-28 13:56 UTC (permalink / raw)
To: christophe.leroy, linux-s390, linux-arch, x86, linuxppc-dev; +Cc: kasan-dev
Hi all,
Would it be possible to get an Ack from a KASAN maintainter? mpe is
happy to take this through powerpc but would like an ack first.
Regards,
Daniel
>> Currently bitops-instrumented.h assumes that the architecture provides
>> atomic, non-atomic and locking bitops (e.g. both set_bit and __set_bit).
>> This is true on x86 and s390, but is not always true: there is a
>> generic bitops/non-atomic.h header that provides generic non-atomic
>> operations, and also a generic bitops/lock.h for locking operations.
>>
>> powerpc uses the generic non-atomic version, so it does not have it's
>> own e.g. __set_bit that could be renamed arch___set_bit.
>>
>> Split up bitops-instrumented.h to mirror the atomic/non-atomic/lock
>> split. This allows arches to only include the headers where they
>> have arch-specific versions to rename. Update x86 and s390.
>
> This patch should not cause any functional change on either arch.
>
> To verify, I have compiled kernels with and without these. With the
> appropriate setting of environment variables and the general assorted
> mucking around required for reproducible builds, I have tested:
>
> - s390, without kasan - byte-for-byte identical vmlinux before and after
> - x86, without kasan - byte-for-byte identical vmlinux before and after
>
> - s390, inline kasan - byte-for-byte identical vmlinux before and after
>
> - x86, inline kasan - 3 functions in drivers/rtc/dev.o are reordered,
> build-id and __ex_table differ, rest is unchanged
>
> The kernels were based on defconfigs. I disabled debug info (as that
> obviously changes with code being rearranged) and initrd support (as the
> cpio wrapper doesn't seem to take KBUILD_BUILD_TIMESTAMP but the current
> time, and that screws things up).
>
> I wouldn't read too much in to the weird result on x86 with inline
> kasan: the code I moved about is compiled even without KASAN enabled.
>
> Regards,
> Daniel
>
>
>>
>> (The generic operations are automatically instrumented because they're
>> written in C, not asm.)
>>
>> Suggested-by: Christophe Leroy <christophe.leroy@c-s.fr>
>> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
>> Signed-off-by: Daniel Axtens <dja@axtens.net>
>> ---
>> Documentation/core-api/kernel-api.rst | 17 +-
>> arch/s390/include/asm/bitops.h | 4 +-
>> arch/x86/include/asm/bitops.h | 4 +-
>> include/asm-generic/bitops-instrumented.h | 263 ------------------
>> .../asm-generic/bitops/instrumented-atomic.h | 100 +++++++
>> .../asm-generic/bitops/instrumented-lock.h | 81 ++++++
>> .../bitops/instrumented-non-atomic.h | 114 ++++++++
>> 7 files changed, 317 insertions(+), 266 deletions(-)
>> delete mode 100644 include/asm-generic/bitops-instrumented.h
>> create mode 100644 include/asm-generic/bitops/instrumented-atomic.h
>> create mode 100644 include/asm-generic/bitops/instrumented-lock.h
>> create mode 100644 include/asm-generic/bitops/instrumented-non-atomic.h
>>
>> diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
>> index 08af5caf036d..2e21248277e3 100644
>> --- a/Documentation/core-api/kernel-api.rst
>> +++ b/Documentation/core-api/kernel-api.rst
>> @@ -54,7 +54,22 @@ The Linux kernel provides more basic utility functions.
>> Bit Operations
>> --------------
>>
>> -.. kernel-doc:: include/asm-generic/bitops-instrumented.h
>> +Atomic Operations
>> +~~~~~~~~~~~~~~~~~
>> +
>> +.. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
>> + :internal:
>> +
>> +Non-atomic Operations
>> +~~~~~~~~~~~~~~~~~~~~~
>> +
>> +.. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
>> + :internal:
>> +
>> +Locking Operations
>> +~~~~~~~~~~~~~~~~~~
>> +
>> +.. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
>> :internal:
>>
>> Bitmap Operations
>> diff --git a/arch/s390/include/asm/bitops.h b/arch/s390/include/asm/bitops.h
>> index b8833ac983fa..0ceb12593a68 100644
>> --- a/arch/s390/include/asm/bitops.h
>> +++ b/arch/s390/include/asm/bitops.h
>> @@ -241,7 +241,9 @@ static inline void arch___clear_bit_unlock(unsigned long nr,
>> arch___clear_bit(nr, ptr);
>> }
>>
>> -#include <asm-generic/bitops-instrumented.h>
>> +#include <asm-generic/bitops/instrumented-atomic.h>
>> +#include <asm-generic/bitops/instrumented-non-atomic.h>
>> +#include <asm-generic/bitops/instrumented-lock.h>
>>
>> /*
>> * Functions which use MSB0 bit numbering.
>> diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
>> index ba15d53c1ca7..4a2e2432238f 100644
>> --- a/arch/x86/include/asm/bitops.h
>> +++ b/arch/x86/include/asm/bitops.h
>> @@ -389,7 +389,9 @@ static __always_inline int fls64(__u64 x)
>>
>> #include <asm-generic/bitops/const_hweight.h>
>>
>> -#include <asm-generic/bitops-instrumented.h>
>> +#include <asm-generic/bitops/instrumented-atomic.h>
>> +#include <asm-generic/bitops/instrumented-non-atomic.h>
>> +#include <asm-generic/bitops/instrumented-lock.h>
>>
>> #include <asm-generic/bitops/le.h>
>>
>> diff --git a/include/asm-generic/bitops-instrumented.h b/include/asm-generic/bitops-instrumented.h
>> deleted file mode 100644
>> index ddd1c6d9d8db..000000000000
>> --- a/include/asm-generic/bitops-instrumented.h
>> +++ /dev/null
>> @@ -1,263 +0,0 @@
>> -/* SPDX-License-Identifier: GPL-2.0 */
>> -
>> -/*
>> - * This file provides wrappers with sanitizer instrumentation for bit
>> - * operations.
>> - *
>> - * To use this functionality, an arch's bitops.h file needs to define each of
>> - * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
>> - * arch___set_bit(), etc.).
>> - */
>> -#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_H
>> -#define _ASM_GENERIC_BITOPS_INSTRUMENTED_H
>> -
>> -#include <linux/kasan-checks.h>
>> -
>> -/**
>> - * set_bit - Atomically set a bit in memory
>> - * @nr: the bit to set
>> - * @addr: the address to start counting from
>> - *
>> - * This is a relaxed atomic operation (no implied memory barriers).
>> - *
>> - * Note that @nr may be almost arbitrarily large; this function is not
>> - * restricted to acting on a single-word quantity.
>> - */
>> -static inline void set_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - arch_set_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * __set_bit - Set a bit in memory
>> - * @nr: the bit to set
>> - * @addr: the address to start counting from
>> - *
>> - * Unlike set_bit(), this function is non-atomic. If it is called on the same
>> - * region of memory concurrently, the effect may be that only one operation
>> - * succeeds.
>> - */
>> -static inline void __set_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - arch___set_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * clear_bit - Clears a bit in memory
>> - * @nr: Bit to clear
>> - * @addr: Address to start counting from
>> - *
>> - * This is a relaxed atomic operation (no implied memory barriers).
>> - */
>> -static inline void clear_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - arch_clear_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * __clear_bit - Clears a bit in memory
>> - * @nr: the bit to clear
>> - * @addr: the address to start counting from
>> - *
>> - * Unlike clear_bit(), this function is non-atomic. If it is called on the same
>> - * region of memory concurrently, the effect may be that only one operation
>> - * succeeds.
>> - */
>> -static inline void __clear_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - arch___clear_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * clear_bit_unlock - Clear a bit in memory, for unlock
>> - * @nr: the bit to set
>> - * @addr: the address to start counting from
>> - *
>> - * This operation is atomic and provides release barrier semantics.
>> - */
>> -static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - arch_clear_bit_unlock(nr, addr);
>> -}
>> -
>> -/**
>> - * __clear_bit_unlock - Clears a bit in memory
>> - * @nr: Bit to clear
>> - * @addr: Address to start counting from
>> - *
>> - * This is a non-atomic operation but implies a release barrier before the
>> - * memory operation. It can be used for an unlock if no other CPUs can
>> - * concurrently modify other bits in the word.
>> - */
>> -static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - arch___clear_bit_unlock(nr, addr);
>> -}
>> -
>> -/**
>> - * change_bit - Toggle a bit in memory
>> - * @nr: Bit to change
>> - * @addr: Address to start counting from
>> - *
>> - * This is a relaxed atomic operation (no implied memory barriers).
>> - *
>> - * Note that @nr may be almost arbitrarily large; this function is not
>> - * restricted to acting on a single-word quantity.
>> - */
>> -static inline void change_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - arch_change_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * __change_bit - Toggle a bit in memory
>> - * @nr: the bit to change
>> - * @addr: the address to start counting from
>> - *
>> - * Unlike change_bit(), this function is non-atomic. If it is called on the same
>> - * region of memory concurrently, the effect may be that only one operation
>> - * succeeds.
>> - */
>> -static inline void __change_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - arch___change_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * test_and_set_bit - Set a bit and return its old value
>> - * @nr: Bit to set
>> - * @addr: Address to count from
>> - *
>> - * This is an atomic fully-ordered operation (implied full memory barrier).
>> - */
>> -static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - return arch_test_and_set_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * __test_and_set_bit - Set a bit and return its old value
>> - * @nr: Bit to set
>> - * @addr: Address to count from
>> - *
>> - * This operation is non-atomic. If two instances of this operation race, one
>> - * can appear to succeed but actually fail.
>> - */
>> -static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - return arch___test_and_set_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * test_and_set_bit_lock - Set a bit and return its old value, for lock
>> - * @nr: Bit to set
>> - * @addr: Address to count from
>> - *
>> - * This operation is atomic and provides acquire barrier semantics if
>> - * the returned value is 0.
>> - * It can be used to implement bit locks.
>> - */
>> -static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - return arch_test_and_set_bit_lock(nr, addr);
>> -}
>> -
>> -/**
>> - * test_and_clear_bit - Clear a bit and return its old value
>> - * @nr: Bit to clear
>> - * @addr: Address to count from
>> - *
>> - * This is an atomic fully-ordered operation (implied full memory barrier).
>> - */
>> -static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - return arch_test_and_clear_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * __test_and_clear_bit - Clear a bit and return its old value
>> - * @nr: Bit to clear
>> - * @addr: Address to count from
>> - *
>> - * This operation is non-atomic. If two instances of this operation race, one
>> - * can appear to succeed but actually fail.
>> - */
>> -static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - return arch___test_and_clear_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * test_and_change_bit - Change a bit and return its old value
>> - * @nr: Bit to change
>> - * @addr: Address to count from
>> - *
>> - * This is an atomic fully-ordered operation (implied full memory barrier).
>> - */
>> -static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - return arch_test_and_change_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * __test_and_change_bit - Change a bit and return its old value
>> - * @nr: Bit to change
>> - * @addr: Address to count from
>> - *
>> - * This operation is non-atomic. If two instances of this operation race, one
>> - * can appear to succeed but actually fail.
>> - */
>> -static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - return arch___test_and_change_bit(nr, addr);
>> -}
>> -
>> -/**
>> - * test_bit - Determine whether a bit is set
>> - * @nr: bit number to test
>> - * @addr: Address to start counting from
>> - */
>> -static inline bool test_bit(long nr, const volatile unsigned long *addr)
>> -{
>> - kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
>> - return arch_test_bit(nr, addr);
>> -}
>> -
>> -#if defined(arch_clear_bit_unlock_is_negative_byte)
>> -/**
>> - * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
>> - * byte is negative, for unlock.
>> - * @nr: the bit to clear
>> - * @addr: the address to start counting from
>> - *
>> - * This operation is atomic and provides release barrier semantics.
>> - *
>> - * This is a bit of a one-trick-pony for the filemap code, which clears
>> - * PG_locked and tests PG_waiters,
>> - */
>> -static inline bool
>> -clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
>> -{
>> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> - return arch_clear_bit_unlock_is_negative_byte(nr, addr);
>> -}
>> -/* Let everybody know we have it. */
>> -#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
>> -#endif
>> -
>> -#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_H */
>> diff --git a/include/asm-generic/bitops/instrumented-atomic.h b/include/asm-generic/bitops/instrumented-atomic.h
>> new file mode 100644
>> index 000000000000..18ce3c9e8eec
>> --- /dev/null
>> +++ b/include/asm-generic/bitops/instrumented-atomic.h
>> @@ -0,0 +1,100 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +
>> +/*
>> + * This file provides wrappers with sanitizer instrumentation for atomic bit
>> + * operations.
>> + *
>> + * To use this functionality, an arch's bitops.h file needs to define each of
>> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
>> + * arch___set_bit(), etc.).
>> + */
>> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
>> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
>> +
>> +#include <linux/kasan-checks.h>
>> +
>> +/**
>> + * set_bit - Atomically set a bit in memory
>> + * @nr: the bit to set
>> + * @addr: the address to start counting from
>> + *
>> + * This is a relaxed atomic operation (no implied memory barriers).
>> + *
>> + * Note that @nr may be almost arbitrarily large; this function is not
>> + * restricted to acting on a single-word quantity.
>> + */
>> +static inline void set_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + arch_set_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * clear_bit - Clears a bit in memory
>> + * @nr: Bit to clear
>> + * @addr: Address to start counting from
>> + *
>> + * This is a relaxed atomic operation (no implied memory barriers).
>> + */
>> +static inline void clear_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + arch_clear_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * change_bit - Toggle a bit in memory
>> + * @nr: Bit to change
>> + * @addr: Address to start counting from
>> + *
>> + * This is a relaxed atomic operation (no implied memory barriers).
>> + *
>> + * Note that @nr may be almost arbitrarily large; this function is not
>> + * restricted to acting on a single-word quantity.
>> + */
>> +static inline void change_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + arch_change_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * test_and_set_bit - Set a bit and return its old value
>> + * @nr: Bit to set
>> + * @addr: Address to count from
>> + *
>> + * This is an atomic fully-ordered operation (implied full memory barrier).
>> + */
>> +static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + return arch_test_and_set_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * test_and_clear_bit - Clear a bit and return its old value
>> + * @nr: Bit to clear
>> + * @addr: Address to count from
>> + *
>> + * This is an atomic fully-ordered operation (implied full memory barrier).
>> + */
>> +static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + return arch_test_and_clear_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * test_and_change_bit - Change a bit and return its old value
>> + * @nr: Bit to change
>> + * @addr: Address to count from
>> + *
>> + * This is an atomic fully-ordered operation (implied full memory barrier).
>> + */
>> +static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + return arch_test_and_change_bit(nr, addr);
>> +}
>> +
>> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
>> diff --git a/include/asm-generic/bitops/instrumented-lock.h b/include/asm-generic/bitops/instrumented-lock.h
>> new file mode 100644
>> index 000000000000..ec53fdeea9ec
>> --- /dev/null
>> +++ b/include/asm-generic/bitops/instrumented-lock.h
>> @@ -0,0 +1,81 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +
>> +/*
>> + * This file provides wrappers with sanitizer instrumentation for bit
>> + * locking operations.
>> + *
>> + * To use this functionality, an arch's bitops.h file needs to define each of
>> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
>> + * arch___set_bit(), etc.).
>> + */
>> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
>> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
>> +
>> +#include <linux/kasan-checks.h>
>> +
>> +/**
>> + * clear_bit_unlock - Clear a bit in memory, for unlock
>> + * @nr: the bit to set
>> + * @addr: the address to start counting from
>> + *
>> + * This operation is atomic and provides release barrier semantics.
>> + */
>> +static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + arch_clear_bit_unlock(nr, addr);
>> +}
>> +
>> +/**
>> + * __clear_bit_unlock - Clears a bit in memory
>> + * @nr: Bit to clear
>> + * @addr: Address to start counting from
>> + *
>> + * This is a non-atomic operation but implies a release barrier before the
>> + * memory operation. It can be used for an unlock if no other CPUs can
>> + * concurrently modify other bits in the word.
>> + */
>> +static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + arch___clear_bit_unlock(nr, addr);
>> +}
>> +
>> +/**
>> + * test_and_set_bit_lock - Set a bit and return its old value, for lock
>> + * @nr: Bit to set
>> + * @addr: Address to count from
>> + *
>> + * This operation is atomic and provides acquire barrier semantics if
>> + * the returned value is 0.
>> + * It can be used to implement bit locks.
>> + */
>> +static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + return arch_test_and_set_bit_lock(nr, addr);
>> +}
>> +
>> +#if defined(arch_clear_bit_unlock_is_negative_byte)
>> +/**
>> + * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
>> + * byte is negative, for unlock.
>> + * @nr: the bit to clear
>> + * @addr: the address to start counting from
>> + *
>> + * This operation is atomic and provides release barrier semantics.
>> + *
>> + * This is a bit of a one-trick-pony for the filemap code, which clears
>> + * PG_locked and tests PG_waiters,
>> + */
>> +static inline bool
>> +clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + return arch_clear_bit_unlock_is_negative_byte(nr, addr);
>> +}
>> +/* Let everybody know we have it. */
>> +#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
>> +#endif
>> +
>> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H */
>> diff --git a/include/asm-generic/bitops/instrumented-non-atomic.h b/include/asm-generic/bitops/instrumented-non-atomic.h
>> new file mode 100644
>> index 000000000000..95ff28d128a1
>> --- /dev/null
>> +++ b/include/asm-generic/bitops/instrumented-non-atomic.h
>> @@ -0,0 +1,114 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +
>> +/*
>> + * This file provides wrappers with sanitizer instrumentation for non-atomic
>> + * bit operations.
>> + *
>> + * To use this functionality, an arch's bitops.h file needs to define each of
>> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
>> + * arch___set_bit(), etc.).
>> + */
>> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
>> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
>> +
>> +#include <linux/kasan-checks.h>
>> +
>> +/**
>> + * __set_bit - Set a bit in memory
>> + * @nr: the bit to set
>> + * @addr: the address to start counting from
>> + *
>> + * Unlike set_bit(), this function is non-atomic. If it is called on the same
>> + * region of memory concurrently, the effect may be that only one operation
>> + * succeeds.
>> + */
>> +static inline void __set_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + arch___set_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * __clear_bit - Clears a bit in memory
>> + * @nr: the bit to clear
>> + * @addr: the address to start counting from
>> + *
>> + * Unlike clear_bit(), this function is non-atomic. If it is called on the same
>> + * region of memory concurrently, the effect may be that only one operation
>> + * succeeds.
>> + */
>> +static inline void __clear_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + arch___clear_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * __change_bit - Toggle a bit in memory
>> + * @nr: the bit to change
>> + * @addr: the address to start counting from
>> + *
>> + * Unlike change_bit(), this function is non-atomic. If it is called on the same
>> + * region of memory concurrently, the effect may be that only one operation
>> + * succeeds.
>> + */
>> +static inline void __change_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + arch___change_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * __test_and_set_bit - Set a bit and return its old value
>> + * @nr: Bit to set
>> + * @addr: Address to count from
>> + *
>> + * This operation is non-atomic. If two instances of this operation race, one
>> + * can appear to succeed but actually fail.
>> + */
>> +static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + return arch___test_and_set_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * __test_and_clear_bit - Clear a bit and return its old value
>> + * @nr: Bit to clear
>> + * @addr: Address to count from
>> + *
>> + * This operation is non-atomic. If two instances of this operation race, one
>> + * can appear to succeed but actually fail.
>> + */
>> +static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + return arch___test_and_clear_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * __test_and_change_bit - Change a bit and return its old value
>> + * @nr: Bit to change
>> + * @addr: Address to count from
>> + *
>> + * This operation is non-atomic. If two instances of this operation race, one
>> + * can appear to succeed but actually fail.
>> + */
>> +static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
>> +{
>> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
>> + return arch___test_and_change_bit(nr, addr);
>> +}
>> +
>> +/**
>> + * test_bit - Determine whether a bit is set
>> + * @nr: bit number to test
>> + * @addr: Address to start counting from
>> + */
>> +static inline bool test_bit(long nr, const volatile unsigned long *addr)
>> +{
>> + kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
>> + return arch_test_bit(nr, addr);
>> +}
>> +
>> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
>> --
>> 2.20.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-10-28 13:56 ` Daniel Axtens
@ 2019-11-14 20:56 ` Marco Elver
0 siblings, 0 replies; 23+ messages in thread
From: Marco Elver @ 2019-11-14 20:56 UTC (permalink / raw)
To: Daniel Axtens
Cc: christophe.leroy, linux-s390, linux-arch,
the arch/x86 maintainers, linuxppc-dev, kasan-dev
On Mon, 28 Oct 2019 at 14:56, Daniel Axtens <dja@axtens.net> wrote:
>
> Hi all,
>
> Would it be possible to get an Ack from a KASAN maintainter? mpe is
> happy to take this through powerpc but would like an ack first.
>
> Regards,
> Daniel
>
> >> Currently bitops-instrumented.h assumes that the architecture provides
> >> atomic, non-atomic and locking bitops (e.g. both set_bit and __set_bit).
> >> This is true on x86 and s390, but is not always true: there is a
> >> generic bitops/non-atomic.h header that provides generic non-atomic
> >> operations, and also a generic bitops/lock.h for locking operations.
> >>
> >> powerpc uses the generic non-atomic version, so it does not have it's
> >> own e.g. __set_bit that could be renamed arch___set_bit.
> >>
> >> Split up bitops-instrumented.h to mirror the atomic/non-atomic/lock
> >> split. This allows arches to only include the headers where they
> >> have arch-specific versions to rename. Update x86 and s390.
> >
> > This patch should not cause any functional change on either arch.
> >
> > To verify, I have compiled kernels with and without these. With the
> > appropriate setting of environment variables and the general assorted
> > mucking around required for reproducible builds, I have tested:
> >
> > - s390, without kasan - byte-for-byte identical vmlinux before and after
> > - x86, without kasan - byte-for-byte identical vmlinux before and after
> >
> > - s390, inline kasan - byte-for-byte identical vmlinux before and after
> >
> > - x86, inline kasan - 3 functions in drivers/rtc/dev.o are reordered,
> > build-id and __ex_table differ, rest is unchanged
> >
> > The kernels were based on defconfigs. I disabled debug info (as that
> > obviously changes with code being rearranged) and initrd support (as the
> > cpio wrapper doesn't seem to take KBUILD_BUILD_TIMESTAMP but the current
> > time, and that screws things up).
> >
> > I wouldn't read too much in to the weird result on x86 with inline
> > kasan: the code I moved about is compiled even without KASAN enabled.
> >
> > Regards,
> > Daniel
> >
> >
> >>
> >> (The generic operations are automatically instrumented because they're
> >> written in C, not asm.)
> >>
> >> Suggested-by: Christophe Leroy <christophe.leroy@c-s.fr>
> >> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
> >> Signed-off-by: Daniel Axtens <dja@axtens.net>
> >> ---
> >> Documentation/core-api/kernel-api.rst | 17 +-
> >> arch/s390/include/asm/bitops.h | 4 +-
> >> arch/x86/include/asm/bitops.h | 4 +-
> >> include/asm-generic/bitops-instrumented.h | 263 ------------------
> >> .../asm-generic/bitops/instrumented-atomic.h | 100 +++++++
> >> .../asm-generic/bitops/instrumented-lock.h | 81 ++++++
> >> .../bitops/instrumented-non-atomic.h | 114 ++++++++
> >> 7 files changed, 317 insertions(+), 266 deletions(-)
> >> delete mode 100644 include/asm-generic/bitops-instrumented.h
> >> create mode 100644 include/asm-generic/bitops/instrumented-atomic.h
> >> create mode 100644 include/asm-generic/bitops/instrumented-lock.h
> >> create mode 100644 include/asm-generic/bitops/instrumented-non-atomic.h
> >>
> >> diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
> >> index 08af5caf036d..2e21248277e3 100644
> >> --- a/Documentation/core-api/kernel-api.rst
> >> +++ b/Documentation/core-api/kernel-api.rst
> >> @@ -54,7 +54,22 @@ The Linux kernel provides more basic utility functions.
> >> Bit Operations
> >> --------------
> >>
> >> -.. kernel-doc:: include/asm-generic/bitops-instrumented.h
> >> +Atomic Operations
> >> +~~~~~~~~~~~~~~~~~
> >> +
> >> +.. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
> >> + :internal:
> >> +
> >> +Non-atomic Operations
> >> +~~~~~~~~~~~~~~~~~~~~~
> >> +
> >> +.. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
> >> + :internal:
> >> +
> >> +Locking Operations
> >> +~~~~~~~~~~~~~~~~~~
> >> +
> >> +.. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
> >> :internal:
> >>
> >> Bitmap Operations
> >> diff --git a/arch/s390/include/asm/bitops.h b/arch/s390/include/asm/bitops.h
> >> index b8833ac983fa..0ceb12593a68 100644
> >> --- a/arch/s390/include/asm/bitops.h
> >> +++ b/arch/s390/include/asm/bitops.h
> >> @@ -241,7 +241,9 @@ static inline void arch___clear_bit_unlock(unsigned long nr,
> >> arch___clear_bit(nr, ptr);
> >> }
> >>
> >> -#include <asm-generic/bitops-instrumented.h>
> >> +#include <asm-generic/bitops/instrumented-atomic.h>
> >> +#include <asm-generic/bitops/instrumented-non-atomic.h>
> >> +#include <asm-generic/bitops/instrumented-lock.h>
> >>
> >> /*
> >> * Functions which use MSB0 bit numbering.
> >> diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
> >> index ba15d53c1ca7..4a2e2432238f 100644
> >> --- a/arch/x86/include/asm/bitops.h
> >> +++ b/arch/x86/include/asm/bitops.h
> >> @@ -389,7 +389,9 @@ static __always_inline int fls64(__u64 x)
> >>
> >> #include <asm-generic/bitops/const_hweight.h>
> >>
> >> -#include <asm-generic/bitops-instrumented.h>
> >> +#include <asm-generic/bitops/instrumented-atomic.h>
> >> +#include <asm-generic/bitops/instrumented-non-atomic.h>
> >> +#include <asm-generic/bitops/instrumented-lock.h>
> >>
> >> #include <asm-generic/bitops/le.h>
> >>
> >> diff --git a/include/asm-generic/bitops-instrumented.h b/include/asm-generic/bitops-instrumented.h
> >> deleted file mode 100644
> >> index ddd1c6d9d8db..000000000000
> >> --- a/include/asm-generic/bitops-instrumented.h
> >> +++ /dev/null
> >> @@ -1,263 +0,0 @@
> >> -/* SPDX-License-Identifier: GPL-2.0 */
> >> -
> >> -/*
> >> - * This file provides wrappers with sanitizer instrumentation for bit
> >> - * operations.
> >> - *
> >> - * To use this functionality, an arch's bitops.h file needs to define each of
> >> - * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> >> - * arch___set_bit(), etc.).
> >> - */
> >> -#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_H
> >> -#define _ASM_GENERIC_BITOPS_INSTRUMENTED_H
> >> -
> >> -#include <linux/kasan-checks.h>
> >> -
> >> -/**
> >> - * set_bit - Atomically set a bit in memory
> >> - * @nr: the bit to set
> >> - * @addr: the address to start counting from
> >> - *
> >> - * This is a relaxed atomic operation (no implied memory barriers).
> >> - *
> >> - * Note that @nr may be almost arbitrarily large; this function is not
> >> - * restricted to acting on a single-word quantity.
> >> - */
> >> -static inline void set_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch_set_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __set_bit - Set a bit in memory
> >> - * @nr: the bit to set
> >> - * @addr: the address to start counting from
> >> - *
> >> - * Unlike set_bit(), this function is non-atomic. If it is called on the same
> >> - * region of memory concurrently, the effect may be that only one operation
> >> - * succeeds.
> >> - */
> >> -static inline void __set_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch___set_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * clear_bit - Clears a bit in memory
> >> - * @nr: Bit to clear
> >> - * @addr: Address to start counting from
> >> - *
> >> - * This is a relaxed atomic operation (no implied memory barriers).
> >> - */
> >> -static inline void clear_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch_clear_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __clear_bit - Clears a bit in memory
> >> - * @nr: the bit to clear
> >> - * @addr: the address to start counting from
> >> - *
> >> - * Unlike clear_bit(), this function is non-atomic. If it is called on the same
> >> - * region of memory concurrently, the effect may be that only one operation
> >> - * succeeds.
> >> - */
> >> -static inline void __clear_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch___clear_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * clear_bit_unlock - Clear a bit in memory, for unlock
> >> - * @nr: the bit to set
> >> - * @addr: the address to start counting from
> >> - *
> >> - * This operation is atomic and provides release barrier semantics.
> >> - */
> >> -static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch_clear_bit_unlock(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __clear_bit_unlock - Clears a bit in memory
> >> - * @nr: Bit to clear
> >> - * @addr: Address to start counting from
> >> - *
> >> - * This is a non-atomic operation but implies a release barrier before the
> >> - * memory operation. It can be used for an unlock if no other CPUs can
> >> - * concurrently modify other bits in the word.
> >> - */
> >> -static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch___clear_bit_unlock(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * change_bit - Toggle a bit in memory
> >> - * @nr: Bit to change
> >> - * @addr: Address to start counting from
> >> - *
> >> - * This is a relaxed atomic operation (no implied memory barriers).
> >> - *
> >> - * Note that @nr may be almost arbitrarily large; this function is not
> >> - * restricted to acting on a single-word quantity.
> >> - */
> >> -static inline void change_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch_change_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __change_bit - Toggle a bit in memory
> >> - * @nr: the bit to change
> >> - * @addr: the address to start counting from
> >> - *
> >> - * Unlike change_bit(), this function is non-atomic. If it is called on the same
> >> - * region of memory concurrently, the effect may be that only one operation
> >> - * succeeds.
> >> - */
> >> -static inline void __change_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch___change_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_and_set_bit - Set a bit and return its old value
> >> - * @nr: Bit to set
> >> - * @addr: Address to count from
> >> - *
> >> - * This is an atomic fully-ordered operation (implied full memory barrier).
> >> - */
> >> -static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_and_set_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __test_and_set_bit - Set a bit and return its old value
> >> - * @nr: Bit to set
> >> - * @addr: Address to count from
> >> - *
> >> - * This operation is non-atomic. If two instances of this operation race, one
> >> - * can appear to succeed but actually fail.
> >> - */
> >> -static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch___test_and_set_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_and_set_bit_lock - Set a bit and return its old value, for lock
> >> - * @nr: Bit to set
> >> - * @addr: Address to count from
> >> - *
> >> - * This operation is atomic and provides acquire barrier semantics if
> >> - * the returned value is 0.
> >> - * It can be used to implement bit locks.
> >> - */
> >> -static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_and_set_bit_lock(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_and_clear_bit - Clear a bit and return its old value
> >> - * @nr: Bit to clear
> >> - * @addr: Address to count from
> >> - *
> >> - * This is an atomic fully-ordered operation (implied full memory barrier).
> >> - */
> >> -static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_and_clear_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __test_and_clear_bit - Clear a bit and return its old value
> >> - * @nr: Bit to clear
> >> - * @addr: Address to count from
> >> - *
> >> - * This operation is non-atomic. If two instances of this operation race, one
> >> - * can appear to succeed but actually fail.
> >> - */
> >> -static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch___test_and_clear_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_and_change_bit - Change a bit and return its old value
> >> - * @nr: Bit to change
> >> - * @addr: Address to count from
> >> - *
> >> - * This is an atomic fully-ordered operation (implied full memory barrier).
> >> - */
> >> -static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_and_change_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __test_and_change_bit - Change a bit and return its old value
> >> - * @nr: Bit to change
> >> - * @addr: Address to count from
> >> - *
> >> - * This operation is non-atomic. If two instances of this operation race, one
> >> - * can appear to succeed but actually fail.
> >> - */
> >> -static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch___test_and_change_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_bit - Determine whether a bit is set
> >> - * @nr: bit number to test
> >> - * @addr: Address to start counting from
> >> - */
> >> -static inline bool test_bit(long nr, const volatile unsigned long *addr)
> >> -{
> >> - kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_bit(nr, addr);
> >> -}
> >> -
> >> -#if defined(arch_clear_bit_unlock_is_negative_byte)
> >> -/**
> >> - * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
> >> - * byte is negative, for unlock.
> >> - * @nr: the bit to clear
> >> - * @addr: the address to start counting from
> >> - *
> >> - * This operation is atomic and provides release barrier semantics.
> >> - *
> >> - * This is a bit of a one-trick-pony for the filemap code, which clears
> >> - * PG_locked and tests PG_waiters,
> >> - */
> >> -static inline bool
> >> -clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_clear_bit_unlock_is_negative_byte(nr, addr);
> >> -}
> >> -/* Let everybody know we have it. */
> >> -#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
> >> -#endif
> >> -
> >> -#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_H */
> >> diff --git a/include/asm-generic/bitops/instrumented-atomic.h b/include/asm-generic/bitops/instrumented-atomic.h
> >> new file mode 100644
> >> index 000000000000..18ce3c9e8eec
> >> --- /dev/null
> >> +++ b/include/asm-generic/bitops/instrumented-atomic.h
> >> @@ -0,0 +1,100 @@
> >> +/* SPDX-License-Identifier: GPL-2.0 */
> >> +
> >> +/*
> >> + * This file provides wrappers with sanitizer instrumentation for atomic bit
> >> + * operations.
> >> + *
> >> + * To use this functionality, an arch's bitops.h file needs to define each of
> >> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> >> + * arch___set_bit(), etc.).
> >> + */
> >> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
> >> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
> >> +
> >> +#include <linux/kasan-checks.h>
> >> +
> >> +/**
> >> + * set_bit - Atomically set a bit in memory
> >> + * @nr: the bit to set
> >> + * @addr: the address to start counting from
> >> + *
> >> + * This is a relaxed atomic operation (no implied memory barriers).
> >> + *
> >> + * Note that @nr may be almost arbitrarily large; this function is not
> >> + * restricted to acting on a single-word quantity.
> >> + */
> >> +static inline void set_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch_set_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * clear_bit - Clears a bit in memory
> >> + * @nr: Bit to clear
> >> + * @addr: Address to start counting from
> >> + *
> >> + * This is a relaxed atomic operation (no implied memory barriers).
> >> + */
> >> +static inline void clear_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch_clear_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * change_bit - Toggle a bit in memory
> >> + * @nr: Bit to change
> >> + * @addr: Address to start counting from
> >> + *
> >> + * This is a relaxed atomic operation (no implied memory barriers).
> >> + *
> >> + * Note that @nr may be almost arbitrarily large; this function is not
> >> + * restricted to acting on a single-word quantity.
> >> + */
> >> +static inline void change_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch_change_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_and_set_bit - Set a bit and return its old value
> >> + * @nr: Bit to set
> >> + * @addr: Address to count from
> >> + *
> >> + * This is an atomic fully-ordered operation (implied full memory barrier).
> >> + */
> >> +static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_and_set_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_and_clear_bit - Clear a bit and return its old value
> >> + * @nr: Bit to clear
> >> + * @addr: Address to count from
> >> + *
> >> + * This is an atomic fully-ordered operation (implied full memory barrier).
> >> + */
> >> +static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_and_clear_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_and_change_bit - Change a bit and return its old value
> >> + * @nr: Bit to change
> >> + * @addr: Address to count from
> >> + *
> >> + * This is an atomic fully-ordered operation (implied full memory barrier).
> >> + */
> >> +static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_and_change_bit(nr, addr);
> >> +}
> >> +
> >> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
> >> diff --git a/include/asm-generic/bitops/instrumented-lock.h b/include/asm-generic/bitops/instrumented-lock.h
> >> new file mode 100644
> >> index 000000000000..ec53fdeea9ec
> >> --- /dev/null
> >> +++ b/include/asm-generic/bitops/instrumented-lock.h
> >> @@ -0,0 +1,81 @@
> >> +/* SPDX-License-Identifier: GPL-2.0 */
> >> +
> >> +/*
> >> + * This file provides wrappers with sanitizer instrumentation for bit
> >> + * locking operations.
> >> + *
> >> + * To use this functionality, an arch's bitops.h file needs to define each of
> >> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> >> + * arch___set_bit(), etc.).
> >> + */
> >> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
> >> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
> >> +
> >> +#include <linux/kasan-checks.h>
> >> +
> >> +/**
> >> + * clear_bit_unlock - Clear a bit in memory, for unlock
> >> + * @nr: the bit to set
> >> + * @addr: the address to start counting from
> >> + *
> >> + * This operation is atomic and provides release barrier semantics.
> >> + */
> >> +static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch_clear_bit_unlock(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __clear_bit_unlock - Clears a bit in memory
> >> + * @nr: Bit to clear
> >> + * @addr: Address to start counting from
> >> + *
> >> + * This is a non-atomic operation but implies a release barrier before the
> >> + * memory operation. It can be used for an unlock if no other CPUs can
> >> + * concurrently modify other bits in the word.
> >> + */
> >> +static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch___clear_bit_unlock(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_and_set_bit_lock - Set a bit and return its old value, for lock
> >> + * @nr: Bit to set
> >> + * @addr: Address to count from
> >> + *
> >> + * This operation is atomic and provides acquire barrier semantics if
> >> + * the returned value is 0.
> >> + * It can be used to implement bit locks.
> >> + */
> >> +static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_and_set_bit_lock(nr, addr);
> >> +}
> >> +
> >> +#if defined(arch_clear_bit_unlock_is_negative_byte)
> >> +/**
> >> + * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
> >> + * byte is negative, for unlock.
> >> + * @nr: the bit to clear
> >> + * @addr: the address to start counting from
> >> + *
> >> + * This operation is atomic and provides release barrier semantics.
> >> + *
> >> + * This is a bit of a one-trick-pony for the filemap code, which clears
> >> + * PG_locked and tests PG_waiters,
> >> + */
> >> +static inline bool
> >> +clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_clear_bit_unlock_is_negative_byte(nr, addr);
> >> +}
> >> +/* Let everybody know we have it. */
> >> +#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
> >> +#endif
> >> +
> >> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H */
> >> diff --git a/include/asm-generic/bitops/instrumented-non-atomic.h b/include/asm-generic/bitops/instrumented-non-atomic.h
> >> new file mode 100644
> >> index 000000000000..95ff28d128a1
> >> --- /dev/null
> >> +++ b/include/asm-generic/bitops/instrumented-non-atomic.h
> >> @@ -0,0 +1,114 @@
> >> +/* SPDX-License-Identifier: GPL-2.0 */
> >> +
> >> +/*
> >> + * This file provides wrappers with sanitizer instrumentation for non-atomic
> >> + * bit operations.
> >> + *
> >> + * To use this functionality, an arch's bitops.h file needs to define each of
> >> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> >> + * arch___set_bit(), etc.).
> >> + */
> >> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
> >> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
> >> +
> >> +#include <linux/kasan-checks.h>
> >> +
> >> +/**
> >> + * __set_bit - Set a bit in memory
> >> + * @nr: the bit to set
> >> + * @addr: the address to start counting from
> >> + *
> >> + * Unlike set_bit(), this function is non-atomic. If it is called on the same
> >> + * region of memory concurrently, the effect may be that only one operation
> >> + * succeeds.
> >> + */
> >> +static inline void __set_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch___set_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __clear_bit - Clears a bit in memory
> >> + * @nr: the bit to clear
> >> + * @addr: the address to start counting from
> >> + *
> >> + * Unlike clear_bit(), this function is non-atomic. If it is called on the same
> >> + * region of memory concurrently, the effect may be that only one operation
> >> + * succeeds.
> >> + */
> >> +static inline void __clear_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch___clear_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __change_bit - Toggle a bit in memory
> >> + * @nr: the bit to change
> >> + * @addr: the address to start counting from
> >> + *
> >> + * Unlike change_bit(), this function is non-atomic. If it is called on the same
> >> + * region of memory concurrently, the effect may be that only one operation
> >> + * succeeds.
> >> + */
> >> +static inline void __change_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch___change_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __test_and_set_bit - Set a bit and return its old value
> >> + * @nr: Bit to set
> >> + * @addr: Address to count from
> >> + *
> >> + * This operation is non-atomic. If two instances of this operation race, one
> >> + * can appear to succeed but actually fail.
> >> + */
> >> +static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch___test_and_set_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __test_and_clear_bit - Clear a bit and return its old value
> >> + * @nr: Bit to clear
> >> + * @addr: Address to count from
> >> + *
> >> + * This operation is non-atomic. If two instances of this operation race, one
> >> + * can appear to succeed but actually fail.
> >> + */
> >> +static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch___test_and_clear_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __test_and_change_bit - Change a bit and return its old value
> >> + * @nr: Bit to change
> >> + * @addr: Address to count from
> >> + *
> >> + * This operation is non-atomic. If two instances of this operation race, one
> >> + * can appear to succeed but actually fail.
> >> + */
> >> +static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch___test_and_change_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_bit - Determine whether a bit is set
> >> + * @nr: bit number to test
> >> + * @addr: Address to start counting from
> >> + */
> >> +static inline bool test_bit(long nr, const volatile unsigned long *addr)
> >> +{
> >> + kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_bit(nr, addr);
> >> +}
This one slipped through the cracks, sorry I didn't notice earlier.
test_bit() is an atomic bitop. I assume it was meant to be in
instrumented-atomic.h?
Thanks,
-- Marco
> >> +
> >> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
> >> --
> >> 2.20.1
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/878sp57z44.fsf%40dja-thinkpad.axtens.net.
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-11-14 20:56 ` Marco Elver
0 siblings, 0 replies; 23+ messages in thread
From: Marco Elver @ 2019-11-14 20:56 UTC (permalink / raw)
To: Daniel Axtens
Cc: linux-s390, the arch/x86 maintainers, kasan-dev, linux-arch,
linuxppc-dev
On Mon, 28 Oct 2019 at 14:56, Daniel Axtens <dja@axtens.net> wrote:
>
> Hi all,
>
> Would it be possible to get an Ack from a KASAN maintainter? mpe is
> happy to take this through powerpc but would like an ack first.
>
> Regards,
> Daniel
>
> >> Currently bitops-instrumented.h assumes that the architecture provides
> >> atomic, non-atomic and locking bitops (e.g. both set_bit and __set_bit).
> >> This is true on x86 and s390, but is not always true: there is a
> >> generic bitops/non-atomic.h header that provides generic non-atomic
> >> operations, and also a generic bitops/lock.h for locking operations.
> >>
> >> powerpc uses the generic non-atomic version, so it does not have it's
> >> own e.g. __set_bit that could be renamed arch___set_bit.
> >>
> >> Split up bitops-instrumented.h to mirror the atomic/non-atomic/lock
> >> split. This allows arches to only include the headers where they
> >> have arch-specific versions to rename. Update x86 and s390.
> >
> > This patch should not cause any functional change on either arch.
> >
> > To verify, I have compiled kernels with and without these. With the
> > appropriate setting of environment variables and the general assorted
> > mucking around required for reproducible builds, I have tested:
> >
> > - s390, without kasan - byte-for-byte identical vmlinux before and after
> > - x86, without kasan - byte-for-byte identical vmlinux before and after
> >
> > - s390, inline kasan - byte-for-byte identical vmlinux before and after
> >
> > - x86, inline kasan - 3 functions in drivers/rtc/dev.o are reordered,
> > build-id and __ex_table differ, rest is unchanged
> >
> > The kernels were based on defconfigs. I disabled debug info (as that
> > obviously changes with code being rearranged) and initrd support (as the
> > cpio wrapper doesn't seem to take KBUILD_BUILD_TIMESTAMP but the current
> > time, and that screws things up).
> >
> > I wouldn't read too much in to the weird result on x86 with inline
> > kasan: the code I moved about is compiled even without KASAN enabled.
> >
> > Regards,
> > Daniel
> >
> >
> >>
> >> (The generic operations are automatically instrumented because they're
> >> written in C, not asm.)
> >>
> >> Suggested-by: Christophe Leroy <christophe.leroy@c-s.fr>
> >> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
> >> Signed-off-by: Daniel Axtens <dja@axtens.net>
> >> ---
> >> Documentation/core-api/kernel-api.rst | 17 +-
> >> arch/s390/include/asm/bitops.h | 4 +-
> >> arch/x86/include/asm/bitops.h | 4 +-
> >> include/asm-generic/bitops-instrumented.h | 263 ------------------
> >> .../asm-generic/bitops/instrumented-atomic.h | 100 +++++++
> >> .../asm-generic/bitops/instrumented-lock.h | 81 ++++++
> >> .../bitops/instrumented-non-atomic.h | 114 ++++++++
> >> 7 files changed, 317 insertions(+), 266 deletions(-)
> >> delete mode 100644 include/asm-generic/bitops-instrumented.h
> >> create mode 100644 include/asm-generic/bitops/instrumented-atomic.h
> >> create mode 100644 include/asm-generic/bitops/instrumented-lock.h
> >> create mode 100644 include/asm-generic/bitops/instrumented-non-atomic.h
> >>
> >> diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
> >> index 08af5caf036d..2e21248277e3 100644
> >> --- a/Documentation/core-api/kernel-api.rst
> >> +++ b/Documentation/core-api/kernel-api.rst
> >> @@ -54,7 +54,22 @@ The Linux kernel provides more basic utility functions.
> >> Bit Operations
> >> --------------
> >>
> >> -.. kernel-doc:: include/asm-generic/bitops-instrumented.h
> >> +Atomic Operations
> >> +~~~~~~~~~~~~~~~~~
> >> +
> >> +.. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
> >> + :internal:
> >> +
> >> +Non-atomic Operations
> >> +~~~~~~~~~~~~~~~~~~~~~
> >> +
> >> +.. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
> >> + :internal:
> >> +
> >> +Locking Operations
> >> +~~~~~~~~~~~~~~~~~~
> >> +
> >> +.. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
> >> :internal:
> >>
> >> Bitmap Operations
> >> diff --git a/arch/s390/include/asm/bitops.h b/arch/s390/include/asm/bitops.h
> >> index b8833ac983fa..0ceb12593a68 100644
> >> --- a/arch/s390/include/asm/bitops.h
> >> +++ b/arch/s390/include/asm/bitops.h
> >> @@ -241,7 +241,9 @@ static inline void arch___clear_bit_unlock(unsigned long nr,
> >> arch___clear_bit(nr, ptr);
> >> }
> >>
> >> -#include <asm-generic/bitops-instrumented.h>
> >> +#include <asm-generic/bitops/instrumented-atomic.h>
> >> +#include <asm-generic/bitops/instrumented-non-atomic.h>
> >> +#include <asm-generic/bitops/instrumented-lock.h>
> >>
> >> /*
> >> * Functions which use MSB0 bit numbering.
> >> diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
> >> index ba15d53c1ca7..4a2e2432238f 100644
> >> --- a/arch/x86/include/asm/bitops.h
> >> +++ b/arch/x86/include/asm/bitops.h
> >> @@ -389,7 +389,9 @@ static __always_inline int fls64(__u64 x)
> >>
> >> #include <asm-generic/bitops/const_hweight.h>
> >>
> >> -#include <asm-generic/bitops-instrumented.h>
> >> +#include <asm-generic/bitops/instrumented-atomic.h>
> >> +#include <asm-generic/bitops/instrumented-non-atomic.h>
> >> +#include <asm-generic/bitops/instrumented-lock.h>
> >>
> >> #include <asm-generic/bitops/le.h>
> >>
> >> diff --git a/include/asm-generic/bitops-instrumented.h b/include/asm-generic/bitops-instrumented.h
> >> deleted file mode 100644
> >> index ddd1c6d9d8db..000000000000
> >> --- a/include/asm-generic/bitops-instrumented.h
> >> +++ /dev/null
> >> @@ -1,263 +0,0 @@
> >> -/* SPDX-License-Identifier: GPL-2.0 */
> >> -
> >> -/*
> >> - * This file provides wrappers with sanitizer instrumentation for bit
> >> - * operations.
> >> - *
> >> - * To use this functionality, an arch's bitops.h file needs to define each of
> >> - * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> >> - * arch___set_bit(), etc.).
> >> - */
> >> -#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_H
> >> -#define _ASM_GENERIC_BITOPS_INSTRUMENTED_H
> >> -
> >> -#include <linux/kasan-checks.h>
> >> -
> >> -/**
> >> - * set_bit - Atomically set a bit in memory
> >> - * @nr: the bit to set
> >> - * @addr: the address to start counting from
> >> - *
> >> - * This is a relaxed atomic operation (no implied memory barriers).
> >> - *
> >> - * Note that @nr may be almost arbitrarily large; this function is not
> >> - * restricted to acting on a single-word quantity.
> >> - */
> >> -static inline void set_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch_set_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __set_bit - Set a bit in memory
> >> - * @nr: the bit to set
> >> - * @addr: the address to start counting from
> >> - *
> >> - * Unlike set_bit(), this function is non-atomic. If it is called on the same
> >> - * region of memory concurrently, the effect may be that only one operation
> >> - * succeeds.
> >> - */
> >> -static inline void __set_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch___set_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * clear_bit - Clears a bit in memory
> >> - * @nr: Bit to clear
> >> - * @addr: Address to start counting from
> >> - *
> >> - * This is a relaxed atomic operation (no implied memory barriers).
> >> - */
> >> -static inline void clear_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch_clear_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __clear_bit - Clears a bit in memory
> >> - * @nr: the bit to clear
> >> - * @addr: the address to start counting from
> >> - *
> >> - * Unlike clear_bit(), this function is non-atomic. If it is called on the same
> >> - * region of memory concurrently, the effect may be that only one operation
> >> - * succeeds.
> >> - */
> >> -static inline void __clear_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch___clear_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * clear_bit_unlock - Clear a bit in memory, for unlock
> >> - * @nr: the bit to set
> >> - * @addr: the address to start counting from
> >> - *
> >> - * This operation is atomic and provides release barrier semantics.
> >> - */
> >> -static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch_clear_bit_unlock(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __clear_bit_unlock - Clears a bit in memory
> >> - * @nr: Bit to clear
> >> - * @addr: Address to start counting from
> >> - *
> >> - * This is a non-atomic operation but implies a release barrier before the
> >> - * memory operation. It can be used for an unlock if no other CPUs can
> >> - * concurrently modify other bits in the word.
> >> - */
> >> -static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch___clear_bit_unlock(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * change_bit - Toggle a bit in memory
> >> - * @nr: Bit to change
> >> - * @addr: Address to start counting from
> >> - *
> >> - * This is a relaxed atomic operation (no implied memory barriers).
> >> - *
> >> - * Note that @nr may be almost arbitrarily large; this function is not
> >> - * restricted to acting on a single-word quantity.
> >> - */
> >> -static inline void change_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch_change_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __change_bit - Toggle a bit in memory
> >> - * @nr: the bit to change
> >> - * @addr: the address to start counting from
> >> - *
> >> - * Unlike change_bit(), this function is non-atomic. If it is called on the same
> >> - * region of memory concurrently, the effect may be that only one operation
> >> - * succeeds.
> >> - */
> >> -static inline void __change_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - arch___change_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_and_set_bit - Set a bit and return its old value
> >> - * @nr: Bit to set
> >> - * @addr: Address to count from
> >> - *
> >> - * This is an atomic fully-ordered operation (implied full memory barrier).
> >> - */
> >> -static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_and_set_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __test_and_set_bit - Set a bit and return its old value
> >> - * @nr: Bit to set
> >> - * @addr: Address to count from
> >> - *
> >> - * This operation is non-atomic. If two instances of this operation race, one
> >> - * can appear to succeed but actually fail.
> >> - */
> >> -static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch___test_and_set_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_and_set_bit_lock - Set a bit and return its old value, for lock
> >> - * @nr: Bit to set
> >> - * @addr: Address to count from
> >> - *
> >> - * This operation is atomic and provides acquire barrier semantics if
> >> - * the returned value is 0.
> >> - * It can be used to implement bit locks.
> >> - */
> >> -static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_and_set_bit_lock(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_and_clear_bit - Clear a bit and return its old value
> >> - * @nr: Bit to clear
> >> - * @addr: Address to count from
> >> - *
> >> - * This is an atomic fully-ordered operation (implied full memory barrier).
> >> - */
> >> -static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_and_clear_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __test_and_clear_bit - Clear a bit and return its old value
> >> - * @nr: Bit to clear
> >> - * @addr: Address to count from
> >> - *
> >> - * This operation is non-atomic. If two instances of this operation race, one
> >> - * can appear to succeed but actually fail.
> >> - */
> >> -static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch___test_and_clear_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_and_change_bit - Change a bit and return its old value
> >> - * @nr: Bit to change
> >> - * @addr: Address to count from
> >> - *
> >> - * This is an atomic fully-ordered operation (implied full memory barrier).
> >> - */
> >> -static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_and_change_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * __test_and_change_bit - Change a bit and return its old value
> >> - * @nr: Bit to change
> >> - * @addr: Address to count from
> >> - *
> >> - * This operation is non-atomic. If two instances of this operation race, one
> >> - * can appear to succeed but actually fail.
> >> - */
> >> -static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch___test_and_change_bit(nr, addr);
> >> -}
> >> -
> >> -/**
> >> - * test_bit - Determine whether a bit is set
> >> - * @nr: bit number to test
> >> - * @addr: Address to start counting from
> >> - */
> >> -static inline bool test_bit(long nr, const volatile unsigned long *addr)
> >> -{
> >> - kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_test_bit(nr, addr);
> >> -}
> >> -
> >> -#if defined(arch_clear_bit_unlock_is_negative_byte)
> >> -/**
> >> - * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
> >> - * byte is negative, for unlock.
> >> - * @nr: the bit to clear
> >> - * @addr: the address to start counting from
> >> - *
> >> - * This operation is atomic and provides release barrier semantics.
> >> - *
> >> - * This is a bit of a one-trick-pony for the filemap code, which clears
> >> - * PG_locked and tests PG_waiters,
> >> - */
> >> -static inline bool
> >> -clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
> >> -{
> >> - kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> - return arch_clear_bit_unlock_is_negative_byte(nr, addr);
> >> -}
> >> -/* Let everybody know we have it. */
> >> -#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
> >> -#endif
> >> -
> >> -#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_H */
> >> diff --git a/include/asm-generic/bitops/instrumented-atomic.h b/include/asm-generic/bitops/instrumented-atomic.h
> >> new file mode 100644
> >> index 000000000000..18ce3c9e8eec
> >> --- /dev/null
> >> +++ b/include/asm-generic/bitops/instrumented-atomic.h
> >> @@ -0,0 +1,100 @@
> >> +/* SPDX-License-Identifier: GPL-2.0 */
> >> +
> >> +/*
> >> + * This file provides wrappers with sanitizer instrumentation for atomic bit
> >> + * operations.
> >> + *
> >> + * To use this functionality, an arch's bitops.h file needs to define each of
> >> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> >> + * arch___set_bit(), etc.).
> >> + */
> >> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
> >> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_ATOMIC_H
> >> +
> >> +#include <linux/kasan-checks.h>
> >> +
> >> +/**
> >> + * set_bit - Atomically set a bit in memory
> >> + * @nr: the bit to set
> >> + * @addr: the address to start counting from
> >> + *
> >> + * This is a relaxed atomic operation (no implied memory barriers).
> >> + *
> >> + * Note that @nr may be almost arbitrarily large; this function is not
> >> + * restricted to acting on a single-word quantity.
> >> + */
> >> +static inline void set_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch_set_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * clear_bit - Clears a bit in memory
> >> + * @nr: Bit to clear
> >> + * @addr: Address to start counting from
> >> + *
> >> + * This is a relaxed atomic operation (no implied memory barriers).
> >> + */
> >> +static inline void clear_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch_clear_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * change_bit - Toggle a bit in memory
> >> + * @nr: Bit to change
> >> + * @addr: Address to start counting from
> >> + *
> >> + * This is a relaxed atomic operation (no implied memory barriers).
> >> + *
> >> + * Note that @nr may be almost arbitrarily large; this function is not
> >> + * restricted to acting on a single-word quantity.
> >> + */
> >> +static inline void change_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch_change_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_and_set_bit - Set a bit and return its old value
> >> + * @nr: Bit to set
> >> + * @addr: Address to count from
> >> + *
> >> + * This is an atomic fully-ordered operation (implied full memory barrier).
> >> + */
> >> +static inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_and_set_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_and_clear_bit - Clear a bit and return its old value
> >> + * @nr: Bit to clear
> >> + * @addr: Address to count from
> >> + *
> >> + * This is an atomic fully-ordered operation (implied full memory barrier).
> >> + */
> >> +static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_and_clear_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_and_change_bit - Change a bit and return its old value
> >> + * @nr: Bit to change
> >> + * @addr: Address to count from
> >> + *
> >> + * This is an atomic fully-ordered operation (implied full memory barrier).
> >> + */
> >> +static inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_and_change_bit(nr, addr);
> >> +}
> >> +
> >> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
> >> diff --git a/include/asm-generic/bitops/instrumented-lock.h b/include/asm-generic/bitops/instrumented-lock.h
> >> new file mode 100644
> >> index 000000000000..ec53fdeea9ec
> >> --- /dev/null
> >> +++ b/include/asm-generic/bitops/instrumented-lock.h
> >> @@ -0,0 +1,81 @@
> >> +/* SPDX-License-Identifier: GPL-2.0 */
> >> +
> >> +/*
> >> + * This file provides wrappers with sanitizer instrumentation for bit
> >> + * locking operations.
> >> + *
> >> + * To use this functionality, an arch's bitops.h file needs to define each of
> >> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> >> + * arch___set_bit(), etc.).
> >> + */
> >> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
> >> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H
> >> +
> >> +#include <linux/kasan-checks.h>
> >> +
> >> +/**
> >> + * clear_bit_unlock - Clear a bit in memory, for unlock
> >> + * @nr: the bit to set
> >> + * @addr: the address to start counting from
> >> + *
> >> + * This operation is atomic and provides release barrier semantics.
> >> + */
> >> +static inline void clear_bit_unlock(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch_clear_bit_unlock(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __clear_bit_unlock - Clears a bit in memory
> >> + * @nr: Bit to clear
> >> + * @addr: Address to start counting from
> >> + *
> >> + * This is a non-atomic operation but implies a release barrier before the
> >> + * memory operation. It can be used for an unlock if no other CPUs can
> >> + * concurrently modify other bits in the word.
> >> + */
> >> +static inline void __clear_bit_unlock(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch___clear_bit_unlock(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_and_set_bit_lock - Set a bit and return its old value, for lock
> >> + * @nr: Bit to set
> >> + * @addr: Address to count from
> >> + *
> >> + * This operation is atomic and provides acquire barrier semantics if
> >> + * the returned value is 0.
> >> + * It can be used to implement bit locks.
> >> + */
> >> +static inline bool test_and_set_bit_lock(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_and_set_bit_lock(nr, addr);
> >> +}
> >> +
> >> +#if defined(arch_clear_bit_unlock_is_negative_byte)
> >> +/**
> >> + * clear_bit_unlock_is_negative_byte - Clear a bit in memory and test if bottom
> >> + * byte is negative, for unlock.
> >> + * @nr: the bit to clear
> >> + * @addr: the address to start counting from
> >> + *
> >> + * This operation is atomic and provides release barrier semantics.
> >> + *
> >> + * This is a bit of a one-trick-pony for the filemap code, which clears
> >> + * PG_locked and tests PG_waiters,
> >> + */
> >> +static inline bool
> >> +clear_bit_unlock_is_negative_byte(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_clear_bit_unlock_is_negative_byte(nr, addr);
> >> +}
> >> +/* Let everybody know we have it. */
> >> +#define clear_bit_unlock_is_negative_byte clear_bit_unlock_is_negative_byte
> >> +#endif
> >> +
> >> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_LOCK_H */
> >> diff --git a/include/asm-generic/bitops/instrumented-non-atomic.h b/include/asm-generic/bitops/instrumented-non-atomic.h
> >> new file mode 100644
> >> index 000000000000..95ff28d128a1
> >> --- /dev/null
> >> +++ b/include/asm-generic/bitops/instrumented-non-atomic.h
> >> @@ -0,0 +1,114 @@
> >> +/* SPDX-License-Identifier: GPL-2.0 */
> >> +
> >> +/*
> >> + * This file provides wrappers with sanitizer instrumentation for non-atomic
> >> + * bit operations.
> >> + *
> >> + * To use this functionality, an arch's bitops.h file needs to define each of
> >> + * the below bit operations with an arch_ prefix (e.g. arch_set_bit(),
> >> + * arch___set_bit(), etc.).
> >> + */
> >> +#ifndef _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
> >> +#define _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H
> >> +
> >> +#include <linux/kasan-checks.h>
> >> +
> >> +/**
> >> + * __set_bit - Set a bit in memory
> >> + * @nr: the bit to set
> >> + * @addr: the address to start counting from
> >> + *
> >> + * Unlike set_bit(), this function is non-atomic. If it is called on the same
> >> + * region of memory concurrently, the effect may be that only one operation
> >> + * succeeds.
> >> + */
> >> +static inline void __set_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch___set_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __clear_bit - Clears a bit in memory
> >> + * @nr: the bit to clear
> >> + * @addr: the address to start counting from
> >> + *
> >> + * Unlike clear_bit(), this function is non-atomic. If it is called on the same
> >> + * region of memory concurrently, the effect may be that only one operation
> >> + * succeeds.
> >> + */
> >> +static inline void __clear_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch___clear_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __change_bit - Toggle a bit in memory
> >> + * @nr: the bit to change
> >> + * @addr: the address to start counting from
> >> + *
> >> + * Unlike change_bit(), this function is non-atomic. If it is called on the same
> >> + * region of memory concurrently, the effect may be that only one operation
> >> + * succeeds.
> >> + */
> >> +static inline void __change_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + arch___change_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __test_and_set_bit - Set a bit and return its old value
> >> + * @nr: Bit to set
> >> + * @addr: Address to count from
> >> + *
> >> + * This operation is non-atomic. If two instances of this operation race, one
> >> + * can appear to succeed but actually fail.
> >> + */
> >> +static inline bool __test_and_set_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch___test_and_set_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __test_and_clear_bit - Clear a bit and return its old value
> >> + * @nr: Bit to clear
> >> + * @addr: Address to count from
> >> + *
> >> + * This operation is non-atomic. If two instances of this operation race, one
> >> + * can appear to succeed but actually fail.
> >> + */
> >> +static inline bool __test_and_clear_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch___test_and_clear_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * __test_and_change_bit - Change a bit and return its old value
> >> + * @nr: Bit to change
> >> + * @addr: Address to count from
> >> + *
> >> + * This operation is non-atomic. If two instances of this operation race, one
> >> + * can appear to succeed but actually fail.
> >> + */
> >> +static inline bool __test_and_change_bit(long nr, volatile unsigned long *addr)
> >> +{
> >> + kasan_check_write(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch___test_and_change_bit(nr, addr);
> >> +}
> >> +
> >> +/**
> >> + * test_bit - Determine whether a bit is set
> >> + * @nr: bit number to test
> >> + * @addr: Address to start counting from
> >> + */
> >> +static inline bool test_bit(long nr, const volatile unsigned long *addr)
> >> +{
> >> + kasan_check_read(addr + BIT_WORD(nr), sizeof(long));
> >> + return arch_test_bit(nr, addr);
> >> +}
This one slipped through the cracks, sorry I didn't notice earlier.
test_bit() is an atomic bitop. I assume it was meant to be in
instrumented-atomic.h?
Thanks,
-- Marco
> >> +
> >> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
> >> --
> >> 2.20.1
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/878sp57z44.fsf%40dja-thinkpad.axtens.net.
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-11-14 20:56 ` Marco Elver
@ 2019-11-15 13:11 ` Daniel Axtens
-1 siblings, 0 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-11-15 13:11 UTC (permalink / raw)
To: Marco Elver
Cc: christophe.leroy, linux-s390, linux-arch,
the arch/x86 maintainers, linuxppc-dev, kasan-dev
> test_bit() is an atomic bitop. I assume it was meant to be in
> instrumented-atomic.h?
Hmm, interesting.
I was tricked by the generic version doing just a simple read, with only
a volatile attribute to ensure the read occurs more-or-less as written:
/**
* test_bit - Determine whether a bit is set
* @nr: bit number to test
* @addr: Address to start counting from
*/
static inline int test_bit(int nr, const volatile unsigned long *addr)
{
return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1)));
}
But the docs do seem to indicate that it's atomic (for whatever that
means for a single read operation?), so you are right, it should live in
instrumented-atomic.h.
Sadly, only x86 and s390 specify an arch_test_bit, which will make moving it
into instumented-atomic.h break powerpc :(
I'll have a crack at something next week, probably with a similar trick
to arch_clear_bit_unlock_is_negative_byte.
Regards,
Daniel
>
> Thanks,
> -- Marco
>
>> >> +
>> >> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
>> >> --
>> >> 2.20.1
>>
>> --
>> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/878sp57z44.fsf%40dja-thinkpad.axtens.net.
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-11-15 13:11 ` Daniel Axtens
0 siblings, 0 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-11-15 13:11 UTC (permalink / raw)
To: Marco Elver
Cc: linux-s390, the arch/x86 maintainers, kasan-dev, linux-arch,
linuxppc-dev
> test_bit() is an atomic bitop. I assume it was meant to be in
> instrumented-atomic.h?
Hmm, interesting.
I was tricked by the generic version doing just a simple read, with only
a volatile attribute to ensure the read occurs more-or-less as written:
/**
* test_bit - Determine whether a bit is set
* @nr: bit number to test
* @addr: Address to start counting from
*/
static inline int test_bit(int nr, const volatile unsigned long *addr)
{
return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1)));
}
But the docs do seem to indicate that it's atomic (for whatever that
means for a single read operation?), so you are right, it should live in
instrumented-atomic.h.
Sadly, only x86 and s390 specify an arch_test_bit, which will make moving it
into instumented-atomic.h break powerpc :(
I'll have a crack at something next week, probably with a similar trick
to arch_clear_bit_unlock_is_negative_byte.
Regards,
Daniel
>
> Thanks,
> -- Marco
>
>> >> +
>> >> +#endif /* _ASM_GENERIC_BITOPS_INSTRUMENTED_NON_ATOMIC_H */
>> >> --
>> >> 2.20.1
>>
>> --
>> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/878sp57z44.fsf%40dja-thinkpad.axtens.net.
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-11-15 13:11 ` Daniel Axtens
@ 2019-11-20 7:42 ` Daniel Axtens
-1 siblings, 0 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-11-20 7:42 UTC (permalink / raw)
To: Marco Elver
Cc: christophe.leroy, linux-s390, linux-arch,
the arch/x86 maintainers, linuxppc-dev, kasan-dev
> But the docs do seem to indicate that it's atomic (for whatever that
> means for a single read operation?), so you are right, it should live in
> instrumented-atomic.h.
Actually, on further inspection, test_bit has lived in
bitops/non-atomic.h since it was added in 4117b02132d1 ("[PATCH] bitops:
generic __{,test_and_}{set,clear,change}_bit() and test_bit()")
So to match that, the wrapper should live in instrumented-non-atomic.h
too.
If test_bit should move, that would need to be a different patch. But I
don't really know if it makes too much sense to stress about a read
operation, as opposed to a read/modify/write...
Regards,
Daniel
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-11-20 7:42 ` Daniel Axtens
0 siblings, 0 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-11-20 7:42 UTC (permalink / raw)
To: Marco Elver
Cc: linux-s390, the arch/x86 maintainers, kasan-dev, linux-arch,
linuxppc-dev
> But the docs do seem to indicate that it's atomic (for whatever that
> means for a single read operation?), so you are right, it should live in
> instrumented-atomic.h.
Actually, on further inspection, test_bit has lived in
bitops/non-atomic.h since it was added in 4117b02132d1 ("[PATCH] bitops:
generic __{,test_and_}{set,clear,change}_bit() and test_bit()")
So to match that, the wrapper should live in instrumented-non-atomic.h
too.
If test_bit should move, that would need to be a different patch. But I
don't really know if it makes too much sense to stress about a read
operation, as opposed to a read/modify/write...
Regards,
Daniel
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-11-20 7:42 ` Daniel Axtens
@ 2019-11-20 8:32 ` Marco Elver
-1 siblings, 0 replies; 23+ messages in thread
From: Marco Elver @ 2019-11-20 8:32 UTC (permalink / raw)
To: Daniel Axtens
Cc: christophe.leroy, linux-s390, linux-arch,
the arch/x86 maintainers, linuxppc-dev, kasan-dev
On Wed, 20 Nov 2019 at 08:42, Daniel Axtens <dja@axtens.net> wrote:
>
> > But the docs do seem to indicate that it's atomic (for whatever that
> > means for a single read operation?), so you are right, it should live in
> > instrumented-atomic.h.
>
> Actually, on further inspection, test_bit has lived in
> bitops/non-atomic.h since it was added in 4117b02132d1 ("[PATCH] bitops:
> generic __{,test_and_}{set,clear,change}_bit() and test_bit()")
>
> So to match that, the wrapper should live in instrumented-non-atomic.h
> too.
>
> If test_bit should move, that would need to be a different patch. But I
> don't really know if it makes too much sense to stress about a read
> operation, as opposed to a read/modify/write...
That's fair enough. I suppose this can stay where it is because it's
not hurting anyone per-se, but the only bad thing about it is that
kernel-api documentation will present test_bit() in non-atomic
operations.
Thanks,
-- Marco
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-11-20 8:32 ` Marco Elver
0 siblings, 0 replies; 23+ messages in thread
From: Marco Elver @ 2019-11-20 8:32 UTC (permalink / raw)
To: Daniel Axtens
Cc: linux-s390, the arch/x86 maintainers, kasan-dev, linux-arch,
linuxppc-dev
On Wed, 20 Nov 2019 at 08:42, Daniel Axtens <dja@axtens.net> wrote:
>
> > But the docs do seem to indicate that it's atomic (for whatever that
> > means for a single read operation?), so you are right, it should live in
> > instrumented-atomic.h.
>
> Actually, on further inspection, test_bit has lived in
> bitops/non-atomic.h since it was added in 4117b02132d1 ("[PATCH] bitops:
> generic __{,test_and_}{set,clear,change}_bit() and test_bit()")
>
> So to match that, the wrapper should live in instrumented-non-atomic.h
> too.
>
> If test_bit should move, that would need to be a different patch. But I
> don't really know if it makes too much sense to stress about a read
> operation, as opposed to a read/modify/write...
That's fair enough. I suppose this can stay where it is because it's
not hurting anyone per-se, but the only bad thing about it is that
kernel-api documentation will present test_bit() in non-atomic
operations.
Thanks,
-- Marco
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-11-20 8:32 ` Marco Elver
@ 2019-12-03 13:04 ` Michael Ellerman
-1 siblings, 0 replies; 23+ messages in thread
From: Michael Ellerman @ 2019-12-03 13:04 UTC (permalink / raw)
To: Marco Elver, Daniel Axtens
Cc: linux-s390, the arch/x86 maintainers, kasan-dev, linux-arch,
linuxppc-dev
Marco Elver <elver@google.com> writes:
> On Wed, 20 Nov 2019 at 08:42, Daniel Axtens <dja@axtens.net> wrote:
>>
>> > But the docs do seem to indicate that it's atomic (for whatever that
>> > means for a single read operation?), so you are right, it should live in
>> > instrumented-atomic.h.
>>
>> Actually, on further inspection, test_bit has lived in
>> bitops/non-atomic.h since it was added in 4117b02132d1 ("[PATCH] bitops:
>> generic __{,test_and_}{set,clear,change}_bit() and test_bit()")
>>
>> So to match that, the wrapper should live in instrumented-non-atomic.h
>> too.
>>
>> If test_bit should move, that would need to be a different patch. But I
>> don't really know if it makes too much sense to stress about a read
>> operation, as opposed to a read/modify/write...
>
> That's fair enough. I suppose this can stay where it is because it's
> not hurting anyone per-se, but the only bad thing about it is that
> kernel-api documentation will present test_bit() in non-atomic
> operations.
I only just noticed this thread as I was about to send a pull request
for these two commits.
I think I agree that test_bit() shouldn't move (yet), but I dislike that
the documentation ends up being confusing due to this patch.
So I'm inclined to append or squash in the patch below, which removes
the new headers from the documentation. The end result is the docs look
more or less the same, just the ordering of some of the functions
changes. But we don't end up with test_bit() under the "Non-atomic"
header, and then also documented in Documentation/atomic_bitops.txt.
Thoughts?
cheers
diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
index 2caaeb55e8dd..4ac53a1363f6 100644
--- a/Documentation/core-api/kernel-api.rst
+++ b/Documentation/core-api/kernel-api.rst
@@ -57,21 +57,12 @@ The Linux kernel provides more basic utility functions.
Bit Operations
--------------
-Atomic Operations
-~~~~~~~~~~~~~~~~~
-
.. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
:internal:
-Non-atomic Operations
-~~~~~~~~~~~~~~~~~~~~~
-
.. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
:internal:
-Locking Operations
-~~~~~~~~~~~~~~~~~~
-
.. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
:internal:
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-12-03 13:04 ` Michael Ellerman
0 siblings, 0 replies; 23+ messages in thread
From: Michael Ellerman @ 2019-12-03 13:04 UTC (permalink / raw)
To: Marco Elver, Daniel Axtens
Cc: linux-arch, linux-s390, the arch/x86 maintainers, linuxppc-dev,
kasan-dev
Marco Elver <elver@google.com> writes:
> On Wed, 20 Nov 2019 at 08:42, Daniel Axtens <dja@axtens.net> wrote:
>>
>> > But the docs do seem to indicate that it's atomic (for whatever that
>> > means for a single read operation?), so you are right, it should live in
>> > instrumented-atomic.h.
>>
>> Actually, on further inspection, test_bit has lived in
>> bitops/non-atomic.h since it was added in 4117b02132d1 ("[PATCH] bitops:
>> generic __{,test_and_}{set,clear,change}_bit() and test_bit()")
>>
>> So to match that, the wrapper should live in instrumented-non-atomic.h
>> too.
>>
>> If test_bit should move, that would need to be a different patch. But I
>> don't really know if it makes too much sense to stress about a read
>> operation, as opposed to a read/modify/write...
>
> That's fair enough. I suppose this can stay where it is because it's
> not hurting anyone per-se, but the only bad thing about it is that
> kernel-api documentation will present test_bit() in non-atomic
> operations.
I only just noticed this thread as I was about to send a pull request
for these two commits.
I think I agree that test_bit() shouldn't move (yet), but I dislike that
the documentation ends up being confusing due to this patch.
So I'm inclined to append or squash in the patch below, which removes
the new headers from the documentation. The end result is the docs look
more or less the same, just the ordering of some of the functions
changes. But we don't end up with test_bit() under the "Non-atomic"
header, and then also documented in Documentation/atomic_bitops.txt.
Thoughts?
cheers
diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
index 2caaeb55e8dd..4ac53a1363f6 100644
--- a/Documentation/core-api/kernel-api.rst
+++ b/Documentation/core-api/kernel-api.rst
@@ -57,21 +57,12 @@ The Linux kernel provides more basic utility functions.
Bit Operations
--------------
-Atomic Operations
-~~~~~~~~~~~~~~~~~
-
.. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
:internal:
-Non-atomic Operations
-~~~~~~~~~~~~~~~~~~~~~
-
.. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
:internal:
-Locking Operations
-~~~~~~~~~~~~~~~~~~
-
.. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
:internal:
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-12-03 13:04 ` Michael Ellerman
@ 2019-12-03 13:36 ` Marco Elver
-1 siblings, 0 replies; 23+ messages in thread
From: Marco Elver @ 2019-12-03 13:36 UTC (permalink / raw)
To: Michael Ellerman
Cc: Daniel Axtens, linux-s390, the arch/x86 maintainers, kasan-dev,
linux-arch, linuxppc-dev
On Tue, 3 Dec 2019 at 14:04, Michael Ellerman <mpe@ellerman.id.au> wrote:
>
> Marco Elver <elver@google.com> writes:
> > On Wed, 20 Nov 2019 at 08:42, Daniel Axtens <dja@axtens.net> wrote:
> >>
> >> > But the docs do seem to indicate that it's atomic (for whatever that
> >> > means for a single read operation?), so you are right, it should live in
> >> > instrumented-atomic.h.
> >>
> >> Actually, on further inspection, test_bit has lived in
> >> bitops/non-atomic.h since it was added in 4117b02132d1 ("[PATCH] bitops:
> >> generic __{,test_and_}{set,clear,change}_bit() and test_bit()")
> >>
> >> So to match that, the wrapper should live in instrumented-non-atomic.h
> >> too.
> >>
> >> If test_bit should move, that would need to be a different patch. But I
> >> don't really know if it makes too much sense to stress about a read
> >> operation, as opposed to a read/modify/write...
> >
> > That's fair enough. I suppose this can stay where it is because it's
> > not hurting anyone per-se, but the only bad thing about it is that
> > kernel-api documentation will present test_bit() in non-atomic
> > operations.
>
> I only just noticed this thread as I was about to send a pull request
> for these two commits.
>
> I think I agree that test_bit() shouldn't move (yet), but I dislike that
> the documentation ends up being confusing due to this patch.
>
> So I'm inclined to append or squash in the patch below, which removes
> the new headers from the documentation. The end result is the docs look
> more or less the same, just the ordering of some of the functions
> changes. But we don't end up with test_bit() under the "Non-atomic"
> header, and then also documented in Documentation/atomic_bitops.txt.
>
> Thoughts?
For Documentation, this look reasonable to me.
Thanks,
-- Marco
> cheers
>
>
> diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
> index 2caaeb55e8dd..4ac53a1363f6 100644
> --- a/Documentation/core-api/kernel-api.rst
> +++ b/Documentation/core-api/kernel-api.rst
> @@ -57,21 +57,12 @@ The Linux kernel provides more basic utility functions.
> Bit Operations
> --------------
>
> -Atomic Operations
> -~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
> :internal:
>
> -Non-atomic Operations
> -~~~~~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
> :internal:
>
> -Locking Operations
> -~~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
> :internal:
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-12-03 13:36 ` Marco Elver
0 siblings, 0 replies; 23+ messages in thread
From: Marco Elver @ 2019-12-03 13:36 UTC (permalink / raw)
To: Michael Ellerman
Cc: linux-arch, linux-s390, the arch/x86 maintainers, kasan-dev,
linuxppc-dev, Daniel Axtens
On Tue, 3 Dec 2019 at 14:04, Michael Ellerman <mpe@ellerman.id.au> wrote:
>
> Marco Elver <elver@google.com> writes:
> > On Wed, 20 Nov 2019 at 08:42, Daniel Axtens <dja@axtens.net> wrote:
> >>
> >> > But the docs do seem to indicate that it's atomic (for whatever that
> >> > means for a single read operation?), so you are right, it should live in
> >> > instrumented-atomic.h.
> >>
> >> Actually, on further inspection, test_bit has lived in
> >> bitops/non-atomic.h since it was added in 4117b02132d1 ("[PATCH] bitops:
> >> generic __{,test_and_}{set,clear,change}_bit() and test_bit()")
> >>
> >> So to match that, the wrapper should live in instrumented-non-atomic.h
> >> too.
> >>
> >> If test_bit should move, that would need to be a different patch. But I
> >> don't really know if it makes too much sense to stress about a read
> >> operation, as opposed to a read/modify/write...
> >
> > That's fair enough. I suppose this can stay where it is because it's
> > not hurting anyone per-se, but the only bad thing about it is that
> > kernel-api documentation will present test_bit() in non-atomic
> > operations.
>
> I only just noticed this thread as I was about to send a pull request
> for these two commits.
>
> I think I agree that test_bit() shouldn't move (yet), but I dislike that
> the documentation ends up being confusing due to this patch.
>
> So I'm inclined to append or squash in the patch below, which removes
> the new headers from the documentation. The end result is the docs look
> more or less the same, just the ordering of some of the functions
> changes. But we don't end up with test_bit() under the "Non-atomic"
> header, and then also documented in Documentation/atomic_bitops.txt.
>
> Thoughts?
For Documentation, this look reasonable to me.
Thanks,
-- Marco
> cheers
>
>
> diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
> index 2caaeb55e8dd..4ac53a1363f6 100644
> --- a/Documentation/core-api/kernel-api.rst
> +++ b/Documentation/core-api/kernel-api.rst
> @@ -57,21 +57,12 @@ The Linux kernel provides more basic utility functions.
> Bit Operations
> --------------
>
> -Atomic Operations
> -~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
> :internal:
>
> -Non-atomic Operations
> -~~~~~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
> :internal:
>
> -Locking Operations
> -~~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
> :internal:
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
2019-12-03 13:04 ` Michael Ellerman
@ 2019-12-03 23:39 ` Daniel Axtens
-1 siblings, 0 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-12-03 23:39 UTC (permalink / raw)
To: Michael Ellerman, Marco Elver
Cc: linux-s390, the arch/x86 maintainers, kasan-dev, linux-arch,
linuxppc-dev
Hi Michael,
> I only just noticed this thread as I was about to send a pull request
> for these two commits.
>
> I think I agree that test_bit() shouldn't move (yet), but I dislike that
> the documentation ends up being confusing due to this patch.
>
> So I'm inclined to append or squash in the patch below, which removes
> the new headers from the documentation. The end result is the docs look
> more or less the same, just the ordering of some of the functions
> changes. But we don't end up with test_bit() under the "Non-atomic"
> header, and then also documented in Documentation/atomic_bitops.txt.
>
> Thoughts?
That sounds good to me.
Regards,
Daniel
>
> cheers
>
>
> diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
> index 2caaeb55e8dd..4ac53a1363f6 100644
> --- a/Documentation/core-api/kernel-api.rst
> +++ b/Documentation/core-api/kernel-api.rst
> @@ -57,21 +57,12 @@ The Linux kernel provides more basic utility functions.
> Bit Operations
> --------------
>
> -Atomic Operations
> -~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
> :internal:
>
> -Non-atomic Operations
> -~~~~~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
> :internal:
>
> -Locking Operations
> -~~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
> :internal:
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops
@ 2019-12-03 23:39 ` Daniel Axtens
0 siblings, 0 replies; 23+ messages in thread
From: Daniel Axtens @ 2019-12-03 23:39 UTC (permalink / raw)
To: Michael Ellerman, Marco Elver
Cc: linux-arch, linux-s390, the arch/x86 maintainers, linuxppc-dev,
kasan-dev
Hi Michael,
> I only just noticed this thread as I was about to send a pull request
> for these two commits.
>
> I think I agree that test_bit() shouldn't move (yet), but I dislike that
> the documentation ends up being confusing due to this patch.
>
> So I'm inclined to append or squash in the patch below, which removes
> the new headers from the documentation. The end result is the docs look
> more or less the same, just the ordering of some of the functions
> changes. But we don't end up with test_bit() under the "Non-atomic"
> header, and then also documented in Documentation/atomic_bitops.txt.
>
> Thoughts?
That sounds good to me.
Regards,
Daniel
>
> cheers
>
>
> diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst
> index 2caaeb55e8dd..4ac53a1363f6 100644
> --- a/Documentation/core-api/kernel-api.rst
> +++ b/Documentation/core-api/kernel-api.rst
> @@ -57,21 +57,12 @@ The Linux kernel provides more basic utility functions.
> Bit Operations
> --------------
>
> -Atomic Operations
> -~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-atomic.h
> :internal:
>
> -Non-atomic Operations
> -~~~~~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-non-atomic.h
> :internal:
>
> -Locking Operations
> -~~~~~~~~~~~~~~~~~~
> -
> .. kernel-doc:: include/asm-generic/bitops/instrumented-lock.h
> :internal:
>
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2019-12-03 23:39 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-20 2:49 [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops Daniel Axtens
2019-08-20 2:49 ` [PATCH v2 2/2] powerpc: support KASAN instrumentation of bitops Daniel Axtens
2019-08-20 2:49 ` Daniel Axtens
2019-08-20 16:34 ` Christophe Leroy
2019-08-20 16:34 ` Christophe Leroy
2019-08-20 9:55 ` [PATCH v2 1/2] kasan: support instrumented bitops combined with generic bitops Marco Elver
2019-08-20 9:55 ` Marco Elver
2019-08-30 5:11 ` Daniel Axtens
2019-10-28 13:56 ` Daniel Axtens
2019-11-14 20:56 ` Marco Elver
2019-11-14 20:56 ` Marco Elver
2019-11-15 13:11 ` Daniel Axtens
2019-11-15 13:11 ` Daniel Axtens
2019-11-20 7:42 ` Daniel Axtens
2019-11-20 7:42 ` Daniel Axtens
2019-11-20 8:32 ` Marco Elver
2019-11-20 8:32 ` Marco Elver
2019-12-03 13:04 ` Michael Ellerman
2019-12-03 13:04 ` Michael Ellerman
2019-12-03 13:36 ` Marco Elver
2019-12-03 13:36 ` Marco Elver
2019-12-03 23:39 ` Daniel Axtens
2019-12-03 23:39 ` Daniel Axtens
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.