Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5057912pxj; Wed, 9 Jun 2021 08:13:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyNrdwGY2SNuCwh089hHRkgx60SM41p1TH7lEazyVH5K+CykYlfJk+rPc6+MkjcNyRZcegz X-Received: by 2002:a17:906:9143:: with SMTP id y3mr314487ejw.465.1623251612663; Wed, 09 Jun 2021 08:13:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623251612; cv=none; d=google.com; s=arc-20160816; b=pQ3Kozq5B4aJ5jy3aduqUugac6F2fLyQqXPLWqbFs+4ZiEingf54fK8X7pAHJ5AUW1 uaSc1eGh80tvxrHTMoxHwz9jjXlbO9fBNcFiUU7voR29GgO+4df2Gz9Ck+RguvD1RNUZ ABQpGENvwjkzZXxHIP3v+JkVoGThxyESoX57m8YsDqrnuu1PA4QR++wkED7fws099fkN xCO8KFqWTgdy4vVfoBMR+4ngW6XxFGv2ZwGovfZlCoZtkzP/BSg6aHF09UF1DihepK3N cOeIzmF39lU6kVz/5v4f92e11cA1+ZUfY3bqV5bmKf/BgeRqAHXIa0182L2lg48FxqLb pUBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=XESQj4hkMo22raHCOnPLNWU6wBeF3xWpMBQ+aWl/wQE=; b=Lh+5utfIQulLJi20NaLobQ3UGBQoIp5goZFPBY8dQwprtnJGY7q/OrjBJkwccet+TA iS36qiRASes1wNq+NekKBHWDy8D07aqw6lilzLxT8bD9WABe+SLm4PzQ96fHtDrasO9v H1F3mf4DKoAeaCVs17TIKJyxaH85toAkxxmQC2aMdfRK6pcGSCNg7yhOrlCvIHAqMS4L 7IzqtRNcJSrVTHkdh/y++y+NuyzZKak5SOnBYyNZlcxaTXDQFGuQwf3cYfRsp/zqzlcG j6Y2kll+SGKjTxRmcvyGZw0IXLLOuIJYlRxKuH0zq81V+Ct+lpqu9IIhIBG5Nl8zCxt2 00XQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z3si82238ejr.183.2021.06.09.08.13.08; Wed, 09 Jun 2021 08:13:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232655AbhFIMkP (ORCPT + 99 others); Wed, 9 Jun 2021 08:40:15 -0400 Received: from foss.arm.com ([217.140.110.172]:59402 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231281AbhFIMkN (ORCPT ); Wed, 9 Jun 2021 08:40:13 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D4253D6E; Wed, 9 Jun 2021 05:38:18 -0700 (PDT) Received: from C02TD0UTHF1T.local (unknown [10.57.7.102]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 733653F73D; Wed, 9 Jun 2021 05:38:17 -0700 (PDT) Date: Wed, 9 Jun 2021 13:38:10 +0100 From: Mark Rutland To: Marco Elver Cc: paulmck@kernel.org, boqun.feng@gmail.com, will@kernel.org, glider@google.com, dvyukov@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH 0/7] kcsan: Introduce CONFIG_KCSAN_PERMISSIVE Message-ID: <20210609123810.GA37375@C02TD0UTHF1T.local> References: <20210607125653.1388091-1-elver@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210607125653.1388091-1-elver@google.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Marco, On Mon, Jun 07, 2021 at 02:56:46PM +0200, Marco Elver wrote: > While investigating a number of data races, we've encountered data-racy > accesses on flags variables to be very common. The typical pattern is a > reader masking all but one bit, and the writer setting/clearing only 1 > bit (current->flags being a frequently encountered case; mm/sl[au]b.c > disables KCSAN for this reason currently). As a heads up, I just sent out the series I promised for thread_info::flags, at: https://lore.kernel.org/lkml/20210609122001.18277-1-mark.rutland@arm.com/T/#t ... which I think is complementary to this (IIUC it should help with the multi-bit cases you mention below), and may help to make the checks more stringent in future. FWIW, for this series: Acked-by: Mark Rutland Thanks, Mark. > Since these types of "trivial" data races are common (assuming they're > intentional and hard to miscompile!), having the option to filter them > (like we currently do for other types of data races) will avoid forcing > everyone to mark them, and deliberately left to preference at this time. > > The primary motivation is to move closer towards more easily filtering > interesting data races (like [1], [2], [3]) on CI systems (e.g. syzbot), > without the churn to mark all such "trivial" data races. > [1] https://lkml.kernel.org/r/20210527092547.2656514-1-elver@google.com > [2] https://lkml.kernel.org/r/20210527104711.2671610-1-elver@google.com > [3] https://lkml.kernel.org/r/20210209112701.3341724-1-elver@google.com > > Notably, the need for further built-in filtering has become clearer as > we notice some other CI systems (without active moderation) trying to > employ KCSAN, but usually have to turn it down quickly because their > reports are quickly met with negative feedback: > https://lkml.kernel.org/r/YHSPfiJ/h/f3ky5n@elver.google.com > > The rules are implemented and guarded by a new option > CONFIG_KCSAN_PERMISSIVE. With it, we will ignore data races with only > 1-bit value changes. Please see more details in in patch 7/7. > > The rest of the patches are cleanups and improving configuration. > > I ran some experiments to see what data races we're left with. With > CONFIG_KCSAN_PERMISSIVE=y paired with syzbot's current KCSAN config > (minimal kernel, most permissive KCSAN options), we're "just" about ~100 > reports away to a pretty silent KCSAN kernel: > > https://github.com/google/ktsan/tree/kcsan-permissive-with-dataraces > [ !!Disclaimer!! None of the commits are usable patches nor guaranteed > to be correct -- they merely resolve a data race so it wouldn't be > shown again and then moved on. Expect that simply marking is not > enough for some! ] > > Most of the data races look interesting enough, and only few already had > a comment nearby explaining what's happening. > > All data races on current->flags, and most other flags are absent > (unlike before). Those that were reported all had value changes with >1 > bit. A limitation is that few data races are still reported where the > reader is only interested in 1 bit but the writer changed more than 1 > bit. A complete approach would require compiler changes in addition to > the changes in this series -- but since that would further reduce the > data races reported, the simpler and conservative approach is to stick > to the value-change based rules for now. > > Marco Elver (7): > kcsan: Improve some Kconfig comments > kcsan: Remove CONFIG_KCSAN_DEBUG > kcsan: Introduce CONFIG_KCSAN_STRICT > kcsan: Reduce get_ctx() uses in kcsan_found_watchpoint() > kcsan: Rework atomic.h into permissive.h > kcsan: Print if strict or non-strict during init > kcsan: permissive: Ignore data-racy 1-bit value changes > > Documentation/dev-tools/kcsan.rst | 12 ++++ > kernel/kcsan/atomic.h | 23 -------- > kernel/kcsan/core.c | 77 ++++++++++++++++--------- > kernel/kcsan/kcsan_test.c | 32 +++++++++++ > kernel/kcsan/permissive.h | 94 +++++++++++++++++++++++++++++++ > lib/Kconfig.kcsan | 39 +++++++++---- > 6 files changed, 215 insertions(+), 62 deletions(-) > delete mode 100644 kernel/kcsan/atomic.h > create mode 100644 kernel/kcsan/permissive.h > > -- > 2.32.0.rc1.229.g3e70b5a671-goog >