Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp151703rwn; Wed, 7 Sep 2022 14:08:09 -0700 (PDT) X-Google-Smtp-Source: AA6agR4VtjEPEhIney7ueXd8uqpCi7lpTJBR3qA9+OYPI9T3sIldS4bszmj9OUTe9DHxk2kSK1NG X-Received: by 2002:a05:6402:2712:b0:448:e383:1f37 with SMTP id y18-20020a056402271200b00448e3831f37mr4541587edd.375.1662584889060; Wed, 07 Sep 2022 14:08:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662584889; cv=none; d=google.com; s=arc-20160816; b=pjZCuqLCun0D9yL87jvgGHPpVybxndlkPmAsrGwu6FZGKekQYISMs4ofMc/nzYTBZe Fp6pFO42U2BTXqMC/nRZOTqd5xDLhaF2JnABV2fb4BInfOwmUXmkTAoXytgHm0LpVtt0 D8lYwnWlvqb5OqUyR60bOa/BbYF8AXl+ScICWEkftTSuiro35QgF9biAMjHOiJaeOffH iCOGVG/yNsCb2V1gCkQhCpyAfsWNhfyPLN6FjLlwvHcP41xBXnoy6YoPhbwUuQemqOC3 sxdC44qIM8HIOrpHdO2w2CABpw1tcfZSOHVqCa1XnWybxaKl4kalNUnMFNoG3RXDJgY+ 5Bew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=eSmjHP3psGeOMr+WEOk0DOTV5ssd7/gZzN1bjJygBoE=; b=sWFwJ3ezirjjoQcKQiLKbSWAKKUWLhcyvc5maDXAEisy8hPWHmbL+elJjKHm66+pqj 3w2/inddp+TAgOPa3k8/LohX1soX76icxmwZBPGlvhUnFH5Y6BJ9TvhNHziPvBowPGCT +kGYFKxCkh7S67R0v2JjUrqqP4ugfJEHk2YyNl6O74aEKHLysrBfmuuGCW8ahfS34d7z Iz0yt5nMyhpwCTP3+AVQrUHb7Heu37Iq9ydwSJSabrXEPi7zEzVHsku+xHfd2ViMtJjf tWaR8qpzLLt3If6ERSZ/EGleK4z8D+eui8pAXPGy0ZBe54OtnOcZ6soq6Oal13vtPLz9 BuYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="W/rcNroN"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hr33-20020a1709073fa100b0073d8e26e78bsi343984ejc.960.2022.09.07.14.07.43; Wed, 07 Sep 2022 14:08:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="W/rcNroN"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229480AbiIGUwz (ORCPT + 99 others); Wed, 7 Sep 2022 16:52:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229612AbiIGUwx (ORCPT ); Wed, 7 Sep 2022 16:52:53 -0400 Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D3E572FCE for ; Wed, 7 Sep 2022 13:52:51 -0700 (PDT) Received: by mail-yb1-xb2c.google.com with SMTP id 130so23350561ybw.8 for ; Wed, 07 Sep 2022 13:52:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=eSmjHP3psGeOMr+WEOk0DOTV5ssd7/gZzN1bjJygBoE=; b=W/rcNroN25iYeVvA4FNx54QrYtbADyI5O2H8VEtzNGnvZ9oKm6c48boSOL9AicPayo UGAvE69d7IxuzXAA2/xE8dR3nkb39jB1608tET99ZpLMvjZgf9vM1Bu1MrVUGg7jcURa kN26DNyIQ5oqvDFkQFEH0V5+sVSSHBYL5cONOS4K9Gc82pdferYtOdBvjOEpty8BSuuc gXAtJVbIQ5Zv3wmVklfysoubfyGQBMg16hquIOyw3iqFF8FRjYIyot3QKHBqPLadevHq aiTWvTa6/qh35l94HjQnQtgPtOoKlWP3Lspzkh5wG7pxujSow7KZknk2ye4MKUmhu1r/ tGdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=eSmjHP3psGeOMr+WEOk0DOTV5ssd7/gZzN1bjJygBoE=; b=mlFSbyZKAb8zm33DY3rbXaHjzCQh14Tl8gZEaiUOrQP253lfKDQ9T+DDRkX4ANSvse V4hL7dv721i07HEyuvnIwssG0gHqwNVMMjPwU5135EFLKceM8rjlPQve36LI8xnDc/vV +TKtcA4VCSf1tkLoGIWQR/sN/ret/UKl2IisU52oBiq/UO67AqlNHN+FbK0Eugp0Qxwt r7Gip74l1x+rt0EGTJ33Vt++Zhkq1KOyxPT4eX8T7zXvUE/UkPMCP6KTRGrQSm3sl177 8fminfAIn6N7Zj4GDwZt8kJ+jmVDB/Cvo4i/hZg/wNs+XBfZ6HqXy48PYdjKNiGtGklU 5WkA== X-Gm-Message-State: ACgBeo0dETp5ybHEqSN+men5L61hKKOCKWNops/8lfCYhgbF/RyqyO7P TW1AfIm7GNPgYw5K9tzsbp8sMIQRsh6HrRBT4cwx1w== X-Received: by 2002:a25:1e86:0:b0:68d:549a:e4c2 with SMTP id e128-20020a251e86000000b0068d549ae4c2mr4320074ybe.93.1662583970644; Wed, 07 Sep 2022 13:52:50 -0700 (PDT) MIME-Version: 1.0 References: <20220907173903.2268161-1-elver@google.com> In-Reply-To: From: Marco Elver Date: Wed, 7 Sep 2022 22:52:13 +0200 Message-ID: Subject: Re: [PATCH 1/2] kcsan: Instrument memcpy/memset/memmove with newer Clang To: Boqun Feng Cc: "Paul E. McKenney" , Mark Rutland , Dmitry Vyukov , Alexander Potapenko , kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, Nathan Chancellor , Nick Desaulniers , llvm@lists.linux.dev, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 7 Sept 2022 at 20:17, Boqun Feng wrote: > > On Wed, Sep 07, 2022 at 07:39:02PM +0200, Marco Elver wrote: > > With Clang version 16+, -fsanitize=thread will turn > > memcpy/memset/memmove calls in instrumented functions into > > __tsan_memcpy/__tsan_memset/__tsan_memmove calls respectively. > > > > Add these functions to the core KCSAN runtime, so that we (a) catch data > > races with mem* functions, and (b) won't run into linker errors with > > such newer compilers. > > > > Cc: stable@vger.kernel.org # v5.10+ > > For (b) I think this is Ok, but for (a), what the atomic guarantee of > our mem* functions? Per-byte atomic or something more complicated (for > example, providing best effort atomic if a memory location in the range > is naturally-aligned to a machine word)? There should be no atomicity guarantee of mem*() functions, anything else would never be safe, given compilers love to optimize all of them (replacing the calls with inline versions etc.). > If it's a per-byte atomicity, then maybe another KCSAN_ACCESS_* flags is > needed, otherwise memset(0x8, 0, 0x2) is considered as atomic if > ASSUME_PLAIN_WRITES_ATOMIC=y. Unless I'm missing something. > > Anyway, this may be worth another patch and some discussion/doc, because > it just improve the accuracy of the tool. In other words, this patch and > the "stable" tag look good to me. Right, this will treat write accesses done by mem*() functions with a size less than or equal to word size as atomic if that option is on. However, I feel the more interesting cases will be memcpy/memset/memmove with much larger sizes. That being said, note that even though we pretend smaller than word size writes might be atomic, for no data race to be detected, both accesses need to be atomic. If that behaviour should be changed for mem*() functions in the default non-strict config is, like you say, something to ponder. In general, I find the ASSUME_PLAIN_WRITES_ATOMIC=y a pretty bad default, and I'd rather just change that default. But unfortunately, I think the kernel isn't ready for that, given opinions on this still diverge. Thanks, -- Marco