Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp1169665lqm; Thu, 2 May 2024 07:13:47 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUPTAan/CDaSWc89CjuIW2SlHjHURxl4QEjDrxjYPmYL6nTT7aW4TmwNJMmh2MgCXIGQ7mK5U9d6R7O8l21r0gv3l+Wtb4SaqVPhesnKA== X-Google-Smtp-Source: AGHT+IFs/EZHaLzNTjM1v87Y9F0EbE3JbkWHnnZySX3AFwBx1iJ7gf9JmCcwY4wYbqhNbeXg/Bdi X-Received: by 2002:a17:903:2445:b0:1e4:362b:17d5 with SMTP id l5-20020a170903244500b001e4362b17d5mr6381362pls.4.1714659227682; Thu, 02 May 2024 07:13:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714659227; cv=pass; d=google.com; s=arc-20160816; b=gmZ1Y5G3kblolfrXcOxbgeuxGBlkl9CgtlYkC99xVC9jJrNPxv4YtWpofV8J9pWazo 3rbywug39J+oflQ3BquayCAHGeCxErEYHYhQ+zvfD6+G66pP3AA8eholBOJRz1vFZB69 uGvnF7L0uV24NbAGI5gPyzgebUKzY2Bv1wprvKdNxaNN9iEeswWFSI+h39ZMMRlKjbxH 1VABwAhvOkIB36Fq5mBUlAV8YcVTn73WFHUnEjvAZbXFtsjL8XHmQjGOuiZ0VN3qqCYj DiX70XwudTvNPZoh/ZcZdCAWLnKubIFH4XEzJcGsER31g64YHKIlrjOngHAGwZpmQbki RmmA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:dkim-signature; bh=HsPj+acZKYK2WoyW/9ElzwwE/qj1TMWpdQ6bEOK7unE=; fh=+5aVDkdoCMg5Rh+MC2IrhdmECP6LrIYfYb1bKtPZgLA=; b=wqq7PzVfRdIVj8eeV7OqaTSNITHgauhbDwIEhwzHVu7aospsI8IOKN5G0nktjEuQzs t1w8igRTOExYIR5gtuuo1gB+6H0mDGntC4QzEbEO6dsqIW93J138GdrOpOvdcJ+QiyPu vJy8oCFRMCOXwBRzCouDGoJnVujkIMo/Nr8uNe3+fu7nZps5X1qlubW4zUZ1pzOH5C4b kY5TRvqWc1MCHloTJ4CWYjmfTjlSirvtKXig2alxTTrUdUF+XamHoUpHLhIhpz3LX8Yi EB95/Lv0k5y3vodFEHqfT94JAoJwfCY7QK7B6bd6wjcJegF+ElOiT5XxiHn3qRP9UdGl 6osw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="J/N2vlzf"; arc=pass (i=1 spf=pass spfdomain=flex--elver.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-166543-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-166543-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id lm16-20020a170903299000b001eb5b5b1b95si1121261plb.74.2024.05.02.07.13.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 May 2024 07:13:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-166543-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="J/N2vlzf"; arc=pass (i=1 spf=pass spfdomain=flex--elver.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-166543-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-166543-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B3BEE28251A for ; Thu, 2 May 2024 14:13:46 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 05A5413C697; Thu, 2 May 2024 14:13:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="J/N2vlzf" Received: from mail-ej1-f74.google.com (mail-ej1-f74.google.com [209.85.218.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 586E612DDBF for ; Thu, 2 May 2024 14:13:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.74 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714659221; cv=none; b=M5j24OTstW3B3aetOyI6QuOdCxSc88X7j/RTMD4zy2VuGf2fftof3MMqmvxj8mc88eDeqsXxCFl9+bzR258WgU2bG6F9SecO1YYcEcbcQfH9jFcnOvysSjRgVDaKzqq4n5Tm3v97eLte7ihA5D68R5uzwaiu4b4K1JY9Hdg/JNE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714659221; c=relaxed/simple; bh=Qbmrk6jTj9AEBxw0+XAc0e4hQuIbaJCgCwARnd1RUF8=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=pKtvpHGZLbZ4ChgInhd/n3mHvTNVMqudTs+GKHssnfmG+59LOz8mZO+srgkgB2QvZh28KyaN+HmQvn3QNHiO7sHrf1Ra5gVr9onfIk7DHMWxVCkd6WP1SD+GqyImr2+Do3GywS6QG+BDxXAmfpdBCuguXPniC2OwSAi7YJaF96Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--elver.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=J/N2vlzf; arc=none smtp.client-ip=209.85.218.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--elver.bounces.google.com Received: by mail-ej1-f74.google.com with SMTP id a640c23a62f3a-a524b774e39so182581466b.1 for ; Thu, 02 May 2024 07:13:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714659218; x=1715264018; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=HsPj+acZKYK2WoyW/9ElzwwE/qj1TMWpdQ6bEOK7unE=; b=J/N2vlzfKnOu8yISREc6L4yBocea42VHxrgESAU4PmGsep7ksF9jzLGbm7xdRcjNxx T2MR8Vc9Oky2cOnVnMT0PkRvugB89YvorUHKsXRgedqtIacPuWm1HKXqhRNV09OZjwO6 8Rjtbx2NhZ7aQU/AP/eN8zvBhuQ/yWggICTlKDZneJQ9vsCj3OlKwEoS/AHyEfBi+CdD H6olw584uINGGnrRcF5G0g4BNHWMTCNQsFPMxkWFIKaKAWbgm2b7FX83xh02Z90jGW91 53OZGhGfc74ZLkhmn1eSMV27g9ZO+WmpiuSbAHB7MfYbwzGwCZvLlorR4RqGVlZpcGqo KhcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714659218; x=1715264018; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=HsPj+acZKYK2WoyW/9ElzwwE/qj1TMWpdQ6bEOK7unE=; b=Tz2dVc34NIIkeRWJfQRxit8dJ4Ufn/9tZHCn/fsYG6Wof+gm3+7kbJSE+Db7t1o4xP ha7v7f4NvzXw4CpX2JP+WrCPBZPU3YVzIkSApL/D7L9PkJDw5fYhVzwwDkntxI697Gsp GRa6jziTjA4IhaZnpbtfFaVpjhU38ACFNx4jzI3oLRvZx+8oL/6jJjV94iAlrelUb3eT S98p/HH3VEfngDM+QdgvYzXps3/5ByjXm3AxKqLQX/IR6XH3Yn+By1KjDddOy7IO3Uei amV+3Md5Cc3eNKvEPrtQYkz1TzsDCio37AM8FaToE6Pgt3Lla7vFdUmLjB/WmxlQxujE Gjow== X-Forwarded-Encrypted: i=1; AJvYcCXUtHsCXMFqXq7PTdQvPJSM4Al1axgwfcxTIOkcVR2H94Rd89ipvm16DTpUM6OjL2dwkktic2rkWPBK2PvMMaGsH/c/wW/VaTZRUMtD X-Gm-Message-State: AOJu0YwUlPFT5kpVVucVBVRLd01h1DSPXExWT9YohNHdTjZv6td18LZy 5W+CAP9oShY073/ioFvrKt3YI7Df5Z/KsRqI4ZErCCgBxZQXmBBtpigbtCUZRDdTM3ibIYgrBQ= = X-Received: from elver.muc.corp.google.com ([2a00:79e0:9c:201:7572:6c35:c45a:3523]) (user=elver job=sendgmr) by 2002:a17:907:8691:b0:a58:e8cb:2989 with SMTP id qa17-20020a170907869100b00a58e8cb2989mr3504ejc.5.1714659217590; Thu, 02 May 2024 07:13:37 -0700 (PDT) Date: Thu, 2 May 2024 16:12:17 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.45.0.rc1.225.g2a3ae87e7f-goog Message-ID: <20240502141242.2765090-1-elver@google.com> Subject: [PATCH] kcsan, compiler_types: Introduce __data_racy type qualifier From: Marco Elver To: elver@google.com, "Paul E. McKenney" , Linus Torvalds Cc: Mark Rutland , Dmitry Vyukov , Alexander Potapenko , Boqun Feng , kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, Tetsuo Handa Content-Type: text/plain; charset="UTF-8" Based on the discussion at [1], it would be helpful to mark certain variables as explicitly "data racy", which would result in KCSAN not reporting data races involving any accesses on such variables. To do that, introduce the __data_racy type qualifier: struct foo { ... int __data_racy bar; ... }; In KCSAN-kernels, __data_racy turns into volatile, which KCSAN already treats specially by considering them "marked". In non-KCSAN kernels the type qualifier turns into no-op. The generated code between KCSAN-instrumented kernels and non-KCSAN kernels is already huge (inserted calls into runtime for every memory access), so the extra generated code (if any) due to volatile for few such __data_racy variables are unlikely to have measurable impact on performance. Link: https://lore.kernel.org/all/CAHk-=wi3iondeh_9V2g3Qz5oHTRjLsOpoy83hb58MVh=nRZe0A@mail.gmail.com/ [1] Suggested-by: Linus Torvalds Signed-off-by: Marco Elver Cc: Paul E. McKenney Cc: Tetsuo Handa --- Documentation/dev-tools/kcsan.rst | 10 ++++++++++ include/linux/compiler_types.h | 7 +++++++ kernel/kcsan/kcsan_test.c | 17 +++++++++++++++++ 3 files changed, 34 insertions(+) diff --git a/Documentation/dev-tools/kcsan.rst b/Documentation/dev-tools/kcsan.rst index 94b6802ab0ab..02143f060b22 100644 --- a/Documentation/dev-tools/kcsan.rst +++ b/Documentation/dev-tools/kcsan.rst @@ -91,6 +91,16 @@ the below options are available: behaviour when encountering a data race is deemed safe. Please see `"Marking Shared-Memory Accesses" in the LKMM`_ for more information. +* Similar to ``data_race(...)``, the type qualifier ``__data_racy`` can be used + to document that all data races due to accesses to a variable are intended + and should be ignored by KCSAN:: + + struct foo { + ... + int __data_racy stats_counter; + ... + }; + * Disabling data race detection for entire functions can be accomplished by using the function attribute ``__no_kcsan``:: diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 2abaa3a825a9..a38162a8590d 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -273,9 +273,16 @@ struct ftrace_likely_data { * disable all instrumentation. See Kconfig.kcsan where this is mandatory. */ # define __no_kcsan __no_sanitize_thread __disable_sanitizer_instrumentation +/* + * Type qualifier to mark variables where all data-racy accesses should be + * ignored by KCSAN. Note, the implementation simply marks these variables as + * volatile, since KCSAN will treat such accesses as "marked". + */ +# define __data_racy volatile # define __no_sanitize_or_inline __no_kcsan notrace __maybe_unused #else # define __no_kcsan +# define __data_racy #endif #ifndef __no_sanitize_or_inline diff --git a/kernel/kcsan/kcsan_test.c b/kernel/kcsan/kcsan_test.c index 015586217875..0c17b4c83e1c 100644 --- a/kernel/kcsan/kcsan_test.c +++ b/kernel/kcsan/kcsan_test.c @@ -304,6 +304,7 @@ static long test_array[3 * PAGE_SIZE / sizeof(long)]; static struct { long val[8]; } test_struct; +static long __data_racy test_data_racy; static DEFINE_SEQLOCK(test_seqlock); static DEFINE_SPINLOCK(test_spinlock); static DEFINE_MUTEX(test_mutex); @@ -358,6 +359,8 @@ static noinline void test_kernel_write_uninstrumented(void) { test_var++; } static noinline void test_kernel_data_race(void) { data_race(test_var++); } +static noinline void test_kernel_data_racy_qualifier(void) { test_data_racy++; } + static noinline void test_kernel_assert_writer(void) { ASSERT_EXCLUSIVE_WRITER(test_var); @@ -1009,6 +1012,19 @@ static void test_data_race(struct kunit *test) KUNIT_EXPECT_FALSE(test, match_never); } +/* Test the __data_racy type qualifier. */ +__no_kcsan +static void test_data_racy_qualifier(struct kunit *test) +{ + bool match_never = false; + + begin_test_checks(test_kernel_data_racy_qualifier, test_kernel_data_racy_qualifier); + do { + match_never = report_available(); + } while (!end_test_checks(match_never)); + KUNIT_EXPECT_FALSE(test, match_never); +} + __no_kcsan static void test_assert_exclusive_writer(struct kunit *test) { @@ -1424,6 +1440,7 @@ static struct kunit_case kcsan_test_cases[] = { KCSAN_KUNIT_CASE(test_read_plain_atomic_rmw), KCSAN_KUNIT_CASE(test_zero_size_access), KCSAN_KUNIT_CASE(test_data_race), + KCSAN_KUNIT_CASE(test_data_racy_qualifier), KCSAN_KUNIT_CASE(test_assert_exclusive_writer), KCSAN_KUNIT_CASE(test_assert_exclusive_access), KCSAN_KUNIT_CASE(test_assert_exclusive_access_writer), -- 2.45.0.rc1.225.g2a3ae87e7f-goog