25 Aug, 2020
1 commit
-
Changes kcsan-test module to support checking reports that include
compound instrumentation. Since we should not fail the test if this
support is unavailable, we have to add a config variable that the test
can use to decide what to check for.Acked-by: Peter Zijlstra (Intel)
Signed-off-by: Marco Elver
Signed-off-by: Paul E. McKenney
30 Jun, 2020
2 commits
-
GCC version 11 recently implemented all requirements to correctly
support KCSAN:1. Correct no_sanitize-attribute inlining behaviour:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=4089df8ef4a63126b0774c39b6638845244c20d22. --param=tsan-distinguish-volatile
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=ab2789ec507a94f1a75a6534bca51c7b39037ce03. --param=tsan-instrument-func-entry-exit
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=06712fc68dc9843d9af7c7ac10047f49d305ad76Therefore, we can re-enable GCC for KCSAN, and document the new compiler
requirements.Signed-off-by: Marco Elver
Cc: Martin Liska
Signed-off-by: Paul E. McKenney -
This adds KCSAN test focusing on behaviour of the integrated runtime.
Tests various race scenarios, and verifies the reports generated to
console. Makes use of KUnit for test organization, and the Torture
framework for test thread control.Signed-off-by: Marco Elver
Signed-off-by: Paul E. McKenney
12 Jun, 2020
2 commits
-
The first version of Clang that supports -tsan-distinguish-volatile will
be able to support KCSAN. The first Clang release to do so, will be
Clang 11. This is due to satisfying all the following requirements:1. Never emit calls to __tsan_func_{entry,exit}.
2. __no_kcsan functions should not call anything, not even
kcsan_{enable,disable}_current(), when using __{READ,WRITE}_ONCE => Requires
leaving them plain!3. Support atomic_{read,set}*() with KCSAN, which rely on
arch_atomic_{read,set}*() using __{READ,WRITE}_ONCE() => Because of
#2, rely on Clang 11's -tsan-distinguish-volatile support. We will
double-instrument atomic_{read,set}*(), but that's reasonable given
it's still lower cost than the data_race() variant due to avoiding 2
extra calls (kcsan_{en,dis}able_current() calls).4. __always_inline functions inlined into __no_kcsan functions are never
instrumented.5. __always_inline functions inlined into instrumented functions are
instrumented.6. __no_kcsan_or_inline functions may be inlined into __no_kcsan functions =>
Implies leaving 'noinline' off of __no_kcsan_or_inline.7. Because of #6, __no_kcsan and __no_kcsan_or_inline functions should never be
spuriously inlined into instrumented functions, causing the accesses of the
__no_kcsan function to be instrumented.Older versions of Clang do not satisfy #3. The latest GCC currently
doesn't support at least #1, #3, and #7.Signed-off-by: Marco Elver
Signed-off-by: Borislav Petkov
Signed-off-by: Thomas Gleixner
Acked-by: Peter Zijlstra (Intel)
Acked-by: Will Deacon
Link: https://lkml.kernel.org/r/CANpmjNMTsY_8241bS7=XAfqvZHFLrVEkv_uM4aDUWE_kh3Rvbw@mail.gmail.com
Link: https://lkml.kernel.org/r/20200521142047.169334-7-elver@google.com -
Clang does not allow -fsanitize-coverage=trace-{pc,cmp} together
with -fsanitize=bounds or with ubsan:clang: error: argument unused during compilation: '-fsanitize-coverage=trace-pc' [-Werror,-Wunused-command-line-argument]
clang: error: argument unused during compilation: '-fsanitize-coverage=trace-cmp' [-Werror,-Wunused-command-line-argument]To avoid the warning, check whether clang can handle this correctly or
disallow ubsan and kcsan when kcov is enabled.Signed-off-by: Arnd Bergmann
Signed-off-by: Marco Elver
Signed-off-by: Borislav Petkov
Signed-off-by: Thomas Gleixner
Acked-by: Marco Elver
Acked-by: Peter Zijlstra (Intel)
Link: https://bugs.llvm.org/show_bug.cgi?id=45831
Link: https://lore.kernel.org/lkml/20200505142341.1096942-1-arnd@arndb.de
Link: https://lkml.kernel.org/r/20200521142047.169334-2-elver@google.com
28 Apr, 2020
1 commit
-
This commit simplifies and clarifies the highest level KCSAN Kconfig
help text.Signed-off-by: Ingo Molnar
Signed-off-by: Paul E. McKenney
26 Mar, 2020
2 commits
-
Adds CONFIG_KCSAN_VERBOSE to optionally enable more verbose reports.
Currently information about the reporting task's held locks and IRQ
trace events are shown, if they are enabled.Signed-off-by: Marco Elver
Suggested-by: Qian Cai
Signed-off-by: Paul E. McKenney -
Add option to allow interrupts while a watchpoint is set up. This can be
enabled either via CONFIG_KCSAN_INTERRUPT_WATCHER or via the boot
parameter 'kcsan.interrupt_watcher=1'.Note that, currently not all safe per-CPU access primitives and patterns
are accounted for, which could result in false positives. For example,
asm-generic/percpu.h uses plain operations, which by default are
instrumented. On interrupts and subsequent accesses to the same
variable, KCSAN would currently report a data race with this option.Therefore, this option should currently remain disabled by default, but
may be enabled for specific test scenarios.To avoid new warnings, changes all uses of smp_processor_id() to use the
raw version (as already done in kcsan_found_watchpoint()). The exact SMP
processor id is for informational purposes in the report, and
correctness is not affected.Signed-off-by: Marco Elver
Signed-off-by: Paul E. McKenney
21 Mar, 2020
5 commits
-
The KCSAN_ACCESS_ASSERT access type may be used to introduce dummy reads
and writes to assert certain properties of concurrent code, where bugs
could not be detected as normal data races.For example, a variable that is only meant to be written by a single
CPU, but may be read (without locking) by other CPUs must still be
marked properly to avoid data races. However, concurrent writes,
regardless if WRITE_ONCE() or not, would be a bug. Using
kcsan_check_access(&x, sizeof(x), KCSAN_ACCESS_ASSERT) would allow
catching such bugs.To support KCSAN_ACCESS_ASSERT the following notable changes were made:
* If an access is of type KCSAN_ASSERT_ACCESS, disable various filters
that only apply to data races, so that all races that KCSAN observes are
reported.
* Bug reports that involve an ASSERT access type will be reported as
"KCSAN: assert: race in ..." instead of "data-race"; this will help
more easily distinguish them.
* Update a few comments to just mention 'races' where we do not always
mean pure data races.Signed-off-by: Marco Elver
Signed-off-by: Paul E. McKenney
Signed-off-by: Ingo Molnar -
This patch cleans up the rules of the 'KCSAN' Kconfig option by:
1. implicitly selecting 'STACKTRACE' instead of depending on it;
2. depending on DEBUG_KERNEL, to avoid accidentally turning KCSAN on if
the kernel is not meant to be a debug kernel;
3. updating the short and long summaries.Signed-off-by: Marco Elver
Signed-off-by: Paul E. McKenney
Signed-off-by: Ingo Molnar -
Clarify difference between options KCSAN_IGNORE_ATOMICS and
KCSAN_ASSUME_PLAIN_WRITES_ATOMIC in help text.Signed-off-by: Marco Elver
Signed-off-by: Paul E. McKenney
Signed-off-by: Ingo Molnar -
This adds option KCSAN_ASSUME_PLAIN_WRITES_ATOMIC. If enabled, plain
aligned writes up to word size are assumed to be atomic, and also not
subject to other unsafe compiler optimizations resulting in data races.This option has been enabled by default to reflect current kernel-wide
preferences.Signed-off-by: Marco Elver
Signed-off-by: Paul E. McKenney
Signed-off-by: Ingo Molnar -
KCSAN data-race reports can occur quite frequently, so much so as
to render the system useless. This commit therefore adds support for
time-based rate-limiting KCSAN reports, with the time interval specified
by a new KCSAN_REPORT_ONCE_IN_MS Kconfig option. The default is 3000
milliseconds, also known as three seconds.Because KCSAN must detect data races in allocators and in other contexts
where use of allocation is ill-advised, a fixed-size array is used to
buffer reports during each reporting interval. To reduce the number of
reports lost due to array overflow, this commit stores only one instance
of duplicate reports, which has the benefit of further reducing KCSAN's
console output rate.Reported-by: Qian Cai
Suggested-by: Paul E. McKenney
Signed-off-by: Marco Elver
Signed-off-by: Paul E. McKenney
Signed-off-by: Ingo Molnar
20 Nov, 2019
1 commit
-
Tidy up a few bits:
- Fix typos and grammar, improve wording.
- Remove spurious newlines that are col80 warning artifacts where the
resulting line-break is worse than the disease it's curing.- Use core kernel coding style to improve readability and reduce
spurious code pattern variations.- Use better vertical alignment for structure definitions and initialization
sequences.- Misc other small details.
No change in functionality intended.
Cc: linux-kernel@vger.kernel.org
Cc: Marco Elver
Cc: Paul E. McKenney
Cc: Peter Zijlstra
Cc: Linus Torvalds
Cc: Andrew Morton
Cc: Thomas Gleixner
Cc: Paul E. McKenney
Cc: Will Deacon
Signed-off-by: Ingo Molnar
16 Nov, 2019
1 commit
-
Kernel Concurrency Sanitizer (KCSAN) is a dynamic data-race detector for
kernel space. KCSAN is a sampling watchpoint-based data-race detector.
See the included Documentation/dev-tools/kcsan.rst for more details.This patch adds basic infrastructure, but does not yet enable KCSAN for
any architecture.Signed-off-by: Marco Elver
Acked-by: Paul E. McKenney
Signed-off-by: Paul E. McKenney