diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-05-13 10:13:39 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-05-13 10:13:39 -0700 |
| commit | c07ea940a011343fdaec12cd74b4ff947ba6f893 (patch) | |
| tree | 2c3f2cba024008409e948d56e29c58697af918f8 | |
| parent | ee20260136095c8037d8f94f0471eb9f7e3da99f (diff) | |
| parent | 31f605a308e627f06e4e6ab77254473f1c90f0bf (diff) | |
| download | linux-c07ea940a011343fdaec12cd74b4ff947ba6f893.tar.gz linux-c07ea940a011343fdaec12cd74b4ff947ba6f893.tar.bz2 linux-c07ea940a011343fdaec12cd74b4ff947ba6f893.zip | |
Merge tag 'kcsan.2024.05.10a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu
Pull kcsan update from Paul McKenney:
"Introduce __data_racy type qualifier
This adds a __data_racy type qualifier that enables kernel developers
to inform KCSAN that a given variable is a shared variable without
needing to mark each and every access.
This allows pre-KCSAN code to be correctly (if approximately)
instrumented withh very little effort, and also provides people
reading the code a clear indication that the variable is in fact
shared.
In addition, it permits incremental transition to per-access KCSAN
marking, so that (for example) a given subsystem can be transitioned
one variable at a time, while avoiding large numbers of KCSAN warnings
during this transition"
* tag 'kcsan.2024.05.10a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu:
kcsan, compiler_types: Introduce __data_racy type qualifier
| -rw-r--r-- | Documentation/dev-tools/kcsan.rst | 10 | ||||
| -rw-r--r-- | include/linux/compiler_types.h | 7 | ||||
| -rw-r--r-- | kernel/kcsan/kcsan_test.c | 17 |
3 files changed, 34 insertions, 0 deletions
diff --git a/Documentation/dev-tools/kcsan.rst b/Documentation/dev-tools/kcsan.rst index 94b6802ab0ab..02143f060b22 100644 --- a/Documentation/dev-tools/kcsan.rst +++ b/Documentation/dev-tools/kcsan.rst @@ -91,6 +91,16 @@ the below options are available: behaviour when encountering a data race is deemed safe. Please see `"Marking Shared-Memory Accesses" in the LKMM`_ for more information. +* Similar to ``data_race(...)``, the type qualifier ``__data_racy`` can be used + to document that all data races due to accesses to a variable are intended + and should be ignored by KCSAN:: + + struct foo { + ... + int __data_racy stats_counter; + ... + }; + * Disabling data race detection for entire functions can be accomplished by using the function attribute ``__no_kcsan``:: diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 8f8236317d5b..774c2570fe51 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -273,9 +273,16 @@ struct ftrace_likely_data { * disable all instrumentation. See Kconfig.kcsan where this is mandatory. */ # define __no_kcsan __no_sanitize_thread __disable_sanitizer_instrumentation +/* + * Type qualifier to mark variables where all data-racy accesses should be + * ignored by KCSAN. Note, the implementation simply marks these variables as + * volatile, since KCSAN will treat such accesses as "marked". + */ +# define __data_racy volatile # define __no_sanitize_or_inline __no_kcsan notrace __maybe_unused #else # define __no_kcsan +# define __data_racy #endif #ifdef __SANITIZE_MEMORY__ diff --git a/kernel/kcsan/kcsan_test.c b/kernel/kcsan/kcsan_test.c index 015586217875..0c17b4c83e1c 100644 --- a/kernel/kcsan/kcsan_test.c +++ b/kernel/kcsan/kcsan_test.c @@ -304,6 +304,7 @@ static long test_array[3 * PAGE_SIZE / sizeof(long)]; static struct { long val[8]; } test_struct; +static long __data_racy test_data_racy; static DEFINE_SEQLOCK(test_seqlock); static DEFINE_SPINLOCK(test_spinlock); static DEFINE_MUTEX(test_mutex); @@ -358,6 +359,8 @@ static noinline void test_kernel_write_uninstrumented(void) { test_var++; } static noinline void test_kernel_data_race(void) { data_race(test_var++); } +static noinline void test_kernel_data_racy_qualifier(void) { test_data_racy++; } + static noinline void test_kernel_assert_writer(void) { ASSERT_EXCLUSIVE_WRITER(test_var); @@ -1009,6 +1012,19 @@ static void test_data_race(struct kunit *test) KUNIT_EXPECT_FALSE(test, match_never); } +/* Test the __data_racy type qualifier. */ +__no_kcsan +static void test_data_racy_qualifier(struct kunit *test) +{ + bool match_never = false; + + begin_test_checks(test_kernel_data_racy_qualifier, test_kernel_data_racy_qualifier); + do { + match_never = report_available(); + } while (!end_test_checks(match_never)); + KUNIT_EXPECT_FALSE(test, match_never); +} + __no_kcsan static void test_assert_exclusive_writer(struct kunit *test) { @@ -1424,6 +1440,7 @@ static struct kunit_case kcsan_test_cases[] = { KCSAN_KUNIT_CASE(test_read_plain_atomic_rmw), KCSAN_KUNIT_CASE(test_zero_size_access), KCSAN_KUNIT_CASE(test_data_race), + KCSAN_KUNIT_CASE(test_data_racy_qualifier), KCSAN_KUNIT_CASE(test_assert_exclusive_writer), KCSAN_KUNIT_CASE(test_assert_exclusive_access), KCSAN_KUNIT_CASE(test_assert_exclusive_access_writer), |