From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754221AbbJNPpd (ORCPT ); Wed, 14 Oct 2015 11:45:33 -0400 Received: from e33.co.us.ibm.com ([32.97.110.151]:35035 "EHLO e33.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753727AbbJNPpb (ORCPT ); Wed, 14 Oct 2015 11:45:31 -0400 X-IBM-Helo: d03dlp02.boulder.ibm.com X-IBM-MailFrom: paulmck@linux.vnet.ibm.com X-IBM-RcptTo: linux-kernel@vger.kernel.org;linux-tip-commits@vger.kernel.org Date: Wed, 14 Oct 2015 08:45:32 -0700 From: "Paul E. McKenney" To: tip-bot for Andrey Ryabinin Cc: linux-tip-commits@vger.kernel.org, kasan-dev@googlegroups.com, mingo@kernel.org, kcc@google.com, bp@alien8.de, aryabinin@virtuozzo.com, akpm@linux-foundation.org, dvyukov@google.com, linux-kernel@vger.kernel.org, peterz@infradead.org, luto@amacapital.net, torvalds@linux-foundation.org, tglx@linutronix.de, sasha.levin@oracle.com, dvlasenk@redhat.com, wmglo@dent.med.uni-muenchen.de, andreyknvl@google.com, hpa@zytor.com, glider@google.com Subject: Re: [tip:locking/urgent] compiler, atomics: Provide READ_ONCE_NOCHECK () Message-ID: <20151014154532.GV3910@linux.vnet.ibm.com> Reply-To: paulmck@linux.vnet.ibm.com References: <1444750088-24444-2-git-send-email-aryabinin@virtuozzo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15101415-0009-0000-0000-00000EDC5B97 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 14, 2015 at 08:28:43AM -0700, tip-bot for Andrey Ryabinin wrote: > Commit-ID: 4115ffdf4d6f8986a7abe1dd522c163f599bc0e6 > Gitweb: http://git.kernel.org/tip/4115ffdf4d6f8986a7abe1dd522c163f599bc0e6 > Author: Andrey Ryabinin > AuthorDate: Tue, 13 Oct 2015 18:28:07 +0300 > Committer: Ingo Molnar > CommitDate: Wed, 14 Oct 2015 16:44:06 +0200 > > compiler, atomics: Provide READ_ONCE_NOCHECK() > > Some code may perform racy by design memory reads. This could be > harmless, yet such code may produce KASAN warnings. > > To hide such accesses from KASAN this patch introduces > READ_ONCE_NOCHECK() macro. KASAN will not check the memory > accessed by READ_ONCE_NOCHECK(). > > This patch creates __read_once_size_nocheck() a clone of > __read_once_size_check() (renamed __read_once_size()). > The only difference between them is 'no_sanitized_address' > attribute appended to '*_nocheck' function. This attribute tells > the compiler that instrumentation of memory accesses should not > be applied to that function. We declare it as static > '__maybe_unsed' because GCC is not capable to inline such > function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 > > With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE(). So I add READ_ONCE_NOCHECK() for accesses for which the compiler cannot prove safe address for KASAN's benefit, but READ_ONCE() suffices for the data-race-detection logic in KTSAN, correct? Thanx, Paul > Signed-off-by: Andrey Ryabinin > Cc: Alexander Potapenko > Cc: Andrew Morton > Cc: Andrey Konovalov > Cc: Andy Lutomirski > Cc: Borislav Petkov > Cc: Denys Vlasenko > Cc: Dmitry Vyukov > Cc: Kostya Serebryany > Cc: Linus Torvalds > Cc: Paul E. McKenney > Cc: Peter Zijlstra > Cc: Sasha Levin > Cc: Thomas Gleixner > Cc: Wolfram Gloger > Cc: kasan-dev > Link: http://lkml.kernel.org/r/1444750088-24444-2-git-send-email-aryabinin@virtuozzo.com > Signed-off-by: Ingo Molnar > --- > include/linux/compiler-gcc.h | 13 ++++++++++ > include/linux/compiler.h | 60 ++++++++++++++++++++++++++++++++++---------- > 2 files changed, 60 insertions(+), 13 deletions(-) > > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h > index dfaa7b3..f2a9aec 100644 > --- a/include/linux/compiler-gcc.h > +++ b/include/linux/compiler-gcc.h > @@ -237,12 +237,25 @@ > #define KASAN_ABI_VERSION 3 > #endif > > +#if GCC_VERSION >= 40902 > +/* > + * Tell the compiler that address safety instrumentation (KASAN) > + * should not be applied to that function. > + * Confilcts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 > + */ > +#define __no_sanitize_address __attribute__((no_sanitize_address)) > +#endif > + > #endif /* gcc version >= 40000 specific checks */ > > #if !defined(__noclone) > #define __noclone /* not needed */ > #endif > > +#if !defined(__no_sanitize_address) > +#define __no_sanitize_address > +#endif > + > /* > * A trick to suppress uninitialized variable warning without generating any > * code > diff --git a/include/linux/compiler.h b/include/linux/compiler.h > index c836eb2..aa2ae4c 100644 > --- a/include/linux/compiler.h > +++ b/include/linux/compiler.h > @@ -198,19 +198,42 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); > > #include > > -static __always_inline void __read_once_size(const volatile void *p, void *res, int size) > +#define __READ_ONCE_SIZE \ > +({ \ > + switch (size) { \ > + case 1: *(__u8 *)res = *(volatile __u8 *)p; break; \ > + case 2: *(__u16 *)res = *(volatile __u16 *)p; break; \ > + case 4: *(__u32 *)res = *(volatile __u32 *)p; break; \ > + case 8: *(__u64 *)res = *(volatile __u64 *)p; break; \ > + default: \ > + barrier(); \ > + __builtin_memcpy((void *)res, (const void *)p, size); \ > + barrier(); \ > + } \ > +}) > + > +static __always_inline > +void __read_once_size_check(const volatile void *p, void *res, int size) > { > - switch (size) { > - case 1: *(__u8 *)res = *(volatile __u8 *)p; break; > - case 2: *(__u16 *)res = *(volatile __u16 *)p; break; > - case 4: *(__u32 *)res = *(volatile __u32 *)p; break; > - case 8: *(__u64 *)res = *(volatile __u64 *)p; break; > - default: > - barrier(); > - __builtin_memcpy((void *)res, (const void *)p, size); > - barrier(); > - } > + __READ_ONCE_SIZE; > +} > + > +#ifdef CONFIG_KASAN > +/* > + * This function is not 'inline' because __no_sanitize_address confilcts > + * with inlining. Attempt to inline it may cause a build failure. > + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 > + * '__maybe_unused' allows us to avoid defined-but-not-used warnings. > + */ > +static __no_sanitize_address __maybe_unused > +void __read_once_size_nocheck(const volatile void *p, void *res, int size) > +{ > + __READ_ONCE_SIZE; > } > +#else > +static __always_inline __alias(__read_once_size_check) > +void __read_once_size_nocheck(const volatile void *p, void *res, int size); > +#endif > > static __always_inline void __write_once_size(volatile void *p, void *res, int size) > { > @@ -248,8 +271,19 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s > * required ordering. > */ > > -#define READ_ONCE(x) \ > - ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), __u.__c, sizeof(x)); __u.__val; }) > +#define __READ_ONCE(x, check) \ > +({ \ > + union { typeof(x) __val; char __c[1]; } __u; \ > + __read_once_size##check(&(x), __u.__c, sizeof(x)); \ > + __u.__val; \ > +}) > +#define READ_ONCE(x) __READ_ONCE(x, _check) > + > +/* > + * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need > + * to hide memory access from KASAN. > + */ > +#define READ_ONCE_NOCHECK(x) __READ_ONCE(x, _nocheck) > > #define WRITE_ONCE(x, val) \ > ({ \ >