From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: tip-bot for Andrey Ryabinin <tipbot@zytor.com>,
linux-tip-commits@vger.kernel.org,
kasan-dev <kasan-dev@googlegroups.com>,
Ingo Molnar <mingo@kernel.org>,
Kostya Serebryany <kcc@google.com>,
Borislav Petkov <bp@alien8.de>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Andrew Morton <akpm@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@amacapital.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Sasha Levin <sasha.levin@oracle.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>,
Andrey Konovalov <andreyknvl@google.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Alexander Potapenko <glider@google.com>
Subject: Re: [tip:locking/urgent] compiler, atomics: Provide READ_ONCE_NOCHECK ()
Date: Wed, 14 Oct 2015 09:01:46 -0700 [thread overview]
Message-ID: <20151014160146.GW3910@linux.vnet.ibm.com> (raw)
In-Reply-To: <CACT4Y+bEYJJR+CRdngiprjQJ6ykDfsYS3jQL4sTPF1=BoQLvdg@mail.gmail.com>
On Wed, Oct 14, 2015 at 05:50:34PM +0200, Dmitry Vyukov wrote:
> On Wed, Oct 14, 2015 at 5:45 PM, Paul E. McKenney
> <paulmck@linux.vnet.ibm.com> wrote:
> > On Wed, Oct 14, 2015 at 08:28:43AM -0700, tip-bot for Andrey Ryabinin wrote:
> >> Commit-ID: 4115ffdf4d6f8986a7abe1dd522c163f599bc0e6
> >> Gitweb: http://git.kernel.org/tip/4115ffdf4d6f8986a7abe1dd522c163f599bc0e6
> >> Author: Andrey Ryabinin <aryabinin@virtuozzo.com>
> >> AuthorDate: Tue, 13 Oct 2015 18:28:07 +0300
> >> Committer: Ingo Molnar <mingo@kernel.org>
> >> CommitDate: Wed, 14 Oct 2015 16:44:06 +0200
> >>
> >> compiler, atomics: Provide READ_ONCE_NOCHECK()
> >>
> >> Some code may perform racy by design memory reads. This could be
> >> harmless, yet such code may produce KASAN warnings.
> >>
> >> To hide such accesses from KASAN this patch introduces
> >> READ_ONCE_NOCHECK() macro. KASAN will not check the memory
> >> accessed by READ_ONCE_NOCHECK().
> >>
> >> This patch creates __read_once_size_nocheck() a clone of
> >> __read_once_size_check() (renamed __read_once_size()).
> >> The only difference between them is 'no_sanitized_address'
> >> attribute appended to '*_nocheck' function. This attribute tells
> >> the compiler that instrumentation of memory accesses should not
> >> be applied to that function. We declare it as static
> >> '__maybe_unsed' because GCC is not capable to inline such
> >> function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
> >>
> >> With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE().
> >
> > So I add READ_ONCE_NOCHECK() for accesses for which the compiler cannot
> > prove safe address for KASAN's benefit, but READ_ONCE() suffices for
> > the data-race-detection logic in KTSAN, correct?
>
> KTSAN also needs READ_ONCE_NOCHECK() here. KTSAN will flag races
> between get_wchan() and the thread accesses to own stack even more
> aggressively than KASAN, because KTSAN won't like get_wchan() accesses
> even to non-poisoned areas of other thread stack.
So to keep KTSAN happy, any read from some other thread's stack requires
READ_ONCE_NOCHECK()? What if the access is via a locking primitive or
read-modify-write atomic operation?
This is of some interest in RCU, which implements synchronous grace
periods using completions that are allocated on the calling task's stack
and manipulated by RCU callbacks that are likely executing elsewhere.
Thanx, Paul
> >> Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
> >> Cc: Alexander Potapenko <glider@google.com>
> >> Cc: Andrew Morton <akpm@linux-foundation.org>
> >> Cc: Andrey Konovalov <andreyknvl@google.com>
> >> Cc: Andy Lutomirski <luto@amacapital.net>
> >> Cc: Borislav Petkov <bp@alien8.de>
> >> Cc: Denys Vlasenko <dvlasenk@redhat.com>
> >> Cc: Dmitry Vyukov <dvyukov@google.com>
> >> Cc: Kostya Serebryany <kcc@google.com>
> >> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> >> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
> >> Cc: Peter Zijlstra <peterz@infradead.org>
> >> Cc: Sasha Levin <sasha.levin@oracle.com>
> >> Cc: Thomas Gleixner <tglx@linutronix.de>
> >> Cc: Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
> >> Cc: kasan-dev <kasan-dev@googlegroups.com>
> >> Link: http://lkml.kernel.org/r/1444750088-24444-2-git-send-email-aryabinin@virtuozzo.com
> >> Signed-off-by: Ingo Molnar <mingo@kernel.org>
> >> ---
> >> include/linux/compiler-gcc.h | 13 ++++++++++
> >> include/linux/compiler.h | 60 ++++++++++++++++++++++++++++++++++----------
> >> 2 files changed, 60 insertions(+), 13 deletions(-)
> >>
> >> diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
> >> index dfaa7b3..f2a9aec 100644
> >> --- a/include/linux/compiler-gcc.h
> >> +++ b/include/linux/compiler-gcc.h
> >> @@ -237,12 +237,25 @@
> >> #define KASAN_ABI_VERSION 3
> >> #endif
> >>
> >> +#if GCC_VERSION >= 40902
> >> +/*
> >> + * Tell the compiler that address safety instrumentation (KASAN)
> >> + * should not be applied to that function.
> >> + * Confilcts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
> >> + */
> >> +#define __no_sanitize_address __attribute__((no_sanitize_address))
> >> +#endif
> >> +
> >> #endif /* gcc version >= 40000 specific checks */
> >>
> >> #if !defined(__noclone)
> >> #define __noclone /* not needed */
> >> #endif
> >>
> >> +#if !defined(__no_sanitize_address)
> >> +#define __no_sanitize_address
> >> +#endif
> >> +
> >> /*
> >> * A trick to suppress uninitialized variable warning without generating any
> >> * code
> >> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> >> index c836eb2..aa2ae4c 100644
> >> --- a/include/linux/compiler.h
> >> +++ b/include/linux/compiler.h
> >> @@ -198,19 +198,42 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
> >>
> >> #include <uapi/linux/types.h>
> >>
> >> -static __always_inline void __read_once_size(const volatile void *p, void *res, int size)
> >> +#define __READ_ONCE_SIZE \
> >> +({ \
> >> + switch (size) { \
> >> + case 1: *(__u8 *)res = *(volatile __u8 *)p; break; \
> >> + case 2: *(__u16 *)res = *(volatile __u16 *)p; break; \
> >> + case 4: *(__u32 *)res = *(volatile __u32 *)p; break; \
> >> + case 8: *(__u64 *)res = *(volatile __u64 *)p; break; \
> >> + default: \
> >> + barrier(); \
> >> + __builtin_memcpy((void *)res, (const void *)p, size); \
> >> + barrier(); \
> >> + } \
> >> +})
> >> +
> >> +static __always_inline
> >> +void __read_once_size_check(const volatile void *p, void *res, int size)
> >> {
> >> - switch (size) {
> >> - case 1: *(__u8 *)res = *(volatile __u8 *)p; break;
> >> - case 2: *(__u16 *)res = *(volatile __u16 *)p; break;
> >> - case 4: *(__u32 *)res = *(volatile __u32 *)p; break;
> >> - case 8: *(__u64 *)res = *(volatile __u64 *)p; break;
> >> - default:
> >> - barrier();
> >> - __builtin_memcpy((void *)res, (const void *)p, size);
> >> - barrier();
> >> - }
> >> + __READ_ONCE_SIZE;
> >> +}
> >> +
> >> +#ifdef CONFIG_KASAN
> >> +/*
> >> + * This function is not 'inline' because __no_sanitize_address confilcts
> >> + * with inlining. Attempt to inline it may cause a build failure.
> >> + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
> >> + * '__maybe_unused' allows us to avoid defined-but-not-used warnings.
> >> + */
> >> +static __no_sanitize_address __maybe_unused
> >> +void __read_once_size_nocheck(const volatile void *p, void *res, int size)
> >> +{
> >> + __READ_ONCE_SIZE;
> >> }
> >> +#else
> >> +static __always_inline __alias(__read_once_size_check)
> >> +void __read_once_size_nocheck(const volatile void *p, void *res, int size);
> >> +#endif
> >>
> >> static __always_inline void __write_once_size(volatile void *p, void *res, int size)
> >> {
> >> @@ -248,8 +271,19 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
> >> * required ordering.
> >> */
> >>
> >> -#define READ_ONCE(x) \
> >> - ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), __u.__c, sizeof(x)); __u.__val; })
> >> +#define __READ_ONCE(x, check) \
> >> +({ \
> >> + union { typeof(x) __val; char __c[1]; } __u; \
> >> + __read_once_size##check(&(x), __u.__c, sizeof(x)); \
> >> + __u.__val; \
> >> +})
> >> +#define READ_ONCE(x) __READ_ONCE(x, _check)
> >> +
> >> +/*
> >> + * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need
> >> + * to hide memory access from KASAN.
> >> + */
> >> +#define READ_ONCE_NOCHECK(x) __READ_ONCE(x, _nocheck)
> >>
> >> #define WRITE_ONCE(x, val) \
> >> ({ \
> >>
> >
> > --
> > You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> > To post to this group, send email to kasan-dev@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20151014154532.GV3910%40linux.vnet.ibm.com.
> > For more options, visit https://groups.google.com/d/optout.
>
next prev parent reply other threads:[~2015-10-14 16:01 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-13 12:35 [PATCH v2 0/2] Silence KASAN warnings in get_wchan() Andrey Ryabinin
2015-10-13 12:35 ` [PATCH v2 1/2] Provide READ_ONCE_NOCHECK() Andrey Ryabinin
2015-10-13 14:16 ` Ingo Molnar
2015-10-13 16:02 ` kbuild test robot
2015-10-13 16:31 ` Andrey Ryabinin
2015-10-14 13:40 ` Ingo Molnar
2015-10-14 14:11 ` Andrey Ryabinin
2015-10-13 12:35 ` [PATCH v2 2/2] x86/process: Silence KASAN warnings in get_wchan() Andrey Ryabinin
2015-10-13 13:48 ` Ingo Molnar
2015-10-13 13:57 ` Andrey Ryabinin
2015-10-13 13:57 ` Dmitry Vyukov
2015-10-13 14:15 ` Andrey Ryabinin
2015-10-13 14:19 ` Ingo Molnar
2015-10-13 15:28 ` [PATCH v3 0/2] " Andrey Ryabinin
2015-10-13 15:28 ` [PATCH v3 1/2] Provide READ_ONCE_NOCHECK() Andrey Ryabinin
2015-10-14 15:28 ` [tip:locking/urgent] compiler, atomics: Provide READ_ONCE_NOCHECK () tip-bot for Andrey Ryabinin
2015-10-14 15:45 ` Paul E. McKenney
2015-10-14 15:50 ` Dmitry Vyukov
2015-10-14 16:01 ` Paul E. McKenney [this message]
2015-10-14 16:08 ` Dmitry Vyukov
2015-10-14 16:16 ` Peter Zijlstra
2015-10-14 16:18 ` Dmitry Vyukov
2015-10-14 16:20 ` Peter Zijlstra
2015-10-14 16:23 ` Andy Lutomirski
2015-10-14 16:34 ` Peter Zijlstra
2015-10-14 17:48 ` Ingo Molnar
2015-10-14 17:57 ` Andy Lutomirski
2015-10-14 16:34 ` Dmitry Vyukov
2015-10-14 16:54 ` Peter Zijlstra
2015-10-14 16:20 ` Paul E. McKenney
2015-10-14 16:32 ` Dmitry Vyukov
2015-10-14 17:04 ` Paul E. McKenney
2015-10-14 17:23 ` Dmitry Vyukov
2015-10-14 17:34 ` Paul E. McKenney
2015-10-14 16:19 ` Andrey Ryabinin
2015-10-14 16:29 ` Dmitry Vyukov
2015-10-14 17:06 ` Paul E. McKenney
2015-10-15 9:18 ` linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK()) Stephen Rothwell
2015-10-15 9:18 ` Stephen Rothwell
2015-10-15 10:03 ` Andrey Ryabinin
2015-10-15 10:03 ` Andrey Ryabinin
2015-10-15 10:19 ` [PATCH] compiler, READ_ONCE: Fix build failure with some older GCC Andrey Ryabinin
2015-10-15 10:19 ` Andrey Ryabinin
2015-10-15 11:30 ` Ingo Molnar
2015-10-13 15:28 ` [PATCH v3 2/2] x86/process: Silence KASAN warnings in get_wchan() Andrey Ryabinin
2015-10-14 15:29 ` [tip:locking/urgent] x86/mm: Silence KASAN warnings in get_wchan( ) tip-bot for Andrey Ryabinin
2015-10-16 9:44 ` [PATCH v4 0/2] Andrey Ryabinin
2015-10-16 9:44 ` [PATCH v4 1/2] compiler, atomics: Provide READ_ONCE_NOKSAN() Andrey Ryabinin
2015-10-16 10:00 ` Peter Zijlstra
2015-10-16 10:54 ` Andrey Ryabinin
2015-10-16 11:08 ` Peter Zijlstra
2015-10-16 10:33 ` Borislav Petkov
2015-10-16 11:58 ` Andrey Ryabinin
2015-10-18 7:24 ` Ingo Molnar
2015-10-16 16:05 ` Paul E. McKenney
2015-10-16 9:44 ` [PATCH v4 2/2] x86/mm: Silence KASAN warnings in get_wchan() Andrey Ryabinin
2015-10-16 9:47 ` [PATCH v4 0/2] " Andrey Ryabinin
2015-10-19 8:37 ` [PATCH v5 " Andrey Ryabinin
2015-10-19 8:37 ` [PATCH v5 1/2] compiler, atomics: Provide READ_ONCE_NOCHECK() Andrey Ryabinin
2015-10-20 9:37 ` [tip:x86/urgent] compiler, atomics, kasan: " tip-bot for Andrey Ryabinin
2015-10-19 8:37 ` [PATCH v5 2/2] x86/mm: Silence KASAN warnings in get_wchan() Andrey Ryabinin
2015-10-20 9:37 ` [tip:x86/urgent] x86/mm, kasan: " tip-bot for Andrey Ryabinin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151014160146.GW3910@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=dvlasenk@redhat.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=kasan-dev@googlegroups.com \
--cc=kcc@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=sasha.levin@oracle.com \
--cc=tglx@linutronix.de \
--cc=tipbot@zytor.com \
--cc=torvalds@linux-foundation.org \
--cc=wmglo@dent.med.uni-muenchen.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.