From: Mark Rutland <mark.rutland@arm.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: peterz@infradead.org, mingo@redhat.com, will.deacon@arm.com,
hpa@zytor.com, aryabinin@virtuozzo.com,
kasan-dev@googlegroups.com, x86@kernel.org,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org
Subject: Re: [PATCH v4 7/7] asm-generic, x86: add comments for atomic instrumentation
Date: Mon, 19 Jun 2017 11:54:11 +0100 [thread overview]
Message-ID: <20170619105410.GG10246@leverpostej> (raw)
In-Reply-To: <fa8b171bcbddc84d7ec69fe26cd272841c0171b9.1497690003.git.dvyukov@google.com>
On Sat, Jun 17, 2017 at 11:15:33AM +0200, Dmitry Vyukov wrote:
> The comments are factored out from the code changes to make them
> easier to read. Add them separately to explain some non-obvious
> aspects.
>
> Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: kasan-dev@googlegroups.com
> Cc: linux-mm@kvack.org
> Cc: linux-kernel@vger.kernel.org
> Cc: x86@kernel.org
>
The comments look sane to me.
When arm64 support comes round, it would be nice to instrument
cmpxchg_double(), since I think we're not affected by the compiler
issue. We can solve that as and when.
FWIW:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> ---
>
> Changes since v3:
> - rephrase comment in arch_atomic_read()
> ---
> arch/x86/include/asm/atomic.h | 4 ++++
> include/asm-generic/atomic-instrumented.h | 30 ++++++++++++++++++++++++++++++
> 2 files changed, 34 insertions(+)
>
> diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
> index 304f4f676cce..219c49b4d3aa 100644
> --- a/arch/x86/include/asm/atomic.h
> +++ b/arch/x86/include/asm/atomic.h
> @@ -23,6 +23,10 @@
> */
> static __always_inline int arch_atomic_read(const atomic_t *v)
> {
> + /*
> + * Note for KASAN: we deliberately don't use READ_ONCE_NOCHECK() here,
> + * it's non-inlined function that increases binary size and stack usage.
> + */
> return READ_ONCE((v)->counter);
> }
>
> diff --git a/include/asm-generic/atomic-instrumented.h b/include/asm-generic/atomic-instrumented.h
> index a0f5b7525bb2..5771439e7a31 100644
> --- a/include/asm-generic/atomic-instrumented.h
> +++ b/include/asm-generic/atomic-instrumented.h
> @@ -1,3 +1,15 @@
> +/*
> + * This file provides wrappers with KASAN instrumentation for atomic operations.
> + * To use this functionality an arch's atomic.h file needs to define all
> + * atomic operations with arch_ prefix (e.g. arch_atomic_read()) and include
> + * this file at the end. This file provides atomic_read() that forwards to
> + * arch_atomic_read() for actual atomic operation.
> + * Note: if an arch atomic operation is implemented by means of other atomic
> + * operations (e.g. atomic_read()/atomic_cmpxchg() loop), then it needs to use
> + * arch_ variants (i.e. arch_atomic_read()/arch_atomic_cmpxchg()) to avoid
> + * double instrumentation.
> + */
> +
> #ifndef _LINUX_ATOMIC_INSTRUMENTED_H
> #define _LINUX_ATOMIC_INSTRUMENTED_H
>
> @@ -336,6 +348,15 @@ static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)
> return arch_atomic64_add_negative(i, v);
> }
>
> +/*
> + * In the following macros we need to be careful to not clash with arch_ macros.
> + * arch_xchg() can be defined as an extended statement expression as well,
> + * if we define a __ptr variable, and arch_xchg() also defines __ptr variable,
> + * and we pass __ptr as an argument to arch_xchg(), it will use own __ptr
> + * instead of ours. This leads to unpleasant crashes. To avoid the problem
> + * the following macros declare variables with lots of underscores.
> + */
> +
> #define cmpxchg(ptr, old, new) \
> ({ \
> __typeof__(ptr) ___ptr = (ptr); \
> @@ -371,6 +392,15 @@ static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)
> arch_cmpxchg64_local(____ptr, (old), (new)); \
> })
>
> +/*
> + * Originally we had the following code here:
> + * __typeof__(p1) ____p1 = (p1);
> + * kasan_check_write(____p1, 2 * sizeof(*____p1));
> + * arch_cmpxchg_double(____p1, (p2), (o1), (o2), (n1), (n2));
> + * But it leads to compilation failures (see gcc issue 72873).
> + * So for now it's left non-instrumented.
> + * There are few callers of cmpxchg_double(), so it's not critical.
> + */
> #define cmpxchg_double(p1, p2, o1, o2, n1, n2) \
> ({ \
> arch_cmpxchg_double((p1), (p2), (o1), (o2), (n1), (n2)); \
> --
> 2.13.1.518.g3df882009-goog
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: peterz@infradead.org, mingo@redhat.com, will.deacon@arm.com,
hpa@zytor.com, aryabinin@virtuozzo.com,
kasan-dev@googlegroups.com, x86@kernel.org,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org
Subject: Re: [PATCH v4 7/7] asm-generic, x86: add comments for atomic instrumentation
Date: Mon, 19 Jun 2017 11:54:11 +0100 [thread overview]
Message-ID: <20170619105410.GG10246@leverpostej> (raw)
In-Reply-To: <fa8b171bcbddc84d7ec69fe26cd272841c0171b9.1497690003.git.dvyukov@google.com>
On Sat, Jun 17, 2017 at 11:15:33AM +0200, Dmitry Vyukov wrote:
> The comments are factored out from the code changes to make them
> easier to read. Add them separately to explain some non-obvious
> aspects.
>
> Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: kasan-dev@googlegroups.com
> Cc: linux-mm@kvack.org
> Cc: linux-kernel@vger.kernel.org
> Cc: x86@kernel.org
>
The comments look sane to me.
When arm64 support comes round, it would be nice to instrument
cmpxchg_double(), since I think we're not affected by the compiler
issue. We can solve that as and when.
FWIW:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> ---
>
> Changes since v3:
> - rephrase comment in arch_atomic_read()
> ---
> arch/x86/include/asm/atomic.h | 4 ++++
> include/asm-generic/atomic-instrumented.h | 30 ++++++++++++++++++++++++++++++
> 2 files changed, 34 insertions(+)
>
> diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
> index 304f4f676cce..219c49b4d3aa 100644
> --- a/arch/x86/include/asm/atomic.h
> +++ b/arch/x86/include/asm/atomic.h
> @@ -23,6 +23,10 @@
> */
> static __always_inline int arch_atomic_read(const atomic_t *v)
> {
> + /*
> + * Note for KASAN: we deliberately don't use READ_ONCE_NOCHECK() here,
> + * it's non-inlined function that increases binary size and stack usage.
> + */
> return READ_ONCE((v)->counter);
> }
>
> diff --git a/include/asm-generic/atomic-instrumented.h b/include/asm-generic/atomic-instrumented.h
> index a0f5b7525bb2..5771439e7a31 100644
> --- a/include/asm-generic/atomic-instrumented.h
> +++ b/include/asm-generic/atomic-instrumented.h
> @@ -1,3 +1,15 @@
> +/*
> + * This file provides wrappers with KASAN instrumentation for atomic operations.
> + * To use this functionality an arch's atomic.h file needs to define all
> + * atomic operations with arch_ prefix (e.g. arch_atomic_read()) and include
> + * this file at the end. This file provides atomic_read() that forwards to
> + * arch_atomic_read() for actual atomic operation.
> + * Note: if an arch atomic operation is implemented by means of other atomic
> + * operations (e.g. atomic_read()/atomic_cmpxchg() loop), then it needs to use
> + * arch_ variants (i.e. arch_atomic_read()/arch_atomic_cmpxchg()) to avoid
> + * double instrumentation.
> + */
> +
> #ifndef _LINUX_ATOMIC_INSTRUMENTED_H
> #define _LINUX_ATOMIC_INSTRUMENTED_H
>
> @@ -336,6 +348,15 @@ static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)
> return arch_atomic64_add_negative(i, v);
> }
>
> +/*
> + * In the following macros we need to be careful to not clash with arch_ macros.
> + * arch_xchg() can be defined as an extended statement expression as well,
> + * if we define a __ptr variable, and arch_xchg() also defines __ptr variable,
> + * and we pass __ptr as an argument to arch_xchg(), it will use own __ptr
> + * instead of ours. This leads to unpleasant crashes. To avoid the problem
> + * the following macros declare variables with lots of underscores.
> + */
> +
> #define cmpxchg(ptr, old, new) \
> ({ \
> __typeof__(ptr) ___ptr = (ptr); \
> @@ -371,6 +392,15 @@ static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)
> arch_cmpxchg64_local(____ptr, (old), (new)); \
> })
>
> +/*
> + * Originally we had the following code here:
> + * __typeof__(p1) ____p1 = (p1);
> + * kasan_check_write(____p1, 2 * sizeof(*____p1));
> + * arch_cmpxchg_double(____p1, (p2), (o1), (o2), (n1), (n2));
> + * But it leads to compilation failures (see gcc issue 72873).
> + * So for now it's left non-instrumented.
> + * There are few callers of cmpxchg_double(), so it's not critical.
> + */
> #define cmpxchg_double(p1, p2, o1, o2, n1, n2) \
> ({ \
> arch_cmpxchg_double((p1), (p2), (o1), (o2), (n1), (n2)); \
> --
> 2.13.1.518.g3df882009-goog
>
next prev parent reply other threads:[~2017-06-19 10:55 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-17 9:15 [PATCH v4 0/7] x86, kasan: add KASAN checks to atomic operations Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 1/7] x86: un-macro-ify atomic ops implementation Dmitry Vyukov
2017-06-22 11:04 ` [tip:locking/core] locking/atomic/x86: Un-macro-ify " tip-bot for Dmitry Vyukov
2017-07-25 13:54 ` tip-bot for Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 2/7] x86: use s64* for old arg of atomic64_try_cmpxchg() Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-22 11:04 ` [tip:locking/core] locking/atomic/x86: Use 's64 *' for 'old' argument " tip-bot for Dmitry Vyukov
2017-07-25 13:55 ` tip-bot for Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 3/7] asm-generic: add atomic-instrumented.h Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-19 10:50 ` Mark Rutland
2017-06-19 10:50 ` Mark Rutland
2017-06-22 11:05 ` [tip:locking/core] locking/atomic: Add asm-generic/atomic-instrumented.h tip-bot for Dmitry Vyukov
2018-03-12 12:23 ` [tip:locking/core] locking/atomic, asm-generic: " tip-bot for Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 4/7] x86: switch atomic.h to use atomic-instrumented.h Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 5/7] kasan: allow kasan_check_read/write() to accept pointers to volatiles Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-19 10:50 ` Mark Rutland
2017-06-19 10:50 ` Mark Rutland
2017-06-19 13:11 ` Dmitry Vyukov
2017-06-19 13:11 ` Dmitry Vyukov
2017-06-22 8:25 ` Ingo Molnar
2017-06-22 8:25 ` Ingo Molnar
2017-06-22 14:15 ` Dmitry Vyukov
2017-06-22 14:15 ` Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 6/7] asm-generic: add KASAN instrumentation to atomic operations Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-19 10:51 ` Mark Rutland
2017-06-19 10:51 ` Mark Rutland
2017-06-17 9:15 ` [PATCH v4 7/7] asm-generic, x86: add comments for atomic instrumentation Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-19 10:54 ` Mark Rutland [this message]
2017-06-19 10:54 ` Mark Rutland
-- strict thread matches above, loose matches on Subject: below --
2018-01-29 17:26 [PATCH v6 0/4] x86, kasan: add KASAN checks to atomic operations Dmitry Vyukov
2018-01-29 17:26 ` [PATCH v6 1/4] locking/atomic: Add asm-generic/atomic-instrumented.h Dmitry Vyukov
2018-01-29 17:26 ` Dmitry Vyukov
2018-01-29 17:26 ` [PATCH v6 2/4] x86: switch atomic.h to use atomic-instrumented.h Dmitry Vyukov
2018-01-29 17:26 ` Dmitry Vyukov
2018-03-12 12:24 ` [tip:locking/core] locking/atomic/x86: Switch " tip-bot for Dmitry Vyukov
2018-01-29 17:26 ` [PATCH v6 3/4] asm-generic: add KASAN instrumentation to atomic operations Dmitry Vyukov
2018-01-29 17:26 ` Dmitry Vyukov
2018-03-12 12:24 ` [tip:locking/core] locking/atomic, asm-generic: Add " tip-bot for Dmitry Vyukov
2018-01-29 17:26 ` [PATCH v6 4/4] asm-generic, x86: add comments for atomic instrumentation Dmitry Vyukov
2018-01-29 17:26 ` Dmitry Vyukov
2018-03-12 12:25 ` [tip:locking/core] locking/atomic, asm-generic, x86: Add " tip-bot for Dmitry Vyukov
2018-01-30 9:23 ` [PATCH v6 0/4] x86, kasan: add KASAN checks to atomic operations Dmitry Vyukov
2018-01-30 9:27 ` Dmitry Vyukov
2018-01-30 15:36 ` Will Deacon
2018-01-31 7:28 ` Ingo Molnar
2018-01-31 8:53 ` Dmitry Vyukov
2018-01-31 16:17 ` Will Deacon
2018-02-07 14:17 ` Dmitry Vyukov
2018-02-20 10:40 ` Dmitry Vyukov
2018-02-26 12:52 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170619105410.GG10246@leverpostej \
--to=mark.rutland@arm.com \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=dvyukov@google.com \
--cc=hpa@zytor.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.