* [PATCH v3 1/5] powerpc: kcsan: Add exclusions from instrumentation
2023-02-06 2:17 [PATCH v3 0/5] powerpc: Add KCSAN support Rohan McLure
@ 2023-02-06 2:17 ` Rohan McLure
2023-02-06 2:17 ` [PATCH v3 2/5] powerpc: kcsan: Exclude udelay to prevent recursive instrumentation Rohan McLure
` (5 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: Rohan McLure @ 2023-02-06 2:17 UTC (permalink / raw)
To: linuxppc-dev; +Cc: Rohan McLure, npiggin
Exclude various incompatible compilation units from KCSAN
instrumentation.
Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
---
arch/powerpc/kernel/Makefile | 10 ++++++++++
arch/powerpc/kernel/trace/Makefile | 1 +
arch/powerpc/kernel/vdso/Makefile | 1 +
arch/powerpc/lib/Makefile | 2 ++
arch/powerpc/purgatory/Makefile | 1 +
arch/powerpc/xmon/Makefile | 1 +
6 files changed, 16 insertions(+)
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 9b6146056e48..9bf2be123093 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -54,6 +54,13 @@ CFLAGS_cputable.o += -DDISABLE_BRANCH_PROFILING
CFLAGS_btext.o += -DDISABLE_BRANCH_PROFILING
endif
+KCSAN_SANITIZE_early_32.o := n
+KCSAN_SANITIZE_early_64.o := n
+KCSAN_SANITIZE_cputable.o := n
+KCSAN_SANITIZE_btext.o := n
+KCSAN_SANITIZE_paca.o := n
+KCSAN_SANITIZE_setup_64.o := n
+
#ifdef CONFIG_RANDOMIZE_KSTACK_OFFSET
# Remove stack protector to avoid triggering unneeded stack canary
# checks due to randomize_kstack_offset.
@@ -177,12 +184,15 @@ obj-$(CONFIG_PPC_SECVAR_SYSFS) += secvar-sysfs.o
# Disable GCOV, KCOV & sanitizers in odd or sensitive code
GCOV_PROFILE_prom_init.o := n
KCOV_INSTRUMENT_prom_init.o := n
+KCSAN_SANITIZE_prom_init.o := n
UBSAN_SANITIZE_prom_init.o := n
GCOV_PROFILE_kprobes.o := n
KCOV_INSTRUMENT_kprobes.o := n
+KCSAN_SANITIZE_kprobes.o := n
UBSAN_SANITIZE_kprobes.o := n
GCOV_PROFILE_kprobes-ftrace.o := n
KCOV_INSTRUMENT_kprobes-ftrace.o := n
+KCSAN_SANITIZE_kprobes-ftrace.o := n
UBSAN_SANITIZE_kprobes-ftrace.o := n
GCOV_PROFILE_syscall_64.o := n
KCOV_INSTRUMENT_syscall_64.o := n
diff --git a/arch/powerpc/kernel/trace/Makefile b/arch/powerpc/kernel/trace/Makefile
index af8527538fe4..b16a9f9c0b35 100644
--- a/arch/powerpc/kernel/trace/Makefile
+++ b/arch/powerpc/kernel/trace/Makefile
@@ -23,4 +23,5 @@ obj-$(CONFIG_PPC32) += $(obj32-y)
# Disable GCOV, KCOV & sanitizers in odd or sensitive code
GCOV_PROFILE_ftrace.o := n
KCOV_INSTRUMENT_ftrace.o := n
+KCSAN_SANITIZE_ftrace.o := n
UBSAN_SANITIZE_ftrace.o := n
diff --git a/arch/powerpc/kernel/vdso/Makefile b/arch/powerpc/kernel/vdso/Makefile
index 6a977b0d8ffc..3a2f32929fcf 100644
--- a/arch/powerpc/kernel/vdso/Makefile
+++ b/arch/powerpc/kernel/vdso/Makefile
@@ -46,6 +46,7 @@ GCOV_PROFILE := n
KCOV_INSTRUMENT := n
UBSAN_SANITIZE := n
KASAN_SANITIZE := n
+KCSAN_SANITIZE := n
ccflags-y := -shared -fno-common -fno-builtin -nostdlib -Wl,--hash-style=both
ccflags-$(CONFIG_LD_IS_LLD) += $(call cc-option,--ld-path=$(LD),-fuse-ld=lld)
diff --git a/arch/powerpc/lib/Makefile b/arch/powerpc/lib/Makefile
index 4de71cbf6e8e..c4db459d304a 100644
--- a/arch/powerpc/lib/Makefile
+++ b/arch/powerpc/lib/Makefile
@@ -16,6 +16,8 @@ KASAN_SANITIZE_feature-fixups.o := n
# restart_table.o contains functions called in the NMI interrupt path
# which can be in real mode. Disable KASAN.
KASAN_SANITIZE_restart_table.o := n
+KCSAN_SANITIZE_code-patching.o := n
+KCSAN_SANITIZE_feature-fixups.o := n
ifdef CONFIG_KASAN
CFLAGS_code-patching.o += -DDISABLE_BRANCH_PROFILING
diff --git a/arch/powerpc/purgatory/Makefile b/arch/powerpc/purgatory/Makefile
index a81d155b89ae..6f5e2727963c 100644
--- a/arch/powerpc/purgatory/Makefile
+++ b/arch/powerpc/purgatory/Makefile
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: GPL-2.0
KASAN_SANITIZE := n
+KCSAN_SANITIZE := n
targets += trampoline_$(BITS).o purgatory.ro
diff --git a/arch/powerpc/xmon/Makefile b/arch/powerpc/xmon/Makefile
index eb25d7554ffd..d334de392e6c 100644
--- a/arch/powerpc/xmon/Makefile
+++ b/arch/powerpc/xmon/Makefile
@@ -5,6 +5,7 @@ GCOV_PROFILE := n
KCOV_INSTRUMENT := n
UBSAN_SANITIZE := n
KASAN_SANITIZE := n
+KCSAN_SANITIZE := n
# Disable ftrace for the entire directory
ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE)
--
2.37.2
^ permalink raw reply related [flat|nested] 9+ messages in thread* [PATCH v3 2/5] powerpc: kcsan: Exclude udelay to prevent recursive instrumentation
2023-02-06 2:17 [PATCH v3 0/5] powerpc: Add KCSAN support Rohan McLure
2023-02-06 2:17 ` [PATCH v3 1/5] powerpc: kcsan: Add exclusions from instrumentation Rohan McLure
@ 2023-02-06 2:17 ` Rohan McLure
2023-02-06 2:17 ` [PATCH v3 3/5] powerpc: kcsan: Memory barriers semantics Rohan McLure
` (4 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: Rohan McLure @ 2023-02-06 2:17 UTC (permalink / raw)
To: linuxppc-dev; +Cc: Rohan McLure, npiggin
In order for KCSAN to increase its likelihood of observing a data race,
it sets a watchpoint on memory accesses and stalls, allowing for
detection of conflicting accesses by other kernel threads or interrupts.
Stalls are implemented by injecting a call to udelay in instrumented code.
To prevent recursive instrumentation, exclude udelay from being instrumented.
Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
---
arch/powerpc/kernel/time.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c
index d68de3618741..b894029f53db 100644
--- a/arch/powerpc/kernel/time.c
+++ b/arch/powerpc/kernel/time.c
@@ -356,7 +356,7 @@ void vtime_flush(struct task_struct *tsk)
}
#endif /* CONFIG_VIRT_CPU_ACCOUNTING_NATIVE */
-void __delay(unsigned long loops)
+void __no_kcsan __delay(unsigned long loops)
{
unsigned long start;
@@ -377,7 +377,7 @@ void __delay(unsigned long loops)
}
EXPORT_SYMBOL(__delay);
-void udelay(unsigned long usecs)
+void __no_kcsan udelay(unsigned long usecs)
{
__delay(tb_ticks_per_usec * usecs);
}
--
2.37.2
^ permalink raw reply related [flat|nested] 9+ messages in thread* [PATCH v3 3/5] powerpc: kcsan: Memory barriers semantics
2023-02-06 2:17 [PATCH v3 0/5] powerpc: Add KCSAN support Rohan McLure
2023-02-06 2:17 ` [PATCH v3 1/5] powerpc: kcsan: Add exclusions from instrumentation Rohan McLure
2023-02-06 2:17 ` [PATCH v3 2/5] powerpc: kcsan: Exclude udelay to prevent recursive instrumentation Rohan McLure
@ 2023-02-06 2:17 ` Rohan McLure
2023-02-06 2:18 ` [PATCH v3 4/5] powerpc: kcsan: Prevent recursive instrumentation with IRQ save/restores Rohan McLure
` (3 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: Rohan McLure @ 2023-02-06 2:17 UTC (permalink / raw)
To: linuxppc-dev; +Cc: Rohan McLure, npiggin
Annotate memory barriers *mb() with calls to kcsan_mb(), signaling to
compilers supporting KCSAN that the respective memory barrier has been
issued. Rename memory barrier *mb() to __*mb() to opt in for
asm-generic/barrier.h to generate the respective *mb() macro.
Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
---
v2: Implement __smp_mb() in terms of __mb() to avoid duplicate calls to
kcsan_mb()
---
arch/powerpc/include/asm/barrier.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h
index e80b2c0e9315..b95b666f0374 100644
--- a/arch/powerpc/include/asm/barrier.h
+++ b/arch/powerpc/include/asm/barrier.h
@@ -35,9 +35,9 @@
* However, on CPUs that don't support lwsync, lwsync actually maps to a
* heavy-weight sync, so smp_wmb() can be a lighter-weight eieio.
*/
-#define mb() __asm__ __volatile__ ("sync" : : : "memory")
-#define rmb() __asm__ __volatile__ ("sync" : : : "memory")
-#define wmb() __asm__ __volatile__ ("sync" : : : "memory")
+#define __mb() __asm__ __volatile__ ("sync" : : : "memory")
+#define __rmb() __asm__ __volatile__ ("sync" : : : "memory")
+#define __wmb() __asm__ __volatile__ ("sync" : : : "memory")
/* The sub-arch has lwsync */
#if defined(CONFIG_PPC64) || defined(CONFIG_PPC_E500MC)
@@ -51,12 +51,12 @@
/* clang defines this macro for a builtin, which will not work with runtime patching */
#undef __lwsync
#define __lwsync() __asm__ __volatile__ (stringify_in_c(LWSYNC) : : :"memory")
-#define dma_rmb() __lwsync()
-#define dma_wmb() __asm__ __volatile__ (stringify_in_c(SMPWMB) : : :"memory")
+#define __dma_rmb() __lwsync()
+#define __dma_wmb() __asm__ __volatile__ (stringify_in_c(SMPWMB) : : :"memory")
#define __smp_lwsync() __lwsync()
-#define __smp_mb() mb()
+#define __smp_mb() __mb()
#define __smp_rmb() __lwsync()
#define __smp_wmb() __asm__ __volatile__ (stringify_in_c(SMPWMB) : : :"memory")
--
2.37.2
^ permalink raw reply related [flat|nested] 9+ messages in thread* [PATCH v3 4/5] powerpc: kcsan: Prevent recursive instrumentation with IRQ save/restores
2023-02-06 2:17 [PATCH v3 0/5] powerpc: Add KCSAN support Rohan McLure
` (2 preceding siblings ...)
2023-02-06 2:17 ` [PATCH v3 3/5] powerpc: kcsan: Memory barriers semantics Rohan McLure
@ 2023-02-06 2:18 ` Rohan McLure
2023-02-06 2:18 ` [PATCH v3 5/5] powerpc: kcsan: Add KCSAN Support Rohan McLure
` (2 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: Rohan McLure @ 2023-02-06 2:18 UTC (permalink / raw)
To: linuxppc-dev; +Cc: Rohan McLure, npiggin
Instrumented memory accesses provided by KCSAN will access core-local
memories (which will save and restore IRQs) as well as restoring IRQs
directly. Avoid recursive instrumentation by applying __no_kcsan
annotation to IRQ restore routines.
Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
---
arch/powerpc/kernel/irq_64.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/irq_64.c b/arch/powerpc/kernel/irq_64.c
index eb2b380e52a0..3a1e0bffe9e0 100644
--- a/arch/powerpc/kernel/irq_64.c
+++ b/arch/powerpc/kernel/irq_64.c
@@ -97,7 +97,7 @@ static inline bool irq_happened_test_and_clear(u8 irq)
return false;
}
-void replay_soft_interrupts(void)
+__no_kcsan void replay_soft_interrupts(void)
{
struct pt_regs regs;
@@ -185,7 +185,7 @@ void replay_soft_interrupts(void)
}
#if defined(CONFIG_PPC_BOOK3S_64) && defined(CONFIG_PPC_KUAP)
-static inline void replay_soft_interrupts_irqrestore(void)
+__no_kcsan static inline void replay_soft_interrupts_irqrestore(void)
{
unsigned long kuap_state = get_kuap();
@@ -209,7 +209,7 @@ static inline void replay_soft_interrupts_irqrestore(void)
#define replay_soft_interrupts_irqrestore() replay_soft_interrupts()
#endif
-notrace void arch_local_irq_restore(unsigned long mask)
+notrace __no_kcsan void arch_local_irq_restore(unsigned long mask)
{
unsigned char irq_happened;
--
2.37.2
^ permalink raw reply related [flat|nested] 9+ messages in thread* [PATCH v3 5/5] powerpc: kcsan: Add KCSAN Support
2023-02-06 2:17 [PATCH v3 0/5] powerpc: Add KCSAN support Rohan McLure
` (3 preceding siblings ...)
2023-02-06 2:18 ` [PATCH v3 4/5] powerpc: kcsan: Prevent recursive instrumentation with IRQ save/restores Rohan McLure
@ 2023-02-06 2:18 ` Rohan McLure
2023-02-06 8:13 ` Christophe Leroy
2023-02-06 8:12 ` [PATCH v3 0/5] powerpc: Add KCSAN support Christophe Leroy
2023-02-15 12:41 ` Michael Ellerman
6 siblings, 1 reply; 9+ messages in thread
From: Rohan McLure @ 2023-02-06 2:18 UTC (permalink / raw)
To: linuxppc-dev; +Cc: Rohan McLure, npiggin
Enable HAVE_ARCH_KCSAN on all powerpc platforms, permitting use of the
kernel concurrency sanitiser through the CONFIG_KCSAN_* kconfig options.
KCSAN requires compiler builtins __atomic_* 64-bit values, and so only
report support on PPC64.
See documentation in Documentation/dev-tools/kcsan.rst for more
information.
Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
---
v3: Restrict support to 64-bit, as TSAN expects 64-bit __atomic_* compiler
built-ins.
---
arch/powerpc/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index b8c4ac56bddc..55bc2d724c73 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -198,6 +198,7 @@ config PPC
select HAVE_ARCH_KASAN if PPC_RADIX_MMU
select HAVE_ARCH_KASAN if PPC_BOOK3E_64
select HAVE_ARCH_KASAN_VMALLOC if HAVE_ARCH_KASAN
+ select HAVE_ARCH_KCSAN if PPC64
select HAVE_ARCH_KFENCE if ARCH_SUPPORTS_DEBUG_PAGEALLOC
select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
select HAVE_ARCH_KGDB
--
2.37.2
^ permalink raw reply related [flat|nested] 9+ messages in thread* Re: [PATCH v3 5/5] powerpc: kcsan: Add KCSAN Support
2023-02-06 2:18 ` [PATCH v3 5/5] powerpc: kcsan: Add KCSAN Support Rohan McLure
@ 2023-02-06 8:13 ` Christophe Leroy
0 siblings, 0 replies; 9+ messages in thread
From: Christophe Leroy @ 2023-02-06 8:13 UTC (permalink / raw)
To: Rohan McLure, linuxppc-dev@lists.ozlabs.org; +Cc: npiggin@gmail.com
Le 06/02/2023 à 03:18, Rohan McLure a écrit :
> Enable HAVE_ARCH_KCSAN on all powerpc platforms, permitting use of the
> kernel concurrency sanitiser through the CONFIG_KCSAN_* kconfig options.
> KCSAN requires compiler builtins __atomic_* 64-bit values, and so only
> report support on PPC64.
>
> See documentation in Documentation/dev-tools/kcsan.rst for more
> information.
>
> Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
> ---
> v3: Restrict support to 64-bit, as TSAN expects 64-bit __atomic_* compiler
> built-ins.
Support for PPC32 should be kept.
See commit 725aea873261 ("xtensa: enable KCSAN")
xtensa is a 32 bits architecture, they have implemented stubs for 64-bit
atomics.
Maybe those stubs should be made generic by moving them into
kernel/kcsan/ and building them for all 32 bit architectures.
Christophe
> ---
> arch/powerpc/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
> index b8c4ac56bddc..55bc2d724c73 100644
> --- a/arch/powerpc/Kconfig
> +++ b/arch/powerpc/Kconfig
> @@ -198,6 +198,7 @@ config PPC
> select HAVE_ARCH_KASAN if PPC_RADIX_MMU
> select HAVE_ARCH_KASAN if PPC_BOOK3E_64
> select HAVE_ARCH_KASAN_VMALLOC if HAVE_ARCH_KASAN
> + select HAVE_ARCH_KCSAN if PPC64
> select HAVE_ARCH_KFENCE if ARCH_SUPPORTS_DEBUG_PAGEALLOC
> select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
> select HAVE_ARCH_KGDB
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3 0/5] powerpc: Add KCSAN support
2023-02-06 2:17 [PATCH v3 0/5] powerpc: Add KCSAN support Rohan McLure
` (4 preceding siblings ...)
2023-02-06 2:18 ` [PATCH v3 5/5] powerpc: kcsan: Add KCSAN Support Rohan McLure
@ 2023-02-06 8:12 ` Christophe Leroy
2023-02-15 12:41 ` Michael Ellerman
6 siblings, 0 replies; 9+ messages in thread
From: Christophe Leroy @ 2023-02-06 8:12 UTC (permalink / raw)
To: Rohan McLure, linuxppc-dev@lists.ozlabs.org; +Cc: npiggin@gmail.com
Le 06/02/2023 à 03:17, Rohan McLure a écrit :
> Add Kernel Concurrency Sanitiser support for PPC64. Doing so involves
> exclusion of a number of compilation units from instrumentation, as was
> done with KASAN.
>
> KCSAN uses watchpoints on memory accesses to enforce the semantics of
> the Linux kernel memory model, notifying the user of observed data races
> which have not been declared to be intended in source through the
> data_race() macro, in order to remove false positives.
>
> A number of such race conditions are identified. This patch series
> provides support for the instrumentation, with bug fixes as well as
> removal of false positives to be issued in future patches.
>
> v3: Restrict support to PPC64 as kcsan code expects support for
> __atomic* builtins for 64-bit atomic types.
I see no reason to drop support for PPC32.
See commit 725aea873261 ("xtensa: enable KCSAN")
xtensa is a 32 bits architecture, they have implemented stubs for 64-bit
atomics.
Maybe those stubs should be made generic by moving them into
kernel/kcsan/ and building them for all 32 bit architectures.
Christophe
>
> v2: Implement __smp_mb() in terms of __mb() to avoid multiple calls to
> kcsan_mb().
> Link: https://lore.kernel.org/linuxppc-dev/20230201043438.1301212-4-rmclure@linux.ibm.com/
>
> v1: https://lore.kernel.org/linuxppc-dev/20230131234859.1275125-1-rmclure@linux.ibm.com/
>
> Rohan McLure (5):
> powerpc: kcsan: Add exclusions from instrumentation
> powerpc: kcsan: Exclude udelay to prevent recursive instrumentation
> powerpc: kcsan: Memory barriers semantics
> powerpc: kcsan: Prevent recursive instrumentation with IRQ
> save/restores
> powerpc: kcsan: Add KCSAN Support
>
> arch/powerpc/Kconfig | 1 +
> arch/powerpc/include/asm/barrier.h | 12 ++++++------
> arch/powerpc/kernel/Makefile | 10 ++++++++++
> arch/powerpc/kernel/irq_64.c | 6 +++---
> arch/powerpc/kernel/time.c | 4 ++--
> arch/powerpc/kernel/trace/Makefile | 1 +
> arch/powerpc/kernel/vdso/Makefile | 1 +
> arch/powerpc/lib/Makefile | 2 ++
> arch/powerpc/purgatory/Makefile | 1 +
> arch/powerpc/xmon/Makefile | 1 +
> 10 files changed, 28 insertions(+), 11 deletions(-)
>
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [PATCH v3 0/5] powerpc: Add KCSAN support
2023-02-06 2:17 [PATCH v3 0/5] powerpc: Add KCSAN support Rohan McLure
` (5 preceding siblings ...)
2023-02-06 8:12 ` [PATCH v3 0/5] powerpc: Add KCSAN support Christophe Leroy
@ 2023-02-15 12:41 ` Michael Ellerman
6 siblings, 0 replies; 9+ messages in thread
From: Michael Ellerman @ 2023-02-15 12:41 UTC (permalink / raw)
To: linuxppc-dev, Rohan McLure; +Cc: npiggin
On Mon, 6 Feb 2023 13:17:56 +1100, Rohan McLure wrote:
> Add Kernel Concurrency Sanitiser support for PPC64. Doing so involves
> exclusion of a number of compilation units from instrumentation, as was
> done with KASAN.
>
> KCSAN uses watchpoints on memory accesses to enforce the semantics of
> the Linux kernel memory model, notifying the user of observed data races
> which have not been declared to be intended in source through the
> data_race() macro, in order to remove false positives.
>
> [...]
Applied to powerpc/next.
[1/5] powerpc: kcsan: Add exclusions from instrumentation
https://git.kernel.org/powerpc/c/2fb857bc9f9e106439017ed323f522cc785395bb
[2/5] powerpc: kcsan: Exclude udelay to prevent recursive instrumentation
https://git.kernel.org/powerpc/c/2a7ce82dc46c591c9244057d89a6591c9639b9b9
[3/5] powerpc: kcsan: Memory barriers semantics
https://git.kernel.org/powerpc/c/b6e259297a6bffb882d55715284bb5219eefda42
[4/5] powerpc: kcsan: Prevent recursive instrumentation with IRQ save/restores
https://git.kernel.org/powerpc/c/4f8e09106f6e457c6e9a4ce597fa9ae2bda032c3
[5/5] powerpc: kcsan: Add KCSAN Support
https://git.kernel.org/powerpc/c/6f0926c00565a91f3bd7ca1aa05db307daed5e0f
cheers
^ permalink raw reply [flat|nested] 9+ messages in thread