Hi Marco,
On Thu, Nov 18, 2021 at 09:10:07AM +0100, Marco Elver wrote:
> Avoid checking scoped accesses from nested contexts (such as nested
> interrupts or in scheduler code) which share the same kcsan_ctx.
>
> This is to avoid detecting false positive races of accesses in the same
Could you provide an example for a false positive?
I think we do want to detect the following race:
static int v = SOME_VALUE; // a percpu variable.
static int other_v = ... ;
void foo(..)
{
int tmp;
int other_tmp;
preempt_disable();
{
ASSERT_EXCLUSIVE_ACCESSS_SCOPED(v);
tmp = v;
other_tmp = other_v; // int_handler() may run here
v = tmp + 2;
}
preempt_enabled();
}
void int_handler() // an interrupt handler
{
v++;
}
, if I understand correctly, we can detect this currently, but with this
patch, we cannot detect this if the interrupt happens while we're doing
the check for "other_tmp = other_v;", right? Of course, running tests
multiple times may eventually catch this, but I just want to understand
what's this patch for, thanks!
Regards,
Boqun
> thread with currently scoped accesses: consider setting up a watchpoint
> for a non-scoped (normal) access that also "conflicts" with a current
> scoped access. In a nested interrupt (or in the scheduler), which shares
> the same kcsan_ctx, we cannot check scoped accesses set up in the parent
> context -- simply ignore them in this case.
>
> With the introduction of kcsan_ctx::disable_scoped, we can also clean up
> kcsan_check_scoped_accesses()'s recursion guard, and do not need to
> modify the list's prev pointer.
>
> Signed-off-by: Marco Elver <elver@xxxxxxxxxx>
> ---
> include/linux/kcsan.h | 1 +
> kernel/kcsan/core.c | 18 +++++++++++++++---
> 2 files changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/kcsan.h b/include/linux/kcsan.h
> index fc266ecb2a4d..13cef3458fed 100644
> --- a/include/linux/kcsan.h
> +++ b/include/linux/kcsan.h
> @@ -21,6 +21,7 @@
> */
> struct kcsan_ctx {
> int disable_count; /* disable counter */
> + int disable_scoped; /* disable scoped access counter */
> int atomic_next; /* number of following atomic ops */
>
> /*
> diff --git a/kernel/kcsan/core.c b/kernel/kcsan/core.c
> index e34a1710b7bc..bd359f8ee63a 100644
> --- a/kernel/kcsan/core.c
> +++ b/kernel/kcsan/core.c
> @@ -204,15 +204,17 @@ check_access(const volatile void *ptr, size_t size, int type, unsigned long ip);
> static noinline void kcsan_check_scoped_accesses(void)
> {
> struct kcsan_ctx *ctx = get_ctx();
> - struct list_head *prev_save = ctx->scoped_accesses.prev;
> struct kcsan_scoped_access *scoped_access;
>
> - ctx->scoped_accesses.prev = NULL; /* Avoid recursion. */
> + if (ctx->disable_scoped)
> + return;
> +
> + ctx->disable_scoped++;
> list_for_each_entry(scoped_access, &ctx->scoped_accesses, list) {
> check_access(scoped_access->ptr, scoped_access->size,
> scoped_access->type, scoped_access->ip);
> }
> - ctx->scoped_accesses.prev = prev_save;
> + ctx->disable_scoped--;
> }
>
> /* Rules for generic atomic accesses. Called from fast-path. */
> @@ -465,6 +467,15 @@ kcsan_setup_watchpoint(const volatile void *ptr, size_t size, int type, unsigned
> goto out;
> }
>
> + /*
> + * Avoid races of scoped accesses from nested interrupts (or scheduler).
> + * Assume setting up a watchpoint for a non-scoped (normal) access that
> + * also conflicts with a current scoped access. In a nested interrupt,
> + * which shares the context, it would check a conflicting scoped access.
> + * To avoid, disable scoped access checking.
> + */
> + ctx->disable_scoped++;
> +
> /*
> * Save and restore the IRQ state trace touched by KCSAN, since KCSAN's
> * runtime is entered for every memory access, and potentially useful
> @@ -578,6 +589,7 @@ kcsan_setup_watchpoint(const volatile void *ptr, size_t size, int type, unsigned
> if (!kcsan_interrupt_watcher)
> local_irq_restore(irq_flags);
> kcsan_restore_irqtrace(current);
> + ctx->disable_scoped--;
> out:
> user_access_restore(ua_flags);
> }
> --
> 2.34.0.rc2.393.gf8c9666880-goog
>
