On Fri, Nov 8, 2019 at 10:16 AM Marco Elver <elver@xxxxxxxxxx> wrote: > > KCSAN does not use volatile to distinguish accesses. Right now > READ_ONCE, WRITE_ONCE, atomic bitops, atomic_t (+ some arch specific > primitives) are treated as marked atomic operations. Ok, so we'd have to do this in terms of ATOMIC_WRITE(). One alternative might be KCSAN enhancement, where you notice the following pattern: - a field is initialized before the data structure gets exposed (I presume KCSAN already must understand about this issue - initializations are different and not atomic) - while the field is live, there are operations that write the same (let's call it "idempotent") value to the field under certain circumstances - at release time, after all the reference counts are gone, the field is read for whether that situation happened. I'm assuming KCSAN already understands about this case too? So it would only be the "idempotent writes" thing that would be something KCSAN would have to realize do not involve a race - because it simply doesn't matter if two writes of the same value race against each other. But I guess we could also just do #define WRITE_IDEMPOTENT(x,y) WRITE_ONCE(x,y) and use that in the kernel to annotate these things. And if we have that kind of annotation, we could then possibly change it to #define WRITE_IDEMPOTENT(x,y) \ if READ_ONCE(x)!=y WRITE_ONCE(x,y) if we have numbers that that actually helps (that macro written to be intentionally invalid C - it obviously needs statement protection and protection against evaluating the arguments multiple times etc). Linus