On Fri, 2 Feb 2024 at 11:03, Paul Heidekrüger <paul.heidekrueger@xxxxxx> wrote: > > On 01.02.2024 10:38, Marco Elver wrote: > > On Wed, 31 Jan 2024 at 22:01, Paul Heidekrüger <paul.heidekrueger@xxxxxx> wrote: > > > > > > Hi! > > > > > > This RFC patch adds tests that detect whether KASan is able to catch > > > unsafe atomic accesses. > > > > > > Since v1, which can be found on Bugzilla (see "Closes:" tag), I've made > > > the following suggested changes: > > > > > > * Adjust size of allocations to make kasan_atomics() work with all KASan modes > > > * Remove comments and move tests closer to the bitops tests > > > * For functions taking two addresses as an input, test each address in a separate function call. > > > * Rename variables for clarity > > > * Add tests for READ_ONCE(), WRITE_ONCE(), smp_load_acquire() and smp_store_release() > > > > > > I'm still uncelar on which kinds of atomic accesses we should be testing > > > though. The patch below only covers a subset, and I don't know if it > > > would be feasible to just manually add all atomics of interest. Which > > > ones would those be exactly? > > > > The atomics wrappers are generated by a script. An exhaustive test > > case would, if generated by hand, be difficult to keep in sync if some > > variants are removed or renamed (although that's probably a relatively > > rare occurrence). > > > > I would probably just cover some of the most common ones that all > > architectures (that support KASAN) provide. I think you are already > > covering some of the most important ones, and I'd just say it's good > > enough for the test. > > > > > As Andrey pointed out on Bugzilla, if we > > > were to include all of the atomic64_* ones, that would make a lot of > > > function calls. > > > > Just include a few atomic64_ cases, similar to the ones you already > > include for atomic_. Although beware that the atomic64_t helpers are > > likely not available on 32-bit architectures, so you need an #ifdef > > CONFIG_64BIT. > > > > Alternatively, there is also atomic_long_t, which (on 64-bit > > architectures) just wraps atomic64_t helpers, and on 32-bit the > > atomic_t ones. I'd probably opt for the atomic_long_t variants, just > > to keep it simpler and get some additional coverage on 32-bit > > architectures. > > If I were to add some atomic_long_* cases, e.g. atomic_long_read() or > atomic_long_write(), in addition to the test cases I already have, wouldn't that > mean that on 32-bit architectures we would have the same test case twice because > atomic_read() and long_atomic_read() both boil down to raw_atomic_read() and > raw_atomic_write() respectively? Or did I misunderstand and I should only be > covering long_atomic_* functions whose atomic_* counterpart doesn't exist in the > test cases already? Sure, on 32-bit this would be a little redundant, but we don't care so much about what underlying atomic is actually executed, but more about the instrumentation being correct. >From a KASAN point of view, I can't really tell that if atomic_read() works that atomic_long_read() also works. On top of that, we don't care all that much about 32-bit architectures anymore (I think KASAN should work on some 32-bit architectures, but I haven't tested that in a long time). ;-)
