Google Git
Sign in
linux / linux / kernel / git / paulmck / linux-rcu / refs/tags/locking-kcsan-2020-06-11
tag4ee3b89395d81cd34de3e830c85f78ba091fbbce
taggerThomas Gleixner <tglx@linutronix.de>Thu Jun 11 23:02:23 2020 +0200
object1f44328ea24c9de368a3cfe5cc0e110b949afb2e 
The Kernel Concurrency Sanitizer (KCSAN)

KCSAN is a dynamic race detector, which relies on compile-time
instrumentation, and uses a watchpoint-based sampling approach to detect
races.

The feature was under development for quite some time and has already found
legitimate bugs.

Unfortunately it comes with a limitation, which was only understood late in
the development cycle:

  It requires an up to date CLANG-11 compiler

CLANG-11 is not yet released (scheduled for June), but it's the only
compiler today which handles the kernel requirements and especially the
annotations of functions to exclude them from KCSAN instrumentation
correctly.

These annotations really need to work so that low level entry code and
especially int3 text poke handling can be completely isolated.

A detailed discussion of the requirements and compiler issues can be found
here:

  https://lore.kernel.org/lkml/CANpmjNMTsY_8241bS7=XAfqvZHFLrVEkv_uM4aDUWE_kh3Rvbw@mail.gmail.com/

We came to the conclusion that trying to work around compiler limitations
and bugs again would end up in a major trainwreck, so requiring a working
compiler seemed to be the best choice.

For Continous Integration purposes the compiler restriction is manageable
and that's where most xxSAN reports come from.

For a change this limitation might make GCC people actually look at their
bugs. Some issues with CSAN in GCC are 7 years old and one has been 'fixed'
3 years ago with a half baken solution which 'solved' the reported issue
but not the underlying problem.

The KCSAN developers also ponder to use a GCC plugin to become independent,
but that's not something which will show up in a few days.

Blocking KCSAN until wide spread compiler support is available is not a
really good alternative because the continuous growth of lockless
optimizations in the kernel demands proper tooling support.
commit1f44328ea24c9de368a3cfe5cc0e110b949afb2e[log] [tgz]
authorMarco Elver <elver@google.com>Thu May 21 16:20:47 2020 +0200
committerThomas Gleixner <tglx@linutronix.de>Thu Jun 11 20:04:04 2020 +0200
treefbff59d7bd64b33183ed074567d35bf54133c9a2
parenteb73876c74313231c35cee6310f8ad62c56fa2b3 [diff]
compiler_types.h, kasan: Use __SANITIZE_ADDRESS__ instead of CONFIG_KASAN to decide inlining

Use __always_inline in compilation units that have instrumentation
disabled (KASAN_SANITIZE_foo.o := n) for KASAN, like it is done for
KCSAN.

Also, add common documentation for KASAN and KCSAN explaining the
attribute.

 [ bp: Massage commit message. ]

Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lkml.kernel.org/r/20200521142047.169334-12-elver@google.com
1 file changed
tree: fbff59d7bd64b33183ed074567d35bf54133c9a2
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README