1. 14 Apr, 2020 3 commits
    • Marco Elver's avatar
      kcsan: Add support for scoped accesses · 757a4cef
      Marco Elver authored
      This adds support for scoped accesses, where the memory range is checked
      for the duration of the scope. The feature is implemented by inserting
      the relevant access information into a list of scoped accesses for
      the current execution context, which are then checked (until removed)
      on every call (through instrumentation) into the KCSAN runtime.
      
      An alternative, more complex, implementation could set up a watchpoint for
      the scoped access, and keep the watchpoint set up. This, however, would
      require first exposing a handle to the watchpoint, as well as dealing
      with cases such as accesses by the same thread while the watchpoint is
      still set up (and several more cases). It is also doubtful if this would
      provide any benefit, since the majority of delay where the watchpoint
      is set up is likely due to the injected delays by KCSAN.  Therefore,
      the implementation in this patch is simpler and avoids hurting KCSAN's
      main use-case (normal data race detection); it also implicitly increases
      scoped-access race-detection-ability due to increased probability of
      setting up watchpoints by repeatedly calling __kcsan_check_access()
      throughout the scope of the access.
      
      The implementation required adding an additional conditional branch to
      the fast-path. However, the microbenchmark showed a *speedup* of ~5%
      on the fast-path. This appears to be due to subtly improved codegen by
      GCC from moving get_ctx() and associated load of preempt_count earlier.
      Suggested-by: default avatarBoqun Feng <boqun.feng@gmail.com>
      Suggested-by: default avatarPaul E. McKenney <paulmck@kernel.org>
      Signed-off-by: default avatarMarco Elver <elver@google.com>
      Signed-off-by: default avatarPaul E. McKenney <paulmck@kernel.org>
      757a4cef
    • Marco Elver's avatar
      kcsan: Avoid blocking producers in prepare_report() · 6119418f
      Marco Elver authored
      To avoid deadlock in case watchers can be interrupted, we need to ensure
      that producers of the struct other_info can never be blocked by an
      unrelated consumer. (Likely to occur with KCSAN_INTERRUPT_WATCHER.)
      
      There are several cases that can lead to this scenario, for example:
      
      	1. A watchpoint A was set up by task T1, but interrupted by
      	   interrupt I1. Some other thread (task or interrupt) finds
      	   watchpoint A consumes it, and sets other_info. Then I1 also
      	   finds some unrelated watchpoint B, consumes it, but is blocked
      	   because other_info is in use. T1 cannot consume other_info
      	   because I1 never returns -> deadlock.
      
      	2. A watchpoint A was set up by task T1, but interrupted by
      	   interrupt I1, which also sets up a watchpoint B. Some other
      	   thread finds watchpoint A, and consumes it and sets up
      	   other_info with its information. Similarly some other thread
      	   finds watchpoint B and consumes it, but is then blocked because
      	   other_info is in use. When I1 continues it sees its watchpoint
      	   was consumed, and that it must wait for other_info, which
      	   currently contains information to be consumed by T1. However, T1
      	   cannot unblock other_info because I1 never returns -> deadlock.
      
      To avoid this, we need to ensure that producers of struct other_info
      always have a usable other_info entry. This is obviously not the case
      with only a single instance of struct other_info, as concurrent
      producers must wait for the entry to be released by some consumer (which
      may be locked up as illustrated above).
      
      While it would be nice if producers could simply call kmalloc() and
      append their instance of struct other_info to a list, we are very
      limited in this code path: since KCSAN can instrument the allocators
      themselves, calling kmalloc() could lead to deadlock or corrupted
      allocator state.
      
      Since producers of the struct other_info will always succeed at
      try_consume_watchpoint(), preceding the call into kcsan_report(), we
      know that the particular watchpoint slot cannot simply be reused or
      consumed by another potential other_info producer. If we move removal of
      a watchpoint after reporting (by the consumer of struct other_info), we
      can see a consumed watchpoint as a held lock on elements of other_info,
      if we create a one-to-one mapping of a watchpoint to an other_info
      element.
      
      Therefore, the simplest solution is to create an array of struct
      other_info that is as large as the watchpoints array in core.c, and pass
      the watchpoint index to kcsan_report() for producers and consumers, and
      change watchpoints to be removed after reporting is done.
      
      With a default config on a 64-bit system, the array other_infos consumes
      ~37KiB. For most systems today this is not a problem. On smaller memory
      constrained systems, the config value CONFIG_KCSAN_NUM_WATCHPOINTS can
      be reduced appropriately.
      
      Overall, this change is a simplification of the prepare_report() code,
      and makes some of the checks (such as checking if at least one access is
      a write) redundant.
      
      Tested:
      $ tools/testing/selftests/rcutorture/bin/kvm.sh \
      	--cpus 12 --duration 10 --kconfig "CONFIG_DEBUG_INFO=y \
      	CONFIG_KCSAN=y CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC=n \
      	CONFIG_KCSAN_REPORT_VALUE_CHANGE_ONLY=n \
      	CONFIG_KCSAN_REPORT_ONCE_IN_MS=100000 CONFIG_KCSAN_VERBOSE=y \
      	CONFIG_KCSAN_INTERRUPT_WATCHER=y CONFIG_PROVE_LOCKING=y" \
      	--configs TREE03
      => No longer hangs and runs to completion as expected.
      Reported-by: default avatarPaul E. McKenney <paulmck@kernel.org>
      Signed-off-by: default avatarMarco Elver <elver@google.com>
      Signed-off-by: default avatarPaul E. McKenney <paulmck@kernel.org>
      6119418f
    • Marco Elver's avatar
      kcsan: Introduce report access_info and other_info · 135c0872
      Marco Elver authored
      Improve readability by introducing access_info and other_info structs,
      and in preparation of the following commit in this series replaces the
      single instance of other_info with an array of size 1.
      
      No functional change intended.
      Signed-off-by: default avatarMarco Elver <elver@google.com>
      Signed-off-by: default avatarPaul E. McKenney <paulmck@kernel.org>
      135c0872
  2. 25 Mar, 2020 6 commits
  3. 21 Mar, 2020 28 commits
  4. 20 Mar, 2020 3 commits
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 5ad0ec0b
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
      
       - Fix panic() when it occurs during secondary CPU startup
      
       - Fix "kpti=off" when KASLR is enabled
      
       - Fix howler in compat syscall table for vDSO clock_getres() fallback
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: compat: Fix syscall number of compat_clock_getres
        arm64: kpti: Fix "kpti=off" when KASLR is enabled
        arm64: smp: fix crash_smp_send_stop() behaviour
        arm64: smp: fix smp_send_stop() behaviour
      5ad0ec0b
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · f014d2b8
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small different driver fixes for 5.6-rc7:
      
         - binderfs fix, yet again
      
         - slimbus new device id added
      
         - hwtracing bugfixes for reported issues and a new device id
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'char-misc-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        intel_th: pci: Add Elkhart Lake CPU support
        intel_th: Fix user-visible error codes
        intel_th: msu: Fix the unexpected state warning
        stm class: sys-t: Fix the use of time_after()
        slimbus: ngd: add v2.1.0 compatible
        binderfs: use refcount for binder control devices too
      f014d2b8
    • Linus Torvalds's avatar
      Merge tag 'staging-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 3bd14829
      Linus Torvalds authored
      Pull staging/IIO fixes from Greg KH:
       "Here are a number of small staging and IIO driver fixes for 5.6-rc7
      
        Nothing major here, just resolutions for some reported problems:
         - iio bugfixes for a number of different drivers
         - greybus loopback_test fixes
         - wfx driver fixes
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'staging-5.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
        staging: greybus: loopback_test: fix potential path truncations
        staging: greybus: loopback_test: fix potential path truncation
        staging: greybus: loopback_test: fix poll-mask build breakage
        staging: wfx: fix RCU usage between hif_join() and ieee80211_bss_get_ie()
        staging: wfx: fix RCU usage in wfx_join_finalize()
        staging: wfx: make warning about pending frame less scary
        staging: wfx: fix lines ending with a comma instead of a semicolon
        staging: wfx: fix warning about freeing in-use mutex during device unregister
        staging/speakup: fix get_word non-space look-ahead
        iio: ping: set pa_laser_ping_cfg in of_ping_match
        iio: chemical: sps30: fix missing triggered buffer dependency
        iio: st_sensors: remap SMO8840 to LIS2DH12
        iio: light: vcnl4000: update sampling periods for vcnl4040
        iio: light: vcnl4000: update sampling periods for vcnl4200
        iio: accel: adxl372: Set iio_chan BE
        iio: magnetometer: ak8974: Fix negative raw values in sysfs
        iio: trigger: stm32-timer: disable master mode when stopping
        iio: adc: stm32-dfsdm: fix sleep in atomic context
        iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode
      3bd14829