From: Marco Elver <elver@google.com>
To: paulmck@kernel.org
Cc: rcu@vger.kernel.org, kasan-dev@googlegroups.com,
dvyukov@google.com, glider@google.com
Subject: Re: [PATCH RFC rcu] Inform KCSAN of one-byte cmpxchg() in rcu_trc_cmpxchg_need_qs()
Date: Tue, 19 Mar 2024 15:36:07 +0100 [thread overview]
Message-ID: <CANpmjNOjAvg1AKBUYGRQTn5vxjsWqGMfQxt_C8zP79vn7D+VNw@mail.gmail.com> (raw)
In-Reply-To: <5e6fdf1d-e84c-463c-b47b-f42500930b28@paulmck-laptop>
On Tue, 19 Mar 2024 at 02:59, Paul E. McKenney <paulmck@kernel.org> wrote:
>
> On Mon, Mar 18, 2024 at 04:43:38PM +0100, Marco Elver wrote:
> > On Mon, 18 Mar 2024 at 11:01, Marco Elver <elver@google.com> wrote:
> > >
> > > On Sun, 17 Mar 2024 at 22:55, Paul E. McKenney <paulmck@kernel.org> wrote:
> > > >
> > > > On Fri, Mar 08, 2024 at 02:31:53PM -0800, Paul E. McKenney wrote:
> > > > > On Fri, Mar 08, 2024 at 11:02:28PM +0100, Marco Elver wrote:
> > > > > > On Fri, 8 Mar 2024 at 22:41, Paul E. McKenney <paulmck@kernel.org> wrote:
> > > > > > >
> > > > > > > Tasks Trace RCU needs a single-byte cmpxchg(), but no such thing exists.
> > > > > >
> > > > > > Because not all architectures support 1-byte cmpxchg?
> > > > > > What prevents us from implementing it?
> > > > >
> > > > > Nothing that I know of, but I didn't want to put up with the KCSAN report
> > > > > in the interim.
> > > >
> > > > And here is a lightly tested patch to emulate one-byte and two-byte
> > > > cmpxchg() for architectures that do not support it. This is just the
> > > > emulation, and would be followed up with patches to make the relevant
> > > > architectures make use of it.
> > > >
> > > > The one-byte emulation has been lightly tested on x86.
> > > >
> > > > Thoughts?
> > > >
> > > > Thanx, Paul
> > > >
> > > > ------------------------------------------------------------------------
> > > >
> > > > commit d72e54166b56d8b373676e1e92a426a07d53899a
> > > > Author: Paul E. McKenney <paulmck@kernel.org>
> > > > Date: Sun Mar 17 14:44:38 2024 -0700
> > > >
> > > > lib: Add one-byte and two-byte cmpxchg() emulation functions
> > > >
> > > > Architectures are required to provide four-byte cmpxchg() and 64-bit
> > > > architectures are additionally required to provide eight-byte cmpxchg().
> > > > However, there are cases where one-byte and two-byte cmpxchg()
> > > > would be extremely useful. Therefore, provide cmpxchg_emu_u8() and
> > > > cmpxchg_emu_u16() that emulated one-byte and two-byte cmpxchg() in terms
> > > > of four-byte cmpxchg().
> > > >
> > > > Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
> > > > Cc: Marco Elver <elver@google.com>
> > > > Cc: Andrew Morton <akpm@linux-foundation.org>
> > > > Cc: Thomas Gleixner <tglx@linutronix.de>
> > > > Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
> > > > Cc: Douglas Anderson <dianders@chromium.org>
> > > > Cc: Petr Mladek <pmladek@suse.com>
> > > > Cc: <linux-arch@vger.kernel.org>
> > > >
> > > > diff --git a/arch/Kconfig b/arch/Kconfig
> > > > index 154f994547632..eef11e9918ec7 100644
> > > > --- a/arch/Kconfig
> > > > +++ b/arch/Kconfig
> > > > @@ -1506,4 +1506,7 @@ config FUNCTION_ALIGNMENT
> > > > default 4 if FUNCTION_ALIGNMENT_4B
> > > > default 0
> > > >
> > > > +config ARCH_NEED_CMPXCHG_1_2_EMU
> > > > + bool
> > > > +
> > > > endmenu
> > > > diff --git a/include/linux/cmpxchg-emu.h b/include/linux/cmpxchg-emu.h
> > > > new file mode 100644
> > > > index 0000000000000..fee8171fa05eb
> > > > --- /dev/null
> > > > +++ b/include/linux/cmpxchg-emu.h
> > > > @@ -0,0 +1,16 @@
> > > > +/* SPDX-License-Identifier: GPL-2.0+ */
> > > > +/*
> > > > + * Emulated 1-byte and 2-byte cmpxchg operations for architectures
> > > > + * lacking direct support for these sizes. These are implemented in terms
> > > > + * of 4-byte cmpxchg operations.
> > > > + *
> > > > + * Copyright (C) 2024 Paul E. McKenney.
> > > > + */
> > > > +
> > > > +#ifndef __LINUX_CMPXCHG_EMU_H
> > > > +#define __LINUX_CMPXCHG_EMU_H
> > > > +
> > > > +uintptr_t cmpxchg_emu_u8(volatile u8 *p, uintptr_t old, uintptr_t new);
> > > > +uintptr_t cmpxchg_emu_u16(volatile u16 *p, uintptr_t old, uintptr_t new);
> > > > +
> > > > +#endif /* __LINUX_CMPXCHG_EMU_H */
> > > > diff --git a/lib/Makefile b/lib/Makefile
> > > > index 6b09731d8e619..fecd7b8c09cbd 100644
> > > > --- a/lib/Makefile
> > > > +++ b/lib/Makefile
> > > > @@ -238,6 +238,7 @@ obj-$(CONFIG_FUNCTION_ERROR_INJECTION) += error-inject.o
> > > > lib-$(CONFIG_GENERIC_BUG) += bug.o
> > > >
> > > > obj-$(CONFIG_HAVE_ARCH_TRACEHOOK) += syscall.o
> > > > +obj-$(CONFIG_ARCH_NEED_CMPXCHG_1_2_EMU) += cmpxchg-emu.o
> > >
> > > Since you add instrumentation explicitly, we need to suppress
> > > instrumentation somehow. For the whole file this can be done with:
> > >
> > > KCSAN_SANITIZE_cmpxchg-emu.o := n
> >
> > Hrm, I recall this doesn't actually work as-is because it also
> > disables instrument_read_write() instrumentation.
> >
> > So I think the most reliable would be to use data_race() after all.
> > It'll be a bit slower because of double-instrumenting, but I think
> > that's not a major concern with an instrumented build anyway.
>
> And I have added data_race(), thank you!
>
> > > Note, since you use cmpxchg, which pulls in its own
> > > instrument_read_write(), we can't use a function attribute (like
> > > __no_kcsan) if the whole-file no-instrumentation seems like overkill.
> > > Alternatively the cmpxchg could be wrapped into a data_race() (like
> > > your original RCU use case was doing).
> > >
> > > But I think "KCSAN_SANITIZE_cmpxchg-emu.o := n" would be my preferred way.
> > >
> > > With the explicit "instrument_read_write()" also note that this would
> > > do double-instrumentation with other sanitizers (KASAN, KMSAN). But I
> > > think we actually want to instrument the whole real access with those
> > > tools - would it be bad if we accessed some memory out-of-bounds, but
> > > that memory isn't actually used? I don't have a clear answer to that.
> > >
> > > Also, it might be useful to have an alignment check somewhere, because
> > > otherwise we end up with split atomic accesses (or whatever other bad
> > > thing the given arch does if that happens).
>
> Excellent point, added.
>
> I also fixed an embarrassing pointer-arithmetic bug which the act of
> coding the alignment check uncovered, so two for one! ;-)
>
> Please see below for a patch to the patched code.
This looks very reasonable to me.
Thanks,
-- Marco
> Thanx, Paul
>
> > > Thanks,
> > > -- Marco
> > >
> > > > obj-$(CONFIG_DYNAMIC_DEBUG_CORE) += dynamic_debug.o
> > > > #ensure exported functions have prototypes
> > > > diff --git a/lib/cmpxchg-emu.c b/lib/cmpxchg-emu.c
> > > > new file mode 100644
> > > > index 0000000000000..508b55484c2b6
> > > > --- /dev/null
> > > > +++ b/lib/cmpxchg-emu.c
> > > > @@ -0,0 +1,68 @@
> > > > +/* SPDX-License-Identifier: GPL-2.0+ */
> > > > +/*
> > > > + * Emulated 1-byte and 2-byte cmpxchg operations for architectures
> > > > + * lacking direct support for these sizes. These are implemented in terms
> > > > + * of 4-byte cmpxchg operations.
> > > > + *
> > > > + * Copyright (C) 2024 Paul E. McKenney.
> > > > + */
> > > > +
> > > > +#include <linux/types.h>
> > > > +#include <linux/export.h>
> > > > +#include <linux/instrumented.h>
> > > > +#include <linux/atomic.h>
> > > > +#include <asm-generic/rwonce.h>
> > > > +
> > > > +union u8_32 {
> > > > + u8 b[4];
> > > > + u32 w;
> > > > +};
> > > > +
> > > > +/* Emulate one-byte cmpxchg() in terms of 4-byte cmpxchg. */
> > > > +uintptr_t cmpxchg_emu_u8(volatile u8 *p, uintptr_t old, uintptr_t new)
> > > > +{
> > > > + u32 *p32 = (u32 *)(((uintptr_t)p) & ~0x3);
> > > > + int i = ((uintptr_t)p) & 0x3;
> > > > + union u8_32 old32;
> > > > + union u8_32 new32;
> > > > + u32 ret;
> > > > +
> > > > + old32.w = READ_ONCE(*p32);
> > > > + do {
> > > > + if (old32.b[i] != old)
> > > > + return old32.b[i];
> > > > + new32.w = old32.w;
> > > > + new32.b[i] = new;
> > > > + instrument_atomic_read_write(p, 1);
> > > > + ret = cmpxchg(p32, old32.w, new32.w);
> > > > + } while (ret != old32.w);
> > > > + return old;
> > > > +}
> > > > +EXPORT_SYMBOL_GPL(cmpxchg_emu_u8);
> > > > +
> > > > +union u16_32 {
> > > > + u16 h[2];
> > > > + u32 w;
> > > > +};
> > > > +
> > > > +/* Emulate two-byte cmpxchg() in terms of 4-byte cmpxchg. */
> > > > +uintptr_t cmpxchg_emu_u16(volatile u16 *p, uintptr_t old, uintptr_t new)
> > > > +{
> > > > + u32 *p32 = (u32 *)(((uintptr_t)p) & ~0x1);
> > > > + int i = ((uintptr_t)p) & 0x1;
> > > > + union u16_32 old32;
> > > > + union u16_32 new32;
> > > > + u32 ret;
> > > > +
> > > > + old32.w = READ_ONCE(*p32);
> > > > + do {
> > > > + if (old32.h[i] != old)
> > > > + return old32.h[i];
> > > > + new32.w = old32.w;
> > > > + new32.h[i] = new;
> > > > + instrument_atomic_read_write(p, 2);
> > > > + ret = cmpxchg(p32, old32.w, new32.w);
> > > > + } while (ret != old32.w);
> > > > + return old;
> > > > +}
> > > > +EXPORT_SYMBOL_GPL(cmpxchg_emu_u16);
>
> diff --git a/lib/cmpxchg-emu.c b/lib/cmpxchg-emu.c
> index 508b55484c2b6..b904f954dd4fc 100644
> --- a/lib/cmpxchg-emu.c
> +++ b/lib/cmpxchg-emu.c
> @@ -11,6 +11,8 @@
> #include <linux/export.h>
> #include <linux/instrumented.h>
> #include <linux/atomic.h>
> +#include <linux/panic.h>
> +#include <linux/bug.h>
> #include <asm-generic/rwonce.h>
>
> union u8_32 {
> @@ -34,7 +36,7 @@ uintptr_t cmpxchg_emu_u8(volatile u8 *p, uintptr_t old, uintptr_t new)
> new32.w = old32.w;
> new32.b[i] = new;
> instrument_atomic_read_write(p, 1);
> - ret = cmpxchg(p32, old32.w, new32.w);
> + ret = data_race(cmpxchg(p32, old32.w, new32.w));
> } while (ret != old32.w);
> return old;
> }
> @@ -48,12 +50,13 @@ union u16_32 {
> /* Emulate two-byte cmpxchg() in terms of 4-byte cmpxchg. */
> uintptr_t cmpxchg_emu_u16(volatile u16 *p, uintptr_t old, uintptr_t new)
> {
> - u32 *p32 = (u32 *)(((uintptr_t)p) & ~0x1);
> - int i = ((uintptr_t)p) & 0x1;
> + u32 *p32 = (u32 *)(((uintptr_t)p) & ~0x3);
> + int i = (((uintptr_t)p) & 0x2) / 2;
> union u16_32 old32;
> union u16_32 new32;
> u32 ret;
>
> + WARN_ON_ONCE(((uintptr_t)p) & 0x1);
> old32.w = READ_ONCE(*p32);
> do {
> if (old32.h[i] != old)
> @@ -61,7 +64,7 @@ uintptr_t cmpxchg_emu_u16(volatile u16 *p, uintptr_t old, uintptr_t new)
> new32.w = old32.w;
> new32.h[i] = new;
> instrument_atomic_read_write(p, 2);
> - ret = cmpxchg(p32, old32.w, new32.w);
> + ret = data_race(cmpxchg(p32, old32.w, new32.w));
> } while (ret != old32.w);
> return old;
> }
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/5e6fdf1d-e84c-463c-b47b-f42500930b28%40paulmck-laptop.
prev parent reply other threads:[~2024-03-19 14:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-08 21:41 [PATCH RFC rcu] Inform KCSAN of one-byte cmpxchg() in rcu_trc_cmpxchg_need_qs() Paul E. McKenney
2024-03-08 22:02 ` Marco Elver
2024-03-08 22:31 ` Paul E. McKenney
2024-03-17 21:55 ` Paul E. McKenney
2024-03-18 10:01 ` Marco Elver
2024-03-18 15:43 ` Marco Elver
2024-03-19 1:59 ` Paul E. McKenney
2024-03-19 14:36 ` Marco Elver [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANpmjNOjAvg1AKBUYGRQTn5vxjsWqGMfQxt_C8zP79vn7D+VNw@mail.gmail.com \
--to=elver@google.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=paulmck@kernel.org \
--cc=rcu@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).