[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44L0.1911081649030.1498-100000@iolanthe.rowland.org>
Date: Fri, 8 Nov 2019 16:57:31 -0500 (EST)
From: Alan Stern <stern@...land.harvard.edu>
To: Linus Torvalds <torvalds@...ux-foundation.org>
cc: Marco Elver <elver@...gle.com>, Eric Dumazet <edumazet@...gle.com>,
Eric Dumazet <eric.dumazet@...il.com>,
syzbot <syzbot+3ef049d50587836c0606@...kaller.appspotmail.com>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
Al Viro <viro@...iv.linux.org.uk>,
Andrea Parri <parri.andrea@...il.com>,
"Paul E. McKenney" <paulmck@...nel.org>,
LKMM Maintainers -- Akira Yokosawa <akiyks@...il.com>
Subject: Re: KCSAN: data-race in __alloc_file / __alloc_file
On Fri, 8 Nov 2019, Linus Torvalds wrote:
> On Fri, Nov 8, 2019 at 11:48 AM Marco Elver <elver@...gle.com> wrote:
> >
> > It's not explicitly aware of initialization or release. We rely on
> > compiler instrumentation for all memory accesses; KCSAN then sets up
> > "watchpoints" for sampled memory accesses, delaying execution, and
> > checking if a concurrent access is observed.
>
> Ok.
>
> > This same approach could be used to ignore "idempotent writes" where
> > we would otherwise report a data race; i.e. if there was a concurrent
> > write, but the data value did not change, do not report the race. I'm
> > happy to add this feature if this should always be ignored.
>
> Hmm. I don't think it's valid in general, but it might be useful
> enough in practice, at least as an option to lower the false
> positives.
Minor point...
Can we please agree to call these writes something other than
"idempotent"? After all, any write to normal memory is idempotent in
the sense that doing it twice has the same effect as doing it once
(ignoring possible races, of course).
A better name would be "write-if-different" or "write-if-changed" (and
I bet people can come up with something even better if they try).
This at least gets across the main idea, and using
WRITE_IF_CHANGED(x, y);
to mean
if (READ_ONCE(x) != y) WRITE_ONCE(x, y);
is a lot clearer than using WRITE_IDEMPOTENT(x, y).
Alan Stern
Powered by blists - more mailing lists