lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191113224808.GA3960@google.com>
Date:   Wed, 13 Nov 2019 23:48:08 +0100
From:   Marco Elver <elver@...gle.com>
To:     Alan Stern <stern@...land.harvard.edu>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Eric Dumazet <eric.dumazet@...il.com>,
        syzbot <syzbot+3ef049d50587836c0606@...kaller.appspotmail.com>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Al Viro <viro@...iv.linux.org.uk>,
        Andrea Parri <parri.andrea@...il.com>,
        "Paul E. McKenney" <paulmck@...nel.org>,
        LKMM Maintainers -- Akira Yokosawa <akiyks@...il.com>
Subject: Re: KCSAN: data-race in __alloc_file / __alloc_file

On Wed, 13 Nov 2019, Alan Stern wrote:

> On Wed, 13 Nov 2019, Marco Elver wrote:
> 
> > An expression works fine. The below patch would work with KCSAN, and all
> > your above examples work.
> > 
> > Re name: would it make sense to more directly convey the intent?  I.e.
> > "this expression can race, and it's fine that the result is approximate
> > if it does"?
> > 
> > My vote would go to something like 'smp_lossy' or 'lossy_race' -- but
> > don't have a strong preference, and would also be fine with 'data_race'.
> > Whatever is most legible.  Comments?
> 
> Lossiness isn't really relevant.  Things like sticky writes work 
> perfectly well with data races; they don't lose anything.
> 
> My preference would be for "data_race" or something very similar
> ("racy"? "race_ok"?).  That's the whole point -- we know the
> operation can be part of a data race and we don't care.

Makes sense. Let's stick with 'data_race' then.

As Linus pointed out this won't yet work for void types and
if-statements. How frequent would that use be? Should it even be
encouraged?

I'll add this as a patch for the next version of the KCSAN patch series.

Thanks,
-- Marco

diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 0b6506b9dd11..a97f323b61e3 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -308,6 +308,26 @@ unsigned long read_word_at_a_time(const void *addr)
 	__u.__val;					\
 })
 
+#include <linux/kcsan.h>
+
+/*
+ * data_race: macro to document that accesses in an expression may conflict with
+ * other concurrent accesses resulting in data races, but the resulting
+ * behaviour is deemed safe regardless.
+ *
+ * This macro *does not* affect normal code generation, but is a hint to tooling
+ * that data races here are intentional.
+ */
+#define data_race(expr)                                                      \
+	({                                                                     \
+		typeof(({ expr; })) __val;                                     \
+		kcsan_nestable_atomic_begin();                                 \
+		__val = ({ expr; });                                           \
+		kcsan_nestable_atomic_end();                                   \
+		__val;                                                         \
+	})
+#else
+
 #endif /* __KERNEL__ */
 
 /*

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ