lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <59ec96c2-52ce-4da1-92c3-9fe38053cd3d@paulmck-laptop>
Date: Fri, 10 May 2024 17:41:04 -0700
From: "Paul E. McKenney" <paulmck@...nel.org>
To: Bart Van Assche <bvanassche@....org>
Cc: Breno Leitao <leitao@...ian.org>, Jens Axboe <axboe@...nel.dk>,
	"open list:BLOCK LAYER" <linux-block@...r.kernel.org>,
	open list <linux-kernel@...r.kernel.org>,
	Marco Elver <elver@...gle.com>
Subject: Re: [PATCH] block: Annotate a racy read in blk_do_io_stat()

On Fri, May 10, 2024 at 04:22:58PM -0700, Bart Van Assche wrote:
> On 5/10/24 3:35 PM, Paul E. McKenney wrote:
> > diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> > index c00cc6c0878a1..78593b40fe7e9 100644
> > --- a/include/linux/compiler.h
> > +++ b/include/linux/compiler.h
> > @@ -194,9 +194,18 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
> >    * This data_race() macro is useful for situations in which data races
> >    * should be forgiven.  One example is diagnostic code that accesses
> >    * shared variables but is not a part of the core synchronization design.
> > + * For example, if accesses to a given variable are protected by a lock,
> > + * except for diagnostic code, then the accesses under the lock should
> > + * be plain C-language accesses and those in the diagnostic code should
> > + * use data_race().  This way, KCSAN will complain if buggy lockless
> > + * accesses to that variable are introduced, even if the buggy accesses
> > + * are protected by READ_ONCE() or WRITE_ONCE().
> > + *
> > + * This macro *does not* affect normal code generation, but is a hint to
> > + * tooling that data races here are to be ignored.  If code generation must
> > + * be protected *and* KCSAN should ignore the access, use both data_race()
> > + * and READ_ONCE(), for example, data_race(READ_ONCE(x)).
> >    *
> > - * This macro *does not* affect normal code generation, but is a hint
> > - * to tooling that data races here are to be ignored.
> >    */
> 
> This patch changes the end of the comment from "*/" into "*\n*/".
> That's probably unintended? Otherwise this patch looks good to me.

Good eyes, thank you!

How about like this instead?

							Thanx, Paul

------------------------------------------------------------------------

commit 930cb5f711443d8044e88080ee21b0a5edda33bd
Author: Paul E. McKenney <paulmck@...nel.org>
Date:   Fri May 10 15:36:57 2024 -0700

    kcsan: Add example to data_race() kerneldoc header
    
    Although the data_race() kerneldoc header accurately states what it does,
    some of the implications and usage patterns are non-obvious.  Therefore,
    add a brief locking example and also state how to have KCSAN ignore
    accesses while also preventing the compiler from folding, spindling,
    or otherwise mutilating the access.
    
    [ paulmck: Apply Bart Van Assche feedback. ]
    
    Reported-by: Bart Van Assche <bvanassche@....org>
    Signed-off-by: Paul E. McKenney <paulmck@...nel.org>
    Cc: Marco Elver <elver@...gle.com>
    Cc: Breno Leitao <leitao@...ian.org>
    Cc: Jens Axboe <axboe@...nel.dk>

diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index c00cc6c0878a1..9249768ec7a26 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -194,9 +194,17 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
  * This data_race() macro is useful for situations in which data races
  * should be forgiven.  One example is diagnostic code that accesses
  * shared variables but is not a part of the core synchronization design.
+ * For example, if accesses to a given variable are protected by a lock,
+ * except for diagnostic code, then the accesses under the lock should
+ * be plain C-language accesses and those in the diagnostic code should
+ * use data_race().  This way, KCSAN will complain if buggy lockless
+ * accesses to that variable are introduced, even if the buggy accesses
+ * are protected by READ_ONCE() or WRITE_ONCE().
  *
- * This macro *does not* affect normal code generation, but is a hint
- * to tooling that data races here are to be ignored.
+ * This macro *does not* affect normal code generation, but is a hint to
+ * tooling that data races here are to be ignored.  If code generation must
+ * be protected *and* KCSAN should ignore the access, use both data_race()
+ * and READ_ONCE(), for example, data_race(READ_ONCE(x)).
  */
 #define data_race(expr)							\
 ({									\

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ