| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b0f3b2a6-e69c-4718-9f05-607b8c02d745@paulmck-laptop> Date: Thu, 8 Jan 2026 18:09:36 -0800 From: "Paul E. McKenney" <paulmck@...nel.org> To: Marco Elver <elver@...gle.com> Cc: Peter Zijlstra <peterz@...radead.org>, Boqun Feng <boqun.feng@...il.com>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Gary Guo <gary@...yguo.net>, Will Deacon <will@...nel.org>, Richard Henderson <richard.henderson@...aro.org>, Matt Turner <mattst88@...il.com>, Magnus Lindholm <linmag7@...il.com>, Catalin Marinas <catalin.marinas@....com>, Miguel Ojeda <ojeda@...nel.org>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <lossin@...nel.org>, Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>, Mark Rutland <mark.rutland@....com>, FUJITA Tomonori <fujita.tomonori@...il.com>, Frederic Weisbecker <frederic@...nel.org>, Lyude Paul <lyude@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Anna-Maria Behnsen <anna-maria@...utronix.de>, John Stultz <jstultz@...gle.com>, Stephen Boyd <sboyd@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-kernel@...r.kernel.org, linux-alpha@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, rust-for-linux@...r.kernel.org, linux-fsdevel@...r.kernel.org, kasan-dev@...glegroups.com Subject: Re: [PATCH 0/5] Add READ_ONCE and WRITE_ONCE to Rust On Tue, Jan 06, 2026 at 08:28:41PM +0100, Marco Elver wrote: > On Tue, 6 Jan 2026 at 19:18, 'Paul E. McKenney' via kasan-dev > <kasan-dev@...glegroups.com> wrote: > > On Tue, Jan 06, 2026 at 03:56:22PM +0100, Peter Zijlstra wrote: > > > On Tue, Jan 06, 2026 at 09:09:37PM +0800, Boqun Feng wrote: > > > > > > > Some C code believes a plain write to a properly aligned location is > > > > atomic (see KCSAN_ASSUME_PLAIN_WRITES_ATOMIC, and no, this doesn't mean > > > > it's recommended to assume such), and I guess that's the case for > > > > hrtimer, if it's not much a trouble you can replace the plain write with > > > > WRITE_ONCE() on C side ;-) > > > > > > GCC used to provide this guarantee, some of the older code was written > > > on that. GCC no longer provides that guarantee (there are known cases > > > where it breaks and all that) and newer code should not rely on this. > > > > > > All such places *SHOULD* be updated to use READ_ONCE/WRITE_ONCE. > > > > Agreed! > > > > In that vein, any objections to the patch shown below? > > I'd be in favor, as that's what we did in the very initial version of > KCSAN (we started strict and then loosened things up). > > However, the fallout will be even more perceived "noise", despite > being legitimate data races. These config knobs were added after much > discussion in 2019/2020, somewhere around this discussion (I think > that's the one that spawned KCSAN_REPORT_VALUE_CHANGE_ONLY, can't find > the source for KCSAN_ASSUME_PLAIN_WRITES_ATOMIC): > https://lore.kernel.org/all/CAHk-=wgu-QXU83ai4XBnh7JJUo2NBW41XhLWf=7wrydR4=ZP0g@mail.gmail.com/ Fair point! > While the situation has gotten better since 2020, we still have latent > data races that need some thought (given papering over things blindly > with *ONCE is not right either). My recommendation these days is to > just set CONFIG_KCSAN_STRICT=y for those who care (although I'd wish > everyone cared the same amount :-)). > > Should you feel the below change is appropriate for 2026, feel free to > carry it (consider this my Ack). > > However, I wasn't thinking of tightening the screws until the current > set of known data races has gotten to a manageable amount (say below > 50) > https://syzkaller.appspot.com/upstream?manager=ci2-upstream-kcsan-gce > Then again, on syzbot the config can remain unchanged. Is there an easy way to map from a report to the SHA-1 that the corresponding test ran against? Probably me being blind, but I am not seeing it. Though I do very much like the symbolic names in those stack traces! Thanx, Paul > Thanks, > -- Marco > > > Thanx, Paul > > > > ------------------------------------------------------------------------ > > > > diff --git a/lib/Kconfig.kcsan b/lib/Kconfig.kcsan > > index 4ce4b0c0109cb..e827e24ab5d42 100644 > > --- a/lib/Kconfig.kcsan > > +++ b/lib/Kconfig.kcsan > > @@ -199,7 +199,7 @@ config KCSAN_WEAK_MEMORY > > > > config KCSAN_REPORT_VALUE_CHANGE_ONLY > > bool "Only report races where watcher observed a data value change" > > - default y > > + default n > > depends on !KCSAN_STRICT > > help > > If enabled and a conflicting write is observed via a watchpoint, but > > @@ -208,7 +208,7 @@ config KCSAN_REPORT_VALUE_CHANGE_ONLY > > > > config KCSAN_ASSUME_PLAIN_WRITES_ATOMIC > > bool "Assume that plain aligned writes up to word size are atomic" > > - default y > > + default n > > depends on !KCSAN_STRICT > > help > > Assume that plain aligned writes up to word size are atomic by > >
Powered by blists - more mailing lists