subject:"\[PATCH v3 1\/2\] Provide READ_ONCE

Re: linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())

2015-10-15 Thread Andrey Ryabinin

On 10/15/2015 12:18 PM, Stephen Rothwell wrote:
> Hi Andrey,
> 
> On Tue, 13 Oct 2015 18:28:07 +0300 Andrey Ryabinin  
> wrote:
>>
>> Some code may perform racy by design memory reads. This could be harmless,
>> yet such code may produce KASAN warnings.
>>
>> To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK()
>> macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK().
>>
>> This patch creates __read_once_size_nocheck() a clone of
>> __read_once_size_check() (renamed __read_once_size()).
>> The only difference between them is 'no_sanitized_address' attribute
>> appended to '*_nocheck' function. This attribute tells the compiler that
>> instrumentation of memory accesses should not be applied to that function.
>> We declare it as static '__maybe_unsed' because GCC is not capable to
>> inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
>>
>> With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE().
>>
>> Signed-off-by: Andrey Ryabinin 
>> ---
>>  include/linux/compiler-gcc.h | 13 ++
>>  include/linux/compiler.h | 60 
>> ++--
>>  2 files changed, 60 insertions(+), 13 deletions(-)
> 
> I am pretty sure that this patch is causing quite a bit of compile
> breakage in linux-next today.  During the day I compile with gcc 4.9.0
> and did not see any problems with c86_64 allmodconfig, or i386
> defconfig etc, but overnight we compile with older compilers (gcc 4.6.3
> in particular) and are getting quite a few errors:
> 

Looks like that older GCC doesn't like __alias (or combination of static 
__always_inline __alias).
It creates outline and unused copy of __read_once_size_check() function in the 
object file.
Should be easy to work around this.

> From an i386 allnoconfig build:
> 
> arch/x86/entry/vdso/vdso32.so.dbg: undefined symbols found
> /home/kisskb/slave/src/arch/x86/entry/vdso/Makefile:154: recipe for target 
> 'arch/x86/entry/vdso/vdso32.so.dbg' failed
> 
> From an x86_64 allnoconfig build:
> 
> arch/x86/entry/vdso/vclock_gettime.o: In function `__read_once_size_check':
> vclock_gettime.c:(.text+0x5f): undefined reference to `memcpy'
> arch/x86/entry/vdso/vgetcpu.o: In function `__read_once_size_check':
> vgetcpu.c:(.text+0x2f): undefined reference to `memcpy'
> 
> and several others ...
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())

2015-10-15 Thread Stephen Rothwell

Hi Andrey,

On Tue, 13 Oct 2015 18:28:07 +0300 Andrey Ryabinin  
wrote:
>
> Some code may perform racy by design memory reads. This could be harmless,
> yet such code may produce KASAN warnings.
> 
> To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK()
> macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK().
> 
> This patch creates __read_once_size_nocheck() a clone of
> __read_once_size_check() (renamed __read_once_size()).
> The only difference between them is 'no_sanitized_address' attribute
> appended to '*_nocheck' function. This attribute tells the compiler that
> instrumentation of memory accesses should not be applied to that function.
> We declare it as static '__maybe_unsed' because GCC is not capable to
> inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
> 
> With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE().
> 
> Signed-off-by: Andrey Ryabinin 
> ---
>  include/linux/compiler-gcc.h | 13 ++
>  include/linux/compiler.h | 60 
> ++--
>  2 files changed, 60 insertions(+), 13 deletions(-)

I am pretty sure that this patch is causing quite a bit of compile
breakage in linux-next today.  During the day I compile with gcc 4.9.0
and did not see any problems with c86_64 allmodconfig, or i386
defconfig etc, but overnight we compile with older compilers (gcc 4.6.3
in particular) and are getting quite a few errors:

>From an i386 allnoconfig build:

arch/x86/entry/vdso/vdso32.so.dbg: undefined symbols found
/home/kisskb/slave/src/arch/x86/entry/vdso/Makefile:154: recipe for target 
'arch/x86/entry/vdso/vdso32.so.dbg' failed

>From an x86_64 allnoconfig build:

arch/x86/entry/vdso/vclock_gettime.o: In function `__read_once_size_check':
vclock_gettime.c:(.text+0x5f): undefined reference to `memcpy'
arch/x86/entry/vdso/vgetcpu.o: In function `__read_once_size_check':
vgetcpu.c:(.text+0x2f): undefined reference to `memcpy'

and several others ...
-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())

2015-10-15 Thread Andrey Ryabinin

On 10/15/2015 12:18 PM, Stephen Rothwell wrote:
> Hi Andrey,
> 
> On Tue, 13 Oct 2015 18:28:07 +0300 Andrey Ryabinin  
> wrote:
>>
>> Some code may perform racy by design memory reads. This could be harmless,
>> yet such code may produce KASAN warnings.
>>
>> To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK()
>> macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK().
>>
>> This patch creates __read_once_size_nocheck() a clone of
>> __read_once_size_check() (renamed __read_once_size()).
>> The only difference between them is 'no_sanitized_address' attribute
>> appended to '*_nocheck' function. This attribute tells the compiler that
>> instrumentation of memory accesses should not be applied to that function.
>> We declare it as static '__maybe_unsed' because GCC is not capable to
>> inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
>>
>> With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE().
>>
>> Signed-off-by: Andrey Ryabinin 
>> ---
>>  include/linux/compiler-gcc.h | 13 ++
>>  include/linux/compiler.h | 60 
>> ++--
>>  2 files changed, 60 insertions(+), 13 deletions(-)
> 
> I am pretty sure that this patch is causing quite a bit of compile
> breakage in linux-next today.  During the day I compile with gcc 4.9.0
> and did not see any problems with c86_64 allmodconfig, or i386
> defconfig etc, but overnight we compile with older compilers (gcc 4.6.3
> in particular) and are getting quite a few errors:
> 

Looks like that older GCC doesn't like __alias (or combination of static 
__always_inline __alias).
It creates outline and unused copy of __read_once_size_check() function in the 
object file.
Should be easy to work around this.

> From an i386 allnoconfig build:
> 
> arch/x86/entry/vdso/vdso32.so.dbg: undefined symbols found
> /home/kisskb/slave/src/arch/x86/entry/vdso/Makefile:154: recipe for target 
> 'arch/x86/entry/vdso/vdso32.so.dbg' failed
> 
> From an x86_64 allnoconfig build:
> 
> arch/x86/entry/vdso/vclock_gettime.o: In function `__read_once_size_check':
> vclock_gettime.c:(.text+0x5f): undefined reference to `memcpy'
> arch/x86/entry/vdso/vgetcpu.o: In function `__read_once_size_check':
> vgetcpu.c:(.text+0x2f): undefined reference to `memcpy'
> 
> and several others ...
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())

2015-10-15 Thread Stephen Rothwell

Hi Andrey,

On Tue, 13 Oct 2015 18:28:07 +0300 Andrey Ryabinin  
wrote:
>
> Some code may perform racy by design memory reads. This could be harmless,
> yet such code may produce KASAN warnings.
> 
> To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK()
> macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK().
> 
> This patch creates __read_once_size_nocheck() a clone of
> __read_once_size_check() (renamed __read_once_size()).
> The only difference between them is 'no_sanitized_address' attribute
> appended to '*_nocheck' function. This attribute tells the compiler that
> instrumentation of memory accesses should not be applied to that function.
> We declare it as static '__maybe_unsed' because GCC is not capable to
> inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
> 
> With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE().
> 
> Signed-off-by: Andrey Ryabinin 
> ---
>  include/linux/compiler-gcc.h | 13 ++
>  include/linux/compiler.h | 60 
> ++--
>  2 files changed, 60 insertions(+), 13 deletions(-)

I am pretty sure that this patch is causing quite a bit of compile
breakage in linux-next today.  During the day I compile with gcc 4.9.0
and did not see any problems with c86_64 allmodconfig, or i386
defconfig etc, but overnight we compile with older compilers (gcc 4.6.3
in particular) and are getting quite a few errors:

>From an i386 allnoconfig build:

arch/x86/entry/vdso/vdso32.so.dbg: undefined symbols found
/home/kisskb/slave/src/arch/x86/entry/vdso/Makefile:154: recipe for target 
'arch/x86/entry/vdso/vdso32.so.dbg' failed

>From an x86_64 allnoconfig build:

arch/x86/entry/vdso/vclock_gettime.o: In function `__read_once_size_check':
vclock_gettime.c:(.text+0x5f): undefined reference to `memcpy'
arch/x86/entry/vdso/vgetcpu.o: In function `__read_once_size_check':
vgetcpu.c:(.text+0x2f): undefined reference to `memcpy'

and several others ...
-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH v3 1/2] Provide READ_ONCE_NOCHECK()

2015-10-13 Thread Andrey Ryabinin

Some code may perform racy by design memory reads. This could be harmless,
yet such code may produce KASAN warnings.

To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK()
macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK().

This patch creates __read_once_size_nocheck() a clone of
__read_once_size_check() (renamed __read_once_size()).
The only difference between them is 'no_sanitized_address' attribute
appended to '*_nocheck' function. This attribute tells the compiler that
instrumentation of memory accesses should not be applied to that function.
We declare it as static '__maybe_unsed' because GCC is not capable to
inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368

With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE().

Signed-off-by: Andrey Ryabinin 
---
 include/linux/compiler-gcc.h | 13 ++
 include/linux/compiler.h | 60 ++--
 2 files changed, 60 insertions(+), 13 deletions(-)

diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index dfaa7b3..f2a9aec 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -237,12 +237,25 @@
 #define KASAN_ABI_VERSION 3
 #endif
 
+#if GCC_VERSION >= 40902
+/*
+ * Tell the compiler that address safety instrumentation (KASAN)
+ * should not be applied to that function.
+ * Confilcts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
+ */
+#define __no_sanitize_address __attribute__((no_sanitize_address))
+#endif
+
 #endif /* gcc version >= 4 specific checks */
 
 #if !defined(__noclone)
 #define __noclone  /* not needed */
 #endif
 
+#if !defined(__no_sanitize_address)
+#define __no_sanitize_address
+#endif
+
 /*
  * A trick to suppress uninitialized variable warning without generating any
  * code
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index c836eb2..aa2ae4c 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -198,19 +198,42 @@ void ftrace_likely_update(struct ftrace_branch_data *f, 
int val, int expect);
 
 #include 
 
-static __always_inline void __read_once_size(const volatile void *p, void 
*res, int size)
+#define __READ_ONCE_SIZE   \
+({ \
+   switch (size) { \
+   case 1: *(__u8 *)res = *(volatile __u8 *)p; break;  \
+   case 2: *(__u16 *)res = *(volatile __u16 *)p; break;\
+   case 4: *(__u32 *)res = *(volatile __u32 *)p; break;\
+   case 8: *(__u64 *)res = *(volatile __u64 *)p; break;\
+   default:\
+   barrier();  \
+   __builtin_memcpy((void *)res, (const void *)p, size);   \
+   barrier();  \
+   }   \
+})
+
+static __always_inline
+void __read_once_size_check(const volatile void *p, void *res, int size)
 {
-   switch (size) {
-   case 1: *(__u8 *)res = *(volatile __u8 *)p; break;
-   case 2: *(__u16 *)res = *(volatile __u16 *)p; break;
-   case 4: *(__u32 *)res = *(volatile __u32 *)p; break;
-   case 8: *(__u64 *)res = *(volatile __u64 *)p; break;
-   default:
-   barrier();
-   __builtin_memcpy((void *)res, (const void *)p, size);
-   barrier();
-   }
+   __READ_ONCE_SIZE;
+}
+
+#ifdef CONFIG_KASAN
+/*
+ * This function is not 'inline' because __no_sanitize_address confilcts
+ * with inlining. Attempt to inline it may cause a build failure.
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
+ * '__maybe_unused' allows us to avoid defined-but-not-used warnings.
+ */
+static __no_sanitize_address __maybe_unused
+void __read_once_size_nocheck(const volatile void *p, void *res, int size)
+{
+   __READ_ONCE_SIZE;
 }
+#else
+static __always_inline __alias(__read_once_size_check)
+void __read_once_size_nocheck(const volatile void *p, void *res, int size);
+#endif
 
 static __always_inline void __write_once_size(volatile void *p, void *res, int 
size)
 {
@@ -248,8 +271,19 @@ static __always_inline void __write_once_size(volatile 
void *p, void *res, int s
  * required ordering.
  */
 
-#define READ_ONCE(x) \
-   ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), 
__u.__c, sizeof(x)); __u.__val; })
+#define __READ_ONCE(x, check)  \
+({ \
+   union { typeof(x) __val; char __c[1]; } __u;\
+   __read_once_size##check(&(x), __u.__c, sizeof(x));  \
+   __u.__val;  \
+})
+#define READ_ONCE(x)

[PATCH v3 1/2] Provide READ_ONCE_NOCHECK()

2015-10-13 Thread Andrey Ryabinin

Some code may perform racy by design memory reads. This could be harmless,
yet such code may produce KASAN warnings.

To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK()
macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK().

This patch creates __read_once_size_nocheck() a clone of
__read_once_size_check() (renamed __read_once_size()).
The only difference between them is 'no_sanitized_address' attribute
appended to '*_nocheck' function. This attribute tells the compiler that
instrumentation of memory accesses should not be applied to that function.
We declare it as static '__maybe_unsed' because GCC is not capable to
inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368

With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE().

Signed-off-by: Andrey Ryabinin 
---
 include/linux/compiler-gcc.h | 13 ++
 include/linux/compiler.h | 60 ++--
 2 files changed, 60 insertions(+), 13 deletions(-)

diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index dfaa7b3..f2a9aec 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -237,12 +237,25 @@
 #define KASAN_ABI_VERSION 3
 #endif
 
+#if GCC_VERSION >= 40902
+/*
+ * Tell the compiler that address safety instrumentation (KASAN)
+ * should not be applied to that function.
+ * Confilcts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
+ */
+#define __no_sanitize_address __attribute__((no_sanitize_address))
+#endif
+
 #endif /* gcc version >= 4 specific checks */
 
 #if !defined(__noclone)
 #define __noclone  /* not needed */
 #endif
 
+#if !defined(__no_sanitize_address)
+#define __no_sanitize_address
+#endif
+
 /*
  * A trick to suppress uninitialized variable warning without generating any
  * code
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index c836eb2..aa2ae4c 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -198,19 +198,42 @@ void ftrace_likely_update(struct ftrace_branch_data *f, 
int val, int expect);
 
 #include 
 
-static __always_inline void __read_once_size(const volatile void *p, void 
*res, int size)
+#define __READ_ONCE_SIZE   \
+({ \
+   switch (size) { \
+   case 1: *(__u8 *)res = *(volatile __u8 *)p; break;  \
+   case 2: *(__u16 *)res = *(volatile __u16 *)p; break;\
+   case 4: *(__u32 *)res = *(volatile __u32 *)p; break;\
+   case 8: *(__u64 *)res = *(volatile __u64 *)p; break;\
+   default:\
+   barrier();  \
+   __builtin_memcpy((void *)res, (const void *)p, size);   \
+   barrier();  \
+   }   \
+})
+
+static __always_inline
+void __read_once_size_check(const volatile void *p, void *res, int size)
 {
-   switch (size) {
-   case 1: *(__u8 *)res = *(volatile __u8 *)p; break;
-   case 2: *(__u16 *)res = *(volatile __u16 *)p; break;
-   case 4: *(__u32 *)res = *(volatile __u32 *)p; break;
-   case 8: *(__u64 *)res = *(volatile __u64 *)p; break;
-   default:
-   barrier();
-   __builtin_memcpy((void *)res, (const void *)p, size);
-   barrier();
-   }
+   __READ_ONCE_SIZE;
+}
+
+#ifdef CONFIG_KASAN
+/*
+ * This function is not 'inline' because __no_sanitize_address confilcts
+ * with inlining. Attempt to inline it may cause a build failure.
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
+ * '__maybe_unused' allows us to avoid defined-but-not-used warnings.
+ */
+static __no_sanitize_address __maybe_unused
+void __read_once_size_nocheck(const volatile void *p, void *res, int size)
+{
+   __READ_ONCE_SIZE;
 }
+#else
+static __always_inline __alias(__read_once_size_check)
+void __read_once_size_nocheck(const volatile void *p, void *res, int size);
+#endif
 
 static __always_inline void __write_once_size(volatile void *p, void *res, int 
size)
 {
@@ -248,8 +271,19 @@ static __always_inline void __write_once_size(volatile 
void *p, void *res, int s
  * required ordering.
  */
 
-#define READ_ONCE(x) \
-   ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), 
__u.__c, sizeof(x)); __u.__val; })
+#define __READ_ONCE(x, check)  \
+({ \
+   union { typeof(x) __val; char __c[1]; } __u;\
+   __read_once_size##check(&(x), __u.__c, sizeof(x));  \
+   __u.__val;  \
+})
+#define

Re: linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())

linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())

Re: linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())

linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())

[PATCH v3 1/2] Provide READ_ONCE_NOCHECK()

[PATCH v3 1/2] Provide READ_ONCE_NOCHECK()

6 matches

Site Navigation

Mail list logo

Footer information