Re: linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())
On 10/15/2015 12:18 PM, Stephen Rothwell wrote: > Hi Andrey, > > On Tue, 13 Oct 2015 18:28:07 +0300 Andrey Ryabinin > wrote: >> >> Some code may perform racy by design memory reads. This could be harmless, >> yet such code may produce KASAN warnings. >> >> To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK() >> macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK(). >> >> This patch creates __read_once_size_nocheck() a clone of >> __read_once_size_check() (renamed __read_once_size()). >> The only difference between them is 'no_sanitized_address' attribute >> appended to '*_nocheck' function. This attribute tells the compiler that >> instrumentation of memory accesses should not be applied to that function. >> We declare it as static '__maybe_unsed' because GCC is not capable to >> inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 >> >> With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE(). >> >> Signed-off-by: Andrey Ryabinin >> --- >> include/linux/compiler-gcc.h | 13 ++ >> include/linux/compiler.h | 60 >> ++-- >> 2 files changed, 60 insertions(+), 13 deletions(-) > > I am pretty sure that this patch is causing quite a bit of compile > breakage in linux-next today. During the day I compile with gcc 4.9.0 > and did not see any problems with c86_64 allmodconfig, or i386 > defconfig etc, but overnight we compile with older compilers (gcc 4.6.3 > in particular) and are getting quite a few errors: > Looks like that older GCC doesn't like __alias (or combination of static __always_inline __alias). It creates outline and unused copy of __read_once_size_check() function in the object file. Should be easy to work around this. > From an i386 allnoconfig build: > > arch/x86/entry/vdso/vdso32.so.dbg: undefined symbols found > /home/kisskb/slave/src/arch/x86/entry/vdso/Makefile:154: recipe for target > 'arch/x86/entry/vdso/vdso32.so.dbg' failed > > From an x86_64 allnoconfig build: > > arch/x86/entry/vdso/vclock_gettime.o: In function `__read_once_size_check': > vclock_gettime.c:(.text+0x5f): undefined reference to `memcpy' > arch/x86/entry/vdso/vgetcpu.o: In function `__read_once_size_check': > vgetcpu.c:(.text+0x2f): undefined reference to `memcpy' > > and several others ... > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())
Hi Andrey, On Tue, 13 Oct 2015 18:28:07 +0300 Andrey Ryabinin wrote: > > Some code may perform racy by design memory reads. This could be harmless, > yet such code may produce KASAN warnings. > > To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK() > macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK(). > > This patch creates __read_once_size_nocheck() a clone of > __read_once_size_check() (renamed __read_once_size()). > The only difference between them is 'no_sanitized_address' attribute > appended to '*_nocheck' function. This attribute tells the compiler that > instrumentation of memory accesses should not be applied to that function. > We declare it as static '__maybe_unsed' because GCC is not capable to > inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 > > With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE(). > > Signed-off-by: Andrey Ryabinin > --- > include/linux/compiler-gcc.h | 13 ++ > include/linux/compiler.h | 60 > ++-- > 2 files changed, 60 insertions(+), 13 deletions(-) I am pretty sure that this patch is causing quite a bit of compile breakage in linux-next today. During the day I compile with gcc 4.9.0 and did not see any problems with c86_64 allmodconfig, or i386 defconfig etc, but overnight we compile with older compilers (gcc 4.6.3 in particular) and are getting quite a few errors: >From an i386 allnoconfig build: arch/x86/entry/vdso/vdso32.so.dbg: undefined symbols found /home/kisskb/slave/src/arch/x86/entry/vdso/Makefile:154: recipe for target 'arch/x86/entry/vdso/vdso32.so.dbg' failed >From an x86_64 allnoconfig build: arch/x86/entry/vdso/vclock_gettime.o: In function `__read_once_size_check': vclock_gettime.c:(.text+0x5f): undefined reference to `memcpy' arch/x86/entry/vdso/vgetcpu.o: In function `__read_once_size_check': vgetcpu.c:(.text+0x2f): undefined reference to `memcpy' and several others ... -- Cheers, Stephen Rothwells...@canb.auug.org.au -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())
On 10/15/2015 12:18 PM, Stephen Rothwell wrote: > Hi Andrey, > > On Tue, 13 Oct 2015 18:28:07 +0300 Andrey Ryabinin> wrote: >> >> Some code may perform racy by design memory reads. This could be harmless, >> yet such code may produce KASAN warnings. >> >> To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK() >> macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK(). >> >> This patch creates __read_once_size_nocheck() a clone of >> __read_once_size_check() (renamed __read_once_size()). >> The only difference between them is 'no_sanitized_address' attribute >> appended to '*_nocheck' function. This attribute tells the compiler that >> instrumentation of memory accesses should not be applied to that function. >> We declare it as static '__maybe_unsed' because GCC is not capable to >> inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 >> >> With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE(). >> >> Signed-off-by: Andrey Ryabinin >> --- >> include/linux/compiler-gcc.h | 13 ++ >> include/linux/compiler.h | 60 >> ++-- >> 2 files changed, 60 insertions(+), 13 deletions(-) > > I am pretty sure that this patch is causing quite a bit of compile > breakage in linux-next today. During the day I compile with gcc 4.9.0 > and did not see any problems with c86_64 allmodconfig, or i386 > defconfig etc, but overnight we compile with older compilers (gcc 4.6.3 > in particular) and are getting quite a few errors: > Looks like that older GCC doesn't like __alias (or combination of static __always_inline __alias). It creates outline and unused copy of __read_once_size_check() function in the object file. Should be easy to work around this. > From an i386 allnoconfig build: > > arch/x86/entry/vdso/vdso32.so.dbg: undefined symbols found > /home/kisskb/slave/src/arch/x86/entry/vdso/Makefile:154: recipe for target > 'arch/x86/entry/vdso/vdso32.so.dbg' failed > > From an x86_64 allnoconfig build: > > arch/x86/entry/vdso/vclock_gettime.o: In function `__read_once_size_check': > vclock_gettime.c:(.text+0x5f): undefined reference to `memcpy' > arch/x86/entry/vdso/vgetcpu.o: In function `__read_once_size_check': > vgetcpu.c:(.text+0x2f): undefined reference to `memcpy' > > and several others ... > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
linux-next: build problems (Was: [PATCH v3 1/2] Provide READ_ONCE_NOCHECK())
Hi Andrey, On Tue, 13 Oct 2015 18:28:07 +0300 Andrey Ryabininwrote: > > Some code may perform racy by design memory reads. This could be harmless, > yet such code may produce KASAN warnings. > > To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK() > macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK(). > > This patch creates __read_once_size_nocheck() a clone of > __read_once_size_check() (renamed __read_once_size()). > The only difference between them is 'no_sanitized_address' attribute > appended to '*_nocheck' function. This attribute tells the compiler that > instrumentation of memory accesses should not be applied to that function. > We declare it as static '__maybe_unsed' because GCC is not capable to > inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 > > With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE(). > > Signed-off-by: Andrey Ryabinin > --- > include/linux/compiler-gcc.h | 13 ++ > include/linux/compiler.h | 60 > ++-- > 2 files changed, 60 insertions(+), 13 deletions(-) I am pretty sure that this patch is causing quite a bit of compile breakage in linux-next today. During the day I compile with gcc 4.9.0 and did not see any problems with c86_64 allmodconfig, or i386 defconfig etc, but overnight we compile with older compilers (gcc 4.6.3 in particular) and are getting quite a few errors: >From an i386 allnoconfig build: arch/x86/entry/vdso/vdso32.so.dbg: undefined symbols found /home/kisskb/slave/src/arch/x86/entry/vdso/Makefile:154: recipe for target 'arch/x86/entry/vdso/vdso32.so.dbg' failed >From an x86_64 allnoconfig build: arch/x86/entry/vdso/vclock_gettime.o: In function `__read_once_size_check': vclock_gettime.c:(.text+0x5f): undefined reference to `memcpy' arch/x86/entry/vdso/vgetcpu.o: In function `__read_once_size_check': vgetcpu.c:(.text+0x2f): undefined reference to `memcpy' and several others ... -- Cheers, Stephen Rothwells...@canb.auug.org.au -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v3 1/2] Provide READ_ONCE_NOCHECK()
Some code may perform racy by design memory reads. This could be harmless, yet such code may produce KASAN warnings. To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK() macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK(). This patch creates __read_once_size_nocheck() a clone of __read_once_size_check() (renamed __read_once_size()). The only difference between them is 'no_sanitized_address' attribute appended to '*_nocheck' function. This attribute tells the compiler that instrumentation of memory accesses should not be applied to that function. We declare it as static '__maybe_unsed' because GCC is not capable to inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE(). Signed-off-by: Andrey Ryabinin --- include/linux/compiler-gcc.h | 13 ++ include/linux/compiler.h | 60 ++-- 2 files changed, 60 insertions(+), 13 deletions(-) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index dfaa7b3..f2a9aec 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -237,12 +237,25 @@ #define KASAN_ABI_VERSION 3 #endif +#if GCC_VERSION >= 40902 +/* + * Tell the compiler that address safety instrumentation (KASAN) + * should not be applied to that function. + * Confilcts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 + */ +#define __no_sanitize_address __attribute__((no_sanitize_address)) +#endif + #endif /* gcc version >= 4 specific checks */ #if !defined(__noclone) #define __noclone /* not needed */ #endif +#if !defined(__no_sanitize_address) +#define __no_sanitize_address +#endif + /* * A trick to suppress uninitialized variable warning without generating any * code diff --git a/include/linux/compiler.h b/include/linux/compiler.h index c836eb2..aa2ae4c 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -198,19 +198,42 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); #include -static __always_inline void __read_once_size(const volatile void *p, void *res, int size) +#define __READ_ONCE_SIZE \ +({ \ + switch (size) { \ + case 1: *(__u8 *)res = *(volatile __u8 *)p; break; \ + case 2: *(__u16 *)res = *(volatile __u16 *)p; break;\ + case 4: *(__u32 *)res = *(volatile __u32 *)p; break;\ + case 8: *(__u64 *)res = *(volatile __u64 *)p; break;\ + default:\ + barrier(); \ + __builtin_memcpy((void *)res, (const void *)p, size); \ + barrier(); \ + } \ +}) + +static __always_inline +void __read_once_size_check(const volatile void *p, void *res, int size) { - switch (size) { - case 1: *(__u8 *)res = *(volatile __u8 *)p; break; - case 2: *(__u16 *)res = *(volatile __u16 *)p; break; - case 4: *(__u32 *)res = *(volatile __u32 *)p; break; - case 8: *(__u64 *)res = *(volatile __u64 *)p; break; - default: - barrier(); - __builtin_memcpy((void *)res, (const void *)p, size); - barrier(); - } + __READ_ONCE_SIZE; +} + +#ifdef CONFIG_KASAN +/* + * This function is not 'inline' because __no_sanitize_address confilcts + * with inlining. Attempt to inline it may cause a build failure. + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 + * '__maybe_unused' allows us to avoid defined-but-not-used warnings. + */ +static __no_sanitize_address __maybe_unused +void __read_once_size_nocheck(const volatile void *p, void *res, int size) +{ + __READ_ONCE_SIZE; } +#else +static __always_inline __alias(__read_once_size_check) +void __read_once_size_nocheck(const volatile void *p, void *res, int size); +#endif static __always_inline void __write_once_size(volatile void *p, void *res, int size) { @@ -248,8 +271,19 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s * required ordering. */ -#define READ_ONCE(x) \ - ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), __u.__c, sizeof(x)); __u.__val; }) +#define __READ_ONCE(x, check) \ +({ \ + union { typeof(x) __val; char __c[1]; } __u;\ + __read_once_size##check(&(x), __u.__c, sizeof(x)); \ + __u.__val; \ +}) +#define READ_ONCE(x)
[PATCH v3 1/2] Provide READ_ONCE_NOCHECK()
Some code may perform racy by design memory reads. This could be harmless, yet such code may produce KASAN warnings. To hide such accesses from KASAN this patch introduces READ_ONCE_NOCHECK() macro. KASAN will not check the memory accessed by READ_ONCE_NOCHECK(). This patch creates __read_once_size_nocheck() a clone of __read_once_size_check() (renamed __read_once_size()). The only difference between them is 'no_sanitized_address' attribute appended to '*_nocheck' function. This attribute tells the compiler that instrumentation of memory accesses should not be applied to that function. We declare it as static '__maybe_unsed' because GCC is not capable to inline such function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 With KASAN=n READ_ONCE_NOCHECK() is just a clone of READ_ONCE(). Signed-off-by: Andrey Ryabinin--- include/linux/compiler-gcc.h | 13 ++ include/linux/compiler.h | 60 ++-- 2 files changed, 60 insertions(+), 13 deletions(-) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index dfaa7b3..f2a9aec 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -237,12 +237,25 @@ #define KASAN_ABI_VERSION 3 #endif +#if GCC_VERSION >= 40902 +/* + * Tell the compiler that address safety instrumentation (KASAN) + * should not be applied to that function. + * Confilcts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 + */ +#define __no_sanitize_address __attribute__((no_sanitize_address)) +#endif + #endif /* gcc version >= 4 specific checks */ #if !defined(__noclone) #define __noclone /* not needed */ #endif +#if !defined(__no_sanitize_address) +#define __no_sanitize_address +#endif + /* * A trick to suppress uninitialized variable warning without generating any * code diff --git a/include/linux/compiler.h b/include/linux/compiler.h index c836eb2..aa2ae4c 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -198,19 +198,42 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); #include -static __always_inline void __read_once_size(const volatile void *p, void *res, int size) +#define __READ_ONCE_SIZE \ +({ \ + switch (size) { \ + case 1: *(__u8 *)res = *(volatile __u8 *)p; break; \ + case 2: *(__u16 *)res = *(volatile __u16 *)p; break;\ + case 4: *(__u32 *)res = *(volatile __u32 *)p; break;\ + case 8: *(__u64 *)res = *(volatile __u64 *)p; break;\ + default:\ + barrier(); \ + __builtin_memcpy((void *)res, (const void *)p, size); \ + barrier(); \ + } \ +}) + +static __always_inline +void __read_once_size_check(const volatile void *p, void *res, int size) { - switch (size) { - case 1: *(__u8 *)res = *(volatile __u8 *)p; break; - case 2: *(__u16 *)res = *(volatile __u16 *)p; break; - case 4: *(__u32 *)res = *(volatile __u32 *)p; break; - case 8: *(__u64 *)res = *(volatile __u64 *)p; break; - default: - barrier(); - __builtin_memcpy((void *)res, (const void *)p, size); - barrier(); - } + __READ_ONCE_SIZE; +} + +#ifdef CONFIG_KASAN +/* + * This function is not 'inline' because __no_sanitize_address confilcts + * with inlining. Attempt to inline it may cause a build failure. + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368 + * '__maybe_unused' allows us to avoid defined-but-not-used warnings. + */ +static __no_sanitize_address __maybe_unused +void __read_once_size_nocheck(const volatile void *p, void *res, int size) +{ + __READ_ONCE_SIZE; } +#else +static __always_inline __alias(__read_once_size_check) +void __read_once_size_nocheck(const volatile void *p, void *res, int size); +#endif static __always_inline void __write_once_size(volatile void *p, void *res, int size) { @@ -248,8 +271,19 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s * required ordering. */ -#define READ_ONCE(x) \ - ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), __u.__c, sizeof(x)); __u.__val; }) +#define __READ_ONCE(x, check) \ +({ \ + union { typeof(x) __val; char __c[1]; } __u;\ + __read_once_size##check(&(x), __u.__c, sizeof(x)); \ + __u.__val; \ +}) +#define