Merge tag 'kcsan.2021.11.11a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu

+3

include/linux/kcsan-checks.h

··· 100 100 /* Scoped access information. */ 101 101 struct kcsan_scoped_access { 102 102 struct list_head list; 103 + /* Access information. */ 103 104 const volatile void *ptr; 104 105 size_t size; 105 106 int type; 107 + /* Location where scoped access was set up. */ 108 + unsigned long ip; 106 109 }; 107 110 /* 108 111 * Automatically call kcsan_end_scoped_access() when kcsan_scoped_access goes

+43 -32

kernel/kcsan/core.c

··· 202 202 return in_task() ? &current->kcsan_ctx : raw_cpu_ptr(&kcsan_cpu_ctx); 203 203 } 204 204 205 + static __always_inline void 206 + check_access(const volatile void *ptr, size_t size, int type, unsigned long ip); 207 + 205 208 /* Check scoped accesses; never inline because this is a slow-path! */ 206 209 static noinline void kcsan_check_scoped_accesses(void) 207 210 { ··· 213 210 struct kcsan_scoped_access *scoped_access; 214 211 215 212 ctx->scoped_accesses.prev = NULL; /* Avoid recursion. */ 216 - list_for_each_entry(scoped_access, &ctx->scoped_accesses, list) 217 - __kcsan_check_access(scoped_access->ptr, scoped_access->size, scoped_access->type); 213 + list_for_each_entry(scoped_access, &ctx->scoped_accesses, list) { 214 + check_access(scoped_access->ptr, scoped_access->size, 215 + scoped_access->type, scoped_access->ip); 216 + } 218 217 ctx->scoped_accesses.prev = prev_save; 219 218 } 220 219 221 220 /* Rules for generic atomic accesses. Called from fast-path. */ 222 221 static __always_inline bool 223 - is_atomic(const volatile void *ptr, size_t size, int type, struct kcsan_ctx *ctx) 222 + is_atomic(struct kcsan_ctx *ctx, const volatile void *ptr, size_t size, int type) 224 223 { 225 224 if (type & KCSAN_ACCESS_ATOMIC) 226 225 return true; ··· 259 254 } 260 255 261 256 static __always_inline bool 262 - should_watch(const volatile void *ptr, size_t size, int type, struct kcsan_ctx *ctx) 257 + should_watch(struct kcsan_ctx *ctx, const volatile void *ptr, size_t size, int type) 263 258 { 264 259 /* 265 260 * Never set up watchpoints when memory operations are atomic. ··· 268 263 * should not count towards skipped instructions, and (2) to actually 269 264 * decrement kcsan_atomic_next for consecutive instruction stream. 270 265 */ 271 - if (is_atomic(ptr, size, type, ctx)) 266 + if (is_atomic(ctx, ptr, size, type)) 272 267 return false; 273 268 274 269 if (this_cpu_dec_return(kcsan_skip) >= 0) ··· 355 350 static noinline void kcsan_found_watchpoint(const volatile void *ptr, 356 351 size_t size, 357 352 int type, 353 + unsigned long ip, 358 354 atomic_long_t *watchpoint, 359 355 long encoded_watchpoint) 360 356 { ··· 402 396 403 397 if (consumed) { 404 398 kcsan_save_irqtrace(current); 405 - kcsan_report_set_info(ptr, size, type, watchpoint - watchpoints); 399 + kcsan_report_set_info(ptr, size, type, ip, watchpoint - watchpoints); 406 400 kcsan_restore_irqtrace(current); 407 401 } else { 408 402 /* ··· 422 416 } 423 417 424 418 static noinline void 425 - kcsan_setup_watchpoint(const volatile void *ptr, size_t size, int type) 419 + kcsan_setup_watchpoint(const volatile void *ptr, size_t size, int type, unsigned long ip) 426 420 { 427 421 const bool is_write = (type & KCSAN_ACCESS_WRITE) != 0; 428 422 const bool is_assert = (type & KCSAN_ACCESS_ASSERT) != 0; ··· 574 568 if (is_assert && value_change == KCSAN_VALUE_CHANGE_TRUE) 575 569 atomic_long_inc(&kcsan_counters[KCSAN_COUNTER_ASSERT_FAILURES]); 576 570 577 - kcsan_report_known_origin(ptr, size, type, value_change, 578 - watchpoint - watchpoints, 571 + kcsan_report_known_origin(ptr, size, type, ip, 572 + value_change, watchpoint - watchpoints, 579 573 old, new, access_mask); 580 574 } else if (value_change == KCSAN_VALUE_CHANGE_TRUE) { 581 575 /* Inferring a race, since the value should not have changed. */ ··· 584 578 if (is_assert) 585 579 atomic_long_inc(&kcsan_counters[KCSAN_COUNTER_ASSERT_FAILURES]); 586 580 587 - if (IS_ENABLED(CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN) || is_assert) 588 - kcsan_report_unknown_origin(ptr, size, type, old, new, access_mask); 581 + if (IS_ENABLED(CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN) || is_assert) { 582 + kcsan_report_unknown_origin(ptr, size, type, ip, 583 + old, new, access_mask); 584 + } 589 585 } 590 586 591 587 /* ··· 604 596 user_access_restore(ua_flags); 605 597 } 606 598 607 - static __always_inline void check_access(const volatile void *ptr, size_t size, 608 - int type) 599 + static __always_inline void 600 + check_access(const volatile void *ptr, size_t size, int type, unsigned long ip) 609 601 { 610 602 const bool is_write = (type & KCSAN_ACCESS_WRITE) != 0; 611 603 atomic_long_t *watchpoint; ··· 633 625 */ 634 626 635 627 if (unlikely(watchpoint != NULL)) 636 - kcsan_found_watchpoint(ptr, size, type, watchpoint, 637 - encoded_watchpoint); 628 + kcsan_found_watchpoint(ptr, size, type, ip, watchpoint, encoded_watchpoint); 638 629 else { 639 630 struct kcsan_ctx *ctx = get_ctx(); /* Call only once in fast-path. */ 640 631 641 - if (unlikely(should_watch(ptr, size, type, ctx))) 642 - kcsan_setup_watchpoint(ptr, size, type); 632 + if (unlikely(should_watch(ctx, ptr, size, type))) 633 + kcsan_setup_watchpoint(ptr, size, type, ip); 643 634 else if (unlikely(ctx->scoped_accesses.prev)) 644 635 kcsan_check_scoped_accesses(); 645 636 } ··· 764 757 { 765 758 struct kcsan_ctx *ctx = get_ctx(); 766 759 767 - __kcsan_check_access(ptr, size, type); 760 + check_access(ptr, size, type, _RET_IP_); 768 761 769 762 ctx->disable_count++; /* Disable KCSAN, in case list debugging is on. */ 770 763 ··· 772 765 sa->ptr = ptr; 773 766 sa->size = size; 774 767 sa->type = type; 768 + sa->ip = _RET_IP_; 775 769 776 770 if (!ctx->scoped_accesses.prev) /* Lazy initialize list head. */ 777 771 INIT_LIST_HEAD(&ctx->scoped_accesses); ··· 804 796 805 797 ctx->disable_count--; 806 798 807 - __kcsan_check_access(sa->ptr, sa->size, sa->type); 799 + check_access(sa->ptr, sa->size, sa->type, sa->ip); 808 800 } 809 801 EXPORT_SYMBOL(kcsan_end_scoped_access); 810 802 811 803 void __kcsan_check_access(const volatile void *ptr, size_t size, int type) 812 804 { 813 - check_access(ptr, size, type); 805 + check_access(ptr, size, type, _RET_IP_); 814 806 } 815 807 EXPORT_SYMBOL(__kcsan_check_access); 816 808 ··· 831 823 void __tsan_read##size(void *ptr); \ 832 824 void __tsan_read##size(void *ptr) \ 833 825 { \ 834 - check_access(ptr, size, 0); \ 826 + check_access(ptr, size, 0, _RET_IP_); \ 835 827 } \ 836 828 EXPORT_SYMBOL(__tsan_read##size); \ 837 829 void __tsan_unaligned_read##size(void *ptr) \ ··· 840 832 void __tsan_write##size(void *ptr); \ 841 833 void __tsan_write##size(void *ptr) \ 842 834 { \ 843 - check_access(ptr, size, KCSAN_ACCESS_WRITE); \ 835 + check_access(ptr, size, KCSAN_ACCESS_WRITE, _RET_IP_); \ 844 836 } \ 845 837 EXPORT_SYMBOL(__tsan_write##size); \ 846 838 void __tsan_unaligned_write##size(void *ptr) \ ··· 850 842 void __tsan_read_write##size(void *ptr) \ 851 843 { \ 852 844 check_access(ptr, size, \ 853 - KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE); \ 845 + KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE, \ 846 + _RET_IP_); \ 854 847 } \ 855 848 EXPORT_SYMBOL(__tsan_read_write##size); \ 856 849 void __tsan_unaligned_read_write##size(void *ptr) \ ··· 867 858 void __tsan_read_range(void *ptr, size_t size); 868 859 void __tsan_read_range(void *ptr, size_t size) 869 860 { 870 - check_access(ptr, size, 0); 861 + check_access(ptr, size, 0, _RET_IP_); 871 862 } 872 863 EXPORT_SYMBOL(__tsan_read_range); 873 864 874 865 void __tsan_write_range(void *ptr, size_t size); 875 866 void __tsan_write_range(void *ptr, size_t size) 876 867 { 877 - check_access(ptr, size, KCSAN_ACCESS_WRITE); 868 + check_access(ptr, size, KCSAN_ACCESS_WRITE, _RET_IP_); 878 869 } 879 870 EXPORT_SYMBOL(__tsan_write_range); 880 871 ··· 895 886 IS_ALIGNED((unsigned long)ptr, size); \ 896 887 if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS) && is_atomic) \ 897 888 return; \ 898 - check_access(ptr, size, is_atomic ? KCSAN_ACCESS_ATOMIC : 0); \ 889 + check_access(ptr, size, is_atomic ? KCSAN_ACCESS_ATOMIC : 0, \ 890 + _RET_IP_); \ 899 891 } \ 900 892 EXPORT_SYMBOL(__tsan_volatile_read##size); \ 901 893 void __tsan_unaligned_volatile_read##size(void *ptr) \ ··· 911 901 return; \ 912 902 check_access(ptr, size, \ 913 903 KCSAN_ACCESS_WRITE | \ 914 - (is_atomic ? KCSAN_ACCESS_ATOMIC : 0)); \ 904 + (is_atomic ? KCSAN_ACCESS_ATOMIC : 0), \ 905 + _RET_IP_); \ 915 906 } \ 916 907 EXPORT_SYMBOL(__tsan_volatile_write##size); \ 917 908 void __tsan_unaligned_volatile_write##size(void *ptr) \ ··· 966 955 u##bits __tsan_atomic##bits##_load(const u##bits *ptr, int memorder) \ 967 956 { \ 968 957 if (!IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) { \ 969 - check_access(ptr, bits / BITS_PER_BYTE, KCSAN_ACCESS_ATOMIC); \ 958 + check_access(ptr, bits / BITS_PER_BYTE, KCSAN_ACCESS_ATOMIC, _RET_IP_); \ 970 959 } \ 971 960 return __atomic_load_n(ptr, memorder); \ 972 961 } \ ··· 976 965 { \ 977 966 if (!IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) { \ 978 967 check_access(ptr, bits / BITS_PER_BYTE, \ 979 - KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC); \ 968 + KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC, _RET_IP_); \ 980 969 } \ 981 970 __atomic_store_n(ptr, v, memorder); \ 982 971 } \ ··· 989 978 if (!IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) { \ 990 979 check_access(ptr, bits / BITS_PER_BYTE, \ 991 980 KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE | \ 992 - KCSAN_ACCESS_ATOMIC); \ 981 + KCSAN_ACCESS_ATOMIC, _RET_IP_); \ 993 982 } \ 994 983 return __atomic_##op##suffix(ptr, v, memorder); \ 995 984 } \ ··· 1021 1010 if (!IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) { \ 1022 1011 check_access(ptr, bits / BITS_PER_BYTE, \ 1023 1012 KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE | \ 1024 - KCSAN_ACCESS_ATOMIC); \ 1013 + KCSAN_ACCESS_ATOMIC, _RET_IP_); \ 1025 1014 } \ 1026 1015 return __atomic_compare_exchange_n(ptr, exp, val, weak, mo, fail_mo); \ 1027 1016 } \ ··· 1036 1025 if (!IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) { \ 1037 1026 check_access(ptr, bits / BITS_PER_BYTE, \ 1038 1027 KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE | \ 1039 - KCSAN_ACCESS_ATOMIC); \ 1028 + KCSAN_ACCESS_ATOMIC, _RET_IP_); \ 1040 1029 } \ 1041 1030 __atomic_compare_exchange_n(ptr, &exp, val, 0, mo, fail_mo); \ 1042 1031 return exp; \

+4 -4

kernel/kcsan/kcsan.h

··· 121 121 * to be consumed by the reporting thread. No report is printed yet. 122 122 */ 123 123 void kcsan_report_set_info(const volatile void *ptr, size_t size, int access_type, 124 - int watchpoint_idx); 124 + unsigned long ip, int watchpoint_idx); 125 125 126 126 /* 127 127 * The calling thread observed that the watchpoint it set up was hit and ··· 129 129 * thread. 130 130 */ 131 131 void kcsan_report_known_origin(const volatile void *ptr, size_t size, int access_type, 132 - enum kcsan_value_change value_change, int watchpoint_idx, 133 - u64 old, u64 new, u64 mask); 132 + unsigned long ip, enum kcsan_value_change value_change, 133 + int watchpoint_idx, u64 old, u64 new, u64 mask); 134 134 135 135 /* 136 136 * No other thread was observed to race with the access, but the data value 137 137 * before and after the stall differs. Reports a race of "unknown origin". 138 138 */ 139 139 void kcsan_report_unknown_origin(const volatile void *ptr, size_t size, int access_type, 140 - u64 old, u64 new, u64 mask); 140 + unsigned long ip, u64 old, u64 new, u64 mask); 141 141 142 142 #endif /* _KERNEL_KCSAN_KCSAN_H */

+42 -20

kernel/kcsan/kcsan_test.c

··· 29 29 #include <linux/types.h> 30 30 #include <trace/events/printk.h> 31 31 32 + #define KCSAN_TEST_REQUIRES(test, cond) do { \ 33 + if (!(cond)) \ 34 + kunit_skip((test), "Test requires: " #cond); \ 35 + } while (0) 36 + 32 37 #ifdef CONFIG_CC_HAS_TSAN_COMPOUND_READ_BEFORE_WRITE 33 38 #define __KCSAN_ACCESS_RW(alt) (KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE) 34 39 #else ··· 210 205 "read-write" : 211 206 "write") : 212 207 "read"); 208 + const bool is_atomic = (ty & KCSAN_ACCESS_ATOMIC); 209 + const bool is_scoped = (ty & KCSAN_ACCESS_SCOPED); 213 210 const char *const access_type_aux = 214 - (ty & KCSAN_ACCESS_ATOMIC) ? 215 - " (marked)" : 216 - ((ty & KCSAN_ACCESS_SCOPED) ? " (scoped)" : ""); 211 + (is_atomic && is_scoped) ? " (marked, scoped)" 212 + : (is_atomic ? " (marked)" 213 + : (is_scoped ? " (scoped)" : "")); 217 214 218 215 if (i == 1) { 219 216 /* Access 2 */ ··· 340 333 ASSERT_EXCLUSIVE_BITS(test_var, ~TEST_CHANGE_BITS); 341 334 } 342 335 343 - /* To check that scoped assertions do trigger anywhere in scope. */ 336 + /* 337 + * Scoped assertions do trigger anywhere in scope. However, the report should 338 + * still only point at the start of the scope. 339 + */ 344 340 static noinline void test_enter_scope(void) 345 341 { 346 342 int x = 0; ··· 498 488 __no_kcsan 499 489 static void test_novalue_change(struct kunit *test) 500 490 { 501 - const struct expect_report expect = { 491 + const struct expect_report expect_rw = { 502 492 .access = { 503 493 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE }, 504 494 { test_kernel_read, &test_var, sizeof(test_var), 0 }, 505 495 }, 506 496 }; 497 + const struct expect_report expect_ww = { 498 + .access = { 499 + { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE }, 500 + { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE }, 501 + }, 502 + }; 507 503 bool match_expect = false; 508 504 505 + test_kernel_write_nochange(); /* Reset value. */ 509 506 begin_test_checks(test_kernel_write_nochange, test_kernel_read); 510 507 do { 511 - match_expect = report_matches(&expect); 508 + match_expect = report_matches(&expect_rw) || report_matches(&expect_ww); 512 509 } while (!end_test_checks(match_expect)); 513 510 if (IS_ENABLED(CONFIG_KCSAN_REPORT_VALUE_CHANGE_ONLY)) 514 511 KUNIT_EXPECT_FALSE(test, match_expect); ··· 530 513 __no_kcsan 531 514 static void test_novalue_change_exception(struct kunit *test) 532 515 { 533 - const struct expect_report expect = { 516 + const struct expect_report expect_rw = { 534 517 .access = { 535 518 { test_kernel_write_nochange_rcu, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE }, 536 519 { test_kernel_read, &test_var, sizeof(test_var), 0 }, 537 520 }, 538 521 }; 522 + const struct expect_report expect_ww = { 523 + .access = { 524 + { test_kernel_write_nochange_rcu, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE }, 525 + { test_kernel_write_nochange_rcu, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE }, 526 + }, 527 + }; 539 528 bool match_expect = false; 540 529 530 + test_kernel_write_nochange_rcu(); /* Reset value. */ 541 531 begin_test_checks(test_kernel_write_nochange_rcu, test_kernel_read); 542 532 do { 543 - match_expect = report_matches(&expect); 533 + match_expect = report_matches(&expect_rw) || report_matches(&expect_ww); 544 534 } while (!end_test_checks(match_expect)); 545 535 KUNIT_EXPECT_TRUE(test, match_expect); 546 536 } ··· 666 642 }; 667 643 bool match_expect = false; 668 644 669 - if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) 670 - return; 645 + KCSAN_TEST_REQUIRES(test, !IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)); 671 646 672 647 begin_test_checks(test_kernel_read, test_kernel_write_atomic); 673 648 do { ··· 688 665 }; 689 666 bool match_expect = false; 690 667 691 - if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) 692 - return; 668 + KCSAN_TEST_REQUIRES(test, !IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)); 693 669 694 670 begin_test_checks(test_kernel_read, test_kernel_atomic_rmw); 695 671 do { ··· 850 828 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE }, 851 829 }, 852 830 }; 853 - const struct expect_report expect_anywhere = { 831 + const struct expect_report expect_inscope = { 854 832 .access = { 855 833 { test_enter_scope, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_SCOPED }, 856 834 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE }, 857 835 }, 858 836 }; 859 837 bool match_expect_start = false; 860 - bool match_expect_anywhere = false; 838 + bool match_expect_inscope = false; 861 839 862 840 begin_test_checks(test_kernel_assert_writer_scoped, test_kernel_write_nochange); 863 841 do { 864 842 match_expect_start |= report_matches(&expect_start); 865 - match_expect_anywhere |= report_matches(&expect_anywhere); 866 - } while (!end_test_checks(match_expect_start && match_expect_anywhere)); 843 + match_expect_inscope |= report_matches(&expect_inscope); 844 + } while (!end_test_checks(match_expect_inscope)); 867 845 KUNIT_EXPECT_TRUE(test, match_expect_start); 868 - KUNIT_EXPECT_TRUE(test, match_expect_anywhere); 846 + KUNIT_EXPECT_FALSE(test, match_expect_inscope); 869 847 } 870 848 871 849 __no_kcsan ··· 894 872 do { 895 873 match_expect_start |= report_matches(&expect_start1) || report_matches(&expect_start2); 896 874 match_expect_inscope |= report_matches(&expect_inscope); 897 - } while (!end_test_checks(match_expect_start && match_expect_inscope)); 875 + } while (!end_test_checks(match_expect_inscope)); 898 876 KUNIT_EXPECT_TRUE(test, match_expect_start); 899 - KUNIT_EXPECT_TRUE(test, match_expect_inscope); 877 + KUNIT_EXPECT_FALSE(test, match_expect_inscope); 900 878 } 901 879 902 880 /* ··· 1246 1224 tracepoint_synchronize_unregister(); 1247 1225 } 1248 1226 1249 - late_initcall(kcsan_test_init); 1227 + late_initcall_sync(kcsan_test_init); 1250 1228 module_exit(kcsan_test_exit); 1251 1229 1252 1230 MODULE_LICENSE("GPL v2");

+64 -13

kernel/kcsan/report.c

··· 8 8 #include <linux/debug_locks.h> 9 9 #include <linux/delay.h> 10 10 #include <linux/jiffies.h> 11 + #include <linux/kallsyms.h> 11 12 #include <linux/kernel.h> 12 13 #include <linux/lockdep.h> 13 14 #include <linux/preempt.h> ··· 32 31 int access_type; 33 32 int task_pid; 34 33 int cpu_id; 34 + unsigned long ip; 35 35 }; 36 36 37 37 /* ··· 247 245 return "write (scoped)"; 248 246 case KCSAN_ACCESS_SCOPED | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC: 249 247 return "write (marked, scoped)"; 248 + case KCSAN_ACCESS_SCOPED | KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE: 249 + return "read-write (scoped)"; 250 + case KCSAN_ACCESS_SCOPED | KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC: 251 + return "read-write (marked, scoped)"; 250 252 default: 251 253 BUG(); 252 254 } ··· 306 300 return skip; 307 301 } 308 302 303 + /* 304 + * Skips to the first entry that matches the function of @ip, and then replaces 305 + * that entry with @ip, returning the entries to skip. 306 + */ 307 + static int 308 + replace_stack_entry(unsigned long stack_entries[], int num_entries, unsigned long ip) 309 + { 310 + unsigned long symbolsize, offset; 311 + unsigned long target_func; 312 + int skip; 313 + 314 + if (kallsyms_lookup_size_offset(ip, &symbolsize, &offset)) 315 + target_func = ip - offset; 316 + else 317 + goto fallback; 318 + 319 + for (skip = 0; skip < num_entries; ++skip) { 320 + unsigned long func = stack_entries[skip]; 321 + 322 + if (!kallsyms_lookup_size_offset(func, &symbolsize, &offset)) 323 + goto fallback; 324 + func -= offset; 325 + 326 + if (func == target_func) { 327 + stack_entries[skip] = ip; 328 + return skip; 329 + } 330 + } 331 + 332 + fallback: 333 + /* Should not happen; the resulting stack trace is likely misleading. */ 334 + WARN_ONCE(1, "Cannot find frame for %pS in stack trace", (void *)ip); 335 + return get_stack_skipnr(stack_entries, num_entries); 336 + } 337 + 338 + static int 339 + sanitize_stack_entries(unsigned long stack_entries[], int num_entries, unsigned long ip) 340 + { 341 + return ip ? replace_stack_entry(stack_entries, num_entries, ip) : 342 + get_stack_skipnr(stack_entries, num_entries); 343 + } 344 + 309 345 /* Compares symbolized strings of addr1 and addr2. */ 310 346 static int sym_strcmp(void *addr1, void *addr2) 311 347 { ··· 375 327 376 328 static void print_report(enum kcsan_value_change value_change, 377 329 const struct access_info *ai, 378 - const struct other_info *other_info, 330 + struct other_info *other_info, 379 331 u64 old, u64 new, u64 mask) 380 332 { 381 333 unsigned long stack_entries[NUM_STACK_ENTRIES] = { 0 }; 382 334 int num_stack_entries = stack_trace_save(stack_entries, NUM_STACK_ENTRIES, 1); 383 - int skipnr = get_stack_skipnr(stack_entries, num_stack_entries); 335 + int skipnr = sanitize_stack_entries(stack_entries, num_stack_entries, ai->ip); 384 336 unsigned long this_frame = stack_entries[skipnr]; 385 337 unsigned long other_frame = 0; 386 338 int other_skipnr = 0; /* silence uninit warnings */ ··· 392 344 return; 393 345 394 346 if (other_info) { 395 - other_skipnr = get_stack_skipnr(other_info->stack_entries, 396 - other_info->num_stack_entries); 347 + other_skipnr = sanitize_stack_entries(other_info->stack_entries, 348 + other_info->num_stack_entries, 349 + other_info->ai.ip); 397 350 other_frame = other_info->stack_entries[other_skipnr]; 398 351 399 352 /* @value_change is only known for the other thread */ ··· 625 576 } 626 577 627 578 static struct access_info prepare_access_info(const volatile void *ptr, size_t size, 628 - int access_type) 579 + int access_type, unsigned long ip) 629 580 { 630 581 return (struct access_info) { 631 582 .ptr = ptr, 632 583 .size = size, 633 584 .access_type = access_type, 634 585 .task_pid = in_task() ? task_pid_nr(current) : -1, 635 - .cpu_id = raw_smp_processor_id() 586 + .cpu_id = raw_smp_processor_id(), 587 + /* Only replace stack entry with @ip if scoped access. */ 588 + .ip = (access_type & KCSAN_ACCESS_SCOPED) ? ip : 0, 636 589 }; 637 590 } 638 591 639 592 void kcsan_report_set_info(const volatile void *ptr, size_t size, int access_type, 640 - int watchpoint_idx) 593 + unsigned long ip, int watchpoint_idx) 641 594 { 642 - const struct access_info ai = prepare_access_info(ptr, size, access_type); 595 + const struct access_info ai = prepare_access_info(ptr, size, access_type, ip); 643 596 unsigned long flags; 644 597 645 598 kcsan_disable_current(); ··· 654 603 } 655 604 656 605 void kcsan_report_known_origin(const volatile void *ptr, size_t size, int access_type, 657 - enum kcsan_value_change value_change, int watchpoint_idx, 658 - u64 old, u64 new, u64 mask) 606 + unsigned long ip, enum kcsan_value_change value_change, 607 + int watchpoint_idx, u64 old, u64 new, u64 mask) 659 608 { 660 - const struct access_info ai = prepare_access_info(ptr, size, access_type); 609 + const struct access_info ai = prepare_access_info(ptr, size, access_type, ip); 661 610 struct other_info *other_info = &other_infos[watchpoint_idx]; 662 611 unsigned long flags = 0; 663 612 ··· 688 637 } 689 638 690 639 void kcsan_report_unknown_origin(const volatile void *ptr, size_t size, int access_type, 691 - u64 old, u64 new, u64 mask) 640 + unsigned long ip, u64 old, u64 new, u64 mask) 692 641 { 693 - const struct access_info ai = prepare_access_info(ptr, size, access_type); 642 + const struct access_info ai = prepare_access_info(ptr, size, access_type, ip); 694 643 unsigned long flags; 695 644 696 645 kcsan_disable_current();

+29 -41

kernel/kcsan/selftest.c

··· 18 18 #define ITERS_PER_TEST 2000 19 19 20 20 /* Test requirements. */ 21 - static bool test_requires(void) 21 + static bool __init test_requires(void) 22 22 { 23 23 /* random should be initialized for the below tests */ 24 24 return prandom_u32() + prandom_u32() != 0; ··· 28 28 * Test watchpoint encode and decode: check that encoding some access's info, 29 29 * and then subsequent decode preserves the access's info. 30 30 */ 31 - static bool test_encode_decode(void) 31 + static bool __init test_encode_decode(void) 32 32 { 33 33 int i; 34 34 35 35 for (i = 0; i < ITERS_PER_TEST; ++i) { 36 36 size_t size = prandom_u32_max(MAX_ENCODABLE_SIZE) + 1; 37 37 bool is_write = !!prandom_u32_max(2); 38 + unsigned long verif_masked_addr; 39 + long encoded_watchpoint; 40 + bool verif_is_write; 38 41 unsigned long addr; 42 + size_t verif_size; 39 43 40 44 prandom_bytes(&addr, sizeof(addr)); 41 45 if (addr < PAGE_SIZE) ··· 48 44 if (WARN_ON(!check_encodable(addr, size))) 49 45 return false; 50 46 51 - /* Encode and decode */ 52 - { 53 - const long encoded_watchpoint = 54 - encode_watchpoint(addr, size, is_write); 55 - unsigned long verif_masked_addr; 56 - size_t verif_size; 57 - bool verif_is_write; 47 + encoded_watchpoint = encode_watchpoint(addr, size, is_write); 58 48 59 - /* Check special watchpoints */ 60 - if (WARN_ON(decode_watchpoint( 61 - INVALID_WATCHPOINT, &verif_masked_addr, 62 - &verif_size, &verif_is_write))) 63 - return false; 64 - if (WARN_ON(decode_watchpoint( 65 - CONSUMED_WATCHPOINT, &verif_masked_addr, 66 - &verif_size, &verif_is_write))) 67 - return false; 68 - 69 - /* Check decoding watchpoint returns same data */ 70 - if (WARN_ON(!decode_watchpoint( 71 - encoded_watchpoint, &verif_masked_addr, 72 - &verif_size, &verif_is_write))) 73 - return false; 74 - if (WARN_ON(verif_masked_addr != 75 - (addr & WATCHPOINT_ADDR_MASK))) 76 - goto fail; 77 - if (WARN_ON(verif_size != size)) 78 - goto fail; 79 - if (WARN_ON(is_write != verif_is_write)) 80 - goto fail; 81 - 82 - continue; 83 - fail: 84 - pr_err("%s fail: %s %zu bytes @ %lx -> encoded: %lx -> %s %zu bytes @ %lx\n", 85 - __func__, is_write ? "write" : "read", size, 86 - addr, encoded_watchpoint, 87 - verif_is_write ? "write" : "read", verif_size, 88 - verif_masked_addr); 49 + /* Check special watchpoints */ 50 + if (WARN_ON(decode_watchpoint(INVALID_WATCHPOINT, &verif_masked_addr, &verif_size, &verif_is_write))) 89 51 return false; 90 - } 52 + if (WARN_ON(decode_watchpoint(CONSUMED_WATCHPOINT, &verif_masked_addr, &verif_size, &verif_is_write))) 53 + return false; 54 + 55 + /* Check decoding watchpoint returns same data */ 56 + if (WARN_ON(!decode_watchpoint(encoded_watchpoint, &verif_masked_addr, &verif_size, &verif_is_write))) 57 + return false; 58 + if (WARN_ON(verif_masked_addr != (addr & WATCHPOINT_ADDR_MASK))) 59 + goto fail; 60 + if (WARN_ON(verif_size != size)) 61 + goto fail; 62 + if (WARN_ON(is_write != verif_is_write)) 63 + goto fail; 64 + 65 + continue; 66 + fail: 67 + pr_err("%s fail: %s %zu bytes @ %lx -> encoded: %lx -> %s %zu bytes @ %lx\n", 68 + __func__, is_write ? "write" : "read", size, addr, encoded_watchpoint, 69 + verif_is_write ? "write" : "read", verif_size, verif_masked_addr); 70 + return false; 91 71 } 92 72 93 73 return true; 94 74 } 95 75 96 76 /* Test access matching function. */ 97 - static bool test_matching_access(void) 77 + static bool __init test_matching_access(void) 98 78 { 99 79 if (WARN_ON(!matching_access(10, 1, 10, 1))) 100 80 return false;