1 // SPDX-License-Identifier: GPL-2.0
3 * KCSAN test with various race scenarious to test runtime behaviour. Since the
4 * interface with which KCSAN's reports are obtained is via the console, this is
5 * the output we should verify. For each test case checks the presence (or
6 * absence) of generated reports. Relies on 'console' tracepoint to capture
7 * reports as they appear in the kernel log.
9 * Makes use of KUnit for test organization, and the Torture framework for test
12 * Copyright (C) 2020, Google LLC.
13 * Author: Marco Elver <elver@google.com>
16 #define pr_fmt(fmt) "kcsan_test: " fmt
18 #include <kunit/test.h>
19 #include <linux/atomic.h>
20 #include <linux/bitops.h>
21 #include <linux/jiffies.h>
22 #include <linux/kcsan-checks.h>
23 #include <linux/kernel.h>
24 #include <linux/mutex.h>
25 #include <linux/sched.h>
26 #include <linux/seqlock.h>
27 #include <linux/spinlock.h>
28 #include <linux/string.h>
29 #include <linux/timer.h>
30 #include <linux/torture.h>
31 #include <linux/tracepoint.h>
32 #include <linux/types.h>
33 #include <trace/events/printk.h>
35 #define KCSAN_TEST_REQUIRES(test, cond) do { \
37 kunit_skip((test), "Test requires: " #cond); \
40 #ifdef CONFIG_CC_HAS_TSAN_COMPOUND_READ_BEFORE_WRITE
41 #define __KCSAN_ACCESS_RW(alt) (KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE)
43 #define __KCSAN_ACCESS_RW(alt) (alt)
46 /* Points to current test-case memory access "kernels". */
47 static void (*access_kernels[2])(void);
49 static struct task_struct **threads; /* Lists of threads. */
50 static unsigned long end_time; /* End time of test. */
52 /* Report as observed from console. */
58 .lock = __SPIN_LOCK_UNLOCKED(observed.lock),
61 /* Setup test checking loop. */
62 static __no_kcsan inline void
63 begin_test_checks(void (*func1)(void), void (*func2)(void))
65 kcsan_disable_current();
68 * Require at least as long as KCSAN_REPORT_ONCE_IN_MS, to ensure at
69 * least one race is reported.
71 end_time = jiffies + msecs_to_jiffies(CONFIG_KCSAN_REPORT_ONCE_IN_MS + 500);
73 /* Signal start; release potential initialization of shared data. */
74 smp_store_release(&access_kernels[0], func1);
75 smp_store_release(&access_kernels[1], func2);
78 /* End test checking loop. */
79 static __no_kcsan inline bool
80 end_test_checks(bool stop)
82 if (!stop && time_before(jiffies, end_time)) {
83 /* Continue checking */
88 kcsan_enable_current();
93 * Probe for console output: checks if a race was reported, and obtains observed
97 static void probe_console(void *ignore, const char *buf, size_t len)
103 * Note that KCSAN reports under a global lock, so we do not risk the
104 * possibility of having multiple reports interleaved. If that were the
105 * case, we'd expect tests to fail.
108 spin_lock_irqsave(&observed.lock, flags);
109 nlines = observed.nlines;
111 if (strnstr(buf, "BUG: KCSAN: ", len) && strnstr(buf, "test_", len)) {
113 * KCSAN report and related to the test.
115 * The provided @buf is not NUL-terminated; copy no more than
116 * @len bytes and let strscpy() add the missing NUL-terminator.
118 strscpy(observed.lines[0], buf, min(len + 1, sizeof(observed.lines[0])));
120 } else if ((nlines == 1 || nlines == 2) && strnstr(buf, "bytes by", len)) {
121 strscpy(observed.lines[nlines++], buf, min(len + 1, sizeof(observed.lines[0])));
123 if (strnstr(buf, "race at unknown origin", len)) {
124 if (WARN_ON(nlines != 2))
127 /* No second line of interest. */
128 strcpy(observed.lines[nlines++], "<none>");
133 WRITE_ONCE(observed.nlines, nlines); /* Publish new nlines. */
134 spin_unlock_irqrestore(&observed.lock, flags);
137 /* Check if a report related to the test exists. */
139 static bool report_available(void)
141 return READ_ONCE(observed.nlines) == ARRAY_SIZE(observed.lines);
144 /* Report information we expect in a report. */
145 struct expect_report {
146 /* Access information of both accesses. */
148 void *fn; /* Function pointer to expected function of top frame. */
149 void *addr; /* Address of access; unchecked if NULL. */
150 size_t size; /* Size of access; unchecked if @addr is NULL. */
151 int type; /* Access type, see KCSAN_ACCESS definitions. */
155 /* Check observed report matches information in @r. */
157 static bool __report_matches(const struct expect_report *r)
159 const bool is_assert = (r->access[0].type | r->access[1].type) & KCSAN_ACCESS_ASSERT;
162 typeof(*observed.lines) *expect;
167 /* Doubled-checked locking. */
168 if (!report_available())
171 expect = kmalloc(sizeof(observed.lines), GFP_KERNEL);
172 if (WARN_ON(!expect))
175 /* Generate expected report contents. */
179 end = &expect[0][sizeof(expect[0]) - 1];
180 cur += scnprintf(cur, end - cur, "BUG: KCSAN: %s in ",
181 is_assert ? "assert: race" : "data-race");
182 if (r->access[1].fn) {
186 /* Expect lexographically sorted function names in title. */
187 scnprintf(tmp[0], sizeof(tmp[0]), "%pS", r->access[0].fn);
188 scnprintf(tmp[1], sizeof(tmp[1]), "%pS", r->access[1].fn);
189 cmp = strcmp(tmp[0], tmp[1]);
190 cur += scnprintf(cur, end - cur, "%ps / %ps",
191 cmp < 0 ? r->access[0].fn : r->access[1].fn,
192 cmp < 0 ? r->access[1].fn : r->access[0].fn);
194 scnprintf(cur, end - cur, "%pS", r->access[0].fn);
195 /* The exact offset won't match, remove it. */
196 cur = strchr(expect[0], '+');
203 end = &expect[1][sizeof(expect[1]) - 1];
204 if (!r->access[1].fn)
205 cur += scnprintf(cur, end - cur, "race at unknown origin, with ");
208 for (i = 0; i < 2; ++i) {
209 const int ty = r->access[i].type;
210 const char *const access_type =
211 (ty & KCSAN_ACCESS_ASSERT) ?
212 ((ty & KCSAN_ACCESS_WRITE) ?
213 "assert no accesses" :
214 "assert no writes") :
215 ((ty & KCSAN_ACCESS_WRITE) ?
216 ((ty & KCSAN_ACCESS_COMPOUND) ?
220 const bool is_atomic = (ty & KCSAN_ACCESS_ATOMIC);
221 const bool is_scoped = (ty & KCSAN_ACCESS_SCOPED);
222 const char *const access_type_aux =
223 (is_atomic && is_scoped) ? " (marked, reordered)"
224 : (is_atomic ? " (marked)"
225 : (is_scoped ? " (reordered)" : ""));
230 end = &expect[2][sizeof(expect[2]) - 1];
232 if (!r->access[1].fn) {
233 /* Dummy string if no second access is available. */
234 strcpy(cur, "<none>");
239 cur += scnprintf(cur, end - cur, "%s%s to ", access_type,
242 if (r->access[i].addr) /* Address is optional. */
243 cur += scnprintf(cur, end - cur, "0x%px of %zu bytes",
244 r->access[i].addr, r->access[i].size);
247 spin_lock_irqsave(&observed.lock, flags);
248 if (!report_available())
249 goto out; /* A new report is being captured. */
251 /* Finally match expected output to what we actually observed. */
252 ret = strstr(observed.lines[0], expect[0]) &&
253 /* Access info may appear in any order. */
254 ((strstr(observed.lines[1], expect[1]) &&
255 strstr(observed.lines[2], expect[2])) ||
256 (strstr(observed.lines[1], expect[2]) &&
257 strstr(observed.lines[2], expect[1])));
259 spin_unlock_irqrestore(&observed.lock, flags);
264 static __always_inline const struct expect_report *
265 __report_set_scoped(struct expect_report *r, int accesses)
267 BUILD_BUG_ON(accesses > 3);
270 r->access[0].type |= KCSAN_ACCESS_SCOPED;
272 r->access[0].type &= ~KCSAN_ACCESS_SCOPED;
275 r->access[1].type |= KCSAN_ACCESS_SCOPED;
277 r->access[1].type &= ~KCSAN_ACCESS_SCOPED;
283 static bool report_matches_any_reordered(struct expect_report *r)
285 return __report_matches(__report_set_scoped(r, 0)) ||
286 __report_matches(__report_set_scoped(r, 1)) ||
287 __report_matches(__report_set_scoped(r, 2)) ||
288 __report_matches(__report_set_scoped(r, 3));
291 #ifdef CONFIG_KCSAN_WEAK_MEMORY
292 /* Due to reordering accesses, any access may appear as "(reordered)". */
293 #define report_matches report_matches_any_reordered
295 #define report_matches __report_matches
298 /* ===== Test kernels ===== */
300 static long test_sink;
301 static long test_var;
302 /* @test_array should be large enough to fall into multiple watchpoint slots. */
303 static long test_array[3 * PAGE_SIZE / sizeof(long)];
307 static DEFINE_SEQLOCK(test_seqlock);
308 static DEFINE_SPINLOCK(test_spinlock);
309 static DEFINE_MUTEX(test_mutex);
312 * Helper to avoid compiler optimizing out reads, and to generate source values
316 static noinline void sink_value(long v) { WRITE_ONCE(test_sink, v); }
319 * Generates a delay and some accesses that enter the runtime but do not produce
322 static noinline void test_delay(int iter)
325 sink_value(READ_ONCE(test_sink));
328 static noinline void test_kernel_read(void) { sink_value(test_var); }
330 static noinline void test_kernel_write(void)
332 test_var = READ_ONCE_NOCHECK(test_sink) + 1;
335 static noinline void test_kernel_write_nochange(void) { test_var = 42; }
337 /* Suffixed by value-change exception filter. */
338 static noinline void test_kernel_write_nochange_rcu(void) { test_var = 42; }
340 static noinline void test_kernel_read_atomic(void)
342 sink_value(READ_ONCE(test_var));
345 static noinline void test_kernel_write_atomic(void)
347 WRITE_ONCE(test_var, READ_ONCE_NOCHECK(test_sink) + 1);
350 static noinline void test_kernel_atomic_rmw(void)
352 /* Use builtin, so we can set up the "bad" atomic/non-atomic scenario. */
353 __atomic_fetch_add(&test_var, 1, __ATOMIC_RELAXED);
357 static noinline void test_kernel_write_uninstrumented(void) { test_var++; }
359 static noinline void test_kernel_data_race(void) { data_race(test_var++); }
361 static noinline void test_kernel_assert_writer(void)
363 ASSERT_EXCLUSIVE_WRITER(test_var);
366 static noinline void test_kernel_assert_access(void)
368 ASSERT_EXCLUSIVE_ACCESS(test_var);
371 #define TEST_CHANGE_BITS 0xff00ff00
373 static noinline void test_kernel_change_bits(void)
375 if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) {
377 * Avoid race of unknown origin for this test, just pretend they
380 kcsan_nestable_atomic_begin();
381 test_var ^= TEST_CHANGE_BITS;
382 kcsan_nestable_atomic_end();
384 WRITE_ONCE(test_var, READ_ONCE(test_var) ^ TEST_CHANGE_BITS);
387 static noinline void test_kernel_assert_bits_change(void)
389 ASSERT_EXCLUSIVE_BITS(test_var, TEST_CHANGE_BITS);
392 static noinline void test_kernel_assert_bits_nochange(void)
394 ASSERT_EXCLUSIVE_BITS(test_var, ~TEST_CHANGE_BITS);
398 * Scoped assertions do trigger anywhere in scope. However, the report should
399 * still only point at the start of the scope.
401 static noinline void test_enter_scope(void)
405 /* Unrelated accesses to scoped assert. */
406 READ_ONCE(test_sink);
407 kcsan_check_read(&x, sizeof(x));
410 static noinline void test_kernel_assert_writer_scoped(void)
412 ASSERT_EXCLUSIVE_WRITER_SCOPED(test_var);
416 static noinline void test_kernel_assert_access_scoped(void)
418 ASSERT_EXCLUSIVE_ACCESS_SCOPED(test_var);
422 static noinline void test_kernel_rmw_array(void)
426 for (i = 0; i < ARRAY_SIZE(test_array); ++i)
430 static noinline void test_kernel_write_struct(void)
432 kcsan_check_write(&test_struct, sizeof(test_struct));
433 kcsan_disable_current();
434 test_struct.val[3]++; /* induce value change */
435 kcsan_enable_current();
438 static noinline void test_kernel_write_struct_part(void)
440 test_struct.val[3] = 42;
443 static noinline void test_kernel_read_struct_zero_size(void)
445 kcsan_check_read(&test_struct.val[3], 0);
448 static noinline void test_kernel_jiffies_reader(void)
450 sink_value((long)jiffies);
453 static noinline void test_kernel_seqlock_reader(void)
458 seq = read_seqbegin(&test_seqlock);
459 sink_value(test_var);
460 } while (read_seqretry(&test_seqlock, seq));
463 static noinline void test_kernel_seqlock_writer(void)
467 write_seqlock_irqsave(&test_seqlock, flags);
469 write_sequnlock_irqrestore(&test_seqlock, flags);
472 static noinline void test_kernel_atomic_builtins(void)
475 * Generate concurrent accesses, expecting no reports, ensuring KCSAN
476 * treats builtin atomics as actually atomic.
478 __atomic_load_n(&test_var, __ATOMIC_RELAXED);
481 static noinline void test_kernel_xor_1bit(void)
483 /* Do not report data races between the read-writes. */
484 kcsan_nestable_atomic_begin();
486 kcsan_nestable_atomic_end();
489 #define TEST_KERNEL_LOCKED(name, acquire, release) \
490 static noinline void test_kernel_##name(void) \
492 long *flag = &test_struct.val[0]; \
496 while (v++ < 100) { \
504 TEST_KERNEL_LOCKED(with_memorder,
505 cmpxchg_acquire(flag, 0, 1) == 0,
506 smp_store_release(flag, 0));
507 TEST_KERNEL_LOCKED(wrong_memorder,
508 cmpxchg_relaxed(flag, 0, 1) == 0,
509 WRITE_ONCE(*flag, 0));
510 TEST_KERNEL_LOCKED(atomic_builtin_with_memorder,
511 __atomic_compare_exchange_n(flag, &v, 1, 0, __ATOMIC_ACQUIRE, __ATOMIC_RELAXED),
512 __atomic_store_n(flag, 0, __ATOMIC_RELEASE));
513 TEST_KERNEL_LOCKED(atomic_builtin_wrong_memorder,
514 __atomic_compare_exchange_n(flag, &v, 1, 0, __ATOMIC_RELAXED, __ATOMIC_RELAXED),
515 __atomic_store_n(flag, 0, __ATOMIC_RELAXED));
517 /* ===== Test cases ===== */
520 * Tests that various barriers have the expected effect on internal state. Not
521 * exhaustive on atomic_t operations. Unlike the selftest, also checks for
522 * too-strict barrier instrumentation; these can be tolerated, because it does
523 * not cause false positives, but at least we should be aware of such cases.
525 static void test_barrier_nothreads(struct kunit *test)
527 #ifdef CONFIG_KCSAN_WEAK_MEMORY
528 struct kcsan_scoped_access *reorder_access = ¤t->kcsan_ctx.reorder_access;
530 struct kcsan_scoped_access *reorder_access = NULL;
532 arch_spinlock_t arch_spinlock = __ARCH_SPIN_LOCK_UNLOCKED;
535 KCSAN_TEST_REQUIRES(test, reorder_access != NULL);
536 KCSAN_TEST_REQUIRES(test, IS_ENABLED(CONFIG_SMP));
538 #define __KCSAN_EXPECT_BARRIER(access_type, barrier, order_before, name) \
540 reorder_access->type = (access_type) | KCSAN_ACCESS_SCOPED; \
541 reorder_access->size = sizeof(test_var); \
543 KUNIT_EXPECT_EQ_MSG(test, reorder_access->size, \
544 order_before ? 0 : sizeof(test_var), \
545 "improperly instrumented type=(" #access_type "): " name); \
547 #define KCSAN_EXPECT_READ_BARRIER(b, o) __KCSAN_EXPECT_BARRIER(0, b, o, #b)
548 #define KCSAN_EXPECT_WRITE_BARRIER(b, o) __KCSAN_EXPECT_BARRIER(KCSAN_ACCESS_WRITE, b, o, #b)
549 #define KCSAN_EXPECT_RW_BARRIER(b, o) __KCSAN_EXPECT_BARRIER(KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE, b, o, #b)
552 * Lockdep initialization can strengthen certain locking operations due
553 * to calling into instrumented files; "warm up" our locks.
555 spin_lock(&test_spinlock);
556 spin_unlock(&test_spinlock);
557 mutex_lock(&test_mutex);
558 mutex_unlock(&test_mutex);
560 /* Force creating a valid entry in reorder_access first. */
562 while (test_var++ < 1000000 && reorder_access->size != sizeof(test_var))
563 __kcsan_check_read(&test_var, sizeof(test_var));
564 KUNIT_ASSERT_EQ(test, reorder_access->size, sizeof(test_var));
566 kcsan_nestable_atomic_begin(); /* No watchpoints in called functions. */
568 KCSAN_EXPECT_READ_BARRIER(mb(), true);
569 KCSAN_EXPECT_READ_BARRIER(wmb(), false);
570 KCSAN_EXPECT_READ_BARRIER(rmb(), true);
571 KCSAN_EXPECT_READ_BARRIER(smp_mb(), true);
572 KCSAN_EXPECT_READ_BARRIER(smp_wmb(), false);
573 KCSAN_EXPECT_READ_BARRIER(smp_rmb(), true);
574 KCSAN_EXPECT_READ_BARRIER(dma_wmb(), false);
575 KCSAN_EXPECT_READ_BARRIER(dma_rmb(), true);
576 KCSAN_EXPECT_READ_BARRIER(smp_mb__before_atomic(), true);
577 KCSAN_EXPECT_READ_BARRIER(smp_mb__after_atomic(), true);
578 KCSAN_EXPECT_READ_BARRIER(smp_mb__after_spinlock(), true);
579 KCSAN_EXPECT_READ_BARRIER(smp_store_mb(test_var, 0), true);
580 KCSAN_EXPECT_READ_BARRIER(smp_load_acquire(&test_var), false);
581 KCSAN_EXPECT_READ_BARRIER(smp_store_release(&test_var, 0), true);
582 KCSAN_EXPECT_READ_BARRIER(xchg(&test_var, 0), true);
583 KCSAN_EXPECT_READ_BARRIER(xchg_release(&test_var, 0), true);
584 KCSAN_EXPECT_READ_BARRIER(xchg_relaxed(&test_var, 0), false);
585 KCSAN_EXPECT_READ_BARRIER(cmpxchg(&test_var, 0, 0), true);
586 KCSAN_EXPECT_READ_BARRIER(cmpxchg_release(&test_var, 0, 0), true);
587 KCSAN_EXPECT_READ_BARRIER(cmpxchg_relaxed(&test_var, 0, 0), false);
588 KCSAN_EXPECT_READ_BARRIER(atomic_read(&dummy), false);
589 KCSAN_EXPECT_READ_BARRIER(atomic_read_acquire(&dummy), false);
590 KCSAN_EXPECT_READ_BARRIER(atomic_set(&dummy, 0), false);
591 KCSAN_EXPECT_READ_BARRIER(atomic_set_release(&dummy, 0), true);
592 KCSAN_EXPECT_READ_BARRIER(atomic_add(1, &dummy), false);
593 KCSAN_EXPECT_READ_BARRIER(atomic_add_return(1, &dummy), true);
594 KCSAN_EXPECT_READ_BARRIER(atomic_add_return_acquire(1, &dummy), false);
595 KCSAN_EXPECT_READ_BARRIER(atomic_add_return_release(1, &dummy), true);
596 KCSAN_EXPECT_READ_BARRIER(atomic_add_return_relaxed(1, &dummy), false);
597 KCSAN_EXPECT_READ_BARRIER(atomic_fetch_add(1, &dummy), true);
598 KCSAN_EXPECT_READ_BARRIER(atomic_fetch_add_acquire(1, &dummy), false);
599 KCSAN_EXPECT_READ_BARRIER(atomic_fetch_add_release(1, &dummy), true);
600 KCSAN_EXPECT_READ_BARRIER(atomic_fetch_add_relaxed(1, &dummy), false);
601 KCSAN_EXPECT_READ_BARRIER(test_and_set_bit(0, &test_var), true);
602 KCSAN_EXPECT_READ_BARRIER(test_and_clear_bit(0, &test_var), true);
603 KCSAN_EXPECT_READ_BARRIER(test_and_change_bit(0, &test_var), true);
604 KCSAN_EXPECT_READ_BARRIER(clear_bit_unlock(0, &test_var), true);
605 KCSAN_EXPECT_READ_BARRIER(__clear_bit_unlock(0, &test_var), true);
606 KCSAN_EXPECT_READ_BARRIER(arch_spin_lock(&arch_spinlock), false);
607 KCSAN_EXPECT_READ_BARRIER(arch_spin_unlock(&arch_spinlock), true);
608 KCSAN_EXPECT_READ_BARRIER(spin_lock(&test_spinlock), false);
609 KCSAN_EXPECT_READ_BARRIER(spin_unlock(&test_spinlock), true);
610 KCSAN_EXPECT_READ_BARRIER(mutex_lock(&test_mutex), false);
611 KCSAN_EXPECT_READ_BARRIER(mutex_unlock(&test_mutex), true);
613 KCSAN_EXPECT_WRITE_BARRIER(mb(), true);
614 KCSAN_EXPECT_WRITE_BARRIER(wmb(), true);
615 KCSAN_EXPECT_WRITE_BARRIER(rmb(), false);
616 KCSAN_EXPECT_WRITE_BARRIER(smp_mb(), true);
617 KCSAN_EXPECT_WRITE_BARRIER(smp_wmb(), true);
618 KCSAN_EXPECT_WRITE_BARRIER(smp_rmb(), false);
619 KCSAN_EXPECT_WRITE_BARRIER(dma_wmb(), true);
620 KCSAN_EXPECT_WRITE_BARRIER(dma_rmb(), false);
621 KCSAN_EXPECT_WRITE_BARRIER(smp_mb__before_atomic(), true);
622 KCSAN_EXPECT_WRITE_BARRIER(smp_mb__after_atomic(), true);
623 KCSAN_EXPECT_WRITE_BARRIER(smp_mb__after_spinlock(), true);
624 KCSAN_EXPECT_WRITE_BARRIER(smp_store_mb(test_var, 0), true);
625 KCSAN_EXPECT_WRITE_BARRIER(smp_load_acquire(&test_var), false);
626 KCSAN_EXPECT_WRITE_BARRIER(smp_store_release(&test_var, 0), true);
627 KCSAN_EXPECT_WRITE_BARRIER(xchg(&test_var, 0), true);
628 KCSAN_EXPECT_WRITE_BARRIER(xchg_release(&test_var, 0), true);
629 KCSAN_EXPECT_WRITE_BARRIER(xchg_relaxed(&test_var, 0), false);
630 KCSAN_EXPECT_WRITE_BARRIER(cmpxchg(&test_var, 0, 0), true);
631 KCSAN_EXPECT_WRITE_BARRIER(cmpxchg_release(&test_var, 0, 0), true);
632 KCSAN_EXPECT_WRITE_BARRIER(cmpxchg_relaxed(&test_var, 0, 0), false);
633 KCSAN_EXPECT_WRITE_BARRIER(atomic_read(&dummy), false);
634 KCSAN_EXPECT_WRITE_BARRIER(atomic_read_acquire(&dummy), false);
635 KCSAN_EXPECT_WRITE_BARRIER(atomic_set(&dummy, 0), false);
636 KCSAN_EXPECT_WRITE_BARRIER(atomic_set_release(&dummy, 0), true);
637 KCSAN_EXPECT_WRITE_BARRIER(atomic_add(1, &dummy), false);
638 KCSAN_EXPECT_WRITE_BARRIER(atomic_add_return(1, &dummy), true);
639 KCSAN_EXPECT_WRITE_BARRIER(atomic_add_return_acquire(1, &dummy), false);
640 KCSAN_EXPECT_WRITE_BARRIER(atomic_add_return_release(1, &dummy), true);
641 KCSAN_EXPECT_WRITE_BARRIER(atomic_add_return_relaxed(1, &dummy), false);
642 KCSAN_EXPECT_WRITE_BARRIER(atomic_fetch_add(1, &dummy), true);
643 KCSAN_EXPECT_WRITE_BARRIER(atomic_fetch_add_acquire(1, &dummy), false);
644 KCSAN_EXPECT_WRITE_BARRIER(atomic_fetch_add_release(1, &dummy), true);
645 KCSAN_EXPECT_WRITE_BARRIER(atomic_fetch_add_relaxed(1, &dummy), false);
646 KCSAN_EXPECT_WRITE_BARRIER(test_and_set_bit(0, &test_var), true);
647 KCSAN_EXPECT_WRITE_BARRIER(test_and_clear_bit(0, &test_var), true);
648 KCSAN_EXPECT_WRITE_BARRIER(test_and_change_bit(0, &test_var), true);
649 KCSAN_EXPECT_WRITE_BARRIER(clear_bit_unlock(0, &test_var), true);
650 KCSAN_EXPECT_WRITE_BARRIER(__clear_bit_unlock(0, &test_var), true);
651 KCSAN_EXPECT_WRITE_BARRIER(arch_spin_lock(&arch_spinlock), false);
652 KCSAN_EXPECT_WRITE_BARRIER(arch_spin_unlock(&arch_spinlock), true);
653 KCSAN_EXPECT_WRITE_BARRIER(spin_lock(&test_spinlock), false);
654 KCSAN_EXPECT_WRITE_BARRIER(spin_unlock(&test_spinlock), true);
655 KCSAN_EXPECT_WRITE_BARRIER(mutex_lock(&test_mutex), false);
656 KCSAN_EXPECT_WRITE_BARRIER(mutex_unlock(&test_mutex), true);
658 KCSAN_EXPECT_RW_BARRIER(mb(), true);
659 KCSAN_EXPECT_RW_BARRIER(wmb(), true);
660 KCSAN_EXPECT_RW_BARRIER(rmb(), true);
661 KCSAN_EXPECT_RW_BARRIER(smp_mb(), true);
662 KCSAN_EXPECT_RW_BARRIER(smp_wmb(), true);
663 KCSAN_EXPECT_RW_BARRIER(smp_rmb(), true);
664 KCSAN_EXPECT_RW_BARRIER(dma_wmb(), true);
665 KCSAN_EXPECT_RW_BARRIER(dma_rmb(), true);
666 KCSAN_EXPECT_RW_BARRIER(smp_mb__before_atomic(), true);
667 KCSAN_EXPECT_RW_BARRIER(smp_mb__after_atomic(), true);
668 KCSAN_EXPECT_RW_BARRIER(smp_mb__after_spinlock(), true);
669 KCSAN_EXPECT_RW_BARRIER(smp_store_mb(test_var, 0), true);
670 KCSAN_EXPECT_RW_BARRIER(smp_load_acquire(&test_var), false);
671 KCSAN_EXPECT_RW_BARRIER(smp_store_release(&test_var, 0), true);
672 KCSAN_EXPECT_RW_BARRIER(xchg(&test_var, 0), true);
673 KCSAN_EXPECT_RW_BARRIER(xchg_release(&test_var, 0), true);
674 KCSAN_EXPECT_RW_BARRIER(xchg_relaxed(&test_var, 0), false);
675 KCSAN_EXPECT_RW_BARRIER(cmpxchg(&test_var, 0, 0), true);
676 KCSAN_EXPECT_RW_BARRIER(cmpxchg_release(&test_var, 0, 0), true);
677 KCSAN_EXPECT_RW_BARRIER(cmpxchg_relaxed(&test_var, 0, 0), false);
678 KCSAN_EXPECT_RW_BARRIER(atomic_read(&dummy), false);
679 KCSAN_EXPECT_RW_BARRIER(atomic_read_acquire(&dummy), false);
680 KCSAN_EXPECT_RW_BARRIER(atomic_set(&dummy, 0), false);
681 KCSAN_EXPECT_RW_BARRIER(atomic_set_release(&dummy, 0), true);
682 KCSAN_EXPECT_RW_BARRIER(atomic_add(1, &dummy), false);
683 KCSAN_EXPECT_RW_BARRIER(atomic_add_return(1, &dummy), true);
684 KCSAN_EXPECT_RW_BARRIER(atomic_add_return_acquire(1, &dummy), false);
685 KCSAN_EXPECT_RW_BARRIER(atomic_add_return_release(1, &dummy), true);
686 KCSAN_EXPECT_RW_BARRIER(atomic_add_return_relaxed(1, &dummy), false);
687 KCSAN_EXPECT_RW_BARRIER(atomic_fetch_add(1, &dummy), true);
688 KCSAN_EXPECT_RW_BARRIER(atomic_fetch_add_acquire(1, &dummy), false);
689 KCSAN_EXPECT_RW_BARRIER(atomic_fetch_add_release(1, &dummy), true);
690 KCSAN_EXPECT_RW_BARRIER(atomic_fetch_add_relaxed(1, &dummy), false);
691 KCSAN_EXPECT_RW_BARRIER(test_and_set_bit(0, &test_var), true);
692 KCSAN_EXPECT_RW_BARRIER(test_and_clear_bit(0, &test_var), true);
693 KCSAN_EXPECT_RW_BARRIER(test_and_change_bit(0, &test_var), true);
694 KCSAN_EXPECT_RW_BARRIER(clear_bit_unlock(0, &test_var), true);
695 KCSAN_EXPECT_RW_BARRIER(__clear_bit_unlock(0, &test_var), true);
696 KCSAN_EXPECT_RW_BARRIER(arch_spin_lock(&arch_spinlock), false);
697 KCSAN_EXPECT_RW_BARRIER(arch_spin_unlock(&arch_spinlock), true);
698 KCSAN_EXPECT_RW_BARRIER(spin_lock(&test_spinlock), false);
699 KCSAN_EXPECT_RW_BARRIER(spin_unlock(&test_spinlock), true);
700 KCSAN_EXPECT_RW_BARRIER(mutex_lock(&test_mutex), false);
701 KCSAN_EXPECT_RW_BARRIER(mutex_unlock(&test_mutex), true);
703 #ifdef clear_bit_unlock_is_negative_byte
704 KCSAN_EXPECT_READ_BARRIER(clear_bit_unlock_is_negative_byte(0, &test_var), true);
705 KCSAN_EXPECT_WRITE_BARRIER(clear_bit_unlock_is_negative_byte(0, &test_var), true);
706 KCSAN_EXPECT_RW_BARRIER(clear_bit_unlock_is_negative_byte(0, &test_var), true);
708 kcsan_nestable_atomic_end();
711 /* Simple test with normal data race. */
713 static void test_basic(struct kunit *test)
715 struct expect_report expect = {
717 { test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
718 { test_kernel_read, &test_var, sizeof(test_var), 0 },
721 struct expect_report never = {
723 { test_kernel_read, &test_var, sizeof(test_var), 0 },
724 { test_kernel_read, &test_var, sizeof(test_var), 0 },
727 bool match_expect = false;
728 bool match_never = false;
730 begin_test_checks(test_kernel_write, test_kernel_read);
732 match_expect |= report_matches(&expect);
733 match_never = report_matches(&never);
734 } while (!end_test_checks(match_never));
735 KUNIT_EXPECT_TRUE(test, match_expect);
736 KUNIT_EXPECT_FALSE(test, match_never);
740 * Stress KCSAN with lots of concurrent races on different addresses until
744 static void test_concurrent_races(struct kunit *test)
746 struct expect_report expect = {
748 /* NULL will match any address. */
749 { test_kernel_rmw_array, NULL, 0, __KCSAN_ACCESS_RW(KCSAN_ACCESS_WRITE) },
750 { test_kernel_rmw_array, NULL, 0, __KCSAN_ACCESS_RW(0) },
753 struct expect_report never = {
755 { test_kernel_rmw_array, NULL, 0, 0 },
756 { test_kernel_rmw_array, NULL, 0, 0 },
759 bool match_expect = false;
760 bool match_never = false;
762 begin_test_checks(test_kernel_rmw_array, test_kernel_rmw_array);
764 match_expect |= report_matches(&expect);
765 match_never |= report_matches(&never);
766 } while (!end_test_checks(false));
767 KUNIT_EXPECT_TRUE(test, match_expect); /* Sanity check matches exist. */
768 KUNIT_EXPECT_FALSE(test, match_never);
771 /* Test the KCSAN_REPORT_VALUE_CHANGE_ONLY option. */
773 static void test_novalue_change(struct kunit *test)
775 struct expect_report expect_rw = {
777 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
778 { test_kernel_read, &test_var, sizeof(test_var), 0 },
781 struct expect_report expect_ww = {
783 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
784 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
787 bool match_expect = false;
789 test_kernel_write_nochange(); /* Reset value. */
790 begin_test_checks(test_kernel_write_nochange, test_kernel_read);
792 match_expect = report_matches(&expect_rw) || report_matches(&expect_ww);
793 } while (!end_test_checks(match_expect));
794 if (IS_ENABLED(CONFIG_KCSAN_REPORT_VALUE_CHANGE_ONLY))
795 KUNIT_EXPECT_FALSE(test, match_expect);
797 KUNIT_EXPECT_TRUE(test, match_expect);
801 * Test that the rules where the KCSAN_REPORT_VALUE_CHANGE_ONLY option should
805 static void test_novalue_change_exception(struct kunit *test)
807 struct expect_report expect_rw = {
809 { test_kernel_write_nochange_rcu, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
810 { test_kernel_read, &test_var, sizeof(test_var), 0 },
813 struct expect_report expect_ww = {
815 { test_kernel_write_nochange_rcu, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
816 { test_kernel_write_nochange_rcu, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
819 bool match_expect = false;
821 test_kernel_write_nochange_rcu(); /* Reset value. */
822 begin_test_checks(test_kernel_write_nochange_rcu, test_kernel_read);
824 match_expect = report_matches(&expect_rw) || report_matches(&expect_ww);
825 } while (!end_test_checks(match_expect));
826 KUNIT_EXPECT_TRUE(test, match_expect);
829 /* Test that data races of unknown origin are reported. */
831 static void test_unknown_origin(struct kunit *test)
833 struct expect_report expect = {
835 { test_kernel_read, &test_var, sizeof(test_var), 0 },
839 bool match_expect = false;
841 begin_test_checks(test_kernel_write_uninstrumented, test_kernel_read);
843 match_expect = report_matches(&expect);
844 } while (!end_test_checks(match_expect));
845 if (IS_ENABLED(CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN))
846 KUNIT_EXPECT_TRUE(test, match_expect);
848 KUNIT_EXPECT_FALSE(test, match_expect);
851 /* Test KCSAN_ASSUME_PLAIN_WRITES_ATOMIC if it is selected. */
853 static void test_write_write_assume_atomic(struct kunit *test)
855 struct expect_report expect = {
857 { test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
858 { test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
861 bool match_expect = false;
863 begin_test_checks(test_kernel_write, test_kernel_write);
865 sink_value(READ_ONCE(test_var)); /* induce value-change */
866 match_expect = report_matches(&expect);
867 } while (!end_test_checks(match_expect));
868 if (IS_ENABLED(CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC))
869 KUNIT_EXPECT_FALSE(test, match_expect);
871 KUNIT_EXPECT_TRUE(test, match_expect);
875 * Test that data races with writes larger than word-size are always reported,
876 * even if KCSAN_ASSUME_PLAIN_WRITES_ATOMIC is selected.
879 static void test_write_write_struct(struct kunit *test)
881 struct expect_report expect = {
883 { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
884 { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
887 bool match_expect = false;
889 begin_test_checks(test_kernel_write_struct, test_kernel_write_struct);
891 match_expect = report_matches(&expect);
892 } while (!end_test_checks(match_expect));
893 KUNIT_EXPECT_TRUE(test, match_expect);
897 * Test that data races where only one write is larger than word-size are always
898 * reported, even if KCSAN_ASSUME_PLAIN_WRITES_ATOMIC is selected.
901 static void test_write_write_struct_part(struct kunit *test)
903 struct expect_report expect = {
905 { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
906 { test_kernel_write_struct_part, &test_struct.val[3], sizeof(test_struct.val[3]), KCSAN_ACCESS_WRITE },
909 bool match_expect = false;
911 begin_test_checks(test_kernel_write_struct, test_kernel_write_struct_part);
913 match_expect = report_matches(&expect);
914 } while (!end_test_checks(match_expect));
915 KUNIT_EXPECT_TRUE(test, match_expect);
918 /* Test that races with atomic accesses never result in reports. */
920 static void test_read_atomic_write_atomic(struct kunit *test)
922 bool match_never = false;
924 begin_test_checks(test_kernel_read_atomic, test_kernel_write_atomic);
926 match_never = report_available();
927 } while (!end_test_checks(match_never));
928 KUNIT_EXPECT_FALSE(test, match_never);
931 /* Test that a race with an atomic and plain access result in reports. */
933 static void test_read_plain_atomic_write(struct kunit *test)
935 struct expect_report expect = {
937 { test_kernel_read, &test_var, sizeof(test_var), 0 },
938 { test_kernel_write_atomic, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC },
941 bool match_expect = false;
943 KCSAN_TEST_REQUIRES(test, !IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS));
945 begin_test_checks(test_kernel_read, test_kernel_write_atomic);
947 match_expect = report_matches(&expect);
948 } while (!end_test_checks(match_expect));
949 KUNIT_EXPECT_TRUE(test, match_expect);
952 /* Test that atomic RMWs generate correct report. */
954 static void test_read_plain_atomic_rmw(struct kunit *test)
956 struct expect_report expect = {
958 { test_kernel_read, &test_var, sizeof(test_var), 0 },
959 { test_kernel_atomic_rmw, &test_var, sizeof(test_var),
960 KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC },
963 bool match_expect = false;
965 KCSAN_TEST_REQUIRES(test, !IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS));
967 begin_test_checks(test_kernel_read, test_kernel_atomic_rmw);
969 match_expect = report_matches(&expect);
970 } while (!end_test_checks(match_expect));
971 KUNIT_EXPECT_TRUE(test, match_expect);
974 /* Zero-sized accesses should never cause data race reports. */
976 static void test_zero_size_access(struct kunit *test)
978 struct expect_report expect = {
980 { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
981 { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
984 struct expect_report never = {
986 { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
987 { test_kernel_read_struct_zero_size, &test_struct.val[3], 0, 0 },
990 bool match_expect = false;
991 bool match_never = false;
993 begin_test_checks(test_kernel_write_struct, test_kernel_read_struct_zero_size);
995 match_expect |= report_matches(&expect);
996 match_never = report_matches(&never);
997 } while (!end_test_checks(match_never));
998 KUNIT_EXPECT_TRUE(test, match_expect); /* Sanity check. */
999 KUNIT_EXPECT_FALSE(test, match_never);
1002 /* Test the data_race() macro. */
1004 static void test_data_race(struct kunit *test)
1006 bool match_never = false;
1008 begin_test_checks(test_kernel_data_race, test_kernel_data_race);
1010 match_never = report_available();
1011 } while (!end_test_checks(match_never));
1012 KUNIT_EXPECT_FALSE(test, match_never);
1016 static void test_assert_exclusive_writer(struct kunit *test)
1018 struct expect_report expect = {
1020 { test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
1021 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
1024 bool match_expect = false;
1026 begin_test_checks(test_kernel_assert_writer, test_kernel_write_nochange);
1028 match_expect = report_matches(&expect);
1029 } while (!end_test_checks(match_expect));
1030 KUNIT_EXPECT_TRUE(test, match_expect);
1034 static void test_assert_exclusive_access(struct kunit *test)
1036 struct expect_report expect = {
1038 { test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
1039 { test_kernel_read, &test_var, sizeof(test_var), 0 },
1042 bool match_expect = false;
1044 begin_test_checks(test_kernel_assert_access, test_kernel_read);
1046 match_expect = report_matches(&expect);
1047 } while (!end_test_checks(match_expect));
1048 KUNIT_EXPECT_TRUE(test, match_expect);
1052 static void test_assert_exclusive_access_writer(struct kunit *test)
1054 struct expect_report expect_access_writer = {
1056 { test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
1057 { test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
1060 struct expect_report expect_access_access = {
1062 { test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
1063 { test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
1066 struct expect_report never = {
1068 { test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
1069 { test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
1072 bool match_expect_access_writer = false;
1073 bool match_expect_access_access = false;
1074 bool match_never = false;
1076 begin_test_checks(test_kernel_assert_access, test_kernel_assert_writer);
1078 match_expect_access_writer |= report_matches(&expect_access_writer);
1079 match_expect_access_access |= report_matches(&expect_access_access);
1080 match_never |= report_matches(&never);
1081 } while (!end_test_checks(match_never));
1082 KUNIT_EXPECT_TRUE(test, match_expect_access_writer);
1083 KUNIT_EXPECT_TRUE(test, match_expect_access_access);
1084 KUNIT_EXPECT_FALSE(test, match_never);
1088 static void test_assert_exclusive_bits_change(struct kunit *test)
1090 struct expect_report expect = {
1092 { test_kernel_assert_bits_change, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
1093 { test_kernel_change_bits, &test_var, sizeof(test_var),
1094 KCSAN_ACCESS_WRITE | (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS) ? 0 : KCSAN_ACCESS_ATOMIC) },
1097 bool match_expect = false;
1099 begin_test_checks(test_kernel_assert_bits_change, test_kernel_change_bits);
1101 match_expect = report_matches(&expect);
1102 } while (!end_test_checks(match_expect));
1103 KUNIT_EXPECT_TRUE(test, match_expect);
1107 static void test_assert_exclusive_bits_nochange(struct kunit *test)
1109 bool match_never = false;
1111 begin_test_checks(test_kernel_assert_bits_nochange, test_kernel_change_bits);
1113 match_never = report_available();
1114 } while (!end_test_checks(match_never));
1115 KUNIT_EXPECT_FALSE(test, match_never);
1119 static void test_assert_exclusive_writer_scoped(struct kunit *test)
1121 struct expect_report expect_start = {
1123 { test_kernel_assert_writer_scoped, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_SCOPED },
1124 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
1127 struct expect_report expect_inscope = {
1129 { test_enter_scope, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_SCOPED },
1130 { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
1133 bool match_expect_start = false;
1134 bool match_expect_inscope = false;
1136 begin_test_checks(test_kernel_assert_writer_scoped, test_kernel_write_nochange);
1138 match_expect_start |= report_matches(&expect_start);
1139 match_expect_inscope |= report_matches(&expect_inscope);
1140 } while (!end_test_checks(match_expect_inscope));
1141 KUNIT_EXPECT_TRUE(test, match_expect_start);
1142 KUNIT_EXPECT_FALSE(test, match_expect_inscope);
1146 static void test_assert_exclusive_access_scoped(struct kunit *test)
1148 struct expect_report expect_start1 = {
1150 { test_kernel_assert_access_scoped, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_SCOPED },
1151 { test_kernel_read, &test_var, sizeof(test_var), 0 },
1154 struct expect_report expect_start2 = {
1155 .access = { expect_start1.access[0], expect_start1.access[0] },
1157 struct expect_report expect_inscope = {
1159 { test_enter_scope, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_SCOPED },
1160 { test_kernel_read, &test_var, sizeof(test_var), 0 },
1163 bool match_expect_start = false;
1164 bool match_expect_inscope = false;
1166 begin_test_checks(test_kernel_assert_access_scoped, test_kernel_read);
1167 end_time += msecs_to_jiffies(1000); /* This test requires a bit more time. */
1169 match_expect_start |= report_matches(&expect_start1) || report_matches(&expect_start2);
1170 match_expect_inscope |= report_matches(&expect_inscope);
1171 } while (!end_test_checks(match_expect_inscope));
1172 KUNIT_EXPECT_TRUE(test, match_expect_start);
1173 KUNIT_EXPECT_FALSE(test, match_expect_inscope);
1177 * jiffies is special (declared to be volatile) and its accesses are typically
1178 * not marked; this test ensures that the compiler nor KCSAN gets confused about
1179 * jiffies's declaration on different architectures.
1182 static void test_jiffies_noreport(struct kunit *test)
1184 bool match_never = false;
1186 begin_test_checks(test_kernel_jiffies_reader, test_kernel_jiffies_reader);
1188 match_never = report_available();
1189 } while (!end_test_checks(match_never));
1190 KUNIT_EXPECT_FALSE(test, match_never);
1193 /* Test that racing accesses in seqlock critical sections are not reported. */
1195 static void test_seqlock_noreport(struct kunit *test)
1197 bool match_never = false;
1199 begin_test_checks(test_kernel_seqlock_reader, test_kernel_seqlock_writer);
1201 match_never = report_available();
1202 } while (!end_test_checks(match_never));
1203 KUNIT_EXPECT_FALSE(test, match_never);
1207 * Test atomic builtins work and required instrumentation functions exist. We
1208 * also test that KCSAN understands they're atomic by racing with them via
1209 * test_kernel_atomic_builtins(), and expect no reports.
1211 * The atomic builtins _SHOULD NOT_ be used in normal kernel code!
1213 static void test_atomic_builtins(struct kunit *test)
1215 bool match_never = false;
1217 begin_test_checks(test_kernel_atomic_builtins, test_kernel_atomic_builtins);
1221 kcsan_enable_current();
1223 __atomic_store_n(&test_var, 42L, __ATOMIC_RELAXED);
1224 KUNIT_EXPECT_EQ(test, 42L, __atomic_load_n(&test_var, __ATOMIC_RELAXED));
1226 KUNIT_EXPECT_EQ(test, 42L, __atomic_exchange_n(&test_var, 20, __ATOMIC_RELAXED));
1227 KUNIT_EXPECT_EQ(test, 20L, test_var);
1230 KUNIT_EXPECT_TRUE(test, __atomic_compare_exchange_n(&test_var, &tmp, 30L,
1231 0, __ATOMIC_RELAXED,
1233 KUNIT_EXPECT_EQ(test, tmp, 20L);
1234 KUNIT_EXPECT_EQ(test, test_var, 30L);
1235 KUNIT_EXPECT_FALSE(test, __atomic_compare_exchange_n(&test_var, &tmp, 40L,
1236 1, __ATOMIC_RELAXED,
1238 KUNIT_EXPECT_EQ(test, tmp, 30L);
1239 KUNIT_EXPECT_EQ(test, test_var, 30L);
1241 KUNIT_EXPECT_EQ(test, 30L, __atomic_fetch_add(&test_var, 1, __ATOMIC_RELAXED));
1242 KUNIT_EXPECT_EQ(test, 31L, __atomic_fetch_sub(&test_var, 1, __ATOMIC_RELAXED));
1243 KUNIT_EXPECT_EQ(test, 30L, __atomic_fetch_and(&test_var, 0xf, __ATOMIC_RELAXED));
1244 KUNIT_EXPECT_EQ(test, 14L, __atomic_fetch_xor(&test_var, 0xf, __ATOMIC_RELAXED));
1245 KUNIT_EXPECT_EQ(test, 1L, __atomic_fetch_or(&test_var, 0xf0, __ATOMIC_RELAXED));
1246 KUNIT_EXPECT_EQ(test, 241L, __atomic_fetch_nand(&test_var, 0xf, __ATOMIC_RELAXED));
1247 KUNIT_EXPECT_EQ(test, -2L, test_var);
1249 __atomic_thread_fence(__ATOMIC_SEQ_CST);
1250 __atomic_signal_fence(__ATOMIC_SEQ_CST);
1252 kcsan_disable_current();
1254 match_never = report_available();
1255 } while (!end_test_checks(match_never));
1256 KUNIT_EXPECT_FALSE(test, match_never);
1260 static void test_1bit_value_change(struct kunit *test)
1262 struct expect_report expect = {
1264 { test_kernel_read, &test_var, sizeof(test_var), 0 },
1265 { test_kernel_xor_1bit, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(KCSAN_ACCESS_WRITE) },
1270 begin_test_checks(test_kernel_read, test_kernel_xor_1bit);
1272 match = IS_ENABLED(CONFIG_KCSAN_PERMISSIVE)
1273 ? report_available()
1274 : report_matches(&expect);
1275 } while (!end_test_checks(match));
1276 if (IS_ENABLED(CONFIG_KCSAN_PERMISSIVE))
1277 KUNIT_EXPECT_FALSE(test, match);
1279 KUNIT_EXPECT_TRUE(test, match);
1283 static void test_correct_barrier(struct kunit *test)
1285 struct expect_report expect = {
1287 { test_kernel_with_memorder, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(KCSAN_ACCESS_WRITE) },
1288 { test_kernel_with_memorder, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(0) },
1291 bool match_expect = false;
1293 test_struct.val[0] = 0; /* init unlocked */
1294 begin_test_checks(test_kernel_with_memorder, test_kernel_with_memorder);
1296 match_expect = report_matches_any_reordered(&expect);
1297 } while (!end_test_checks(match_expect));
1298 KUNIT_EXPECT_FALSE(test, match_expect);
1302 static void test_missing_barrier(struct kunit *test)
1304 struct expect_report expect = {
1306 { test_kernel_wrong_memorder, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(KCSAN_ACCESS_WRITE) },
1307 { test_kernel_wrong_memorder, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(0) },
1310 bool match_expect = false;
1312 test_struct.val[0] = 0; /* init unlocked */
1313 begin_test_checks(test_kernel_wrong_memorder, test_kernel_wrong_memorder);
1315 match_expect = report_matches_any_reordered(&expect);
1316 } while (!end_test_checks(match_expect));
1317 if (IS_ENABLED(CONFIG_KCSAN_WEAK_MEMORY))
1318 KUNIT_EXPECT_TRUE(test, match_expect);
1320 KUNIT_EXPECT_FALSE(test, match_expect);
1324 static void test_atomic_builtins_correct_barrier(struct kunit *test)
1326 struct expect_report expect = {
1328 { test_kernel_atomic_builtin_with_memorder, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(KCSAN_ACCESS_WRITE) },
1329 { test_kernel_atomic_builtin_with_memorder, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(0) },
1332 bool match_expect = false;
1334 test_struct.val[0] = 0; /* init unlocked */
1335 begin_test_checks(test_kernel_atomic_builtin_with_memorder,
1336 test_kernel_atomic_builtin_with_memorder);
1338 match_expect = report_matches_any_reordered(&expect);
1339 } while (!end_test_checks(match_expect));
1340 KUNIT_EXPECT_FALSE(test, match_expect);
1344 static void test_atomic_builtins_missing_barrier(struct kunit *test)
1346 struct expect_report expect = {
1348 { test_kernel_atomic_builtin_wrong_memorder, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(KCSAN_ACCESS_WRITE) },
1349 { test_kernel_atomic_builtin_wrong_memorder, &test_var, sizeof(test_var), __KCSAN_ACCESS_RW(0) },
1352 bool match_expect = false;
1354 test_struct.val[0] = 0; /* init unlocked */
1355 begin_test_checks(test_kernel_atomic_builtin_wrong_memorder,
1356 test_kernel_atomic_builtin_wrong_memorder);
1358 match_expect = report_matches_any_reordered(&expect);
1359 } while (!end_test_checks(match_expect));
1360 if (IS_ENABLED(CONFIG_KCSAN_WEAK_MEMORY))
1361 KUNIT_EXPECT_TRUE(test, match_expect);
1363 KUNIT_EXPECT_FALSE(test, match_expect);
1367 * Generate thread counts for all test cases. Values generated are in interval
1368 * [2, 5] followed by exponentially increasing thread counts from 8 to 32.
1370 * The thread counts are chosen to cover potentially interesting boundaries and
1371 * corner cases (2 to 5), and then stress the system with larger counts.
1373 static const void *nthreads_gen_params(const void *prev, char *desc)
1375 long nthreads = (long)prev;
1377 if (nthreads < 0 || nthreads >= 32)
1378 nthreads = 0; /* stop */
1380 nthreads = 2; /* initial value */
1381 else if (nthreads < 5)
1383 else if (nthreads == 5)
1388 if (!preempt_model_preemptible() ||
1389 !IS_ENABLED(CONFIG_KCSAN_INTERRUPT_WATCHER)) {
1391 * Without any preemption, keep 2 CPUs free for other tasks, one
1392 * of which is the main test case function checking for
1393 * completion or failure.
1395 const long min_unused_cpus = preempt_model_none() ? 2 : 0;
1396 const long min_required_cpus = 2 + min_unused_cpus;
1398 if (num_online_cpus() < min_required_cpus) {
1399 pr_err_once("Too few online CPUs (%u < %ld) for test\n",
1400 num_online_cpus(), min_required_cpus);
1402 } else if (nthreads >= num_online_cpus() - min_unused_cpus) {
1403 /* Use negative value to indicate last param. */
1404 nthreads = -(num_online_cpus() - min_unused_cpus);
1405 pr_warn_once("Limiting number of threads to %ld (only %d online CPUs)\n",
1406 -nthreads, num_online_cpus());
1410 snprintf(desc, KUNIT_PARAM_DESC_SIZE, "threads=%ld", abs(nthreads));
1411 return (void *)nthreads;
1414 #define KCSAN_KUNIT_CASE(test_name) KUNIT_CASE_PARAM(test_name, nthreads_gen_params)
1415 static struct kunit_case kcsan_test_cases[] = {
1416 KUNIT_CASE(test_barrier_nothreads),
1417 KCSAN_KUNIT_CASE(test_basic),
1418 KCSAN_KUNIT_CASE(test_concurrent_races),
1419 KCSAN_KUNIT_CASE(test_novalue_change),
1420 KCSAN_KUNIT_CASE(test_novalue_change_exception),
1421 KCSAN_KUNIT_CASE(test_unknown_origin),
1422 KCSAN_KUNIT_CASE(test_write_write_assume_atomic),
1423 KCSAN_KUNIT_CASE(test_write_write_struct),
1424 KCSAN_KUNIT_CASE(test_write_write_struct_part),
1425 KCSAN_KUNIT_CASE(test_read_atomic_write_atomic),
1426 KCSAN_KUNIT_CASE(test_read_plain_atomic_write),
1427 KCSAN_KUNIT_CASE(test_read_plain_atomic_rmw),
1428 KCSAN_KUNIT_CASE(test_zero_size_access),
1429 KCSAN_KUNIT_CASE(test_data_race),
1430 KCSAN_KUNIT_CASE(test_assert_exclusive_writer),
1431 KCSAN_KUNIT_CASE(test_assert_exclusive_access),
1432 KCSAN_KUNIT_CASE(test_assert_exclusive_access_writer),
1433 KCSAN_KUNIT_CASE(test_assert_exclusive_bits_change),
1434 KCSAN_KUNIT_CASE(test_assert_exclusive_bits_nochange),
1435 KCSAN_KUNIT_CASE(test_assert_exclusive_writer_scoped),
1436 KCSAN_KUNIT_CASE(test_assert_exclusive_access_scoped),
1437 KCSAN_KUNIT_CASE(test_jiffies_noreport),
1438 KCSAN_KUNIT_CASE(test_seqlock_noreport),
1439 KCSAN_KUNIT_CASE(test_atomic_builtins),
1440 KCSAN_KUNIT_CASE(test_1bit_value_change),
1441 KCSAN_KUNIT_CASE(test_correct_barrier),
1442 KCSAN_KUNIT_CASE(test_missing_barrier),
1443 KCSAN_KUNIT_CASE(test_atomic_builtins_correct_barrier),
1444 KCSAN_KUNIT_CASE(test_atomic_builtins_missing_barrier),
1448 /* ===== End test cases ===== */
1450 /* Concurrent accesses from interrupts. */
1452 static void access_thread_timer(struct timer_list *timer)
1454 static atomic_t cnt = ATOMIC_INIT(0);
1458 idx = (unsigned int)atomic_inc_return(&cnt) % ARRAY_SIZE(access_kernels);
1459 /* Acquire potential initialization. */
1460 func = smp_load_acquire(&access_kernels[idx]);
1465 /* The main loop for each thread. */
1467 static int access_thread(void *arg)
1469 struct timer_list timer;
1470 unsigned int cnt = 0;
1474 timer_setup_on_stack(&timer, access_thread_timer, 0);
1478 if (!timer_pending(&timer))
1479 mod_timer(&timer, jiffies + 1);
1481 /* Iterate through all kernels. */
1482 idx = cnt++ % ARRAY_SIZE(access_kernels);
1483 /* Acquire potential initialization. */
1484 func = smp_load_acquire(&access_kernels[idx]);
1488 } while (!torture_must_stop());
1489 del_timer_sync(&timer);
1490 destroy_timer_on_stack(&timer);
1492 torture_kthread_stopping("access_thread");
1497 static int test_init(struct kunit *test)
1499 unsigned long flags;
1503 spin_lock_irqsave(&observed.lock, flags);
1504 for (i = 0; i < ARRAY_SIZE(observed.lines); ++i)
1505 observed.lines[i][0] = '\0';
1506 observed.nlines = 0;
1507 spin_unlock_irqrestore(&observed.lock, flags);
1509 if (strstr(test->name, "nothreads"))
1512 if (!torture_init_begin((char *)test->name, 1))
1515 if (WARN_ON(threads))
1518 for (i = 0; i < ARRAY_SIZE(access_kernels); ++i) {
1519 if (WARN_ON(access_kernels[i]))
1523 nthreads = abs((long)test->param_value);
1524 if (WARN_ON(!nthreads))
1527 threads = kcalloc(nthreads + 1, sizeof(struct task_struct *), GFP_KERNEL);
1528 if (WARN_ON(!threads))
1531 threads[nthreads] = NULL;
1532 for (i = 0; i < nthreads; ++i) {
1533 if (torture_create_kthread(access_thread, NULL, threads[i]))
1549 static void test_exit(struct kunit *test)
1551 struct task_struct **stop_thread;
1554 if (strstr(test->name, "nothreads"))
1557 if (torture_cleanup_begin())
1560 for (i = 0; i < ARRAY_SIZE(access_kernels); ++i)
1561 WRITE_ONCE(access_kernels[i], NULL);
1564 for (stop_thread = threads; *stop_thread; stop_thread++)
1565 torture_stop_kthread(reader_thread, *stop_thread);
1571 torture_cleanup_end();
1575 static void register_tracepoints(void)
1577 register_trace_console(probe_console, NULL);
1581 static void unregister_tracepoints(void)
1583 unregister_trace_console(probe_console, NULL);
1586 static int kcsan_suite_init(struct kunit_suite *suite)
1588 register_tracepoints();
1592 static void kcsan_suite_exit(struct kunit_suite *suite)
1594 unregister_tracepoints();
1595 tracepoint_synchronize_unregister();
1598 static struct kunit_suite kcsan_test_suite = {
1600 .test_cases = kcsan_test_cases,
1603 .suite_init = kcsan_suite_init,
1604 .suite_exit = kcsan_suite_exit,
1607 kunit_test_suites(&kcsan_test_suite);
1609 MODULE_LICENSE("GPL v2");
1610 MODULE_AUTHOR("Marco Elver <elver@google.com>");
projects / releases.git / blob