[PATCH v4 0/7] x86, kasan: add KASAN checks to atomic operations

[Dmitry Vyukov]

KASAN uses compiler instrumentation to intercept all memory accesses.
But it does not see memory accesses done in assembly code.
One notable user of assembly code is atomic operations. Frequently,
for example, an atomic reference decrement is the last access to an
object and a good candidate for a racy use-after-free.

Atomic operations are defined in arch files, but KASAN instrumentation
is required for several archs that support KASAN. Later we will need
similar hooks for KMSAN (uninit use detector) and KTSAN (data race
detector).

This change introduces wrappers around atomic operations that can be
used to add KASAN/KMSAN/KTSAN instrumentation across several archs,
and adds KASAN checks to them.

This patch uses the wrappers only for x86 arch. Arm64 will be switched
later. And we also plan to instrument bitops in a similar way.

Within a day it has found its first bug:

BUG: KASAN: use-after-free in atomic_dec_and_test
arch/x86/include/asm/atomic.h:123 [inline] at addr ffff880079c30158
Write of size 4 by task syz-executor6/25698
CPU: 2 PID: 25698 Comm: syz-executor6 Not tainted 4.10.0+ #302
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
kasan_check_write+0x14/0x20 mm/kasan/kasan.c:344
atomic_dec_and_test arch/x86/include/asm/atomic.h:123 [inline]
put_task_struct include/linux/sched/task.h:93 [inline]
put_ctx+0xcf/0x110 kernel/events/core.c:1131
perf_event_release_kernel+0x3ad/0xc90 kernel/events/core.c:4322
perf_release+0x37/0x50 kernel/events/core.c:4338
__fput+0x332/0x800 fs/file_table.c:209
____fput+0x15/0x20 fs/file_table.c:245
task_work_run+0x197/0x260 kernel/task_work.c:116
exit_task_work include/linux/task_work.h:21 [inline]
do_exit+0xb38/0x29c0 kernel/exit.c:880
do_group_exit+0x149/0x420 kernel/exit.c:984
get_signal+0x7e0/0x1820 kernel/signal.c:2318
do_signal+0xd2/0x2190 arch/x86/kernel/signal.c:808
exit_to_usermode_loop+0x200/0x2a0 arch/x86/entry/common.c:157
syscall_return_slowpath arch/x86/entry/common.c:191 [inline]
do_syscall_64+0x6fc/0x930 arch/x86/entry/common.c:286
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4458d9
RSP: 002b:00007f3f07187cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00000000007080c8 RCX: 00000000004458d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000007080c8
RBP: 00000000007080a8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f3f071889c0 R15: 00007f3f07188700
Object at ffff880079c30140, in cache task_struct size: 5376
Allocated:
PID = 25681
kmem_cache_alloc_node+0x122/0x6f0 mm/slab.c:3662
alloc_task_struct_node kernel/fork.c:153 [inline]
dup_task_struct kernel/fork.c:495 [inline]
copy_process.part.38+0x19c8/0x4aa0 kernel/fork.c:1560
copy_process kernel/fork.c:1531 [inline]
_do_fork+0x200/0x1010 kernel/fork.c:1994
SYSC_clone kernel/fork.c:2104 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2098
do_syscall_64+0x2e8/0x930 arch/x86/entry/common.c:281
return_from_SYSCALL_64+0x0/0x7a
Freed:
PID = 25681
__cache_free mm/slab.c:3514 [inline]
kmem_cache_free+0x71/0x240 mm/slab.c:3774
free_task_struct kernel/fork.c:158 [inline]
free_task+0x151/0x1d0 kernel/fork.c:370
copy_process.part.38+0x18e5/0x4aa0 kernel/fork.c:1931
copy_process kernel/fork.c:1531 [inline]
_do_fork+0x200/0x1010 kernel/fork.c:1994
SYSC_clone kernel/fork.c:2104 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2098
do_syscall_64+0x2e8/0x930 arch/x86/entry/common.c:281
return_from_SYSCALL_64+0x0/0x7a

Changes since v1:
- dropped "x86: remove unused atomic_inc_short()" patch
it is mailed separately
- rebased on top of tip/locking/core head
- other changes noted within individual patches

Changes since v2:
- rebased on top of tip/locking/core head
- dropped a pervasive "x86: use long long for 64-bit atomic ops" commit,
instead use s64 type in wrappers
- added "x86: use s64* for old arg of atomic64_try_cmpxchg()" commit

Changes since v3 are noted in individual commits.

Tested:
- build/boot x86_64 defconfig
- build/boot x86_64 defconfig+KASAN
- build i686/powerpc defconfig

Dmitry Vyukov (7):
x86: un-macro-ify atomic ops implementation
x86: use s64* for old arg of atomic64_try_cmpxchg()
asm-generic: add atomic-instrumented.h
x86: switch atomic.h to use atomic-instrumented.h
kasan: allow kasan_check_read/write() to accept pointers to volatiles
asm-generic: add KASAN instrumentation to atomic operations
asm-generic, x86: add comments for atomic instrumentation

arch/x86/include/asm/atomic.h | 150 ++++++-----
arch/x86/include/asm/atomic64_32.h | 153 ++++++-----
arch/x86/include/asm/atomic64_64.h | 151 ++++++-----
arch/x86/include/asm/cmpxchg.h | 14 +-
arch/x86/include/asm/cmpxchg_32.h | 8 +-
arch/x86/include/asm/cmpxchg_64.h | 4 +-
include/asm-generic/atomic-instrumented.h | 414 ++++++++++++++++++++++++++++++
include/linux/kasan-checks.h | 10 +-
mm/kasan/kasan.c | 4 +-
9 files changed, 702 insertions(+), 206 deletions(-)
create mode 100644 include/asm-generic/atomic-instrumented.h

--
2.13.1.518.g3df882009-goog

[Dmitry Vyukov]

CPP turns perfectly readable code into an unreadable,
unmaintainable mess. Ingo suggested to write them out as-is.
Do this.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Suggested-by: Ingo Molnar <mi...@kernel.org>
Cc: Mark Rutland <mark.r...@arm.com>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Thomas Gleixner <tg...@linutronix.de>
Cc: "H. Peter Anvin" <h...@zytor.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Andrew Morton <ak...@linux-foundation.org>
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org
Cc: kasa...@googlegroups.com
---
arch/x86/include/asm/atomic.h | 80 ++++++++++++++++++++++++--------------
arch/x86/include/asm/atomic64_32.h | 77 ++++++++++++++++++++++++------------
arch/x86/include/asm/atomic64_64.h | 67 ++++++++++++++++++++-----------
3 files changed, 148 insertions(+), 76 deletions(-)

diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
index 33380b871463..8d7f6e579be4 100644
--- a/arch/x86/include/asm/atomic.h
+++ b/arch/x86/include/asm/atomic.h
@@ -197,35 +197,57 @@ static inline int atomic_xchg(atomic_t *v, int new)
return xchg(&v->counter, new);
}

-#define ATOMIC_OP(op) \
-static inline void atomic_##op(int i, atomic_t *v) \
-{ \
- asm volatile(LOCK_PREFIX #op"l %1,%0" \
- : "+m" (v->counter) \
- : "ir" (i) \
- : "memory"); \
-}
-
-#define ATOMIC_FETCH_OP(op, c_op) \
-static inline int atomic_fetch_##op(int i, atomic_t *v) \
-{ \
- int val = atomic_read(v); \
- do { \
- } while (!atomic_try_cmpxchg(v, &val, val c_op i)); \
- return val; \
-}
-
-#define ATOMIC_OPS(op, c_op) \
- ATOMIC_OP(op) \
- ATOMIC_FETCH_OP(op, c_op)
-
-ATOMIC_OPS(and, &)
-ATOMIC_OPS(or , |)
-ATOMIC_OPS(xor, ^)
-
-#undef ATOMIC_OPS
-#undef ATOMIC_FETCH_OP
-#undef ATOMIC_OP
+static inline void atomic_and(int i, atomic_t *v)
+{
+ asm volatile(LOCK_PREFIX "andl %1,%0"
+ : "+m" (v->counter)
+ : "ir" (i)
+ : "memory");
+}
+
+static inline int atomic_fetch_and(int i, atomic_t *v)
+{
+ int val = atomic_read(v);
+
+ do {
+ } while (!atomic_try_cmpxchg(v, &val, val & i));
+ return val;
+}
+
+static inline void atomic_or(int i, atomic_t *v)
+{
+ asm volatile(LOCK_PREFIX "orl %1,%0"
+ : "+m" (v->counter)
+ : "ir" (i)
+ : "memory");
+}
+
+static inline int atomic_fetch_or(int i, atomic_t *v)
+{
+ int val = atomic_read(v);
+
+ do {
+ } while (!atomic_try_cmpxchg(v, &val, val | i));
+ return val;
+}
+
+
+static inline void atomic_xor(int i, atomic_t *v)
+{
+ asm volatile(LOCK_PREFIX "xorl %1,%0"
+ : "+m" (v->counter)
+ : "ir" (i)
+ : "memory");
+}
+
+static inline int atomic_fetch_xor(int i, atomic_t *v)
+{
+ int val = atomic_read(v);
+
+ do {
+ } while (!atomic_try_cmpxchg(v, &val, val ^ i));
+ return val;
+}

/**
* __atomic_add_unless - add unless the number is already a given value
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
index 71d7705fb303..f107fef7bfcc 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
@@ -312,37 +312,66 @@ static inline long long atomic64_dec_if_positive(atomic64_t *v)
#undef alternative_atomic64
#undef __alternative_atomic64

-#define ATOMIC64_OP(op, c_op) \
-static inline void atomic64_##op(long long i, atomic64_t *v) \
-{ \
- long long old, c = 0; \
- while ((old = atomic64_cmpxchg(v, c, c c_op i)) != c) \
- c = old; \
+static inline void atomic64_and(long long i, atomic64_t *v)
+{
+ long long old, c = 0;
+
+ while ((old = atomic64_cmpxchg(v, c, c & i)) != c)
+ c = old;
}

-#define ATOMIC64_FETCH_OP(op, c_op) \
-static inline long long atomic64_fetch_##op(long long i, atomic64_t *v) \
-{ \
- long long old, c = 0; \
- while ((old = atomic64_cmpxchg(v, c, c c_op i)) != c) \
- c = old; \
- return old; \
+static inline long long atomic64_fetch_and(long long i, atomic64_t *v)
+{
+ long long old, c = 0;
+
+ while ((old = atomic64_cmpxchg(v, c, c & i)) != c)
+ c = old;
+ return old;
}

-ATOMIC64_FETCH_OP(add, +)
+static inline void atomic64_or(long long i, atomic64_t *v)
+{
+ long long old, c = 0;

-#define atomic64_fetch_sub(i, v) atomic64_fetch_add(-(i), (v))
+ while ((old = atomic64_cmpxchg(v, c, c | i)) != c)
+ c = old;
+}
+
+static inline long long atomic64_fetch_or(long long i, atomic64_t *v)
+{
+ long long old, c = 0;
+
+ while ((old = atomic64_cmpxchg(v, c, c | i)) != c)
+ c = old;
+ return old;
+}

-#define ATOMIC64_OPS(op, c_op) \
- ATOMIC64_OP(op, c_op) \
- ATOMIC64_FETCH_OP(op, c_op)
+static inline void atomic64_xor(long long i, atomic64_t *v)
+{
+ long long old, c = 0;
+
+ while ((old = atomic64_cmpxchg(v, c, c ^ i)) != c)
+ c = old;
+}

-ATOMIC64_OPS(and, &)
-ATOMIC64_OPS(or, |)
-ATOMIC64_OPS(xor, ^)
+static inline long long atomic64_fetch_xor(long long i, atomic64_t *v)
+{
+ long long old, c = 0;
+
+ while ((old = atomic64_cmpxchg(v, c, c ^ i)) != c)
+ c = old;
+ return old;
+}

-#undef ATOMIC64_OPS
-#undef ATOMIC64_FETCH_OP
-#undef ATOMIC64_OP
+static inline long long atomic64_fetch_add(long long i, atomic64_t *v)
+{
+ long long old, c = 0;
+
+ while ((old = atomic64_cmpxchg(v, c, c + i)) != c)
+ c = old;
+ return old;
+}
+
+#define atomic64_fetch_sub(i, v) atomic64_fetch_add(-(i), (v))

#endif /* _ASM_X86_ATOMIC64_32_H */
diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
index 6189a433c9a9..8db8879a6d8c 100644
--- a/arch/x86/include/asm/atomic64_64.h
+++ b/arch/x86/include/asm/atomic64_64.h
@@ -226,34 +226,55 @@ static inline long atomic64_dec_if_positive(atomic64_t *v)
return dec;
}

-#define ATOMIC64_OP(op) \
-static inline void atomic64_##op(long i, atomic64_t *v) \
-{ \
- asm volatile(LOCK_PREFIX #op"q %1,%0" \
- : "+m" (v->counter) \
- : "er" (i) \
- : "memory"); \
+static inline void atomic64_and(long i, atomic64_t *v)
+{
+ asm volatile(LOCK_PREFIX "andq %1,%0"
+ : "+m" (v->counter)
+ : "er" (i)
+ : "memory");
}

-#define ATOMIC64_FETCH_OP(op, c_op) \
-static inline long atomic64_fetch_##op(long i, atomic64_t *v) \
-{ \
- long val = atomic64_read(v); \
- do { \
- } while (!atomic64_try_cmpxchg(v, &val, val c_op i)); \
- return val; \
+static inline long atomic64_fetch_and(long i, atomic64_t *v)
+{
+ long val = atomic64_read(v);
+
+ do {
+ } while (!atomic64_try_cmpxchg(v, &val, val & i));
+ return val;
}

-#define ATOMIC64_OPS(op, c_op) \
- ATOMIC64_OP(op) \
- ATOMIC64_FETCH_OP(op, c_op)
+static inline void atomic64_or(long i, atomic64_t *v)
+{
+ asm volatile(LOCK_PREFIX "orq %1,%0"
+ : "+m" (v->counter)
+ : "er" (i)
+ : "memory");
+}

-ATOMIC64_OPS(and, &)
-ATOMIC64_OPS(or, |)
-ATOMIC64_OPS(xor, ^)
+static inline long atomic64_fetch_or(long i, atomic64_t *v)
+{
+ long val = atomic64_read(v);

-#undef ATOMIC64_OPS
-#undef ATOMIC64_FETCH_OP
-#undef ATOMIC64_OP
+ do {
+ } while (!atomic64_try_cmpxchg(v, &val, val | i));
+ return val;
+}
+
+static inline void atomic64_xor(long i, atomic64_t *v)
+{
+ asm volatile(LOCK_PREFIX "xorq %1,%0"
+ : "+m" (v->counter)
+ : "er" (i)
+ : "memory");
+}
+
+static inline long atomic64_fetch_xor(long i, atomic64_t *v)
+{
+ long val = atomic64_read(v);
+
+ do {
+ } while (!atomic64_try_cmpxchg(v, &val, val ^ i));
+ return val;
+}

#endif /* _ASM_X86_ATOMIC64_64_H */
--
2.13.1.518.g3df882009-goog

[Dmitry Vyukov]

The new header allows to wrap per-arch atomic operations
and add common functionality to all of them.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Cc: Mark Rutland <mark.r...@arm.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Will Deacon <will....@arm.com>
Cc: Andrew Morton <ak...@linux-foundation.org>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: kasa...@googlegroups.com
Cc: linu...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org
---
include/asm-generic/atomic-instrumented.h | 316 ++++++++++++++++++++++++++++++
1 file changed, 316 insertions(+)

diff --git a/include/asm-generic/atomic-instrumented.h b/include/asm-generic/atomic-instrumented.h
new file mode 100644
index 000000000000..50401d925290
--- /dev/null
+++ b/include/asm-generic/atomic-instrumented.h
@@ -0,0 +1,316 @@
+#ifndef _LINUX_ATOMIC_INSTRUMENTED_H
+#define _LINUX_ATOMIC_INSTRUMENTED_H
+
+static __always_inline int atomic_read(const atomic_t *v)
+{
+ return arch_atomic_read(v);
+}
+
+static __always_inline s64 atomic64_read(const atomic64_t *v)
+{
+ return arch_atomic64_read(v);
+}
+
+static __always_inline void atomic_set(atomic_t *v, int i)
+{
+ arch_atomic_set(v, i);
+}
+
+static __always_inline void atomic64_set(atomic64_t *v, s64 i)
+{
+ arch_atomic64_set(v, i);
+}
+
+static __always_inline int atomic_xchg(atomic_t *v, int i)
+{
+ return arch_atomic_xchg(v, i);
+}
+
+static __always_inline s64 atomic64_xchg(atomic64_t *v, s64 i)
+{
+ return arch_atomic64_xchg(v, i);
+}
+
+static __always_inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+{
+ return arch_atomic_cmpxchg(v, old, new);
+}
+
+static __always_inline s64 atomic64_cmpxchg(atomic64_t *v, s64 old, s64 new)
+{
+ return arch_atomic64_cmpxchg(v, old, new);
+}
+
+#ifdef arch_atomic_try_cmpxchg
+#define atomic_try_cmpxchg atomic_try_cmpxchg
+static __always_inline bool atomic_try_cmpxchg(atomic_t *v, int *old, int new)
+{
+ return arch_atomic_try_cmpxchg(v, old, new);
+}
+#endif
+
+#ifdef arch_atomic64_try_cmpxchg
+#define atomic64_try_cmpxchg atomic64_try_cmpxchg
+static __always_inline bool atomic64_try_cmpxchg(atomic64_t *v, s64 *old, s64 new)
+{
+ return arch_atomic64_try_cmpxchg(v, old, new);
+}
+#endif
+
+static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)
+{
+ return __arch_atomic_add_unless(v, a, u);
+}
+
+
+static __always_inline bool atomic64_add_unless(atomic64_t *v, s64 a, s64 u)
+{
+ return arch_atomic64_add_unless(v, a, u);
+}
+
+static __always_inline void atomic_inc(atomic_t *v)
+{
+ arch_atomic_inc(v);
+}
+
+static __always_inline void atomic64_inc(atomic64_t *v)
+{
+ arch_atomic64_inc(v);
+}
+
+static __always_inline void atomic_dec(atomic_t *v)
+{
+ arch_atomic_dec(v);
+}
+
+static __always_inline void atomic64_dec(atomic64_t *v)
+{
+ arch_atomic64_dec(v);
+}
+
+static __always_inline void atomic_add(int i, atomic_t *v)
+{
+ arch_atomic_add(i, v);
+}
+
+static __always_inline void atomic64_add(s64 i, atomic64_t *v)
+{
+ arch_atomic64_add(i, v);
+}
+
+static __always_inline void atomic_sub(int i, atomic_t *v)
+{
+ arch_atomic_sub(i, v);
+}
+
+static __always_inline void atomic64_sub(s64 i, atomic64_t *v)
+{
+ arch_atomic64_sub(i, v);
+}
+
+static __always_inline void atomic_and(int i, atomic_t *v)
+{
+ arch_atomic_and(i, v);
+}
+
+static __always_inline void atomic64_and(s64 i, atomic64_t *v)
+{
+ arch_atomic64_and(i, v);
+}
+
+static __always_inline void atomic_or(int i, atomic_t *v)
+{
+ arch_atomic_or(i, v);
+}
+
+static __always_inline void atomic64_or(s64 i, atomic64_t *v)
+{
+ arch_atomic64_or(i, v);
+}
+
+static __always_inline void atomic_xor(int i, atomic_t *v)
+{
+ arch_atomic_xor(i, v);
+}
+
+static __always_inline void atomic64_xor(s64 i, atomic64_t *v)
+{
+ arch_atomic64_xor(i, v);
+}
+
+static __always_inline int atomic_inc_return(atomic_t *v)
+{
+ return arch_atomic_inc_return(v);
+}
+
+static __always_inline s64 atomic64_inc_return(atomic64_t *v)
+{
+ return arch_atomic64_inc_return(v);
+}
+
+static __always_inline int atomic_dec_return(atomic_t *v)
+{
+ return arch_atomic_dec_return(v);
+}
+
+static __always_inline s64 atomic64_dec_return(atomic64_t *v)
+{
+ return arch_atomic64_dec_return(v);
+}
+
+static __always_inline s64 atomic64_inc_not_zero(atomic64_t *v)
+{
+ return arch_atomic64_inc_not_zero(v);
+}
+
+static __always_inline s64 atomic64_dec_if_positive(atomic64_t *v)
+{
+ return arch_atomic64_dec_if_positive(v);
+}
+
+static __always_inline bool atomic_dec_and_test(atomic_t *v)
+{
+ return arch_atomic_dec_and_test(v);
+}
+
+static __always_inline bool atomic64_dec_and_test(atomic64_t *v)
+{
+ return arch_atomic64_dec_and_test(v);
+}
+
+static __always_inline bool atomic_inc_and_test(atomic_t *v)
+{
+ return arch_atomic_inc_and_test(v);
+}
+
+static __always_inline bool atomic64_inc_and_test(atomic64_t *v)
+{
+ return arch_atomic64_inc_and_test(v);
+}
+
+static __always_inline int atomic_add_return(int i, atomic_t *v)
+{
+ return arch_atomic_add_return(i, v);
+}
+
+static __always_inline s64 atomic64_add_return(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_add_return(i, v);
+}
+
+static __always_inline int atomic_sub_return(int i, atomic_t *v)
+{
+ return arch_atomic_sub_return(i, v);
+}
+
+static __always_inline s64 atomic64_sub_return(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_sub_return(i, v);
+}
+
+static __always_inline int atomic_fetch_add(int i, atomic_t *v)
+{
+ return arch_atomic_fetch_add(i, v);
+}
+
+static __always_inline s64 atomic64_fetch_add(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_fetch_add(i, v);
+}
+
+static __always_inline int atomic_fetch_sub(int i, atomic_t *v)
+{
+ return arch_atomic_fetch_sub(i, v);
+}
+
+static __always_inline s64 atomic64_fetch_sub(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_fetch_sub(i, v);
+}
+
+static __always_inline int atomic_fetch_and(int i, atomic_t *v)
+{
+ return arch_atomic_fetch_and(i, v);
+}
+
+static __always_inline s64 atomic64_fetch_and(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_fetch_and(i, v);
+}
+
+static __always_inline int atomic_fetch_or(int i, atomic_t *v)
+{
+ return arch_atomic_fetch_or(i, v);
+}
+
+static __always_inline s64 atomic64_fetch_or(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_fetch_or(i, v);
+}
+
+static __always_inline int atomic_fetch_xor(int i, atomic_t *v)
+{
+ return arch_atomic_fetch_xor(i, v);
+}
+
+static __always_inline s64 atomic64_fetch_xor(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_fetch_xor(i, v);
+}
+
+static __always_inline bool atomic_sub_and_test(int i, atomic_t *v)
+{
+ return arch_atomic_sub_and_test(i, v);
+}
+
+static __always_inline bool atomic64_sub_and_test(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_sub_and_test(i, v);
+}
+
+static __always_inline bool atomic_add_negative(int i, atomic_t *v)
+{
+ return arch_atomic_add_negative(i, v);
+}
+
+static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)
+{
+ return arch_atomic64_add_negative(i, v);
+}
+
+#define cmpxchg(ptr, old, new) \
+({ \
+ arch_cmpxchg((ptr), (old), (new)); \
+})
+
+#define sync_cmpxchg(ptr, old, new) \
+({ \
+ arch_sync_cmpxchg((ptr), (old), (new)); \
+})
+
+#define cmpxchg_local(ptr, old, new) \
+({ \
+ arch_cmpxchg_local((ptr), (old), (new)); \
+})
+
+#define cmpxchg64(ptr, old, new) \
+({ \
+ arch_cmpxchg64((ptr), (old), (new)); \
+})
+
+#define cmpxchg64_local(ptr, old, new) \
+({ \
+ arch_cmpxchg64_local((ptr), (old), (new)); \
+})
+
+#define cmpxchg_double(p1, p2, o1, o2, n1, n2) \
+({ \
+ arch_cmpxchg_double((p1), (p2), (o1), (o2), (n1), (n2)); \
+})
+
+#define cmpxchg_double_local(p1, p2, o1, o2, n1, n2) \
+({ \
+ arch_cmpxchg_double_local((p1), (p2), (o1), (o2), (n1), (n2)); \
+})
+
+#endif /* _LINUX_ATOMIC_INSTRUMENTED_H */
--
2.13.1.518.g3df882009-goog

[Dmitry Vyukov]

atomic64_try_cmpxchg() declares old argument as long*,
this makes it impossible to use it in portable code.
If caller passes long*, it becomes 32-bits on 32-bit arches.
If caller passes s64*, it does not compile on x86_64.

Change type of old arg to s64*.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Cc: Mark Rutland <mark.r...@arm.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Will Deacon <will....@arm.com>
Cc: Andrew Morton <ak...@linux-foundation.org>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Ingo Molnar <mi...@redhat.com>

Cc: "H. Peter Anvin" <h...@zytor.com>

Cc: kasa...@googlegroups.com
Cc: linu...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org
---

arch/x86/include/asm/atomic64_64.h | 12 ++++++------
arch/x86/include/asm/cmpxchg.h | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
index 8db8879a6d8c..5d9de36a2f04 100644
--- a/arch/x86/include/asm/atomic64_64.h
+++ b/arch/x86/include/asm/atomic64_64.h
@@ -177,7 +177,7 @@ static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
}

#define atomic64_try_cmpxchg atomic64_try_cmpxchg
-static __always_inline bool atomic64_try_cmpxchg(atomic64_t *v, long *old, long new)
+static __always_inline bool atomic64_try_cmpxchg(atomic64_t *v, s64 *old, long new)
{
return try_cmpxchg(&v->counter, old, new);
}
@@ -198,7 +198,7 @@ static inline long atomic64_xchg(atomic64_t *v, long new)
*/
static inline bool atomic64_add_unless(atomic64_t *v, long a, long u)
{
- long c = atomic64_read(v);
+ s64 c = atomic64_read(v);
do {
if (unlikely(c == u))
return false;
@@ -217,7 +217,7 @@ static inline bool atomic64_add_unless(atomic64_t *v, long a, long u)
*/

static inline long atomic64_dec_if_positive(atomic64_t *v)

{
- long dec, c = atomic64_read(v);
+ s64 dec, c = atomic64_read(v);
do {
dec = c - 1;
if (unlikely(dec < 0))
@@ -236,7 +236,7 @@ static inline void atomic64_and(long i, atomic64_t *v)

static inline long atomic64_fetch_and(long i, atomic64_t *v)

{

- long val = atomic64_read(v);

+ s64 val = atomic64_read(v);

do {

} while (!atomic64_try_cmpxchg(v, &val, val & i));

@@ -253,7 +253,7 @@ static inline void atomic64_or(long i, atomic64_t *v)

static inline long atomic64_fetch_or(long i, atomic64_t *v)

{

- long val = atomic64_read(v);

+ s64 val = atomic64_read(v);

do {

} while (!atomic64_try_cmpxchg(v, &val, val | i));

@@ -270,7 +270,7 @@ static inline void atomic64_xor(long i, atomic64_t *v)

static inline long atomic64_fetch_xor(long i, atomic64_t *v)

{

- long val = atomic64_read(v);

+ s64 val = atomic64_read(v);

do {

} while (!atomic64_try_cmpxchg(v, &val, val ^ i));

diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
index d90296d061e8..b5069e802d5c 100644
--- a/arch/x86/include/asm/cmpxchg.h
+++ b/arch/x86/include/asm/cmpxchg.h
@@ -157,7 +157,7 @@ extern void __add_wrong_size(void)
#define __raw_try_cmpxchg(_ptr, _pold, _new, size, lock) \
({ \
bool success; \
- __typeof__(_ptr) _old = (_pold); \
+ __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \
__typeof__(*(_ptr)) __old = *_old; \
__typeof__(*(_ptr)) __new = (_new); \
switch (size) { \
--
2.13.1.518.g3df882009-goog

[Dmitry Vyukov]

The comments are factored out from the code changes to make them
easier to read. Add them separately to explain some non-obvious
aspects.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Cc: Mark Rutland <mark.r...@arm.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Will Deacon <will....@arm.com>
Cc: Andrew Morton <ak...@linux-foundation.org>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Ingo Molnar <mi...@redhat.com>

Cc: kasa...@googlegroups.com
Cc: linu...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org

---

Changes since v3:
- rephrase comment in arch_atomic_read()
---
arch/x86/include/asm/atomic.h | 4 ++++
include/asm-generic/atomic-instrumented.h | 30 ++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+)

diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
index 304f4f676cce..219c49b4d3aa 100644
--- a/arch/x86/include/asm/atomic.h
+++ b/arch/x86/include/asm/atomic.h
@@ -23,6 +23,10 @@
*/
static __always_inline int arch_atomic_read(const atomic_t *v)
{
+ /*
+ * Note for KASAN: we deliberately don't use READ_ONCE_NOCHECK() here,
+ * it's non-inlined function that increases binary size and stack usage.
+ */
return READ_ONCE((v)->counter);
}

diff --git a/include/asm-generic/atomic-instrumented.h b/include/asm-generic/atomic-instrumented.h
index a0f5b7525bb2..5771439e7a31 100644
--- a/include/asm-generic/atomic-instrumented.h
+++ b/include/asm-generic/atomic-instrumented.h
@@ -1,3 +1,15 @@
+/*
+ * This file provides wrappers with KASAN instrumentation for atomic operations.
+ * To use this functionality an arch's atomic.h file needs to define all
+ * atomic operations with arch_ prefix (e.g. arch_atomic_read()) and include
+ * this file at the end. This file provides atomic_read() that forwards to
+ * arch_atomic_read() for actual atomic operation.
+ * Note: if an arch atomic operation is implemented by means of other atomic
+ * operations (e.g. atomic_read()/atomic_cmpxchg() loop), then it needs to use
+ * arch_ variants (i.e. arch_atomic_read()/arch_atomic_cmpxchg()) to avoid
+ * double instrumentation.
+ */
+
#ifndef _LINUX_ATOMIC_INSTRUMENTED_H
#define _LINUX_ATOMIC_INSTRUMENTED_H

@@ -336,6 +348,15 @@ static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)
return arch_atomic64_add_negative(i, v);
}

+/*
+ * In the following macros we need to be careful to not clash with arch_ macros.
+ * arch_xchg() can be defined as an extended statement expression as well,
+ * if we define a __ptr variable, and arch_xchg() also defines __ptr variable,
+ * and we pass __ptr as an argument to arch_xchg(), it will use own __ptr
+ * instead of ours. This leads to unpleasant crashes. To avoid the problem
+ * the following macros declare variables with lots of underscores.
+ */
+
#define cmpxchg(ptr, old, new) \
({ \
__typeof__(ptr) ___ptr = (ptr); \
@@ -371,6 +392,15 @@ static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)
arch_cmpxchg64_local(____ptr, (old), (new)); \
})

+/*
+ * Originally we had the following code here:
+ * __typeof__(p1) ____p1 = (p1);
+ * kasan_check_write(____p1, 2 * sizeof(*____p1));
+ * arch_cmpxchg_double(____p1, (p2), (o1), (o2), (n1), (n2));
+ * But it leads to compilation failures (see gcc issue 72873).
+ * So for now it's left non-instrumented.
+ * There are few callers of cmpxchg_double(), so it's not critical.
+ */

#define cmpxchg_double(p1, p2, o1, o2, n1, n2) \

({ \

arch_cmpxchg_double((p1), (p2), (o1), (o2), (n1), (n2)); \

--
2.13.1.518.g3df882009-goog

[Dmitry Vyukov]

KASAN uses compiler instrumentation to intercept all memory accesses.
But it does not see memory accesses done in assembly code.
One notable user of assembly code is atomic operations. Frequently,
for example, an atomic reference decrement is the last access to an
object and a good candidate for a racy use-after-free.

Add manual KASAN checks to atomic operations.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Cc: Mark Rutland <mark.r...@arm.com>
Cc: Peter Zijlstra <pet...@infradead.org>

Cc: Will Deacon <will....@arm.com>,
Cc: Andrew Morton <ak...@linux-foundation.org>,
Cc: Andrey Ryabinin <arya...@virtuozzo.com>,
Cc: Ingo Molnar <mi...@redhat.com>,

Cc: kasa...@googlegroups.com
Cc: linu...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org
---

include/asm-generic/atomic-instrumented.h | 76 +++++++++++++++++++++++++++++--
1 file changed, 72 insertions(+), 4 deletions(-)

diff --git a/include/asm-generic/atomic-instrumented.h b/include/asm-generic/atomic-instrumented.h
index 50401d925290..a0f5b7525bb2 100644
--- a/include/asm-generic/atomic-instrumented.h
+++ b/include/asm-generic/atomic-instrumented.h
@@ -1,43 +1,53 @@
#ifndef _LINUX_ATOMIC_INSTRUMENTED_H
#define _LINUX_ATOMIC_INSTRUMENTED_H

+#include <linux/kasan-checks.h>
+

static __always_inline int atomic_read(const atomic_t *v)
{

+ kasan_check_read(v, sizeof(*v));
return arch_atomic_read(v);

}

static __always_inline s64 atomic64_read(const atomic64_t *v)
{

+ kasan_check_read(v, sizeof(*v));
return arch_atomic64_read(v);

}

static __always_inline void atomic_set(atomic_t *v, int i)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic_set(v, i);

}

static __always_inline void atomic64_set(atomic64_t *v, s64 i)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic64_set(v, i);

}

static __always_inline int atomic_xchg(atomic_t *v, int i)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_xchg(v, i);

}

static __always_inline s64 atomic64_xchg(atomic64_t *v, s64 i)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_xchg(v, i);

}

static __always_inline int atomic_cmpxchg(atomic_t *v, int old, int new)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_cmpxchg(v, old, new);

}

static __always_inline s64 atomic64_cmpxchg(atomic64_t *v, s64 old, s64 new)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_cmpxchg(v, old, new);
}

@@ -45,6 +55,8 @@ static __always_inline s64 atomic64_cmpxchg(atomic64_t *v, s64 old, s64 new)
#define atomic_try_cmpxchg atomic_try_cmpxchg

static __always_inline bool atomic_try_cmpxchg(atomic_t *v, int *old, int new)
{

+ kasan_check_write(v, sizeof(*v));
+ kasan_check_read(old, sizeof(*old));
return arch_atomic_try_cmpxchg(v, old, new);
}
#endif
@@ -53,254 +65,310 @@ static __always_inline bool atomic_try_cmpxchg(atomic_t *v, int *old, int new)
#define atomic64_try_cmpxchg atomic64_try_cmpxchg
static __always_inline bool atomic64_try_cmpxchg(atomic64_t *v, s64 *old, s64 new)
{
+ kasan_check_write(v, sizeof(*v));
+ kasan_check_read(old, sizeof(*old));
return arch_atomic64_try_cmpxchg(v, old, new);
}
#endif

static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)
{

+ kasan_check_write(v, sizeof(*v));
return __arch_atomic_add_unless(v, a, u);

}


static __always_inline bool atomic64_add_unless(atomic64_t *v, s64 a, s64 u)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_add_unless(v, a, u);

}

static __always_inline void atomic_inc(atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic_inc(v);

}

static __always_inline void atomic64_inc(atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic64_inc(v);

}

static __always_inline void atomic_dec(atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic_dec(v);

}

static __always_inline void atomic64_dec(atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic64_dec(v);

}

static __always_inline void atomic_add(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic_add(i, v);

}

static __always_inline void atomic64_add(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic64_add(i, v);

}

static __always_inline void atomic_sub(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic_sub(i, v);

}

static __always_inline void atomic64_sub(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic64_sub(i, v);

}

static __always_inline void atomic_and(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic_and(i, v);

}

static __always_inline void atomic64_and(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic64_and(i, v);

}

static __always_inline void atomic_or(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic_or(i, v);

}

static __always_inline void atomic64_or(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic64_or(i, v);

}

static __always_inline void atomic_xor(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic_xor(i, v);

}

static __always_inline void atomic64_xor(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
arch_atomic64_xor(i, v);

}

static __always_inline int atomic_inc_return(atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_inc_return(v);

}

static __always_inline s64 atomic64_inc_return(atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_inc_return(v);

}

static __always_inline int atomic_dec_return(atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_dec_return(v);

}

static __always_inline s64 atomic64_dec_return(atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_dec_return(v);

}

static __always_inline s64 atomic64_inc_not_zero(atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_inc_not_zero(v);

}

static __always_inline s64 atomic64_dec_if_positive(atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_dec_if_positive(v);

}

static __always_inline bool atomic_dec_and_test(atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_dec_and_test(v);

}

static __always_inline bool atomic64_dec_and_test(atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_dec_and_test(v);

}

static __always_inline bool atomic_inc_and_test(atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_inc_and_test(v);

}

static __always_inline bool atomic64_inc_and_test(atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_inc_and_test(v);

}

static __always_inline int atomic_add_return(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_add_return(i, v);

}

static __always_inline s64 atomic64_add_return(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_add_return(i, v);

}

static __always_inline int atomic_sub_return(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_sub_return(i, v);

}

static __always_inline s64 atomic64_sub_return(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_sub_return(i, v);

}

static __always_inline int atomic_fetch_add(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_fetch_add(i, v);

}

static __always_inline s64 atomic64_fetch_add(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_fetch_add(i, v);

}

static __always_inline int atomic_fetch_sub(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_fetch_sub(i, v);

}

static __always_inline s64 atomic64_fetch_sub(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_fetch_sub(i, v);

}

static __always_inline int atomic_fetch_and(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_fetch_and(i, v);

}

static __always_inline s64 atomic64_fetch_and(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_fetch_and(i, v);

}

static __always_inline int atomic_fetch_or(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_fetch_or(i, v);

}

static __always_inline s64 atomic64_fetch_or(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_fetch_or(i, v);

}

static __always_inline int atomic_fetch_xor(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_fetch_xor(i, v);

}

static __always_inline s64 atomic64_fetch_xor(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_fetch_xor(i, v);

}

static __always_inline bool atomic_sub_and_test(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_sub_and_test(i, v);

}

static __always_inline bool atomic64_sub_and_test(s64 i, atomic64_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_sub_and_test(i, v);

}

static __always_inline bool atomic_add_negative(int i, atomic_t *v)
{

+ kasan_check_write(v, sizeof(*v));
return arch_atomic_add_negative(i, v);

}

static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)

{
+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_add_negative(i, v);

}

#define cmpxchg(ptr, old, new) \
({ \

+ __typeof__(ptr) ___ptr = (ptr); \
+ kasan_check_write(___ptr, sizeof(*___ptr)); \
arch_cmpxchg((ptr), (old), (new)); \
})

#define sync_cmpxchg(ptr, old, new) \
({ \
- arch_sync_cmpxchg((ptr), (old), (new)); \
+ __typeof__(ptr) ___ptr = (ptr); \
+ kasan_check_write(___ptr, sizeof(*___ptr)); \
+ arch_sync_cmpxchg(___ptr, (old), (new)); \
})

#define cmpxchg_local(ptr, old, new) \
({ \
- arch_cmpxchg_local((ptr), (old), (new)); \
+ __typeof__(ptr) ____ptr = (ptr); \
+ kasan_check_write(____ptr, sizeof(*____ptr)); \
+ arch_cmpxchg_local(____ptr, (old), (new)); \
})

#define cmpxchg64(ptr, old, new) \
({ \
- arch_cmpxchg64((ptr), (old), (new)); \
+ __typeof__(ptr) ____ptr = (ptr); \
+ kasan_check_write(____ptr, sizeof(*____ptr)); \
+ arch_cmpxchg64(____ptr, (old), (new)); \
})

#define cmpxchg64_local(ptr, old, new) \
({ \
- arch_cmpxchg64_local((ptr), (old), (new)); \
+ __typeof__(ptr) ____ptr = (ptr); \
+ kasan_check_write(____ptr, sizeof(*____ptr)); \
+ arch_cmpxchg64_local(____ptr, (old), (new)); \
})

#define cmpxchg_double(p1, p2, o1, o2, n1, n2) \

--
2.13.1.518.g3df882009-goog

[Dmitry Vyukov]

Currently kasan_check_read/write() accept 'const void*', make them
accept 'const volatile void*'. This is required for instrumentation
of atomic operations and there is just no reason to not allow that.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Cc: Mark Rutland <mark.r...@arm.com>

Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Thomas Gleixner <tg...@linutronix.de>

Cc: "H. Peter Anvin" <h...@zytor.com>

Cc: Peter Zijlstra <pet...@infradead.org>

Cc: Andrew Morton <ak...@linux-foundation.org>
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org

Cc: linu...@kvack.org
Cc: kasa...@googlegroups.com
---
include/linux/kasan-checks.h | 10 ++++++----
mm/kasan/kasan.c | 4 ++--
2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h
index b7f8aced7870..41960fecf783 100644
--- a/include/linux/kasan-checks.h
+++ b/include/linux/kasan-checks.h
@@ -2,11 +2,13 @@
#define _LINUX_KASAN_CHECKS_H

#ifdef CONFIG_KASAN
-void kasan_check_read(const void *p, unsigned int size);
-void kasan_check_write(const void *p, unsigned int size);
+void kasan_check_read(const volatile void *p, unsigned int size);
+void kasan_check_write(const volatile void *p, unsigned int size);
#else
-static inline void kasan_check_read(const void *p, unsigned int size) { }
-static inline void kasan_check_write(const void *p, unsigned int size) { }
+static inline void kasan_check_read(const volatile void *p, unsigned int size)
+{ }
+static inline void kasan_check_write(const volatile void *p, unsigned int size)
+{ }
#endif

#endif
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index c81549d5c833..edacd161c0e5 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -333,13 +333,13 @@ static void check_memory_region(unsigned long addr,
check_memory_region_inline(addr, size, write, ret_ip);
}

-void kasan_check_read(const void *p, unsigned int size)
+void kasan_check_read(const volatile void *p, unsigned int size)
{
check_memory_region((unsigned long)p, size, false, _RET_IP_);
}
EXPORT_SYMBOL(kasan_check_read);

-void kasan_check_write(const void *p, unsigned int size)
+void kasan_check_write(const volatile void *p, unsigned int size)
{
check_memory_region((unsigned long)p, size, true, _RET_IP_);
}
--
2.13.1.518.g3df882009-goog

[Dmitry Vyukov]

Add arch_ prefix to all atomic operations and include
<asm-generic/atomic-instrumented.h>. This will allow
to add KASAN instrumentation to all atomic ops.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Cc: Mark Rutland <mark.r...@arm.com>

Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Will Deacon <will....@arm.com>

Cc: Andrew Morton <ak...@linux-foundation.org>

Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Ingo Molnar <mi...@redhat.com>

Cc: kasa...@googlegroups.com
Cc: linu...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org

---

Changes since v1:
- reverted unnecessary change in __raw_try_cmpxchg()
- reverted s/try_cmpxchg/arch_try_cmpxchg/ change
try_cmpxchg is x86 implementation detail

Changes since v3:
- drop comment in arch_atomic_set()
---
arch/x86/include/asm/atomic.h | 102 ++++++++++++++++++-----------------
arch/x86/include/asm/atomic64_32.h | 106 ++++++++++++++++++------------------
arch/x86/include/asm/atomic64_64.h | 108 ++++++++++++++++++-------------------
arch/x86/include/asm/cmpxchg.h | 12 ++---
arch/x86/include/asm/cmpxchg_32.h | 8 +--
arch/x86/include/asm/cmpxchg_64.h | 4 +-
6 files changed, 172 insertions(+), 168 deletions(-)

diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
index 8d7f6e579be4..304f4f676cce 100644
--- a/arch/x86/include/asm/atomic.h
+++ b/arch/x86/include/asm/atomic.h
@@ -16,36 +16,36 @@
#define ATOMIC_INIT(i) { (i) }

/**
- * atomic_read - read atomic variable
+ * arch_atomic_read - read atomic variable
* @v: pointer of type atomic_t
*
* Atomically reads the value of @v.
*/
-static __always_inline int atomic_read(const atomic_t *v)
+static __always_inline int arch_atomic_read(const atomic_t *v)
{
return READ_ONCE((v)->counter);
}

/**
- * atomic_set - set atomic variable
+ * arch_atomic_set - set atomic variable
* @v: pointer of type atomic_t
* @i: required value
*
* Atomically sets the value of @v to @i.
*/
-static __always_inline void atomic_set(atomic_t *v, int i)
+static __always_inline void arch_atomic_set(atomic_t *v, int i)
{
WRITE_ONCE(v->counter, i);
}

/**
- * atomic_add - add integer to atomic variable
+ * arch_atomic_add - add integer to atomic variable
* @i: integer value to add
* @v: pointer of type atomic_t
*
* Atomically adds @i to @v.
*/
-static __always_inline void atomic_add(int i, atomic_t *v)
+static __always_inline void arch_atomic_add(int i, atomic_t *v)
{
asm volatile(LOCK_PREFIX "addl %1,%0"
: "+m" (v->counter)
@@ -53,13 +53,13 @@ static __always_inline void atomic_add(int i, atomic_t *v)
}

/**
- * atomic_sub - subtract integer from atomic variable
+ * arch_atomic_sub - subtract integer from atomic variable
* @i: integer value to subtract
* @v: pointer of type atomic_t
*
* Atomically subtracts @i from @v.
*/
-static __always_inline void atomic_sub(int i, atomic_t *v)
+static __always_inline void arch_atomic_sub(int i, atomic_t *v)
{
asm volatile(LOCK_PREFIX "subl %1,%0"
: "+m" (v->counter)
@@ -67,7 +67,7 @@ static __always_inline void atomic_sub(int i, atomic_t *v)
}

/**
- * atomic_sub_and_test - subtract value from variable and test result
+ * arch_atomic_sub_and_test - subtract value from variable and test result
* @i: integer value to subtract
* @v: pointer of type atomic_t
*
@@ -75,63 +75,63 @@ static __always_inline void atomic_sub(int i, atomic_t *v)
* true if the result is zero, or false for all
* other cases.
*/
-static __always_inline bool atomic_sub_and_test(int i, atomic_t *v)
+static __always_inline bool arch_atomic_sub_and_test(int i, atomic_t *v)
{
GEN_BINARY_RMWcc(LOCK_PREFIX "subl", v->counter, "er", i, "%0", e);
}

/**
- * atomic_inc - increment atomic variable
+ * arch_atomic_inc - increment atomic variable
* @v: pointer of type atomic_t
*
* Atomically increments @v by 1.
*/
-static __always_inline void atomic_inc(atomic_t *v)
+static __always_inline void arch_atomic_inc(atomic_t *v)
{
asm volatile(LOCK_PREFIX "incl %0"
: "+m" (v->counter));
}

/**
- * atomic_dec - decrement atomic variable
+ * arch_atomic_dec - decrement atomic variable
* @v: pointer of type atomic_t
*
* Atomically decrements @v by 1.
*/
-static __always_inline void atomic_dec(atomic_t *v)
+static __always_inline void arch_atomic_dec(atomic_t *v)
{
asm volatile(LOCK_PREFIX "decl %0"
: "+m" (v->counter));
}

/**
- * atomic_dec_and_test - decrement and test
+ * arch_atomic_dec_and_test - decrement and test
* @v: pointer of type atomic_t
*
* Atomically decrements @v by 1 and
* returns true if the result is 0, or false for all other
* cases.
*/
-static __always_inline bool atomic_dec_and_test(atomic_t *v)
+static __always_inline bool arch_atomic_dec_and_test(atomic_t *v)
{
GEN_UNARY_RMWcc(LOCK_PREFIX "decl", v->counter, "%0", e);
}

/**
- * atomic_inc_and_test - increment and test
+ * arch_atomic_inc_and_test - increment and test
* @v: pointer of type atomic_t
*
* Atomically increments @v by 1
* and returns true if the result is zero, or false for all
* other cases.
*/
-static __always_inline bool atomic_inc_and_test(atomic_t *v)
+static __always_inline bool arch_atomic_inc_and_test(atomic_t *v)
{
GEN_UNARY_RMWcc(LOCK_PREFIX "incl", v->counter, "%0", e);
}

/**
- * atomic_add_negative - add and test if negative
+ * arch_atomic_add_negative - add and test if negative
* @i: integer value to add
* @v: pointer of type atomic_t
*
@@ -139,65 +139,65 @@ static __always_inline bool atomic_inc_and_test(atomic_t *v)
* if the result is negative, or false when
* result is greater than or equal to zero.
*/
-static __always_inline bool atomic_add_negative(int i, atomic_t *v)
+static __always_inline bool arch_atomic_add_negative(int i, atomic_t *v)
{
GEN_BINARY_RMWcc(LOCK_PREFIX "addl", v->counter, "er", i, "%0", s);
}

/**
- * atomic_add_return - add integer and return
+ * arch_atomic_add_return - add integer and return
* @i: integer value to add
* @v: pointer of type atomic_t
*
* Atomically adds @i to @v and returns @i + @v
*/
-static __always_inline int atomic_add_return(int i, atomic_t *v)
+static __always_inline int arch_atomic_add_return(int i, atomic_t *v)
{
return i + xadd(&v->counter, i);
}

/**
- * atomic_sub_return - subtract integer and return
+ * arch_atomic_sub_return - subtract integer and return
* @v: pointer of type atomic_t
* @i: integer value to subtract
*
* Atomically subtracts @i from @v and returns @v - @i
*/
-static __always_inline int atomic_sub_return(int i, atomic_t *v)
+static __always_inline int arch_atomic_sub_return(int i, atomic_t *v)
{
- return atomic_add_return(-i, v);
+ return arch_atomic_add_return(-i, v);
}

-#define atomic_inc_return(v) (atomic_add_return(1, v))
-#define atomic_dec_return(v) (atomic_sub_return(1, v))
+#define arch_atomic_inc_return(v) (arch_atomic_add_return(1, v))
+#define arch_atomic_dec_return(v) (arch_atomic_sub_return(1, v))

-static __always_inline int atomic_fetch_add(int i, atomic_t *v)
+static __always_inline int arch_atomic_fetch_add(int i, atomic_t *v)
{
return xadd(&v->counter, i);
}

-static __always_inline int atomic_fetch_sub(int i, atomic_t *v)
+static __always_inline int arch_atomic_fetch_sub(int i, atomic_t *v)
{
return xadd(&v->counter, -i);
}

-static __always_inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+static __always_inline int arch_atomic_cmpxchg(atomic_t *v, int old, int new)
{
- return cmpxchg(&v->counter, old, new);
+ return arch_cmpxchg(&v->counter, old, new);
}

-#define atomic_try_cmpxchg atomic_try_cmpxchg
-static __always_inline bool atomic_try_cmpxchg(atomic_t *v, int *old, int new)
+#define arch_atomic_try_cmpxchg arch_atomic_try_cmpxchg
+static __always_inline bool arch_atomic_try_cmpxchg(atomic_t *v, int *old, int new)

{
return try_cmpxchg(&v->counter, old, new);
}

-static inline int atomic_xchg(atomic_t *v, int new)
+static inline int arch_atomic_xchg(atomic_t *v, int new)
{
return xchg(&v->counter, new);
}

-static inline void atomic_and(int i, atomic_t *v)
+static inline void arch_atomic_and(int i, atomic_t *v)
{
asm volatile(LOCK_PREFIX "andl %1,%0"
: "+m" (v->counter)
@@ -205,16 +205,16 @@ static inline void atomic_and(int i, atomic_t *v)
: "memory");
}

-static inline int atomic_fetch_and(int i, atomic_t *v)
+static inline int arch_atomic_fetch_and(int i, atomic_t *v)
{

- int val = atomic_read(v);

+ int val = arch_atomic_read(v);

do {
- } while (!atomic_try_cmpxchg(v, &val, val & i));
+ } while (!arch_atomic_try_cmpxchg(v, &val, val & i));
return val;
}

-static inline void atomic_or(int i, atomic_t *v)
+static inline void arch_atomic_or(int i, atomic_t *v)
{
asm volatile(LOCK_PREFIX "orl %1,%0"
: "+m" (v->counter)
@@ -222,17 +222,17 @@ static inline void atomic_or(int i, atomic_t *v)
: "memory");
}

-static inline int atomic_fetch_or(int i, atomic_t *v)
+static inline int arch_atomic_fetch_or(int i, atomic_t *v)
{

- int val = atomic_read(v);

+ int val = arch_atomic_read(v);

do {
- } while (!atomic_try_cmpxchg(v, &val, val | i));
+ } while (!arch_atomic_try_cmpxchg(v, &val, val | i));
return val;
}


-static inline void atomic_xor(int i, atomic_t *v)
+static inline void arch_atomic_xor(int i, atomic_t *v)
{
asm volatile(LOCK_PREFIX "xorl %1,%0"
: "+m" (v->counter)
@@ -240,17 +240,17 @@ static inline void atomic_xor(int i, atomic_t *v)
: "memory");
}

-static inline int atomic_fetch_xor(int i, atomic_t *v)
+static inline int arch_atomic_fetch_xor(int i, atomic_t *v)
{

- int val = atomic_read(v);

+ int val = arch_atomic_read(v);

do {
- } while (!atomic_try_cmpxchg(v, &val, val ^ i));
+ } while (!arch_atomic_try_cmpxchg(v, &val, val ^ i));
return val;
}

/**
- * __atomic_add_unless - add unless the number is already a given value
+ * __arch_atomic_add_unless - add unless the number is already a given value
* @v: pointer of type atomic_t
* @a: the amount to add to v...
* @u: ...unless v is equal to u.
@@ -258,13 +258,13 @@ static inline int atomic_fetch_xor(int i, atomic_t *v)
* Atomically adds @a to @v, so long as @v was not already @u.
* Returns the old value of @v.
*/
-static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)
+static __always_inline int __arch_atomic_add_unless(atomic_t *v, int a, int u)
{
- int c = atomic_read(v);
+ int c = arch_atomic_read(v);

do {
if (unlikely(c == u))

break;
- } while (!atomic_try_cmpxchg(v, &c, c + a));
+ } while (!arch_atomic_try_cmpxchg(v, &c, c + a));
return c;
}

@@ -274,4 +274,6 @@ static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)
# include <asm/atomic64_64.h>
#endif

+#include <asm-generic/atomic-instrumented.h>
+
#endif /* _ASM_X86_ATOMIC_H */
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
index f107fef7bfcc..8501e4fc5054 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
@@ -61,7 +61,7 @@ ATOMIC64_DECL(add_unless);
#undef ATOMIC64_EXPORT

/**
- * atomic64_cmpxchg - cmpxchg atomic64 variable
+ * arch_atomic64_cmpxchg - cmpxchg atomic64 variable
* @v: pointer to type atomic64_t
* @o: expected value
* @n: new value
@@ -70,20 +70,21 @@ ATOMIC64_DECL(add_unless);
* the old value.
*/

-static inline long long atomic64_cmpxchg(atomic64_t *v, long long o, long long n)
+static inline long long arch_atomic64_cmpxchg(atomic64_t *v, long long o,
+ long long n)
{
- return cmpxchg64(&v->counter, o, n);
+ return arch_cmpxchg64(&v->counter, o, n);
}

/**
- * atomic64_xchg - xchg atomic64 variable
+ * arch_atomic64_xchg - xchg atomic64 variable
* @v: pointer to type atomic64_t
* @n: value to assign
*
* Atomically xchgs the value of @v to @n and returns
* the old value.
*/
-static inline long long atomic64_xchg(atomic64_t *v, long long n)
+static inline long long arch_atomic64_xchg(atomic64_t *v, long long n)
{
long long o;
unsigned high = (unsigned)(n >> 32);
@@ -95,13 +96,13 @@ static inline long long atomic64_xchg(atomic64_t *v, long long n)
}

/**
- * atomic64_set - set atomic64 variable
+ * arch_atomic64_set - set atomic64 variable
* @v: pointer to type atomic64_t
* @i: value to assign
*
* Atomically sets the value of @v to @n.
*/
-static inline void atomic64_set(atomic64_t *v, long long i)
+static inline void arch_atomic64_set(atomic64_t *v, long long i)
{
unsigned high = (unsigned)(i >> 32);
unsigned low = (unsigned)i;
@@ -111,12 +112,12 @@ static inline void atomic64_set(atomic64_t *v, long long i)
}

/**
- * atomic64_read - read atomic64 variable
+ * arch_atomic64_read - read atomic64 variable
* @v: pointer to type atomic64_t
*
* Atomically reads the value of @v and returns it.
*/
-static inline long long atomic64_read(const atomic64_t *v)
+static inline long long arch_atomic64_read(const atomic64_t *v)
{
long long r;
alternative_atomic64(read, "=&A" (r), "c" (v) : "memory");
@@ -124,13 +125,13 @@ static inline long long atomic64_read(const atomic64_t *v)
}

/**
- * atomic64_add_return - add and return
+ * arch_atomic64_add_return - add and return
* @i: integer value to add
* @v: pointer to type atomic64_t
*
* Atomically adds @i to @v and returns @i + *@v
*/
-static inline long long atomic64_add_return(long long i, atomic64_t *v)
+static inline long long arch_atomic64_add_return(long long i, atomic64_t *v)
{
alternative_atomic64(add_return,
ASM_OUTPUT2("+A" (i), "+c" (v)),
@@ -141,7 +142,7 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
/*
* Other variants with different arithmetic operators:
*/
-static inline long long atomic64_sub_return(long long i, atomic64_t *v)
+static inline long long arch_atomic64_sub_return(long long i, atomic64_t *v)
{
alternative_atomic64(sub_return,
ASM_OUTPUT2("+A" (i), "+c" (v)),
@@ -149,7 +150,7 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)
return i;
}

-static inline long long atomic64_inc_return(atomic64_t *v)
+static inline long long arch_atomic64_inc_return(atomic64_t *v)
{
long long a;
alternative_atomic64(inc_return, "=&A" (a),
@@ -157,7 +158,7 @@ static inline long long atomic64_inc_return(atomic64_t *v)
return a;
}

-static inline long long atomic64_dec_return(atomic64_t *v)
+static inline long long arch_atomic64_dec_return(atomic64_t *v)
{
long long a;
alternative_atomic64(dec_return, "=&A" (a),
@@ -166,13 +167,13 @@ static inline long long atomic64_dec_return(atomic64_t *v)
}

/**
- * atomic64_add - add integer to atomic64 variable
+ * arch_atomic64_add - add integer to atomic64 variable
* @i: integer value to add
* @v: pointer to type atomic64_t
*
* Atomically adds @i to @v.
*/
-static inline long long atomic64_add(long long i, atomic64_t *v)
+static inline long long arch_atomic64_add(long long i, atomic64_t *v)
{
__alternative_atomic64(add, add_return,
ASM_OUTPUT2("+A" (i), "+c" (v)),
@@ -181,13 +182,13 @@ static inline long long atomic64_add(long long i, atomic64_t *v)
}

/**
- * atomic64_sub - subtract the atomic64 variable
+ * arch_atomic64_sub - subtract the atomic64 variable
* @i: integer value to subtract
* @v: pointer to type atomic64_t
*
* Atomically subtracts @i from @v.
*/
-static inline long long atomic64_sub(long long i, atomic64_t *v)
+static inline long long arch_atomic64_sub(long long i, atomic64_t *v)
{
__alternative_atomic64(sub, sub_return,
ASM_OUTPUT2("+A" (i), "+c" (v)),
@@ -196,7 +197,7 @@ static inline long long atomic64_sub(long long i, atomic64_t *v)
}

/**
- * atomic64_sub_and_test - subtract value from variable and test result
+ * arch_atomic64_sub_and_test - subtract value from variable and test result
* @i: integer value to subtract
* @v: pointer to type atomic64_t
*
@@ -204,46 +205,46 @@ static inline long long atomic64_sub(long long i, atomic64_t *v)
* true if the result is zero, or false for all
* other cases.
*/
-static inline int atomic64_sub_and_test(long long i, atomic64_t *v)
+static inline int arch_atomic64_sub_and_test(long long i, atomic64_t *v)
{
- return atomic64_sub_return(i, v) == 0;
+ return arch_atomic64_sub_return(i, v) == 0;
}

/**
- * atomic64_inc - increment atomic64 variable
+ * arch_atomic64_inc - increment atomic64 variable
* @v: pointer to type atomic64_t
*
* Atomically increments @v by 1.
*/
-static inline void atomic64_inc(atomic64_t *v)
+static inline void arch_atomic64_inc(atomic64_t *v)
{
__alternative_atomic64(inc, inc_return, /* no output */,
"S" (v) : "memory", "eax", "ecx", "edx");
}

/**
- * atomic64_dec - decrement atomic64 variable
+ * arch_atomic64_dec - decrement atomic64 variable
* @v: pointer to type atomic64_t
*
* Atomically decrements @v by 1.
*/
-static inline void atomic64_dec(atomic64_t *v)
+static inline void arch_atomic64_dec(atomic64_t *v)
{
__alternative_atomic64(dec, dec_return, /* no output */,
"S" (v) : "memory", "eax", "ecx", "edx");
}

/**
- * atomic64_dec_and_test - decrement and test
+ * arch_atomic64_dec_and_test - decrement and test
* @v: pointer to type atomic64_t
*
* Atomically decrements @v by 1 and
* returns true if the result is 0, or false for all other
* cases.
*/
-static inline int atomic64_dec_and_test(atomic64_t *v)
+static inline int arch_atomic64_dec_and_test(atomic64_t *v)
{
- return atomic64_dec_return(v) == 0;
+ return arch_atomic64_dec_return(v) == 0;
}

/**
@@ -254,13 +255,13 @@ static inline int atomic64_dec_and_test(atomic64_t *v)
* and returns true if the result is zero, or false for all
* other cases.
*/
-static inline int atomic64_inc_and_test(atomic64_t *v)
+static inline int arch_atomic64_inc_and_test(atomic64_t *v)
{
- return atomic64_inc_return(v) == 0;
+ return arch_atomic64_inc_return(v) == 0;
}

/**
- * atomic64_add_negative - add and test if negative
+ * arch_atomic64_add_negative - add and test if negative
* @i: integer value to add
* @v: pointer to type atomic64_t
*
@@ -268,13 +269,13 @@ static inline int atomic64_inc_and_test(atomic64_t *v)
* if the result is negative, or false when
* result is greater than or equal to zero.
*/
-static inline int atomic64_add_negative(long long i, atomic64_t *v)
+static inline int arch_atomic64_add_negative(long long i, atomic64_t *v)
{
- return atomic64_add_return(i, v) < 0;
+ return arch_atomic64_add_return(i, v) < 0;
}

/**
- * atomic64_add_unless - add unless the number is a given value
+ * arch_atomic64_add_unless - add unless the number is a given value
* @v: pointer of type atomic64_t
* @a: the amount to add to v...
* @u: ...unless v is equal to u.
@@ -282,7 +283,8 @@ static inline int atomic64_add_negative(long long i, atomic64_t *v)
* Atomically adds @a to @v, so long as it was not @u.
* Returns non-zero if the add was done, zero otherwise.
*/
-static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+static inline int arch_atomic64_add_unless(atomic64_t *v, long long a,
+ long long u)
{
unsigned low = (unsigned)u;
unsigned high = (unsigned)(u >> 32);
@@ -293,7 +295,7 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
}


-static inline int atomic64_inc_not_zero(atomic64_t *v)
+static inline int arch_atomic64_inc_not_zero(atomic64_t *v)
{
int r;
alternative_atomic64(inc_not_zero, "=&a" (r),
@@ -301,7 +303,7 @@ static inline int atomic64_inc_not_zero(atomic64_t *v)
return r;
}

-static inline long long atomic64_dec_if_positive(atomic64_t *v)
+static inline long long arch_atomic64_dec_if_positive(atomic64_t *v)
{
long long r;
alternative_atomic64(dec_if_positive, "=&A" (r),
@@ -312,66 +314,66 @@ static inline long long atomic64_dec_if_positive(atomic64_t *v)
#undef alternative_atomic64
#undef __alternative_atomic64

-static inline void atomic64_and(long long i, atomic64_t *v)
+static inline void arch_atomic64_and(long long i, atomic64_t *v)
{

long long old, c = 0;

- while ((old = atomic64_cmpxchg(v, c, c & i)) != c)
+ while ((old = arch_atomic64_cmpxchg(v, c, c & i)) != c)
c = old;
}

-static inline long long atomic64_fetch_and(long long i, atomic64_t *v)
+static inline long long arch_atomic64_fetch_and(long long i, atomic64_t *v)
{

long long old, c = 0;

- while ((old = atomic64_cmpxchg(v, c, c & i)) != c)
+ while ((old = arch_atomic64_cmpxchg(v, c, c & i)) != c)
c = old;
return old;
}

-static inline void atomic64_or(long long i, atomic64_t *v)
+static inline void arch_atomic64_or(long long i, atomic64_t *v)
{

long long old, c = 0;

- while ((old = atomic64_cmpxchg(v, c, c | i)) != c)
+ while ((old = arch_atomic64_cmpxchg(v, c, c | i)) != c)
c = old;
}

-static inline long long atomic64_fetch_or(long long i, atomic64_t *v)
+static inline long long arch_atomic64_fetch_or(long long i, atomic64_t *v)
{

long long old, c = 0;

- while ((old = atomic64_cmpxchg(v, c, c | i)) != c)
+ while ((old = arch_atomic64_cmpxchg(v, c, c | i)) != c)
c = old;
return old;
}

-static inline void atomic64_xor(long long i, atomic64_t *v)
+static inline void arch_atomic64_xor(long long i, atomic64_t *v)
{

long long old, c = 0;

- while ((old = atomic64_cmpxchg(v, c, c ^ i)) != c)
+ while ((old = arch_atomic64_cmpxchg(v, c, c ^ i)) != c)
c = old;
}

-static inline long long atomic64_fetch_xor(long long i, atomic64_t *v)
+static inline long long arch_atomic64_fetch_xor(long long i, atomic64_t *v)
{

long long old, c = 0;

- while ((old = atomic64_cmpxchg(v, c, c ^ i)) != c)
+ while ((old = arch_atomic64_cmpxchg(v, c, c ^ i)) != c)
c = old;
return old;
}

-static inline long long atomic64_fetch_add(long long i, atomic64_t *v)
+static inline long long arch_atomic64_fetch_add(long long i, atomic64_t *v)
{

long long old, c = 0;

- while ((old = atomic64_cmpxchg(v, c, c + i)) != c)
+ while ((old = arch_atomic64_cmpxchg(v, c, c + i)) != c)
c = old;
return old;

}

-#define atomic64_fetch_sub(i, v) atomic64_fetch_add(-(i), (v))

+#define arch_atomic64_fetch_sub(i, v) arch_atomic64_fetch_add(-(i), (v))

#endif /* _ASM_X86_ATOMIC64_32_H */
diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
index 5d9de36a2f04..5883b109d053 100644
--- a/arch/x86/include/asm/atomic64_64.h
+++ b/arch/x86/include/asm/atomic64_64.h
@@ -10,37 +10,37 @@
#define ATOMIC64_INIT(i) { (i) }

/**
- * atomic64_read - read atomic64 variable
+ * arch_atomic64_read - read atomic64 variable
* @v: pointer of type atomic64_t
*
* Atomically reads the value of @v.
* Doesn't imply a read memory barrier.
*/
-static inline long atomic64_read(const atomic64_t *v)
+static inline long arch_atomic64_read(const atomic64_t *v)
{
return READ_ONCE((v)->counter);
}

/**
- * atomic64_set - set atomic64 variable
+ * arch_atomic64_set - set atomic64 variable
* @v: pointer to type atomic64_t
* @i: required value
*
* Atomically sets the value of @v to @i.
*/
-static inline void atomic64_set(atomic64_t *v, long i)
+static inline void arch_atomic64_set(atomic64_t *v, long i)
{
WRITE_ONCE(v->counter, i);
}

/**
- * atomic64_add - add integer to atomic64 variable
+ * arch_atomic64_add - add integer to atomic64 variable
* @i: integer value to add
* @v: pointer to type atomic64_t
*
* Atomically adds @i to @v.
*/
-static __always_inline void atomic64_add(long i, atomic64_t *v)
+static __always_inline void arch_atomic64_add(long i, atomic64_t *v)
{
asm volatile(LOCK_PREFIX "addq %1,%0"
: "=m" (v->counter)
@@ -48,13 +48,13 @@ static __always_inline void atomic64_add(long i, atomic64_t *v)
}

/**
- * atomic64_sub - subtract the atomic64 variable
+ * arch_atomic64_sub - subtract the atomic64 variable
* @i: integer value to subtract
* @v: pointer to type atomic64_t
*
* Atomically subtracts @i from @v.
*/
-static inline void atomic64_sub(long i, atomic64_t *v)
+static inline void arch_atomic64_sub(long i, atomic64_t *v)
{
asm volatile(LOCK_PREFIX "subq %1,%0"
: "=m" (v->counter)
@@ -62,7 +62,7 @@ static inline void atomic64_sub(long i, atomic64_t *v)
}

/**
- * atomic64_sub_and_test - subtract value from variable and test result
+ * arch_atomic64_sub_and_test - subtract value from variable and test result
* @i: integer value to subtract
* @v: pointer to type atomic64_t
*
@@ -70,18 +70,18 @@ static inline void atomic64_sub(long i, atomic64_t *v)
* true if the result is zero, or false for all
* other cases.
*/
-static inline bool atomic64_sub_and_test(long i, atomic64_t *v)
+static inline bool arch_atomic64_sub_and_test(long i, atomic64_t *v)
{
GEN_BINARY_RMWcc(LOCK_PREFIX "subq", v->counter, "er", i, "%0", e);
}

/**
- * atomic64_inc - increment atomic64 variable
+ * arch_atomic64_inc - increment atomic64 variable
* @v: pointer to type atomic64_t
*
* Atomically increments @v by 1.
*/
-static __always_inline void atomic64_inc(atomic64_t *v)
+static __always_inline void arch_atomic64_inc(atomic64_t *v)
{
asm volatile(LOCK_PREFIX "incq %0"
: "=m" (v->counter)
@@ -89,12 +89,12 @@ static __always_inline void atomic64_inc(atomic64_t *v)
}

/**
- * atomic64_dec - decrement atomic64 variable
+ * arch_atomic64_dec - decrement atomic64 variable
* @v: pointer to type atomic64_t
*
* Atomically decrements @v by 1.
*/
-static __always_inline void atomic64_dec(atomic64_t *v)
+static __always_inline void arch_atomic64_dec(atomic64_t *v)
{
asm volatile(LOCK_PREFIX "decq %0"
: "=m" (v->counter)
@@ -102,33 +102,33 @@ static __always_inline void atomic64_dec(atomic64_t *v)
}

/**
- * atomic64_dec_and_test - decrement and test
+ * arch_atomic64_dec_and_test - decrement and test
* @v: pointer to type atomic64_t
*
* Atomically decrements @v by 1 and
* returns true if the result is 0, or false for all other
* cases.
*/
-static inline bool atomic64_dec_and_test(atomic64_t *v)
+static inline bool arch_atomic64_dec_and_test(atomic64_t *v)
{
GEN_UNARY_RMWcc(LOCK_PREFIX "decq", v->counter, "%0", e);
}

/**
- * atomic64_inc_and_test - increment and test
+ * arch_atomic64_inc_and_test - increment and test
* @v: pointer to type atomic64_t
*
* Atomically increments @v by 1
* and returns true if the result is zero, or false for all
* other cases.
*/
-static inline bool atomic64_inc_and_test(atomic64_t *v)
+static inline bool arch_atomic64_inc_and_test(atomic64_t *v)
{
GEN_UNARY_RMWcc(LOCK_PREFIX "incq", v->counter, "%0", e);
}

/**
- * atomic64_add_negative - add and test if negative
+ * arch_atomic64_add_negative - add and test if negative
* @i: integer value to add
* @v: pointer to type atomic64_t
*
@@ -136,59 +136,59 @@ static inline bool atomic64_inc_and_test(atomic64_t *v)
* if the result is negative, or false when
* result is greater than or equal to zero.
*/
-static inline bool atomic64_add_negative(long i, atomic64_t *v)
+static inline bool arch_atomic64_add_negative(long i, atomic64_t *v)
{
GEN_BINARY_RMWcc(LOCK_PREFIX "addq", v->counter, "er", i, "%0", s);
}

/**
- * atomic64_add_return - add and return
+ * arch_atomic64_add_return - add and return
* @i: integer value to add
* @v: pointer to type atomic64_t
*
* Atomically adds @i to @v and returns @i + @v
*/
-static __always_inline long atomic64_add_return(long i, atomic64_t *v)
+static __always_inline long arch_atomic64_add_return(long i, atomic64_t *v)
{
return i + xadd(&v->counter, i);
}

-static inline long atomic64_sub_return(long i, atomic64_t *v)
+static inline long arch_atomic64_sub_return(long i, atomic64_t *v)
{
- return atomic64_add_return(-i, v);
+ return arch_atomic64_add_return(-i, v);
}

-static inline long atomic64_fetch_add(long i, atomic64_t *v)
+static inline long arch_atomic64_fetch_add(long i, atomic64_t *v)
{
return xadd(&v->counter, i);
}

-static inline long atomic64_fetch_sub(long i, atomic64_t *v)
+static inline long arch_atomic64_fetch_sub(long i, atomic64_t *v)
{
return xadd(&v->counter, -i);
}

-#define atomic64_inc_return(v) (atomic64_add_return(1, (v)))
-#define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
+#define arch_atomic64_inc_return(v) (arch_atomic64_add_return(1, (v)))
+#define arch_atomic64_dec_return(v) (arch_atomic64_sub_return(1, (v)))

-static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
+static inline long arch_atomic64_cmpxchg(atomic64_t *v, long old, long new)
{
- return cmpxchg(&v->counter, old, new);
+ return arch_cmpxchg(&v->counter, old, new);
}

-#define atomic64_try_cmpxchg atomic64_try_cmpxchg
-static __always_inline bool atomic64_try_cmpxchg(atomic64_t *v, s64 *old, long new)
+#define arch_atomic64_try_cmpxchg arch_atomic64_try_cmpxchg
+static __always_inline bool arch_atomic64_try_cmpxchg(atomic64_t *v, s64 *old, long new)

{
return try_cmpxchg(&v->counter, old, new);
}

-static inline long atomic64_xchg(atomic64_t *v, long new)
+static inline long arch_atomic64_xchg(atomic64_t *v, long new)
{
return xchg(&v->counter, new);
}

/**
- * atomic64_add_unless - add unless the number is a given value
+ * arch_atomic64_add_unless - add unless the number is a given value
* @v: pointer of type atomic64_t
* @a: the amount to add to v...
* @u: ...unless v is equal to u.
@@ -196,37 +196,37 @@ static inline long atomic64_xchg(atomic64_t *v, long new)
* Atomically adds @a to @v, so long as it was not @u.
* Returns the old value of @v.
*/
-static inline bool atomic64_add_unless(atomic64_t *v, long a, long u)
+static inline bool arch_atomic64_add_unless(atomic64_t *v, long a, long u)
{
- s64 c = atomic64_read(v);
+ s64 c = arch_atomic64_read(v);

do {
if (unlikely(c == u))
return false;

- } while (!atomic64_try_cmpxchg(v, &c, c + a));
+ } while (!arch_atomic64_try_cmpxchg(v, &c, c + a));
return true;
}

-#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
+#define arch_atomic64_inc_not_zero(v) arch_atomic64_add_unless((v), 1, 0)

/*
- * atomic64_dec_if_positive - decrement by 1 if old value positive
+ * arch_atomic64_dec_if_positive - decrement by 1 if old value positive
* @v: pointer of type atomic_t
*
* The function returns the old value of *v minus 1, even if
* the atomic variable, v, was not decremented.
*/
-static inline long atomic64_dec_if_positive(atomic64_t *v)
+static inline long arch_atomic64_dec_if_positive(atomic64_t *v)
{
- s64 dec, c = atomic64_read(v);
+ s64 dec, c = arch_atomic64_read(v);

do {
dec = c - 1;
if (unlikely(dec < 0))

break;
- } while (!atomic64_try_cmpxchg(v, &c, dec));
+ } while (!arch_atomic64_try_cmpxchg(v, &c, dec));
return dec;
}

-static inline void atomic64_and(long i, atomic64_t *v)
+static inline void arch_atomic64_and(long i, atomic64_t *v)
{
asm volatile(LOCK_PREFIX "andq %1,%0"
: "+m" (v->counter)
@@ -234,16 +234,16 @@ static inline void atomic64_and(long i, atomic64_t *v)
: "memory");
}

-static inline long atomic64_fetch_and(long i, atomic64_t *v)
+static inline long arch_atomic64_fetch_and(long i, atomic64_t *v)
{
- s64 val = atomic64_read(v);
+ s64 val = arch_atomic64_read(v);

do {
- } while (!atomic64_try_cmpxchg(v, &val, val & i));
+ } while (!arch_atomic64_try_cmpxchg(v, &val, val & i));
return val;
}

-static inline void atomic64_or(long i, atomic64_t *v)
+static inline void arch_atomic64_or(long i, atomic64_t *v)
{
asm volatile(LOCK_PREFIX "orq %1,%0"
: "+m" (v->counter)
@@ -251,16 +251,16 @@ static inline void atomic64_or(long i, atomic64_t *v)
: "memory");
}

-static inline long atomic64_fetch_or(long i, atomic64_t *v)
+static inline long arch_atomic64_fetch_or(long i, atomic64_t *v)
{
- s64 val = atomic64_read(v);
+ s64 val = arch_atomic64_read(v);

do {
- } while (!atomic64_try_cmpxchg(v, &val, val | i));
+ } while (!arch_atomic64_try_cmpxchg(v, &val, val | i));
return val;
}

-static inline void atomic64_xor(long i, atomic64_t *v)
+static inline void arch_atomic64_xor(long i, atomic64_t *v)
{
asm volatile(LOCK_PREFIX "xorq %1,%0"
: "+m" (v->counter)
@@ -268,12 +268,12 @@ static inline void atomic64_xor(long i, atomic64_t *v)
: "memory");
}

-static inline long atomic64_fetch_xor(long i, atomic64_t *v)
+static inline long arch_atomic64_fetch_xor(long i, atomic64_t *v)
{
- s64 val = atomic64_read(v);
+ s64 val = arch_atomic64_read(v);

do {
- } while (!atomic64_try_cmpxchg(v, &val, val ^ i));
+ } while (!arch_atomic64_try_cmpxchg(v, &val, val ^ i));
return val;
}

diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
index b5069e802d5c..9e2faa85eb02 100644
--- a/arch/x86/include/asm/cmpxchg.h
+++ b/arch/x86/include/asm/cmpxchg.h
@@ -144,13 +144,13 @@ extern void __add_wrong_size(void)
# include <asm/cmpxchg_64.h>
#endif

-#define cmpxchg(ptr, old, new) \
+#define arch_cmpxchg(ptr, old, new) \
__cmpxchg(ptr, old, new, sizeof(*(ptr)))

-#define sync_cmpxchg(ptr, old, new) \
+#define arch_sync_cmpxchg(ptr, old, new) \
__sync_cmpxchg(ptr, old, new, sizeof(*(ptr)))

-#define cmpxchg_local(ptr, old, new) \
+#define arch_cmpxchg_local(ptr, old, new) \
__cmpxchg_local(ptr, old, new, sizeof(*(ptr)))


@@ -220,7 +220,7 @@ extern void __add_wrong_size(void)
#define __try_cmpxchg(ptr, pold, new, size) \
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)

-#define try_cmpxchg(ptr, pold, new) \
+#define try_cmpxchg(ptr, pold, new) \
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))

/*
@@ -249,10 +249,10 @@ extern void __add_wrong_size(void)
__ret; \
})

-#define cmpxchg_double(p1, p2, o1, o2, n1, n2) \
+#define arch_cmpxchg_double(p1, p2, o1, o2, n1, n2) \
__cmpxchg_double(LOCK_PREFIX, p1, p2, o1, o2, n1, n2)

-#define cmpxchg_double_local(p1, p2, o1, o2, n1, n2) \
+#define arch_cmpxchg_double_local(p1, p2, o1, o2, n1, n2) \
__cmpxchg_double(, p1, p2, o1, o2, n1, n2)

#endif /* ASM_X86_CMPXCHG_H */
diff --git a/arch/x86/include/asm/cmpxchg_32.h b/arch/x86/include/asm/cmpxchg_32.h
index e4959d023af8..d897291d2bf9 100644
--- a/arch/x86/include/asm/cmpxchg_32.h
+++ b/arch/x86/include/asm/cmpxchg_32.h
@@ -35,10 +35,10 @@ static inline void set_64bit(volatile u64 *ptr, u64 value)
}

#ifdef CONFIG_X86_CMPXCHG64
-#define cmpxchg64(ptr, o, n) \
+#define arch_cmpxchg64(ptr, o, n) \
((__typeof__(*(ptr)))__cmpxchg64((ptr), (unsigned long long)(o), \
(unsigned long long)(n)))
-#define cmpxchg64_local(ptr, o, n) \
+#define arch_cmpxchg64_local(ptr, o, n) \
((__typeof__(*(ptr)))__cmpxchg64_local((ptr), (unsigned long long)(o), \
(unsigned long long)(n)))
#endif
@@ -75,7 +75,7 @@ static inline u64 __cmpxchg64_local(volatile u64 *ptr, u64 old, u64 new)
* to simulate the cmpxchg8b on the 80386 and 80486 CPU.
*/

-#define cmpxchg64(ptr, o, n) \
+#define arch_cmpxchg64(ptr, o, n) \
({ \
__typeof__(*(ptr)) __ret; \
__typeof__(*(ptr)) __old = (o); \
@@ -92,7 +92,7 @@ static inline u64 __cmpxchg64_local(volatile u64 *ptr, u64 old, u64 new)
__ret; })


-#define cmpxchg64_local(ptr, o, n) \
+#define arch_cmpxchg64_local(ptr, o, n) \
({ \
__typeof__(*(ptr)) __ret; \
__typeof__(*(ptr)) __old = (o); \
diff --git a/arch/x86/include/asm/cmpxchg_64.h b/arch/x86/include/asm/cmpxchg_64.h
index caa23a34c963..fafaebacca2d 100644
--- a/arch/x86/include/asm/cmpxchg_64.h
+++ b/arch/x86/include/asm/cmpxchg_64.h
@@ -6,13 +6,13 @@ static inline void set_64bit(volatile u64 *ptr, u64 val)
*ptr = val;
}

-#define cmpxchg64(ptr, o, n) \
+#define arch_cmpxchg64(ptr, o, n) \
({ \
BUILD_BUG_ON(sizeof(*(ptr)) != 8); \
cmpxchg((ptr), (o), (n)); \
})

-#define cmpxchg64_local(ptr, o, n) \
+#define arch_cmpxchg64_local(ptr, o, n) \
({ \
BUILD_BUG_ON(sizeof(*(ptr)) != 8); \
cmpxchg_local((ptr), (o), (n)); \
--
2.13.1.518.g3df882009-goog

[Mark Rutland]

On Sat, Jun 17, 2017 at 11:15:31AM +0200, Dmitry Vyukov wrote:
> Currently kasan_check_read/write() accept 'const void*', make them
> accept 'const volatile void*'. This is required for instrumentation
> of atomic operations and there is just no reason to not allow that.
>
> Signed-off-by: Dmitry Vyukov <dvy...@google.com>
> Cc: Mark Rutland <mark.r...@arm.com>
> Cc: Andrey Ryabinin <arya...@virtuozzo.com>
> Cc: Thomas Gleixner <tg...@linutronix.de>
> Cc: "H. Peter Anvin" <h...@zytor.com>
> Cc: Peter Zijlstra <pet...@infradead.org>
> Cc: Andrew Morton <ak...@linux-foundation.org>
> Cc: linux-...@vger.kernel.org
> Cc: x...@kernel.org
> Cc: linu...@kvack.org
> Cc: kasa...@googlegroups.com

Looks sane to me, and I can confirm this doesn't advervsely affect
arm64. FWIW:

Acked-by: Mark Rutland <mark.r...@arm.com>

Mark.

[Mark Rutland]

On Sat, Jun 17, 2017 at 11:15:29AM +0200, Dmitry Vyukov wrote:
> The new header allows to wrap per-arch atomic operations
> and add common functionality to all of them.
>
> Signed-off-by: Dmitry Vyukov <dvy...@google.com>
> Cc: Mark Rutland <mark.r...@arm.com>
> Cc: Peter Zijlstra <pet...@infradead.org>
> Cc: Will Deacon <will....@arm.com>
> Cc: Andrew Morton <ak...@linux-foundation.org>
> Cc: Andrey Ryabinin <arya...@virtuozzo.com>
> Cc: Ingo Molnar <mi...@redhat.com>
> Cc: kasa...@googlegroups.com
> Cc: linu...@kvack.org
> Cc: linux-...@vger.kernel.org
> Cc: x...@kernel.org

Looks sane to me, and I can see how this can be extended to cover all
the ordering vairants arm64 will require. I've pushed my WIP [1].

FWIW:

Acked-by: Mark Rutland <mark.r...@arm.com>

Mark.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/log/?h=arm64/kasan-atomic

[Mark Rutland]

On Sat, Jun 17, 2017 at 11:15:32AM +0200, Dmitry Vyukov wrote:
> KASAN uses compiler instrumentation to intercept all memory accesses.
> But it does not see memory accesses done in assembly code.
> One notable user of assembly code is atomic operations. Frequently,
> for example, an atomic reference decrement is the last access to an
> object and a good candidate for a racy use-after-free.
>
> Add manual KASAN checks to atomic operations.
>
> Signed-off-by: Dmitry Vyukov <dvy...@google.com>
> Cc: Mark Rutland <mark.r...@arm.com>
> Cc: Peter Zijlstra <pet...@infradead.org>
> Cc: Will Deacon <will....@arm.com>,
> Cc: Andrew Morton <ak...@linux-foundation.org>,
> Cc: Andrey Ryabinin <arya...@virtuozzo.com>,
> Cc: Ingo Molnar <mi...@redhat.com>,
> Cc: kasa...@googlegroups.com
> Cc: linu...@kvack.org
> Cc: linux-...@vger.kernel.org
> Cc: x...@kernel.org

FWIW:

Acked-by: Mark Rutland <mark.r...@arm.com>

Mark.

[Mark Rutland]

On Sat, Jun 17, 2017 at 11:15:33AM +0200, Dmitry Vyukov wrote:
> The comments are factored out from the code changes to make them
> easier to read. Add them separately to explain some non-obvious
> aspects.
>
> Signed-off-by: Dmitry Vyukov <dvy...@google.com>
> Cc: Mark Rutland <mark.r...@arm.com>
> Cc: Peter Zijlstra <pet...@infradead.org>
> Cc: Will Deacon <will....@arm.com>
> Cc: Andrew Morton <ak...@linux-foundation.org>
> Cc: Andrey Ryabinin <arya...@virtuozzo.com>
> Cc: Ingo Molnar <mi...@redhat.com>
> Cc: kasa...@googlegroups.com
> Cc: linu...@kvack.org
> Cc: linux-...@vger.kernel.org
> Cc: x...@kernel.org
>

The comments look sane to me.

When arm64 support comes round, it would be nice to instrument
cmpxchg_double(), since I think we're not affected by the compiler
issue. We can solve that as and when.

FWIW:

Acked-by: Mark Rutland <mark.r...@arm.com>

Mark.

[Dmitry Vyukov]

On Mon, Jun 19, 2017 at 12:50 PM, Mark Rutland <mark.r...@arm.com> wrote:
> On Sat, Jun 17, 2017 at 11:15:31AM +0200, Dmitry Vyukov wrote:
>> Currently kasan_check_read/write() accept 'const void*', make them
>> accept 'const volatile void*'. This is required for instrumentation
>> of atomic operations and there is just no reason to not allow that.
>>
>> Signed-off-by: Dmitry Vyukov <dvy...@google.com>
>> Cc: Mark Rutland <mark.r...@arm.com>
>> Cc: Andrey Ryabinin <arya...@virtuozzo.com>
>> Cc: Thomas Gleixner <tg...@linutronix.de>
>> Cc: "H. Peter Anvin" <h...@zytor.com>
>> Cc: Peter Zijlstra <pet...@infradead.org>
>> Cc: Andrew Morton <ak...@linux-foundation.org>
>> Cc: linux-...@vger.kernel.org
>> Cc: x...@kernel.org
>> Cc: linu...@kvack.org
>> Cc: kasa...@googlegroups.com
>
> Looks sane to me, and I can confirm this doesn't advervsely affect
> arm64. FWIW:
>
> Acked-by: Mark Rutland <mark.r...@arm.com>
>
> Mark.

Great! Thanks for testing.

Ingo, what are your thoughts? Are you taking this to locking tree? When?

[Ingo Molnar]

* Dmitry Vyukov <dvy...@google.com> wrote:

> On Mon, Jun 19, 2017 at 12:50 PM, Mark Rutland <mark.r...@arm.com> wrote:
> > On Sat, Jun 17, 2017 at 11:15:31AM +0200, Dmitry Vyukov wrote:
> >> Currently kasan_check_read/write() accept 'const void*', make them
> >> accept 'const volatile void*'. This is required for instrumentation
> >> of atomic operations and there is just no reason to not allow that.
> >>
> >> Signed-off-by: Dmitry Vyukov <dvy...@google.com>
> >> Cc: Mark Rutland <mark.r...@arm.com>
> >> Cc: Andrey Ryabinin <arya...@virtuozzo.com>
> >> Cc: Thomas Gleixner <tg...@linutronix.de>
> >> Cc: "H. Peter Anvin" <h...@zytor.com>
> >> Cc: Peter Zijlstra <pet...@infradead.org>
> >> Cc: Andrew Morton <ak...@linux-foundation.org>
> >> Cc: linux-...@vger.kernel.org
> >> Cc: x...@kernel.org
> >> Cc: linu...@kvack.org
> >> Cc: kasa...@googlegroups.com
> >
> > Looks sane to me, and I can confirm this doesn't advervsely affect
> > arm64. FWIW:
> >
> > Acked-by: Mark Rutland <mark.r...@arm.com>
> >
> > Mark.
>
>
> Great! Thanks for testing.
>
> Ingo, what are your thoughts? Are you taking this to locking tree? When?

Yeah, it all looks pretty clean to me too. I've applied the first three patches to
the locking tree, but did some minor stylistic cleanups to the first patch to
harmonize the style of the code - which made the later patches not apply cleanly.

Mind sending the remaining patches against the locking tree, tip:locking/core?
(Please also add in all the acks you got.)

This should also give people (Peter, Linus?) a last minute chance to object to my
suggestion of increasing the linecount in patch #1:

0f2376eb0ff8: locking/atomic/x86: Un-macro-ify atomic ops implementation

arch/x86/include/asm/atomic.h | 69 ++++++++++++++++++++++++++++++++++++++++++++++-----------------------
arch/x86/include/asm/atomic64_32.h | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------
arch/x86/include/asm/atomic64_64.h | 67 ++++++++++++++++++++++++++++++++++++++++++++-----------------------
3 files changed, 147 insertions(+), 70 deletions(-)

... to me the end result looks much more readable despite the +70 lines of code,
but if anyone feels strongly about this please holler!

Thanks,

Ingo

[Dmitry Vyukov]

The comments are factored out from the code changes to make them
easier to read. Add them separately to explain some non-obvious
aspects.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>

Acked-by: Mark Rutland <mark.r...@arm.com>
Reviewed-by: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Will Deacon <will....@arm.com>
Cc: Andrew Morton <ak...@linux-foundation.org>

Cc: Ingo Molnar <mi...@redhat.com>
Cc: kasa...@googlegroups.com
Cc: linu...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org

---

Changes since v3:
- rephrase comment in arch_atomic_read()
---
arch/x86/include/asm/atomic.h | 4 ++++
include/asm-generic/atomic-instrumented.h | 30 ++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+)

diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h

index 03dd2a6cf7e2..b1cd05da5d8a 100644

2.13.1.611.g7e3b11ae1-goog

[Dmitry Vyukov]

KASAN uses compiler instrumentation to intercept all memory accesses.
But it does not see memory accesses done in assembly code.
One notable user of assembly code is atomic operations. Frequently,
for example, an atomic reference decrement is the last access to an
object and a good candidate for a racy use-after-free.

Add manual KASAN checks to atomic operations.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Acked-by: Mark Rutland <mark.r...@arm.com>
Reviewed-by: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Peter Zijlstra <pet...@infradead.org>

Cc: Will Deacon <will....@arm.com>,
Cc: Andrew Morton <ak...@linux-foundation.org>,

Cc: Ingo Molnar <mi...@redhat.com>,

Cc: kasa...@googlegroups.com
Cc: linu...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org
---

include/asm-generic/atomic-instrumented.h | 76 +++++++++++++++++++++++++++++--
1 file changed, 72 insertions(+), 4 deletions(-)

diff --git a/include/asm-generic/atomic-instrumented.h b/include/asm-generic/atomic-instrumented.h
index 50401d925290..a0f5b7525bb2 100644
--- a/include/asm-generic/atomic-instrumented.h
+++ b/include/asm-generic/atomic-instrumented.h

static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)

{
+ kasan_check_write(v, sizeof(*v));
return arch_atomic64_add_negative(i, v);
}

#define cmpxchg(ptr, old, new) \
({ \

#define cmpxchg_double(p1, p2, o1, o2, n1, n2) \

--
2.13.1.611.g7e3b11ae1-goog

[Dmitry Vyukov]

KASAN uses compiler instrumentation to intercept all memory accesses.
But it does not see memory accesses done in assembly code.
One notable user of assembly code is atomic operations. Frequently,
for example, an atomic reference decrement is the last access to an
object and a good candidate for a racy use-after-free.

Changes since v4:
- rebased on tip/locking/core HEAD

Tested:
- build/boot x86_64 defconfig
- build/boot x86_64 defconfig+KASAN
- build i686/powerpc defconfig

Dmitry Vyukov (4):

x86: switch atomic.h to use atomic-instrumented.h
kasan: allow kasan_check_read/write() to accept pointers to volatiles
asm-generic: add KASAN instrumentation to atomic operations
asm-generic, x86: add comments for atomic instrumentation

arch/x86/include/asm/atomic.h | 106 +++++++++++++++--------------
arch/x86/include/asm/atomic64_32.h | 106 +++++++++++++++--------------
arch/x86/include/asm/atomic64_64.h | 108 +++++++++++++++---------------
arch/x86/include/asm/cmpxchg.h | 12 ++--

arch/x86/include/asm/cmpxchg_32.h | 8 +--
arch/x86/include/asm/cmpxchg_64.h | 4 +-

include/asm-generic/atomic-instrumented.h | 106 +++++++++++++++++++++++++++--
include/linux/kasan-checks.h | 10 +--
mm/kasan/kasan.c | 4 +-
9 files changed, 286 insertions(+), 178 deletions(-)

--
2.13.1.611.g7e3b11ae1-goog

[Dmitry Vyukov]

Add arch_ prefix to all atomic operations and include
<asm-generic/atomic-instrumented.h>. This will allow
to add KASAN instrumentation to all atomic ops.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Acked-by: Mark Rutland <mark.r...@arm.com>
Reviewed-by: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Will Deacon <will....@arm.com>

Cc: Andrew Morton <ak...@linux-foundation.org>
Cc: Ingo Molnar <mi...@redhat.com>

Cc: kasa...@googlegroups.com
Cc: linu...@kvack.org
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org

---

Changes since v1:
- reverted unnecessary change in __raw_try_cmpxchg()
- reverted s/try_cmpxchg/arch_try_cmpxchg/ change
try_cmpxchg is x86 implementation detail

Changes since v3:
- drop comment in arch_atomic_set()
---
arch/x86/include/asm/atomic.h | 102 ++++++++++++++++++-----------------
arch/x86/include/asm/atomic64_32.h | 106 ++++++++++++++++++------------------
arch/x86/include/asm/atomic64_64.h | 108 ++++++++++++++++++-------------------
arch/x86/include/asm/cmpxchg.h | 12 ++---

arch/x86/include/asm/cmpxchg_32.h | 8 +--
arch/x86/include/asm/cmpxchg_64.h | 4 +-

6 files changed, 172 insertions(+), 168 deletions(-)

diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
index 0874ebda3069..03dd2a6cf7e2 100644
--- a/arch/x86/include/asm/atomic.h
+++ b/arch/x86/include/asm/atomic.h

- do { } while (!atomic_try_cmpxchg(v, &val, val & i));
+ do { } while (!arch_atomic_try_cmpxchg(v, &val, val & i));

return val;
}

-static inline void atomic_or(int i, atomic_t *v)
+static inline void arch_atomic_or(int i, atomic_t *v)
{
asm volatile(LOCK_PREFIX "orl %1,%0"
: "+m" (v->counter)

@@ -222,16 +222,16 @@ static inline void atomic_or(int i, atomic_t *v)

: "memory");
}

-static inline int atomic_fetch_or(int i, atomic_t *v)
+static inline int arch_atomic_fetch_or(int i, atomic_t *v)
{
- int val = atomic_read(v);
+ int val = arch_atomic_read(v);

- do { } while (!atomic_try_cmpxchg(v, &val, val | i));
+ do { } while (!arch_atomic_try_cmpxchg(v, &val, val | i));

return val;
}

-static inline void atomic_xor(int i, atomic_t *v)
+static inline void arch_atomic_xor(int i, atomic_t *v)
{
asm volatile(LOCK_PREFIX "xorl %1,%0"
: "+m" (v->counter)

@@ -239,17 +239,17 @@ static inline void atomic_xor(int i, atomic_t *v)

: "memory");
}

-static inline int atomic_fetch_xor(int i, atomic_t *v)
+static inline int arch_atomic_fetch_xor(int i, atomic_t *v)
{
- int val = atomic_read(v);
+ int val = arch_atomic_read(v);

- do { } while (!atomic_try_cmpxchg(v, &val, val ^ i));
+ do { } while (!arch_atomic_try_cmpxchg(v, &val, val ^ i));

return val;
}

/**
- * __atomic_add_unless - add unless the number is already a given value
+ * __arch_atomic_add_unless - add unless the number is already a given value
* @v: pointer of type atomic_t
* @a: the amount to add to v...
* @u: ...unless v is equal to u.

@@ -257,14 +257,14 @@ static inline int atomic_fetch_xor(int i, atomic_t *v)

* Atomically adds @a to @v, so long as @v was not already @u.
* Returns the old value of @v.
*/
-static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)
+static __always_inline int __arch_atomic_add_unless(atomic_t *v, int a, int u)
{
- int c = atomic_read(v);
+ int c = arch_atomic_read(v);

do {
if (unlikely(c == u))
break;
- } while (!atomic_try_cmpxchg(v, &c, c + a));
+ } while (!arch_atomic_try_cmpxchg(v, &c, c + a));

return c;
}

@@ -275,4 +275,6 @@ static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)

# include <asm/atomic64_64.h>
#endif

+#include <asm-generic/atomic-instrumented.h>
+
#endif /* _ASM_X86_ATOMIC_H */
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h

index 9e206f31ce2a..512377a1c2aa 100644

@@ -312,70 +314,70 @@ static inline long long atomic64_dec_if_positive(atomic64_t *v)

2.13.1.611.g7e3b11ae1-goog

[Dmitry Vyukov]

Currently kasan_check_read/write() accept 'const void*', make them
accept 'const volatile void*'. This is required for instrumentation
of atomic operations and there is just no reason to not allow that.

Signed-off-by: Dmitry Vyukov <dvy...@google.com>
Acked-by: Mark Rutland <mark.r...@arm.com>
Reviewed-by: Andrey Ryabinin <arya...@virtuozzo.com>

Cc: Thomas Gleixner <tg...@linutronix.de>
Cc: "H. Peter Anvin" <h...@zytor.com>

Cc: Peter Zijlstra <pet...@infradead.org>

Cc: Andrew Morton <ak...@linux-foundation.org>
Cc: linux-...@vger.kernel.org
Cc: x...@kernel.org
Cc: linu...@kvack.org
Cc: kasa...@googlegroups.com

2.13.1.611.g7e3b11ae1-goog

[Dmitry Vyukov]

Mailed v5 rebased on tip:locking/core (now only 4 patches).
Added Acked/Reviewed-By that I got.

[Andrew Morton]

On Thu, 22 Jun 2017 16:14:16 +0200 Dmitry Vyukov <dvy...@google.com> wrote:

> Add arch_ prefix to all atomic operations and include
> <asm-generic/atomic-instrumented.h>. This will allow
> to add KASAN instrumentation to all atomic ops.

This gets a large number of (simple) rejects when applied to
linux-next. Can you please redo against -next?

[Dmitry Vyukov]

This is based on tip/locking tree. Ingo already took a part of these
series. The plan is that he takes the rest, and this applies on
tip/locking without conflicts.

[Ingo Molnar]

* Dmitry Vyukov <dvy...@google.com> wrote:

Yeah, so I've taken the rest as well, it all looks very clean now. Should show up
in the next -next, if it passes my (arguably limited) testing.

Andrew, is this workflow fine with you? You usually take KASAN patches, but I was
unhappy with the atomics instrumention of the earlier patches, and ended up
reviewing the followup variants, and felt that if I hinder a patchset I might as
well test and apply it once I'm happy with them! ;-)

Should be a special exception for this series only.

Thanks,

Ingo

[Andrew Morton]

Sure..

[Sebastian Andrzej Siewior]

Trying to boot tip/master resulted in:
|DMAR: dmar0: Using Queued invalidation
|DMAR: dmar1: Using Queued invalidation
|DMAR: Setting RMRR:
|DMAR: Setting identity map for device 0000:00:1a.0 [0xbdcf9000 - 0xbdd1dfff]
|BUG: unable to handle kernel NULL pointer dereference at (null)
|IP: __domain_mapping+0x10f/0x3d0
|PGD 0
|P4D 0
|
|Oops: 0002 [#1] PREEMPT SMP
|Modules linked in:
|CPU: 19 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc6-00117-g235a93822a21 #113
|task: ffff8805271c2c80 task.stack: ffffc90000058000
|RIP: 0010:__domain_mapping+0x10f/0x3d0
|RSP: 0000:ffffc9000005bca0 EFLAGS: 00010246
|RAX: 0000000000000000 RBX: 00000000bdcf9003 RCX: 0000000000000000
|RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
|RBP: ffffc9000005bd00 R08: ffff880a243e9780 R09: ffff8805259e67c8
|R10: 00000000000bdcf9 R11: 0000000000000000 R12: 0000000000000025
|R13: 0000000000000025 R14: 0000000000000000 R15: 00000000000bdcf9
|FS: 0000000000000000(0000) GS:ffff88052acc0000(0000) knlGS:0000000000000000
|CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
|CR2: 0000000000000000 CR3: 0000000001c0f000 CR4: 00000000000406e0
|Call Trace:
| iommu_domain_identity_map+0x5a/0x80
| domain_prepare_identity_map+0x9f/0x160
| iommu_prepare_identity_map+0x7e/0x9b

bisect points to commit 235a93822a21 ("locking/atomics, asm-generic: Add KASAN
instrumentation to atomic operations"), RIP is at
tmp = cmpxchg64_local(&pte->val, 0ULL, pteval);
in drivers/iommu/intel-iommu.c. The assembly for this inline assembly
is:
xor %edx,%edx
xor %eax,%eax
cmpxchg %rbx,(%rdx)

and as you see edx is set to zero and used later as a pointer via the
full register. This happens with gcc-6, 5 and 8 (snapshot from last
week).
After a longer while of searching and swearing I figured out that this
bug occures once cmpxchg64_local() and cmpxchg_local() uses the same
____ptr macro and they are shadow somehow. What I don't know why edx is
set to zero.

Signed-off-by: Sebastian Andrzej Siewior <big...@linutronix.de>
---
include/asm-generic/atomic-instrumented.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/asm-generic/atomic-instrumented.h b/include/asm-generic/atomic-instrumented.h
index a0f5b7525bb2..ac6155362b39 100644
--- a/include/asm-generic/atomic-instrumented.h
+++ b/include/asm-generic/atomic-instrumented.h
@@ -359,16 +359,16 @@ static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)

#define cmpxchg64(ptr, old, new) \
({ \

- __typeof__(ptr) ____ptr = (ptr); \
- kasan_check_write(____ptr, sizeof(*____ptr)); \
- arch_cmpxchg64(____ptr, (old), (new)); \
+ __typeof__(ptr) ____ptr64 = (ptr); \
+ kasan_check_write(____ptr64, sizeof(*____ptr64));\
+ arch_cmpxchg64(____ptr64, (old), (new)); \

})

#define cmpxchg64_local(ptr, old, new) \
({ \

- __typeof__(ptr) ____ptr = (ptr); \
- kasan_check_write(____ptr, sizeof(*____ptr)); \
- arch_cmpxchg64_local(____ptr, (old), (new)); \
+ __typeof__(ptr) ____ptr64 = (ptr); \
+ kasan_check_write(____ptr64, sizeof(*____ptr64));\
+ arch_cmpxchg64_local(____ptr64, (old), (new)); \

})

#define cmpxchg_double(p1, p2, o1, o2, n1, n2) \
--

2.13.2

[Dmitry Vyukov]

Doh! Thanks for fixing this. I think I've a similar crash in a
different place when I developed the patch.
The problem is that when we do:

__typeof__(ptr) ____ptr = (ptr); \
arch_cmpxchg64_local(____ptr, (old), (new)); \

We don't necessary pass value of our just declared ____ptr to
arch_cmpxchg64_local(). We just pass a symbolic identifier. So if
arch_cmpxchg64_local() declares own ____ptr and then tries to use what
we passed ("____ptr") it will actually refer to own variable declared
rather than to what we wanted to pass in.

In my case I ended up with something like:

__typeof__(foo) __ptr = __ptr;

which compiler decided to turn into 0.

Thank you, macros.

We can add more underscores, but the problem can happen again. Should
we prefix current function/macro name to all local vars?..

[Thomas Gleixner]

Actually we can void that ___ptr dance completely.

Thanks,

tglx

8<--------------------

--- a/include/asm-generic/atomic-instrumented.h
+++ b/include/asm-generic/atomic-instrumented.h
@@ -359,37 +359,32 @@ static __always_inline bool atomic64_add

#define cmpxchg(ptr, old, new) \
({ \
- __typeof__(ptr) ___ptr = (ptr); \
- kasan_check_write(___ptr, sizeof(*___ptr)); \
+ kasan_check_write((ptr), sizeof(*(ptr))); \
arch_cmpxchg((ptr), (old), (new)); \
})

#define sync_cmpxchg(ptr, old, new) \
({ \
- __typeof__(ptr) ___ptr = (ptr); \
- kasan_check_write(___ptr, sizeof(*___ptr)); \
- arch_sync_cmpxchg(___ptr, (old), (new)); \
+ kasan_check_write((ptr), sizeof(*(ptr))); \
+ arch_sync_cmpxchg((ptr), (old), (new)); \
})

#define cmpxchg_local(ptr, old, new) \

({ \
- __typeof__(ptr) ____ptr = (ptr); \
- kasan_check_write(____ptr, sizeof(*____ptr)); \

- arch_cmpxchg_local(____ptr, (old), (new)); \
+ kasan_check_write((ptr), sizeof(*(ptr))); \
+ arch_cmpxchg_local((ptr), (old), (new)); \

})

#define cmpxchg64(ptr, old, new) \
({ \
- __typeof__(ptr) ____ptr = (ptr); \
- kasan_check_write(____ptr, sizeof(*____ptr)); \
- arch_cmpxchg64(____ptr, (old), (new)); \

+ kasan_check_write((ptr), sizeof(*(ptr))); \
+ arch_cmpxchg64((ptr), (old), (new)); \

})

#define cmpxchg64_local(ptr, old, new) \
({ \
- __typeof__(ptr) ____ptr = (ptr); \
- kasan_check_write(____ptr, sizeof(*____ptr)); \
- arch_cmpxchg64_local(____ptr, (old), (new)); \

+ kasan_check_write((ptr), sizeof(*(ptr))); \
+ arch_cmpxchg64_local((ptr), (old), (new)); \
})

/*

[Dmitry Vyukov]

/\/\/\/\/\/\/\/\/\/\/\/\

These are macros.
If ptr is foo(), then we will call foo() twice.

[Andrey Ryabinin]

The main problem here is that arch_cmpxchg64_local() calls cmpxhg_local() instead of using arch_cmpxchg_local().

So, the patch bellow should fix the problem, also this will fix double instrumentation of cmpcxchg64[_local]().
But I haven't tested this patch yet.


---
arch/x86/include/asm/cmpxchg_64.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/cmpxchg_64.h b/arch/x86/include/asm/cmpxchg_64.h
index fafaebacca2d..7046a3cc2493 100644
--- a/arch/x86/include/asm/cmpxchg_64.h
+++ b/arch/x86/include/asm/cmpxchg_64.h
@@ -9,13 +9,13 @@ static inline void set_64bit(volatile u64 *ptr, u64 val)

#define arch_cmpxchg64(ptr, o, n) \
({ \
BUILD_BUG_ON(sizeof(*(ptr)) != 8); \

- cmpxchg((ptr), (o), (n)); \
+ arch_cmpxchg((ptr), (o), (n)); \
})

#define arch_cmpxchg64_local(ptr, o, n) \
({ \
BUILD_BUG_ON(sizeof(*(ptr)) != 8); \

- cmpxchg_local((ptr), (o), (n)); \
+ arch_cmpxchg_local((ptr), (o), (n)); \
})

#define system_has_cmpxchg_double() boot_cpu_has(X86_FEATURE_CX16)
--
2.13.0

[Thomas Gleixner]

Sigh, is that actually used?

That's all insane. The whole crap gets worse because:

cmpxchg() can be used on u8, u16, u32 ....

There is a reason why type safety matters.

Thanks,

tglx

[Sebastian Andrzej Siewior]

On 2017-06-28 14:15:18 [+0300], Andrey Ryabinin wrote:
> The main problem here is that arch_cmpxchg64_local() calls cmpxhg_local() instead of using arch_cmpxchg_local().
>
> So, the patch bellow should fix the problem, also this will fix double instrumentation of cmpcxchg64[_local]().
> But I haven't tested this patch yet.

tested, works. Next step?

> ---
> arch/x86/include/asm/cmpxchg_64.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/cmpxchg_64.h b/arch/x86/include/asm/cmpxchg_64.h
> index fafaebacca2d..7046a3cc2493 100644
> --- a/arch/x86/include/asm/cmpxchg_64.h
> +++ b/arch/x86/include/asm/cmpxchg_64.h
> @@ -9,13 +9,13 @@ static inline void set_64bit(volatile u64 *ptr, u64 val)
> #define arch_cmpxchg64(ptr, o, n) \
> ({ \
> BUILD_BUG_ON(sizeof(*(ptr)) != 8); \
> - cmpxchg((ptr), (o), (n)); \
> + arch_cmpxchg((ptr), (o), (n)); \
> })
>
> #define arch_cmpxchg64_local(ptr, o, n) \
> ({ \
> BUILD_BUG_ON(sizeof(*(ptr)) != 8); \
> - cmpxchg_local((ptr), (o), (n)); \
> + arch_cmpxchg_local((ptr), (o), (n)); \
> })
>
> #define system_has_cmpxchg_double() boot_cpu_has(X86_FEATURE_CX16)

Sebastian

[Thomas Gleixner]

On Wed, 28 Jun 2017, Dmitry Vyukov wrote:
> On Wed, Jun 28, 2017 at 1:10 PM, Thomas Gleixner <tg...@linutronix.de> wrote:
> > #define cmpxchg_local(ptr, old, new) \
> > ({ \
> > - __typeof__(ptr) ____ptr = (ptr); \
> > - kasan_check_write(____ptr, sizeof(*____ptr)); \
> > - arch_cmpxchg_local(____ptr, (old), (new)); \
> > + kasan_check_write((ptr), sizeof(*(ptr))); \
> > + arch_cmpxchg_local((ptr), (old), (new)); \
>
>
> /\/\/\/\/\/\/\/\/\/\/\/\
>
> These are macros.
> If ptr is foo(), then we will call foo() twice.

If that's true, the foo() will be evaluated a gazillion more times down the
way to the end of this macro maze.

Thanks,

tglx

[Dmitry Vyukov]

No. If we do:

__typeof__(ptr) ____ptr = (ptr);

and then only use ____ptr, then ptr is evaluated only once regardless
of what the rest of macros do.

[Mark Rutland]

For better or worse, we can't rule it out.

We'd risk even more subtle bugs in future trying to rely on that not
being the case. :/

> That's all insane. The whole crap gets worse because:
>
> cmpxchg() can be used on u8, u16, u32 ....

Yup, that's the whole reason for the macro insanity in the fist place.

Anoother option is something like:

static inline unsigned long
cmpxchg_size(unsigned long *ptr, unsigned long old, unsigned long new, int size)
{
kasan_check_write(ptr, size);

switch (size) {
case 1:
return arch_cmpxchg((u8 *)ptr, (u8)old, (u8)new);
case 2:
return arch_cmpxchg((u16 *)ptr, (u16)old, (u16)new);
case 4:
return arch_cmpxchg((u32 *)ptr, (u32)old, (u32)new);
case 8:
return arch_cmpxchg((u64 *)ptr, (u64)old, (u64)new);
}

BUILD_BUG();
}

#define cmpxchg(ptr, old, new) \
cmpxchg_size(ptr, old, new, sizeof(*ptr))

Thanks,
Mark.

[Thomas Gleixner]

On Wed, 28 Jun 2017, Sebastian Andrzej Siewior wrote:
> On 2017-06-28 14:15:18 [+0300], Andrey Ryabinin wrote:
> > The main problem here is that arch_cmpxchg64_local() calls cmpxhg_local() instead of using arch_cmpxchg_local().
> >
> > So, the patch bellow should fix the problem, also this will fix double instrumentation of cmpcxchg64[_local]().
> > But I haven't tested this patch yet.
>
> tested, works. Next step?

Check all other implementations in every architecture whether there is a
similar problem .....

But this really want's a proper cleanup unless we want to waste the time
over and over again with the next hard to figure out macro expansion fail.

First of all, cmpxchg64[_local]() can be implemented as inlines right away.

For cmpxchg*(), the situation is slightly different, but the sizeof()
evaluation should be done at the top most level, even if we do it further
down in the low level arch/asm-generic implementation once more.

Something along the lines of:

static inline unsigned long cmpxchg_varsize(void *ptr, unsigned long old,

unsigned long new, int size)
{

switch (size) {
case 1:
case 2:
case 4:
break;
case 8:
if (sizeof(unsigned long) == 8)
break;
default:
BUILD_BUG_ON(1);
}
kasan_check(ptr, size);
return arch_cmpxchg(ptr, old, new);
}

#define cmpxchg(ptr, o, n) \
({ \
((__typeof__(*(ptr)))cmpxchg_varsize((ptr), (unsigned long)(o), \
(unsigned long)(n), sizeof(*(ptr)))); \
})

That's the first step to cure the actual mess.

Ideally we get rid of that whole macro maze and convert everything to
proper inlines with actual cmpxchg8/16/32/64() variants, but that's going
to take some time. As an intermediate step we can at least propagate 'size'
to arch_cmpxchg(), which is not that much of an effort.

Thanks,

tglx

[Thomas Gleixner]

What I meant is, that we have today nested macros which do a lot of that
same nonsense even w/o that patch.

Thanks,

tglx

[Thomas Gleixner]

And to be honest. That should have be done in the first place _BEFORE_
adding that atomic-instrumented stuff. I'm tempted to revert that mess
instead of 'fixing' it half arsed.

As a side note, we have files (aside of x86/asm/atomic.h) which include
asm/cmpxchg.h ...

net/sunrpc/xprtmultipath.c:#include <asm/cmpxchg.h>
arch/x86/kvm/mmu.c:#include <asm/cmpxchg.h>
arch/x86/um/asm/barrier.h:#include <asm/cmpxchg.h>

I'm really tired of all this featuritis crammed into the code without much
thought. Dammit, can we please stop this and clean up the existing mess
first before duct taping more mess on top of it.

Thanks,

tglx

[Andrey Ryabinin]

On 06/28/2017 04:20 PM, Thomas Gleixner wrote:
> On Wed, 28 Jun 2017, Sebastian Andrzej Siewior wrote:
>> On 2017-06-28 14:15:18 [+0300], Andrey Ryabinin wrote:
>>> The main problem here is that arch_cmpxchg64_local() calls cmpxhg_local() instead of using arch_cmpxchg_local().
>>>
>>> So, the patch bellow should fix the problem, also this will fix double instrumentation of cmpcxchg64[_local]().
>>> But I haven't tested this patch yet.
>>
>> tested, works. Next step?
>
> Check all other implementations in every architecture whether there is a
> similar problem .....
>

This and similar problems could have been caught by -Wshadow warning:

In file included from ../arch/x86/include/asm/atomic.h:282:0,
from ../include/linux/atomic.h:4,
from ../include/linux/jump_label.h:183,
from ../arch/x86/include/asm/string_64.h:5,
from ../arch/x86/include/asm/string.h:4,
from ../include/linux/string.h:18,
from ../include/linux/bitmap.h:8,
from ../drivers/iommu/intel-iommu.c:24:
../include/asm-generic/atomic-instrumented.h:376:18: warning: declaration of ‘____ptr’ shadows a previous local [-Wshadow]
__typeof__(ptr) ____ptr = (ptr); \
^
../arch/x86/include/asm/cmpxchg_64.h:18:2: note: in expansion of macro ‘cmpxchg_local’
cmpxchg_local((ptr), (o), (n)); \
^
../include/asm-generic/atomic-instrumented.h:392:2: note: in expansion of macro ‘arch_cmpxchg64_local’
arch_cmpxchg64_local(____ptr, (old), (new)); \
^
../drivers/iommu/intel-iommu.c:2290:9: note: in expansion of macro ‘cmpxchg64_local’

tmp = cmpxchg64_local(&pte->val, 0ULL, pteval);

^
../include/asm-generic/atomic-instrumented.h:390:18: note: shadowed declaration is here
__typeof__(ptr) ____ptr = (ptr); \
^
../drivers/iommu/intel-iommu.c:2290:9: note: in expansion of macro ‘cmpxchg64_local’

tmp = cmpxchg64_local(&pte->val, 0ULL, pteval);

^


But for some reason we use -Wshadow only on W=2 level.

[Mark Rutland]

On Wed, Jun 28, 2017 at 03:54:42PM +0200, Thomas Gleixner wrote:
> On Wed, 28 Jun 2017, Thomas Gleixner wrote:
> > On Wed, 28 Jun 2017, Sebastian Andrzej Siewior wrote:
> > > On 2017-06-28 14:15:18 [+0300], Andrey Ryabinin wrote:
> > > > The main problem here is that arch_cmpxchg64_local() calls cmpxhg_local() instead of using arch_cmpxchg_local().
> > > >
> > > > So, the patch bellow should fix the problem, also this will fix double instrumentation of cmpcxchg64[_local]().
> > > > But I haven't tested this patch yet.
> > >
> > > tested, works. Next step?
> >
> > Check all other implementations in every architecture whether there is a
> > similar problem .....

FWIW, as x86 is the only user of atomic-instrumented.h, any similar
issues are unrelated to this series.

That's not to say they don't exist, just that they're orthognal to this.

I've been reworking things for arm64 [1], but there's more cleanup
needed first.

> > But this really want's a proper cleanup unless we want to waste the time
> > over and over again with the next hard to figure out macro expansion fail.
> >
> > First of all, cmpxchg64[_local]() can be implemented as inlines right away.
> >
> > For cmpxchg*(), the situation is slightly different, but the sizeof()
> > evaluation should be done at the top most level, even if we do it further
> > down in the low level arch/asm-generic implementation once more.
> >
> > Something along the lines of:
> >
> > static inline unsigned long cmpxchg_varsize(void *ptr, unsigned long old,
> > unsigned long new, int size)
> > {
> > switch (size) {
> > case 1:
> > case 2:
> > case 4:
> > break;
> > case 8:
> > if (sizeof(unsigned long) == 8)
> > break;
> > default:
> > BUILD_BUG_ON(1);
> > }
> > kasan_check(ptr, size);
> > return arch_cmpxchg(ptr, old, new);
> > }

This'll need to re-cast things before the call to arch_cmpxchg(), and we
can move the check above the switch, as in [2].

> > #define cmpxchg(ptr, o, n) \
> > ({ \
> > ((__typeof__(*(ptr)))cmpxchg_varsize((ptr), (unsigned long)(o), \
> > (unsigned long)(n), sizeof(*(ptr)))); \
> > })
> >
> > That's the first step to cure the actual mess.
> >
> > Ideally we get rid of that whole macro maze and convert everything to
> > proper inlines with actual cmpxchg8/16/32/64() variants, but that's going
> > to take some time. As an intermediate step we can at least propagate 'size'
> > to arch_cmpxchg(), which is not that much of an effort.
>
> And to be honest. That should have be done in the first place _BEFORE_
> adding that atomic-instrumented stuff. I'm tempted to revert that mess
> instead of 'fixing' it half arsed.

Sure.

Let's figure out what this *should* look like first.

If that's sufficiently different to what we have now, we revert this and
clean things up first.

> As a side note, we have files (aside of x86/asm/atomic.h) which include
> asm/cmpxchg.h ...
>
> net/sunrpc/xprtmultipath.c:#include <asm/cmpxchg.h>
> arch/x86/kvm/mmu.c:#include <asm/cmpxchg.h>
> arch/x86/um/asm/barrier.h:#include <asm/cmpxchg.h>

Ugh. I'd sent out a patch [3] for the first of these a while back, as I
spotted that when experimenting with arm64, but tht got dropped on the
floor.

I can resend that, if you like?

I guess it'd also make sense to fix the x86 bits at the same time, so
I'm fine with tahat being folded with other fixes.

> I'm really tired of all this featuritis crammed into the code without much
> thought. Dammit, can we please stop this and clean up the existing mess
> first before duct taping more mess on top of it.

Sorry for adding to the mess here.

Thanks,
Mark.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/log/?h=arm64/kasan-atomic
[2] https://lkml.kernel.org/r/20170628124552.GG5981@leverpostej
[3] http://lkml.kernel.org/r/1489574142-20856-1-git-...@arm.com

[Thomas Gleixner]

On Wed, 28 Jun 2017, Mark Rutland wrote:
> On Wed, Jun 28, 2017 at 03:54:42PM +0200, Thomas Gleixner wrote:
> > > static inline unsigned long cmpxchg_varsize(void *ptr, unsigned long old,
> > > unsigned long new, int size)
> > > {
> > > switch (size) {
> > > case 1:
> > > case 2:
> > > case 4:
> > > break;
> > > case 8:
> > > if (sizeof(unsigned long) == 8)
> > > break;
> > > default:
> > > BUILD_BUG_ON(1);
> > > }
> > > kasan_check(ptr, size);
> > > return arch_cmpxchg(ptr, old, new);
> > > }
>
> This'll need to re-cast things before the call to arch_cmpxchg(), and we
> can move the check above the switch, as in [2].

Sure, but I rather see that changed to:

1) Create arch_cmpxchg8/16/32/64() inlines first

2) Add that varsize wrapper:

static inline unsigned long cmpxchg_varsize(void *ptr, unsigned long old,
unsigned long new, int size)
{
switch (size) {
case 1:

kasan_check_write(ptr, size);
return arch_cmpxchg8((u8 *)ptr, (u8) old, (u8)new);
case 2:
kasan_check_write(ptr, size);
return arch_cmpxchg16((u16 *)ptr, (u16) old, (u16)new);
case 4:
kasan_check_write(ptr, size);
return arch_cmpxchg32((u32 *)ptr, (u32) old, (u32)new);
case 8:
if (sizeof(unsigned long) == 8) {
kasan_check_write(ptr, size);
return arch_cmpxchg64((u64 *)ptr, (u64) old, (u64)new);
}
default:
BUILD_BUG();

}
}

#define cmpxchg(ptr, o, n) \
({ \
((__typeof__(*(ptr)))cmpxchg_varsize((ptr), (unsigned long)(o), \
(unsigned long)(n), sizeof(*(ptr)))); \
})

Which allows us to create:

static inline u8 cmpxchg8(u8 *ptr, u8 old, u8 new)
{
kasan_check_write(ptr, sizeof(old));
return arch_cmpxchg8(ptr, old, new);
}

and friends as well and later migrate the existing users away from that
untyped macro mess.

And instead of adding

#include <asm/atomic-instrumented.h>

to the architecture code, we rather do

# mv arch/xxx/include/asm/atomic.h mv arch/xxx/include/asm/arch_atomic.h
# echo '#include <asm-generic/atomic.h>' >arch/xxx/include/asm/atomic.h

# mv include/asm-generic/atomic.h include/asm-generic/atomic_up.h

and create a new include/asm-generic/atomic.h

#ifndef __ASM_GENERIC_ATOMIC_H
#define __ASM_GENERIC_ATOMIC_H

#ifdef CONFIG_ATOMIC_INSTRUMENTED_H
#include <asm-generic/atomic_instrumented.h>
#else
#include <asm-generic/atomic_up.h>
#endif

#endif

Thanks,

tglx

[Mark Rutland]

Sure, that makes sense to me.

>
> And instead of adding
>
> #include <asm/atomic-instrumented.h>
>
> to the architecture code, we rather do
>
> # mv arch/xxx/include/asm/atomic.h mv arch/xxx/include/asm/arch_atomic.h
> # echo '#include <asm-generic/atomic.h>' >arch/xxx/include/asm/atomic.h
>
> # mv include/asm-generic/atomic.h include/asm-generic/atomic_up.h
>
> and create a new include/asm-generic/atomic.h
>
> #ifndef __ASM_GENERIC_ATOMIC_H
> #define __ASM_GENERIC_ATOMIC_H
>
> #ifdef CONFIG_ATOMIC_INSTRUMENTED_H
> #include <asm-generic/atomic_instrumented.h>
> #else
> #include <asm-generic/atomic_up.h>
> #endif
>
> #endif

Given we're gonig to clean things up, we may as well avoid the backwards
include of <asm-generic/atomic_instrumented.h>, whcih was only there as
a bodge:

For the UP arches we do:
# echo '#include <asm-generic/atomic_up.h>' >arch/xxx/include/asm/atomic.h
# mv include/asm-generic/atomic.h include/asm-generic/atomic_up.h

Then we add a <linux/atomic_instrumented.h>:

#ifndef __LINUX_ATOMIC_INSTRUMENTED_H
#define __LINUX_ATOMIC INSTRUMENTED_H

#include <asm/atomic.h>

#if CONFIG_ATOMIC_INSTRUMENTED_H
<instrumentation>
#endif

#endif /* __LINUX_ATOMIC_ARCH_H */

... and make <linux/atomic.h> incldue that rather than <asm/atomic.h>.

That way the instrumentation's orthogonal to the UP-ness of the arch,
and we can fold any other instrumentation in there, or later move it
directly into <linux/atomic.h>

Thanks,
Mark.

[Ingo Molnar]

* Mark Rutland <mark.r...@arm.com> wrote:

> > And instead of adding
> >
> > #include <asm/atomic-instrumented.h>
> >
> > to the architecture code, we rather do
> >
> > # mv arch/xxx/include/asm/atomic.h mv arch/xxx/include/asm/arch_atomic.h
> > # echo '#include <asm-generic/atomic.h>' >arch/xxx/include/asm/atomic.h
> >
> > # mv include/asm-generic/atomic.h include/asm-generic/atomic_up.h
> >
> > and create a new include/asm-generic/atomic.h
> >
> > #ifndef __ASM_GENERIC_ATOMIC_H
> > #define __ASM_GENERIC_ATOMIC_H
> >
> > #ifdef CONFIG_ATOMIC_INSTRUMENTED_H
> > #include <asm-generic/atomic_instrumented.h>
> > #else
> > #include <asm-generic/atomic_up.h>
> > #endif
> >
> > #endif
>
> Given we're gonig to clean things up, we may as well avoid the backwards
> include of <asm-generic/atomic_instrumented.h>, whcih was only there as
> a bodge:

So, since the final v4.12 release is so close, I've put the following KASAN
commits aside into tip:WIP.locking/atomics:

4b47cc154eed: locking/atomic/x86, asm-generic: Add comments for atomic instrumentation
35787d9d7ca4: locking/atomics, asm-generic: Add KASAN instrumentation to atomic operations
68c1ed1fdb0a: kasan: Allow kasan_check_read/write() to accept pointers to volatiles
f1c3049f6729: locking/atomic/x86: Switch atomic.h to use atomic-instrumented.h
d079eebb3958: locking/atomic: Add asm-generic/atomic-instrumented.h
007d185b4462: locking/atomic/x86: Use 's64 *' for 'old' argument of atomic64_try_cmpxchg()
ba1c9f83f633: locking/atomic/x86: Un-macro-ify atomic ops implementation

(Note, I had to rebase these freshly, to decouple them from a refcount_t commit
that we need.)

and won't send them to Linus unless the cleanups are done and acked by Thomas.

Thanks,

Ingo

[Thomas Gleixner]

Sounds like a plan.

Thanks,

tglx

[Thomas Gleixner]

Actually we should make it slightly different and make asm-generic/atomic.h
the central point for everything.

It should contain the wrapper macro and the central inlines including the
kasan stuff and include either arch/arch_atomic.h or
asm-generic/atomic_up.h.

That way all potential instrumentation happens in the generic header (which
is a NOP for archs which do not support it) and pull in the appropriate
arch specific or generic UP low level implementations.

Thanks,

tglx

[Dmitry Vyukov]

On Sat, Jul 8, 2017 at 7:56 PM, Mike Galbraith <efa...@gmx.de> wrote:
> Greetings,
>
> The commit below results in early boot silent death with virgin tip
> v4.12-1134-g813b2061457c and the attached config in my garden variety
> i7-4790 box. A kvm box (w. full tune-for-max-buildtime config) boots
> just fine, it's only toxic on bare metal.

Hi Mike,

Yes, there is a known issue with this commit. I think it was reverted
now. See this thread for details:
https://groups.google.com/forum/#!topic/kasan-dev/ZJl66N7smmk

Thanks for reporting.


> On Fri, 2017-06-23 at 07:01 -0700, tip-bot for Dmitry Vyukov wrote:
>> Commit-ID: 235a93822a21ef6459f4f8eeb58f7bf48e02b450
>> Gitweb: http://git.kernel.org/tip/235a93822a21ef6459f4f8eeb58f7bf48e02b450
>> Author: Dmitry Vyukov <dvy...@google.com>
>> AuthorDate: Thu, 22 Jun 2017 16:14:18 +0200
>> Committer: Ingo Molnar <mi...@kernel.org>
>> CommitDate: Fri, 23 Jun 2017 10:50:20 +0200

>>
>> locking/atomics, asm-generic: Add KASAN instrumentation to atomic operations
>>

>> KASAN uses compiler instrumentation to intercept all memory accesses.
>> But it does not see memory accesses done in assembly code.
>> One notable user of assembly code is atomic operations. Frequently,
>> for example, an atomic reference decrement is the last access to an
>> object and a good candidate for a racy use-after-free.
>>
>> Add manual KASAN checks to atomic operations.
>>
>> Signed-off-by: Dmitry Vyukov <dvy...@google.com>
>> Reviewed-by: Andrey Ryabinin <arya...@virtuozzo.com>
>> Acked-by: Mark Rutland <mark.r...@arm.com>
>> Cc: Andrew Morton <ak...@linux-foundation.org>,
>> Cc: Linus Torvalds <torv...@linux-foundation.org>
>> Cc: Peter Zijlstra <pet...@infradead.org>
>> Cc: Thomas Gleixner <tg...@linutronix.de>
>> Cc: Will Deacon <will....@arm.com>,
>> Cc: kasa...@googlegroups.com
>> Cc: linu...@kvack.org
>> Link: http://lkml.kernel.org/r/85d51d3551b676ba1fc40e8fbddd2ea...@google.com
>> Signed-off-by: Ingo Molnar <mi...@kernel.org>
>> ---
>> include/asm-generic/atomic-instrumented.h | 76 +++++++++++++++++++++++++++++--
>> 1 file changed, 72 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/asm-generic/atomic-instrumented.h b/include/asm-generic/atomic-instrumented.h
>> index 50401d9..a0f5b75 100644
>> --- a/include/asm-generic/atomic-instrumented.h
>> +++ b/include/asm-generic/atomic-instrumented.h
>> @@ -1,43 +1,53 @@
>> #ifndef _LINUX_ATOMIC_INSTRUMENTED_H
>> #define _LINUX_ATOMIC_INSTRUMENTED_H
>>
>> +#include <linux/kasan-checks.h>
>> +
>> static __always_inline int atomic_read(const atomic_t *v)
>> {
>> + kasan_check_read(v, sizeof(*v));
>> return arch_atomic_read(v);
>> }
>>
>> static __always_inline s64 atomic64_read(const atomic64_t *v)
>> {
>> + kasan_check_read(v, sizeof(*v));
>> return arch_atomic64_read(v);
>> }
>>
>> static __always_inline void atomic_set(atomic_t *v, int i)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic_set(v, i);
>> }
>>
>> static __always_inline void atomic64_set(atomic64_t *v, s64 i)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic64_set(v, i);
>> }
>>
>> static __always_inline int atomic_xchg(atomic_t *v, int i)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_xchg(v, i);
>> }
>>
>> static __always_inline s64 atomic64_xchg(atomic64_t *v, s64 i)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_xchg(v, i);
>> }
>>
>> static __always_inline int atomic_cmpxchg(atomic_t *v, int old, int new)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_cmpxchg(v, old, new);
>> }
>>
>> static __always_inline s64 atomic64_cmpxchg(atomic64_t *v, s64 old, s64 new)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_cmpxchg(v, old, new);
>> }
>>
>> @@ -45,6 +55,8 @@ static __always_inline s64 atomic64_cmpxchg(atomic64_t *v, s64 old, s64 new)
>> #define atomic_try_cmpxchg atomic_try_cmpxchg
>> static __always_inline bool atomic_try_cmpxchg(atomic_t *v, int *old, int new)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> + kasan_check_read(old, sizeof(*old));
>> return arch_atomic_try_cmpxchg(v, old, new);
>> }
>> #endif
>> @@ -53,254 +65,310 @@ static __always_inline bool atomic_try_cmpxchg(atomic_t *v, int *old, int new)
>> #define atomic64_try_cmpxchg atomic64_try_cmpxchg
>> static __always_inline bool atomic64_try_cmpxchg(atomic64_t *v, s64 *old, s64 new)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> + kasan_check_read(old, sizeof(*old));
>> return arch_atomic64_try_cmpxchg(v, old, new);
>> }
>> #endif
>>
>> static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return __arch_atomic_add_unless(v, a, u);
>> }
>>
>>
>> static __always_inline bool atomic64_add_unless(atomic64_t *v, s64 a, s64 u)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_add_unless(v, a, u);
>> }
>>
>> static __always_inline void atomic_inc(atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic_inc(v);
>> }
>>
>> static __always_inline void atomic64_inc(atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic64_inc(v);
>> }
>>
>> static __always_inline void atomic_dec(atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic_dec(v);
>> }
>>
>> static __always_inline void atomic64_dec(atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic64_dec(v);
>> }
>>
>> static __always_inline void atomic_add(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic_add(i, v);
>> }
>>
>> static __always_inline void atomic64_add(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic64_add(i, v);
>> }
>>
>> static __always_inline void atomic_sub(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic_sub(i, v);
>> }
>>
>> static __always_inline void atomic64_sub(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic64_sub(i, v);
>> }
>>
>> static __always_inline void atomic_and(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic_and(i, v);
>> }
>>
>> static __always_inline void atomic64_and(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic64_and(i, v);
>> }
>>
>> static __always_inline void atomic_or(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic_or(i, v);
>> }
>>
>> static __always_inline void atomic64_or(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic64_or(i, v);
>> }
>>
>> static __always_inline void atomic_xor(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic_xor(i, v);
>> }
>>
>> static __always_inline void atomic64_xor(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> arch_atomic64_xor(i, v);
>> }
>>
>> static __always_inline int atomic_inc_return(atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_inc_return(v);
>> }
>>
>> static __always_inline s64 atomic64_inc_return(atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_inc_return(v);
>> }
>>
>> static __always_inline int atomic_dec_return(atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_dec_return(v);
>> }
>>
>> static __always_inline s64 atomic64_dec_return(atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_dec_return(v);
>> }
>>
>> static __always_inline s64 atomic64_inc_not_zero(atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_inc_not_zero(v);
>> }
>>
>> static __always_inline s64 atomic64_dec_if_positive(atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_dec_if_positive(v);
>> }
>>
>> static __always_inline bool atomic_dec_and_test(atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_dec_and_test(v);
>> }
>>
>> static __always_inline bool atomic64_dec_and_test(atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_dec_and_test(v);
>> }
>>
>> static __always_inline bool atomic_inc_and_test(atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_inc_and_test(v);
>> }
>>
>> static __always_inline bool atomic64_inc_and_test(atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_inc_and_test(v);
>> }
>>
>> static __always_inline int atomic_add_return(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_add_return(i, v);
>> }
>>
>> static __always_inline s64 atomic64_add_return(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_add_return(i, v);
>> }
>>
>> static __always_inline int atomic_sub_return(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_sub_return(i, v);
>> }
>>
>> static __always_inline s64 atomic64_sub_return(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_sub_return(i, v);
>> }
>>
>> static __always_inline int atomic_fetch_add(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_fetch_add(i, v);
>> }
>>
>> static __always_inline s64 atomic64_fetch_add(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_fetch_add(i, v);
>> }
>>
>> static __always_inline int atomic_fetch_sub(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_fetch_sub(i, v);
>> }
>>
>> static __always_inline s64 atomic64_fetch_sub(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_fetch_sub(i, v);
>> }
>>
>> static __always_inline int atomic_fetch_and(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_fetch_and(i, v);
>> }
>>
>> static __always_inline s64 atomic64_fetch_and(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_fetch_and(i, v);
>> }
>>
>> static __always_inline int atomic_fetch_or(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_fetch_or(i, v);
>> }
>>
>> static __always_inline s64 atomic64_fetch_or(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_fetch_or(i, v);
>> }
>>
>> static __always_inline int atomic_fetch_xor(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_fetch_xor(i, v);
>> }
>>
>> static __always_inline s64 atomic64_fetch_xor(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_fetch_xor(i, v);
>> }
>>
>> static __always_inline bool atomic_sub_and_test(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_sub_and_test(i, v);
>> }
>>
>> static __always_inline bool atomic64_sub_and_test(s64 i, atomic64_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_sub_and_test(i, v);
>> }
>>
>> static __always_inline bool atomic_add_negative(int i, atomic_t *v)
>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic_add_negative(i, v);

>> }
>>
>> static __always_inline bool atomic64_add_negative(s64 i, atomic64_t *v)

>> {
>> + kasan_check_write(v, sizeof(*v));
>> return arch_atomic64_add_negative(i, v);

>> }
>>
>> #define cmpxchg(ptr, old, new) \
>> ({ \

>> + __typeof__(ptr) ___ptr = (ptr); \
>> + kasan_check_write(___ptr, sizeof(*___ptr)); \

>> arch_cmpxchg((ptr), (old), (new)); \
>> })
>>
>> #define sync_cmpxchg(ptr, old, new) \
>> ({ \

>> - arch_sync_cmpxchg((ptr), (old), (new)); \
>> + __typeof__(ptr) ___ptr = (ptr); \
>> + kasan_check_write(___ptr, sizeof(*___ptr)); \
>> + arch_sync_cmpxchg(___ptr, (old), (new)); \
>> })

>>
>> #define cmpxchg_local(ptr, old, new) \
>> ({ \

>> - arch_cmpxchg_local((ptr), (old), (new)); \
>> + __typeof__(ptr) ____ptr = (ptr); \
>> + kasan_check_write(____ptr, sizeof(*____ptr)); \
>> + arch_cmpxchg_local(____ptr, (old), (new)); \

>> })
>>
>> #define cmpxchg64(ptr, old, new) \
>> ({ \

>> - arch_cmpxchg64((ptr), (old), (new)); \
>> + __typeof__(ptr) ____ptr = (ptr); \
>> + kasan_check_write(____ptr, sizeof(*____ptr)); \
>> + arch_cmpxchg64(____ptr, (old), (new)); \

>> })
>>
>> #define cmpxchg64_local(ptr, old, new) \
>> ({ \

>> - arch_cmpxchg64_local((ptr), (old), (new)); \
>> + __typeof__(ptr) ____ptr = (ptr); \
>> + kasan_check_write(____ptr, sizeof(*____ptr)); \
>> + arch_cmpxchg64_local(____ptr, (old), (new)); \

[Ingo Molnar]

* Dmitry Vyukov <dvy...@google.com> wrote:

> On Sat, Jul 8, 2017 at 7:56 PM, Mike Galbraith <efa...@gmx.de> wrote:
> > Greetings,
> >
> > The commit below results in early boot silent death with virgin tip
> > v4.12-1134-g813b2061457c and the attached config in my garden variety
> > i7-4790 box. A kvm box (w. full tune-for-max-buildtime config) boots
> > just fine, it's only toxic on bare metal.
>
> Hi Mike,
>
> Yes, there is a known issue with this commit. I think it was reverted
> now. See this thread for details:
> https://groups.google.com/forum/#!topic/kasan-dev/ZJl66N7smmk

It was not reverted - it was moved into WIP.locking/atomics, but still present in
tip:master.

Is there a fix for WIP.locking/atomics (if yes then please resend it) - if not
I'll drop the branch from tip:master as well.

Thanks,

Ingo

[Ingo Molnar]

Since there haven't been any updates let's re-try this again, ok?

I had these commits in WIP.locking/atomics:

4b47cc154eed: locking/atomic/x86, asm-generic: Add comments for atomic instrumentation
35787d9d7ca4: locking/atomics, asm-generic: Add KASAN instrumentation to atomic operations
68c1ed1fdb0a: kasan: Allow kasan_check_read/write() to accept pointers to volatiles
f1c3049f6729: locking/atomic/x86: Switch atomic.h to use atomic-instrumented.h
d079eebb3958: locking/atomic: Add asm-generic/atomic-instrumented.h
007d185b4462: locking/atomic/x86: Use 's64 *' for 'old' argument of atomic64_try_cmpxchg()
ba1c9f83f633: locking/atomic/x86: Un-macro-ify atomic ops implementation

Thomas objected to the ugly instrumentation approach - so I'll keep only these two
patches:

007d185b4462: locking/atomic/x86: Use 's64 *' for 'old' argument of atomic64_try_cmpxchg()
ba1c9f83f633: locking/atomic/x86: Un-macro-ify atomic ops implementation

because they appear to be uncontroversial.

I've pushed these two out into tip:locking/core, future (re-)submissions should be
based on that tree.

Thanks,

Ingo

[Dmitry Vyukov]

Hi Ingo,

It's still in my sight, but was preempted by other tasks. Also I am
somewhat scared by the amount of changes for the final plan.

Thanks for taking these 2. That's a good start. Can you please also merge:

68c1ed1fdb0a: kasan: Allow kasan_check_read/write() to accept pointers
to volatiles

It's small and harmless and will be needed anyway.

For the rest of the changes: will it be ok to just resolve the cmpxchg
macro mess (that caused the crash) and then rebase the current changes
on top of that? Or we need to do the full overhaul across all arches?
If we go with full overhaul, would somebody with more kernel expertise
be willing to do the overhaul?

[Ingo Molnar]

* Dmitry Vyukov <dvy...@google.com> wrote:

> > I've pushed these two out into tip:locking/core, future (re-)submissions should be
> > based on that tree.
>
> Hi Ingo,
>
> It's still in my sight, but was preempted by other tasks. Also I am
> somewhat scared by the amount of changes for the final plan.
>
> Thanks for taking these 2. That's a good start. Can you please also merge:
> 68c1ed1fdb0a: kasan: Allow kasan_check_read/write() to accept pointers
> to volatiles
> It's small and harmless and will be needed anyway.

Ok, I cherry-picked this one into tip:locking/core as well.

> For the rest of the changes: will it be ok to just resolve the cmpxchg
> macro mess (that caused the crash) and then rebase the current changes
> on top of that? Or we need to do the full overhaul across all arches?
> If we go with full overhaul, would somebody with more kernel expertise
> be willing to do the overhaul?

That's up to Thomas.

Thanks,

Ingo