xref: /openbmc/linux/kernel/kcsan/kcsan_test.c (revision 9659281c)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * KCSAN test with various race scenarious to test runtime behaviour. Since the
4  * interface with which KCSAN's reports are obtained is via the console, this is
5  * the output we should verify. For each test case checks the presence (or
6  * absence) of generated reports. Relies on 'console' tracepoint to capture
7  * reports as they appear in the kernel log.
8  *
9  * Makes use of KUnit for test organization, and the Torture framework for test
10  * thread control.
11  *
12  * Copyright (C) 2020, Google LLC.
13  * Author: Marco Elver <elver@google.com>
14  */
15 
16 #define pr_fmt(fmt) "kcsan_test: " fmt
17 
18 #include <kunit/test.h>
19 #include <linux/jiffies.h>
20 #include <linux/kcsan-checks.h>
21 #include <linux/kernel.h>
22 #include <linux/sched.h>
23 #include <linux/seqlock.h>
24 #include <linux/spinlock.h>
25 #include <linux/string.h>
26 #include <linux/timer.h>
27 #include <linux/torture.h>
28 #include <linux/tracepoint.h>
29 #include <linux/types.h>
30 #include <trace/events/printk.h>
31 
32 #ifdef CONFIG_CC_HAS_TSAN_COMPOUND_READ_BEFORE_WRITE
33 #define __KCSAN_ACCESS_RW(alt) (KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE)
34 #else
35 #define __KCSAN_ACCESS_RW(alt) (alt)
36 #endif
37 
38 /* Points to current test-case memory access "kernels". */
39 static void (*access_kernels[2])(void);
40 
41 static struct task_struct **threads; /* Lists of threads. */
42 static unsigned long end_time;       /* End time of test. */
43 
44 /* Report as observed from console. */
45 static struct {
46 	spinlock_t lock;
47 	int nlines;
48 	char lines[3][512];
49 } observed = {
50 	.lock = __SPIN_LOCK_UNLOCKED(observed.lock),
51 };
52 
53 /* Setup test checking loop. */
54 static __no_kcsan inline void
55 begin_test_checks(void (*func1)(void), void (*func2)(void))
56 {
57 	kcsan_disable_current();
58 
59 	/*
60 	 * Require at least as long as KCSAN_REPORT_ONCE_IN_MS, to ensure at
61 	 * least one race is reported.
62 	 */
63 	end_time = jiffies + msecs_to_jiffies(CONFIG_KCSAN_REPORT_ONCE_IN_MS + 500);
64 
65 	/* Signal start; release potential initialization of shared data. */
66 	smp_store_release(&access_kernels[0], func1);
67 	smp_store_release(&access_kernels[1], func2);
68 }
69 
70 /* End test checking loop. */
71 static __no_kcsan inline bool
72 end_test_checks(bool stop)
73 {
74 	if (!stop && time_before(jiffies, end_time)) {
75 		/* Continue checking */
76 		might_sleep();
77 		return false;
78 	}
79 
80 	kcsan_enable_current();
81 	return true;
82 }
83 
84 /*
85  * Probe for console output: checks if a race was reported, and obtains observed
86  * lines of interest.
87  */
88 __no_kcsan
89 static void probe_console(void *ignore, const char *buf, size_t len)
90 {
91 	unsigned long flags;
92 	int nlines;
93 
94 	/*
95 	 * Note that KCSAN reports under a global lock, so we do not risk the
96 	 * possibility of having multiple reports interleaved. If that were the
97 	 * case, we'd expect tests to fail.
98 	 */
99 
100 	spin_lock_irqsave(&observed.lock, flags);
101 	nlines = observed.nlines;
102 
103 	if (strnstr(buf, "BUG: KCSAN: ", len) && strnstr(buf, "test_", len)) {
104 		/*
105 		 * KCSAN report and related to the test.
106 		 *
107 		 * The provided @buf is not NUL-terminated; copy no more than
108 		 * @len bytes and let strscpy() add the missing NUL-terminator.
109 		 */
110 		strscpy(observed.lines[0], buf, min(len + 1, sizeof(observed.lines[0])));
111 		nlines = 1;
112 	} else if ((nlines == 1 || nlines == 2) && strnstr(buf, "bytes by", len)) {
113 		strscpy(observed.lines[nlines++], buf, min(len + 1, sizeof(observed.lines[0])));
114 
115 		if (strnstr(buf, "race at unknown origin", len)) {
116 			if (WARN_ON(nlines != 2))
117 				goto out;
118 
119 			/* No second line of interest. */
120 			strcpy(observed.lines[nlines++], "<none>");
121 		}
122 	}
123 
124 out:
125 	WRITE_ONCE(observed.nlines, nlines); /* Publish new nlines. */
126 	spin_unlock_irqrestore(&observed.lock, flags);
127 }
128 
129 /* Check if a report related to the test exists. */
130 __no_kcsan
131 static bool report_available(void)
132 {
133 	return READ_ONCE(observed.nlines) == ARRAY_SIZE(observed.lines);
134 }
135 
136 /* Report information we expect in a report. */
137 struct expect_report {
138 	/* Access information of both accesses. */
139 	struct {
140 		void *fn;    /* Function pointer to expected function of top frame. */
141 		void *addr;  /* Address of access; unchecked if NULL. */
142 		size_t size; /* Size of access; unchecked if @addr is NULL. */
143 		int type;    /* Access type, see KCSAN_ACCESS definitions. */
144 	} access[2];
145 };
146 
147 /* Check observed report matches information in @r. */
148 __no_kcsan
149 static bool report_matches(const struct expect_report *r)
150 {
151 	const bool is_assert = (r->access[0].type | r->access[1].type) & KCSAN_ACCESS_ASSERT;
152 	bool ret = false;
153 	unsigned long flags;
154 	typeof(observed.lines) expect;
155 	const char *end;
156 	char *cur;
157 	int i;
158 
159 	/* Doubled-checked locking. */
160 	if (!report_available())
161 		return false;
162 
163 	/* Generate expected report contents. */
164 
165 	/* Title */
166 	cur = expect[0];
167 	end = &expect[0][sizeof(expect[0]) - 1];
168 	cur += scnprintf(cur, end - cur, "BUG: KCSAN: %s in ",
169 			 is_assert ? "assert: race" : "data-race");
170 	if (r->access[1].fn) {
171 		char tmp[2][64];
172 		int cmp;
173 
174 		/* Expect lexographically sorted function names in title. */
175 		scnprintf(tmp[0], sizeof(tmp[0]), "%pS", r->access[0].fn);
176 		scnprintf(tmp[1], sizeof(tmp[1]), "%pS", r->access[1].fn);
177 		cmp = strcmp(tmp[0], tmp[1]);
178 		cur += scnprintf(cur, end - cur, "%ps / %ps",
179 				 cmp < 0 ? r->access[0].fn : r->access[1].fn,
180 				 cmp < 0 ? r->access[1].fn : r->access[0].fn);
181 	} else {
182 		scnprintf(cur, end - cur, "%pS", r->access[0].fn);
183 		/* The exact offset won't match, remove it. */
184 		cur = strchr(expect[0], '+');
185 		if (cur)
186 			*cur = '\0';
187 	}
188 
189 	/* Access 1 */
190 	cur = expect[1];
191 	end = &expect[1][sizeof(expect[1]) - 1];
192 	if (!r->access[1].fn)
193 		cur += scnprintf(cur, end - cur, "race at unknown origin, with ");
194 
195 	/* Access 1 & 2 */
196 	for (i = 0; i < 2; ++i) {
197 		const int ty = r->access[i].type;
198 		const char *const access_type =
199 			(ty & KCSAN_ACCESS_ASSERT) ?
200 				      ((ty & KCSAN_ACCESS_WRITE) ?
201 					       "assert no accesses" :
202 					       "assert no writes") :
203 				      ((ty & KCSAN_ACCESS_WRITE) ?
204 					       ((ty & KCSAN_ACCESS_COMPOUND) ?
205 							"read-write" :
206 							"write") :
207 					       "read");
208 		const char *const access_type_aux =
209 			(ty & KCSAN_ACCESS_ATOMIC) ?
210 				      " (marked)" :
211 				      ((ty & KCSAN_ACCESS_SCOPED) ? " (scoped)" : "");
212 
213 		if (i == 1) {
214 			/* Access 2 */
215 			cur = expect[2];
216 			end = &expect[2][sizeof(expect[2]) - 1];
217 
218 			if (!r->access[1].fn) {
219 				/* Dummy string if no second access is available. */
220 				strcpy(cur, "<none>");
221 				break;
222 			}
223 		}
224 
225 		cur += scnprintf(cur, end - cur, "%s%s to ", access_type,
226 				 access_type_aux);
227 
228 		if (r->access[i].addr) /* Address is optional. */
229 			cur += scnprintf(cur, end - cur, "0x%px of %zu bytes",
230 					 r->access[i].addr, r->access[i].size);
231 	}
232 
233 	spin_lock_irqsave(&observed.lock, flags);
234 	if (!report_available())
235 		goto out; /* A new report is being captured. */
236 
237 	/* Finally match expected output to what we actually observed. */
238 	ret = strstr(observed.lines[0], expect[0]) &&
239 	      /* Access info may appear in any order. */
240 	      ((strstr(observed.lines[1], expect[1]) &&
241 		strstr(observed.lines[2], expect[2])) ||
242 	       (strstr(observed.lines[1], expect[2]) &&
243 		strstr(observed.lines[2], expect[1])));
244 out:
245 	spin_unlock_irqrestore(&observed.lock, flags);
246 	return ret;
247 }
248 
249 /* ===== Test kernels ===== */
250 
251 static long test_sink;
252 static long test_var;
253 /* @test_array should be large enough to fall into multiple watchpoint slots. */
254 static long test_array[3 * PAGE_SIZE / sizeof(long)];
255 static struct {
256 	long val[8];
257 } test_struct;
258 static DEFINE_SEQLOCK(test_seqlock);
259 
260 /*
261  * Helper to avoid compiler optimizing out reads, and to generate source values
262  * for writes.
263  */
264 __no_kcsan
265 static noinline void sink_value(long v) { WRITE_ONCE(test_sink, v); }
266 
267 static noinline void test_kernel_read(void) { sink_value(test_var); }
268 
269 static noinline void test_kernel_write(void)
270 {
271 	test_var = READ_ONCE_NOCHECK(test_sink) + 1;
272 }
273 
274 static noinline void test_kernel_write_nochange(void) { test_var = 42; }
275 
276 /* Suffixed by value-change exception filter. */
277 static noinline void test_kernel_write_nochange_rcu(void) { test_var = 42; }
278 
279 static noinline void test_kernel_read_atomic(void)
280 {
281 	sink_value(READ_ONCE(test_var));
282 }
283 
284 static noinline void test_kernel_write_atomic(void)
285 {
286 	WRITE_ONCE(test_var, READ_ONCE_NOCHECK(test_sink) + 1);
287 }
288 
289 static noinline void test_kernel_atomic_rmw(void)
290 {
291 	/* Use builtin, so we can set up the "bad" atomic/non-atomic scenario. */
292 	__atomic_fetch_add(&test_var, 1, __ATOMIC_RELAXED);
293 }
294 
295 __no_kcsan
296 static noinline void test_kernel_write_uninstrumented(void) { test_var++; }
297 
298 static noinline void test_kernel_data_race(void) { data_race(test_var++); }
299 
300 static noinline void test_kernel_assert_writer(void)
301 {
302 	ASSERT_EXCLUSIVE_WRITER(test_var);
303 }
304 
305 static noinline void test_kernel_assert_access(void)
306 {
307 	ASSERT_EXCLUSIVE_ACCESS(test_var);
308 }
309 
310 #define TEST_CHANGE_BITS 0xff00ff00
311 
312 static noinline void test_kernel_change_bits(void)
313 {
314 	if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) {
315 		/*
316 		 * Avoid race of unknown origin for this test, just pretend they
317 		 * are atomic.
318 		 */
319 		kcsan_nestable_atomic_begin();
320 		test_var ^= TEST_CHANGE_BITS;
321 		kcsan_nestable_atomic_end();
322 	} else
323 		WRITE_ONCE(test_var, READ_ONCE(test_var) ^ TEST_CHANGE_BITS);
324 }
325 
326 static noinline void test_kernel_assert_bits_change(void)
327 {
328 	ASSERT_EXCLUSIVE_BITS(test_var, TEST_CHANGE_BITS);
329 }
330 
331 static noinline void test_kernel_assert_bits_nochange(void)
332 {
333 	ASSERT_EXCLUSIVE_BITS(test_var, ~TEST_CHANGE_BITS);
334 }
335 
336 /* To check that scoped assertions do trigger anywhere in scope. */
337 static noinline void test_enter_scope(void)
338 {
339 	int x = 0;
340 
341 	/* Unrelated accesses to scoped assert. */
342 	READ_ONCE(test_sink);
343 	kcsan_check_read(&x, sizeof(x));
344 }
345 
346 static noinline void test_kernel_assert_writer_scoped(void)
347 {
348 	ASSERT_EXCLUSIVE_WRITER_SCOPED(test_var);
349 	test_enter_scope();
350 }
351 
352 static noinline void test_kernel_assert_access_scoped(void)
353 {
354 	ASSERT_EXCLUSIVE_ACCESS_SCOPED(test_var);
355 	test_enter_scope();
356 }
357 
358 static noinline void test_kernel_rmw_array(void)
359 {
360 	int i;
361 
362 	for (i = 0; i < ARRAY_SIZE(test_array); ++i)
363 		test_array[i]++;
364 }
365 
366 static noinline void test_kernel_write_struct(void)
367 {
368 	kcsan_check_write(&test_struct, sizeof(test_struct));
369 	kcsan_disable_current();
370 	test_struct.val[3]++; /* induce value change */
371 	kcsan_enable_current();
372 }
373 
374 static noinline void test_kernel_write_struct_part(void)
375 {
376 	test_struct.val[3] = 42;
377 }
378 
379 static noinline void test_kernel_read_struct_zero_size(void)
380 {
381 	kcsan_check_read(&test_struct.val[3], 0);
382 }
383 
384 static noinline void test_kernel_jiffies_reader(void)
385 {
386 	sink_value((long)jiffies);
387 }
388 
389 static noinline void test_kernel_seqlock_reader(void)
390 {
391 	unsigned int seq;
392 
393 	do {
394 		seq = read_seqbegin(&test_seqlock);
395 		sink_value(test_var);
396 	} while (read_seqretry(&test_seqlock, seq));
397 }
398 
399 static noinline void test_kernel_seqlock_writer(void)
400 {
401 	unsigned long flags;
402 
403 	write_seqlock_irqsave(&test_seqlock, flags);
404 	test_var++;
405 	write_sequnlock_irqrestore(&test_seqlock, flags);
406 }
407 
408 static noinline void test_kernel_atomic_builtins(void)
409 {
410 	/*
411 	 * Generate concurrent accesses, expecting no reports, ensuring KCSAN
412 	 * treats builtin atomics as actually atomic.
413 	 */
414 	__atomic_load_n(&test_var, __ATOMIC_RELAXED);
415 }
416 
417 /* ===== Test cases ===== */
418 
419 /* Simple test with normal data race. */
420 __no_kcsan
421 static void test_basic(struct kunit *test)
422 {
423 	const struct expect_report expect = {
424 		.access = {
425 			{ test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
426 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
427 		},
428 	};
429 	static const struct expect_report never = {
430 		.access = {
431 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
432 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
433 		},
434 	};
435 	bool match_expect = false;
436 	bool match_never = false;
437 
438 	begin_test_checks(test_kernel_write, test_kernel_read);
439 	do {
440 		match_expect |= report_matches(&expect);
441 		match_never = report_matches(&never);
442 	} while (!end_test_checks(match_never));
443 	KUNIT_EXPECT_TRUE(test, match_expect);
444 	KUNIT_EXPECT_FALSE(test, match_never);
445 }
446 
447 /*
448  * Stress KCSAN with lots of concurrent races on different addresses until
449  * timeout.
450  */
451 __no_kcsan
452 static void test_concurrent_races(struct kunit *test)
453 {
454 	const struct expect_report expect = {
455 		.access = {
456 			/* NULL will match any address. */
457 			{ test_kernel_rmw_array, NULL, 0, __KCSAN_ACCESS_RW(KCSAN_ACCESS_WRITE) },
458 			{ test_kernel_rmw_array, NULL, 0, __KCSAN_ACCESS_RW(0) },
459 		},
460 	};
461 	static const struct expect_report never = {
462 		.access = {
463 			{ test_kernel_rmw_array, NULL, 0, 0 },
464 			{ test_kernel_rmw_array, NULL, 0, 0 },
465 		},
466 	};
467 	bool match_expect = false;
468 	bool match_never = false;
469 
470 	begin_test_checks(test_kernel_rmw_array, test_kernel_rmw_array);
471 	do {
472 		match_expect |= report_matches(&expect);
473 		match_never |= report_matches(&never);
474 	} while (!end_test_checks(false));
475 	KUNIT_EXPECT_TRUE(test, match_expect); /* Sanity check matches exist. */
476 	KUNIT_EXPECT_FALSE(test, match_never);
477 }
478 
479 /* Test the KCSAN_REPORT_VALUE_CHANGE_ONLY option. */
480 __no_kcsan
481 static void test_novalue_change(struct kunit *test)
482 {
483 	const struct expect_report expect = {
484 		.access = {
485 			{ test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
486 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
487 		},
488 	};
489 	bool match_expect = false;
490 
491 	begin_test_checks(test_kernel_write_nochange, test_kernel_read);
492 	do {
493 		match_expect = report_matches(&expect);
494 	} while (!end_test_checks(match_expect));
495 	if (IS_ENABLED(CONFIG_KCSAN_REPORT_VALUE_CHANGE_ONLY))
496 		KUNIT_EXPECT_FALSE(test, match_expect);
497 	else
498 		KUNIT_EXPECT_TRUE(test, match_expect);
499 }
500 
501 /*
502  * Test that the rules where the KCSAN_REPORT_VALUE_CHANGE_ONLY option should
503  * never apply work.
504  */
505 __no_kcsan
506 static void test_novalue_change_exception(struct kunit *test)
507 {
508 	const struct expect_report expect = {
509 		.access = {
510 			{ test_kernel_write_nochange_rcu, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
511 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
512 		},
513 	};
514 	bool match_expect = false;
515 
516 	begin_test_checks(test_kernel_write_nochange_rcu, test_kernel_read);
517 	do {
518 		match_expect = report_matches(&expect);
519 	} while (!end_test_checks(match_expect));
520 	KUNIT_EXPECT_TRUE(test, match_expect);
521 }
522 
523 /* Test that data races of unknown origin are reported. */
524 __no_kcsan
525 static void test_unknown_origin(struct kunit *test)
526 {
527 	const struct expect_report expect = {
528 		.access = {
529 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
530 			{ NULL },
531 		},
532 	};
533 	bool match_expect = false;
534 
535 	begin_test_checks(test_kernel_write_uninstrumented, test_kernel_read);
536 	do {
537 		match_expect = report_matches(&expect);
538 	} while (!end_test_checks(match_expect));
539 	if (IS_ENABLED(CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN))
540 		KUNIT_EXPECT_TRUE(test, match_expect);
541 	else
542 		KUNIT_EXPECT_FALSE(test, match_expect);
543 }
544 
545 /* Test KCSAN_ASSUME_PLAIN_WRITES_ATOMIC if it is selected. */
546 __no_kcsan
547 static void test_write_write_assume_atomic(struct kunit *test)
548 {
549 	const struct expect_report expect = {
550 		.access = {
551 			{ test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
552 			{ test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
553 		},
554 	};
555 	bool match_expect = false;
556 
557 	begin_test_checks(test_kernel_write, test_kernel_write);
558 	do {
559 		sink_value(READ_ONCE(test_var)); /* induce value-change */
560 		match_expect = report_matches(&expect);
561 	} while (!end_test_checks(match_expect));
562 	if (IS_ENABLED(CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC))
563 		KUNIT_EXPECT_FALSE(test, match_expect);
564 	else
565 		KUNIT_EXPECT_TRUE(test, match_expect);
566 }
567 
568 /*
569  * Test that data races with writes larger than word-size are always reported,
570  * even if KCSAN_ASSUME_PLAIN_WRITES_ATOMIC is selected.
571  */
572 __no_kcsan
573 static void test_write_write_struct(struct kunit *test)
574 {
575 	const struct expect_report expect = {
576 		.access = {
577 			{ test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
578 			{ test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
579 		},
580 	};
581 	bool match_expect = false;
582 
583 	begin_test_checks(test_kernel_write_struct, test_kernel_write_struct);
584 	do {
585 		match_expect = report_matches(&expect);
586 	} while (!end_test_checks(match_expect));
587 	KUNIT_EXPECT_TRUE(test, match_expect);
588 }
589 
590 /*
591  * Test that data races where only one write is larger than word-size are always
592  * reported, even if KCSAN_ASSUME_PLAIN_WRITES_ATOMIC is selected.
593  */
594 __no_kcsan
595 static void test_write_write_struct_part(struct kunit *test)
596 {
597 	const struct expect_report expect = {
598 		.access = {
599 			{ test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
600 			{ test_kernel_write_struct_part, &test_struct.val[3], sizeof(test_struct.val[3]), KCSAN_ACCESS_WRITE },
601 		},
602 	};
603 	bool match_expect = false;
604 
605 	begin_test_checks(test_kernel_write_struct, test_kernel_write_struct_part);
606 	do {
607 		match_expect = report_matches(&expect);
608 	} while (!end_test_checks(match_expect));
609 	KUNIT_EXPECT_TRUE(test, match_expect);
610 }
611 
612 /* Test that races with atomic accesses never result in reports. */
613 __no_kcsan
614 static void test_read_atomic_write_atomic(struct kunit *test)
615 {
616 	bool match_never = false;
617 
618 	begin_test_checks(test_kernel_read_atomic, test_kernel_write_atomic);
619 	do {
620 		match_never = report_available();
621 	} while (!end_test_checks(match_never));
622 	KUNIT_EXPECT_FALSE(test, match_never);
623 }
624 
625 /* Test that a race with an atomic and plain access result in reports. */
626 __no_kcsan
627 static void test_read_plain_atomic_write(struct kunit *test)
628 {
629 	const struct expect_report expect = {
630 		.access = {
631 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
632 			{ test_kernel_write_atomic, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC },
633 		},
634 	};
635 	bool match_expect = false;
636 
637 	if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS))
638 		return;
639 
640 	begin_test_checks(test_kernel_read, test_kernel_write_atomic);
641 	do {
642 		match_expect = report_matches(&expect);
643 	} while (!end_test_checks(match_expect));
644 	KUNIT_EXPECT_TRUE(test, match_expect);
645 }
646 
647 /* Test that atomic RMWs generate correct report. */
648 __no_kcsan
649 static void test_read_plain_atomic_rmw(struct kunit *test)
650 {
651 	const struct expect_report expect = {
652 		.access = {
653 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
654 			{ test_kernel_atomic_rmw, &test_var, sizeof(test_var),
655 				KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC },
656 		},
657 	};
658 	bool match_expect = false;
659 
660 	if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS))
661 		return;
662 
663 	begin_test_checks(test_kernel_read, test_kernel_atomic_rmw);
664 	do {
665 		match_expect = report_matches(&expect);
666 	} while (!end_test_checks(match_expect));
667 	KUNIT_EXPECT_TRUE(test, match_expect);
668 }
669 
670 /* Zero-sized accesses should never cause data race reports. */
671 __no_kcsan
672 static void test_zero_size_access(struct kunit *test)
673 {
674 	const struct expect_report expect = {
675 		.access = {
676 			{ test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
677 			{ test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
678 		},
679 	};
680 	const struct expect_report never = {
681 		.access = {
682 			{ test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
683 			{ test_kernel_read_struct_zero_size, &test_struct.val[3], 0, 0 },
684 		},
685 	};
686 	bool match_expect = false;
687 	bool match_never = false;
688 
689 	begin_test_checks(test_kernel_write_struct, test_kernel_read_struct_zero_size);
690 	do {
691 		match_expect |= report_matches(&expect);
692 		match_never = report_matches(&never);
693 	} while (!end_test_checks(match_never));
694 	KUNIT_EXPECT_TRUE(test, match_expect); /* Sanity check. */
695 	KUNIT_EXPECT_FALSE(test, match_never);
696 }
697 
698 /* Test the data_race() macro. */
699 __no_kcsan
700 static void test_data_race(struct kunit *test)
701 {
702 	bool match_never = false;
703 
704 	begin_test_checks(test_kernel_data_race, test_kernel_data_race);
705 	do {
706 		match_never = report_available();
707 	} while (!end_test_checks(match_never));
708 	KUNIT_EXPECT_FALSE(test, match_never);
709 }
710 
711 __no_kcsan
712 static void test_assert_exclusive_writer(struct kunit *test)
713 {
714 	const struct expect_report expect = {
715 		.access = {
716 			{ test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
717 			{ test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
718 		},
719 	};
720 	bool match_expect = false;
721 
722 	begin_test_checks(test_kernel_assert_writer, test_kernel_write_nochange);
723 	do {
724 		match_expect = report_matches(&expect);
725 	} while (!end_test_checks(match_expect));
726 	KUNIT_EXPECT_TRUE(test, match_expect);
727 }
728 
729 __no_kcsan
730 static void test_assert_exclusive_access(struct kunit *test)
731 {
732 	const struct expect_report expect = {
733 		.access = {
734 			{ test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
735 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
736 		},
737 	};
738 	bool match_expect = false;
739 
740 	begin_test_checks(test_kernel_assert_access, test_kernel_read);
741 	do {
742 		match_expect = report_matches(&expect);
743 	} while (!end_test_checks(match_expect));
744 	KUNIT_EXPECT_TRUE(test, match_expect);
745 }
746 
747 __no_kcsan
748 static void test_assert_exclusive_access_writer(struct kunit *test)
749 {
750 	const struct expect_report expect_access_writer = {
751 		.access = {
752 			{ test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
753 			{ test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
754 		},
755 	};
756 	const struct expect_report expect_access_access = {
757 		.access = {
758 			{ test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
759 			{ test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
760 		},
761 	};
762 	const struct expect_report never = {
763 		.access = {
764 			{ test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
765 			{ test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
766 		},
767 	};
768 	bool match_expect_access_writer = false;
769 	bool match_expect_access_access = false;
770 	bool match_never = false;
771 
772 	begin_test_checks(test_kernel_assert_access, test_kernel_assert_writer);
773 	do {
774 		match_expect_access_writer |= report_matches(&expect_access_writer);
775 		match_expect_access_access |= report_matches(&expect_access_access);
776 		match_never |= report_matches(&never);
777 	} while (!end_test_checks(match_never));
778 	KUNIT_EXPECT_TRUE(test, match_expect_access_writer);
779 	KUNIT_EXPECT_TRUE(test, match_expect_access_access);
780 	KUNIT_EXPECT_FALSE(test, match_never);
781 }
782 
783 __no_kcsan
784 static void test_assert_exclusive_bits_change(struct kunit *test)
785 {
786 	const struct expect_report expect = {
787 		.access = {
788 			{ test_kernel_assert_bits_change, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
789 			{ test_kernel_change_bits, &test_var, sizeof(test_var),
790 				KCSAN_ACCESS_WRITE | (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS) ? 0 : KCSAN_ACCESS_ATOMIC) },
791 		},
792 	};
793 	bool match_expect = false;
794 
795 	begin_test_checks(test_kernel_assert_bits_change, test_kernel_change_bits);
796 	do {
797 		match_expect = report_matches(&expect);
798 	} while (!end_test_checks(match_expect));
799 	KUNIT_EXPECT_TRUE(test, match_expect);
800 }
801 
802 __no_kcsan
803 static void test_assert_exclusive_bits_nochange(struct kunit *test)
804 {
805 	bool match_never = false;
806 
807 	begin_test_checks(test_kernel_assert_bits_nochange, test_kernel_change_bits);
808 	do {
809 		match_never = report_available();
810 	} while (!end_test_checks(match_never));
811 	KUNIT_EXPECT_FALSE(test, match_never);
812 }
813 
814 __no_kcsan
815 static void test_assert_exclusive_writer_scoped(struct kunit *test)
816 {
817 	const struct expect_report expect_start = {
818 		.access = {
819 			{ test_kernel_assert_writer_scoped, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_SCOPED },
820 			{ test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
821 		},
822 	};
823 	const struct expect_report expect_anywhere = {
824 		.access = {
825 			{ test_enter_scope, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_SCOPED },
826 			{ test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
827 		},
828 	};
829 	bool match_expect_start = false;
830 	bool match_expect_anywhere = false;
831 
832 	begin_test_checks(test_kernel_assert_writer_scoped, test_kernel_write_nochange);
833 	do {
834 		match_expect_start |= report_matches(&expect_start);
835 		match_expect_anywhere |= report_matches(&expect_anywhere);
836 	} while (!end_test_checks(match_expect_start && match_expect_anywhere));
837 	KUNIT_EXPECT_TRUE(test, match_expect_start);
838 	KUNIT_EXPECT_TRUE(test, match_expect_anywhere);
839 }
840 
841 __no_kcsan
842 static void test_assert_exclusive_access_scoped(struct kunit *test)
843 {
844 	const struct expect_report expect_start1 = {
845 		.access = {
846 			{ test_kernel_assert_access_scoped, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_SCOPED },
847 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
848 		},
849 	};
850 	const struct expect_report expect_start2 = {
851 		.access = { expect_start1.access[0], expect_start1.access[0] },
852 	};
853 	const struct expect_report expect_inscope = {
854 		.access = {
855 			{ test_enter_scope, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_SCOPED },
856 			{ test_kernel_read, &test_var, sizeof(test_var), 0 },
857 		},
858 	};
859 	bool match_expect_start = false;
860 	bool match_expect_inscope = false;
861 
862 	begin_test_checks(test_kernel_assert_access_scoped, test_kernel_read);
863 	end_time += msecs_to_jiffies(1000); /* This test requires a bit more time. */
864 	do {
865 		match_expect_start |= report_matches(&expect_start1) || report_matches(&expect_start2);
866 		match_expect_inscope |= report_matches(&expect_inscope);
867 	} while (!end_test_checks(match_expect_start && match_expect_inscope));
868 	KUNIT_EXPECT_TRUE(test, match_expect_start);
869 	KUNIT_EXPECT_TRUE(test, match_expect_inscope);
870 }
871 
872 /*
873  * jiffies is special (declared to be volatile) and its accesses are typically
874  * not marked; this test ensures that the compiler nor KCSAN gets confused about
875  * jiffies's declaration on different architectures.
876  */
877 __no_kcsan
878 static void test_jiffies_noreport(struct kunit *test)
879 {
880 	bool match_never = false;
881 
882 	begin_test_checks(test_kernel_jiffies_reader, test_kernel_jiffies_reader);
883 	do {
884 		match_never = report_available();
885 	} while (!end_test_checks(match_never));
886 	KUNIT_EXPECT_FALSE(test, match_never);
887 }
888 
889 /* Test that racing accesses in seqlock critical sections are not reported. */
890 __no_kcsan
891 static void test_seqlock_noreport(struct kunit *test)
892 {
893 	bool match_never = false;
894 
895 	begin_test_checks(test_kernel_seqlock_reader, test_kernel_seqlock_writer);
896 	do {
897 		match_never = report_available();
898 	} while (!end_test_checks(match_never));
899 	KUNIT_EXPECT_FALSE(test, match_never);
900 }
901 
902 /*
903  * Test atomic builtins work and required instrumentation functions exist. We
904  * also test that KCSAN understands they're atomic by racing with them via
905  * test_kernel_atomic_builtins(), and expect no reports.
906  *
907  * The atomic builtins _SHOULD NOT_ be used in normal kernel code!
908  */
909 static void test_atomic_builtins(struct kunit *test)
910 {
911 	bool match_never = false;
912 
913 	begin_test_checks(test_kernel_atomic_builtins, test_kernel_atomic_builtins);
914 	do {
915 		long tmp;
916 
917 		kcsan_enable_current();
918 
919 		__atomic_store_n(&test_var, 42L, __ATOMIC_RELAXED);
920 		KUNIT_EXPECT_EQ(test, 42L, __atomic_load_n(&test_var, __ATOMIC_RELAXED));
921 
922 		KUNIT_EXPECT_EQ(test, 42L, __atomic_exchange_n(&test_var, 20, __ATOMIC_RELAXED));
923 		KUNIT_EXPECT_EQ(test, 20L, test_var);
924 
925 		tmp = 20L;
926 		KUNIT_EXPECT_TRUE(test, __atomic_compare_exchange_n(&test_var, &tmp, 30L,
927 								    0, __ATOMIC_RELAXED,
928 								    __ATOMIC_RELAXED));
929 		KUNIT_EXPECT_EQ(test, tmp, 20L);
930 		KUNIT_EXPECT_EQ(test, test_var, 30L);
931 		KUNIT_EXPECT_FALSE(test, __atomic_compare_exchange_n(&test_var, &tmp, 40L,
932 								     1, __ATOMIC_RELAXED,
933 								     __ATOMIC_RELAXED));
934 		KUNIT_EXPECT_EQ(test, tmp, 30L);
935 		KUNIT_EXPECT_EQ(test, test_var, 30L);
936 
937 		KUNIT_EXPECT_EQ(test, 30L, __atomic_fetch_add(&test_var, 1, __ATOMIC_RELAXED));
938 		KUNIT_EXPECT_EQ(test, 31L, __atomic_fetch_sub(&test_var, 1, __ATOMIC_RELAXED));
939 		KUNIT_EXPECT_EQ(test, 30L, __atomic_fetch_and(&test_var, 0xf, __ATOMIC_RELAXED));
940 		KUNIT_EXPECT_EQ(test, 14L, __atomic_fetch_xor(&test_var, 0xf, __ATOMIC_RELAXED));
941 		KUNIT_EXPECT_EQ(test, 1L, __atomic_fetch_or(&test_var, 0xf0, __ATOMIC_RELAXED));
942 		KUNIT_EXPECT_EQ(test, 241L, __atomic_fetch_nand(&test_var, 0xf, __ATOMIC_RELAXED));
943 		KUNIT_EXPECT_EQ(test, -2L, test_var);
944 
945 		__atomic_thread_fence(__ATOMIC_SEQ_CST);
946 		__atomic_signal_fence(__ATOMIC_SEQ_CST);
947 
948 		kcsan_disable_current();
949 
950 		match_never = report_available();
951 	} while (!end_test_checks(match_never));
952 	KUNIT_EXPECT_FALSE(test, match_never);
953 }
954 
955 /*
956  * Generate thread counts for all test cases. Values generated are in interval
957  * [2, 5] followed by exponentially increasing thread counts from 8 to 32.
958  *
959  * The thread counts are chosen to cover potentially interesting boundaries and
960  * corner cases (2 to 5), and then stress the system with larger counts.
961  */
962 static const void *nthreads_gen_params(const void *prev, char *desc)
963 {
964 	long nthreads = (long)prev;
965 
966 	if (nthreads < 0 || nthreads >= 32)
967 		nthreads = 0; /* stop */
968 	else if (!nthreads)
969 		nthreads = 2; /* initial value */
970 	else if (nthreads < 5)
971 		nthreads++;
972 	else if (nthreads == 5)
973 		nthreads = 8;
974 	else
975 		nthreads *= 2;
976 
977 	if (!IS_ENABLED(CONFIG_PREEMPT) || !IS_ENABLED(CONFIG_KCSAN_INTERRUPT_WATCHER)) {
978 		/*
979 		 * Without any preemption, keep 2 CPUs free for other tasks, one
980 		 * of which is the main test case function checking for
981 		 * completion or failure.
982 		 */
983 		const long min_unused_cpus = IS_ENABLED(CONFIG_PREEMPT_NONE) ? 2 : 0;
984 		const long min_required_cpus = 2 + min_unused_cpus;
985 
986 		if (num_online_cpus() < min_required_cpus) {
987 			pr_err_once("Too few online CPUs (%u < %ld) for test\n",
988 				    num_online_cpus(), min_required_cpus);
989 			nthreads = 0;
990 		} else if (nthreads >= num_online_cpus() - min_unused_cpus) {
991 			/* Use negative value to indicate last param. */
992 			nthreads = -(num_online_cpus() - min_unused_cpus);
993 			pr_warn_once("Limiting number of threads to %ld (only %d online CPUs)\n",
994 				     -nthreads, num_online_cpus());
995 		}
996 	}
997 
998 	snprintf(desc, KUNIT_PARAM_DESC_SIZE, "threads=%ld", abs(nthreads));
999 	return (void *)nthreads;
1000 }
1001 
1002 #define KCSAN_KUNIT_CASE(test_name) KUNIT_CASE_PARAM(test_name, nthreads_gen_params)
1003 static struct kunit_case kcsan_test_cases[] = {
1004 	KCSAN_KUNIT_CASE(test_basic),
1005 	KCSAN_KUNIT_CASE(test_concurrent_races),
1006 	KCSAN_KUNIT_CASE(test_novalue_change),
1007 	KCSAN_KUNIT_CASE(test_novalue_change_exception),
1008 	KCSAN_KUNIT_CASE(test_unknown_origin),
1009 	KCSAN_KUNIT_CASE(test_write_write_assume_atomic),
1010 	KCSAN_KUNIT_CASE(test_write_write_struct),
1011 	KCSAN_KUNIT_CASE(test_write_write_struct_part),
1012 	KCSAN_KUNIT_CASE(test_read_atomic_write_atomic),
1013 	KCSAN_KUNIT_CASE(test_read_plain_atomic_write),
1014 	KCSAN_KUNIT_CASE(test_read_plain_atomic_rmw),
1015 	KCSAN_KUNIT_CASE(test_zero_size_access),
1016 	KCSAN_KUNIT_CASE(test_data_race),
1017 	KCSAN_KUNIT_CASE(test_assert_exclusive_writer),
1018 	KCSAN_KUNIT_CASE(test_assert_exclusive_access),
1019 	KCSAN_KUNIT_CASE(test_assert_exclusive_access_writer),
1020 	KCSAN_KUNIT_CASE(test_assert_exclusive_bits_change),
1021 	KCSAN_KUNIT_CASE(test_assert_exclusive_bits_nochange),
1022 	KCSAN_KUNIT_CASE(test_assert_exclusive_writer_scoped),
1023 	KCSAN_KUNIT_CASE(test_assert_exclusive_access_scoped),
1024 	KCSAN_KUNIT_CASE(test_jiffies_noreport),
1025 	KCSAN_KUNIT_CASE(test_seqlock_noreport),
1026 	KCSAN_KUNIT_CASE(test_atomic_builtins),
1027 	{},
1028 };
1029 
1030 /* ===== End test cases ===== */
1031 
1032 /* Concurrent accesses from interrupts. */
1033 __no_kcsan
1034 static void access_thread_timer(struct timer_list *timer)
1035 {
1036 	static atomic_t cnt = ATOMIC_INIT(0);
1037 	unsigned int idx;
1038 	void (*func)(void);
1039 
1040 	idx = (unsigned int)atomic_inc_return(&cnt) % ARRAY_SIZE(access_kernels);
1041 	/* Acquire potential initialization. */
1042 	func = smp_load_acquire(&access_kernels[idx]);
1043 	if (func)
1044 		func();
1045 }
1046 
1047 /* The main loop for each thread. */
1048 __no_kcsan
1049 static int access_thread(void *arg)
1050 {
1051 	struct timer_list timer;
1052 	unsigned int cnt = 0;
1053 	unsigned int idx;
1054 	void (*func)(void);
1055 
1056 	timer_setup_on_stack(&timer, access_thread_timer, 0);
1057 	do {
1058 		might_sleep();
1059 
1060 		if (!timer_pending(&timer))
1061 			mod_timer(&timer, jiffies + 1);
1062 		else {
1063 			/* Iterate through all kernels. */
1064 			idx = cnt++ % ARRAY_SIZE(access_kernels);
1065 			/* Acquire potential initialization. */
1066 			func = smp_load_acquire(&access_kernels[idx]);
1067 			if (func)
1068 				func();
1069 		}
1070 	} while (!torture_must_stop());
1071 	del_timer_sync(&timer);
1072 	destroy_timer_on_stack(&timer);
1073 
1074 	torture_kthread_stopping("access_thread");
1075 	return 0;
1076 }
1077 
1078 __no_kcsan
1079 static int test_init(struct kunit *test)
1080 {
1081 	unsigned long flags;
1082 	int nthreads;
1083 	int i;
1084 
1085 	spin_lock_irqsave(&observed.lock, flags);
1086 	for (i = 0; i < ARRAY_SIZE(observed.lines); ++i)
1087 		observed.lines[i][0] = '\0';
1088 	observed.nlines = 0;
1089 	spin_unlock_irqrestore(&observed.lock, flags);
1090 
1091 	if (!torture_init_begin((char *)test->name, 1))
1092 		return -EBUSY;
1093 
1094 	if (WARN_ON(threads))
1095 		goto err;
1096 
1097 	for (i = 0; i < ARRAY_SIZE(access_kernels); ++i) {
1098 		if (WARN_ON(access_kernels[i]))
1099 			goto err;
1100 	}
1101 
1102 	nthreads = abs((long)test->param_value);
1103 	if (WARN_ON(!nthreads))
1104 		goto err;
1105 
1106 	threads = kcalloc(nthreads + 1, sizeof(struct task_struct *), GFP_KERNEL);
1107 	if (WARN_ON(!threads))
1108 		goto err;
1109 
1110 	threads[nthreads] = NULL;
1111 	for (i = 0; i < nthreads; ++i) {
1112 		if (torture_create_kthread(access_thread, NULL, threads[i]))
1113 			goto err;
1114 	}
1115 
1116 	torture_init_end();
1117 
1118 	return 0;
1119 
1120 err:
1121 	kfree(threads);
1122 	threads = NULL;
1123 	torture_init_end();
1124 	return -EINVAL;
1125 }
1126 
1127 __no_kcsan
1128 static void test_exit(struct kunit *test)
1129 {
1130 	struct task_struct **stop_thread;
1131 	int i;
1132 
1133 	if (torture_cleanup_begin())
1134 		return;
1135 
1136 	for (i = 0; i < ARRAY_SIZE(access_kernels); ++i)
1137 		WRITE_ONCE(access_kernels[i], NULL);
1138 
1139 	if (threads) {
1140 		for (stop_thread = threads; *stop_thread; stop_thread++)
1141 			torture_stop_kthread(reader_thread, *stop_thread);
1142 
1143 		kfree(threads);
1144 		threads = NULL;
1145 	}
1146 
1147 	torture_cleanup_end();
1148 }
1149 
1150 static struct kunit_suite kcsan_test_suite = {
1151 	.name = "kcsan",
1152 	.test_cases = kcsan_test_cases,
1153 	.init = test_init,
1154 	.exit = test_exit,
1155 };
1156 static struct kunit_suite *kcsan_test_suites[] = { &kcsan_test_suite, NULL };
1157 
1158 __no_kcsan
1159 static void register_tracepoints(struct tracepoint *tp, void *ignore)
1160 {
1161 	check_trace_callback_type_console(probe_console);
1162 	if (!strcmp(tp->name, "console"))
1163 		WARN_ON(tracepoint_probe_register(tp, probe_console, NULL));
1164 }
1165 
1166 __no_kcsan
1167 static void unregister_tracepoints(struct tracepoint *tp, void *ignore)
1168 {
1169 	if (!strcmp(tp->name, "console"))
1170 		tracepoint_probe_unregister(tp, probe_console, NULL);
1171 }
1172 
1173 /*
1174  * We only want to do tracepoints setup and teardown once, therefore we have to
1175  * customize the init and exit functions and cannot rely on kunit_test_suite().
1176  */
1177 static int __init kcsan_test_init(void)
1178 {
1179 	/*
1180 	 * Because we want to be able to build the test as a module, we need to
1181 	 * iterate through all known tracepoints, since the static registration
1182 	 * won't work here.
1183 	 */
1184 	for_each_kernel_tracepoint(register_tracepoints, NULL);
1185 	return __kunit_test_suites_init(kcsan_test_suites);
1186 }
1187 
1188 static void kcsan_test_exit(void)
1189 {
1190 	__kunit_test_suites_exit(kcsan_test_suites);
1191 	for_each_kernel_tracepoint(unregister_tracepoints, NULL);
1192 	tracepoint_synchronize_unregister();
1193 }
1194 
1195 late_initcall(kcsan_test_init);
1196 module_exit(kcsan_test_exit);
1197 
1198 MODULE_LICENSE("GPL v2");
1199 MODULE_AUTHOR("Marco Elver <elver@google.com>");
1200