]>
Commit | Line | Data |
---|---|---|
dfd402a4 ME |
1 | # SPDX-License-Identifier: GPL-2.0-only |
2 | ||
3 | config HAVE_ARCH_KCSAN | |
4 | bool | |
5 | ||
0e1aa5b6 ME |
6 | config HAVE_KCSAN_COMPILER |
7 | def_bool CC_IS_CLANG && $(cc-option,-fsanitize=thread -mllvm -tsan-distinguish-volatile=1) | |
8 | help | |
9 | For the list of compilers that support KCSAN, please see | |
10 | <file:Documentation/dev-tools/kcsan.rst>. | |
11 | ||
ea91a1d4 AB |
12 | config KCSAN_KCOV_BROKEN |
13 | def_bool KCOV && CC_HAS_SANCOV_TRACE_PC | |
14 | depends on CC_IS_CLANG | |
15 | depends on !$(cc-option,-Werror=unused-command-line-argument -fsanitize=thread -fsanitize-coverage=trace-pc) | |
16 | help | |
17 | Some versions of clang support either KCSAN and KCOV but not the | |
18 | combination of the two. | |
19 | See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status | |
20 | in newer releases. | |
21 | ||
dfd402a4 | 22 | menuconfig KCSAN |
eba9c444 | 23 | bool "KCSAN: dynamic data race detector" |
0e1aa5b6 ME |
24 | depends on HAVE_ARCH_KCSAN && HAVE_KCSAN_COMPILER |
25 | depends on DEBUG_KERNEL && !KASAN | |
ea91a1d4 | 26 | depends on !KCSAN_KCOV_BROKEN |
8cfbb04f | 27 | select STACKTRACE |
dfd402a4 | 28 | help |
eba9c444 IM |
29 | The Kernel Concurrency Sanitizer (KCSAN) is a dynamic |
30 | data-race detector that relies on compile-time instrumentation. | |
31 | KCSAN uses a watchpoint-based sampling approach to detect races. | |
d591ec3d | 32 | |
eba9c444 IM |
33 | While KCSAN's primary purpose is to detect data races, it |
34 | also provides assertions to check data access constraints. | |
35 | These assertions can expose bugs that do not manifest as | |
36 | data races. | |
8cfbb04f ME |
37 | |
38 | See <file:Documentation/dev-tools/kcsan.rst> for more details. | |
dfd402a4 ME |
39 | |
40 | if KCSAN | |
41 | ||
2402d0ea ME |
42 | config KCSAN_VERBOSE |
43 | bool "Show verbose reports with more information about system state" | |
44 | depends on PROVE_LOCKING | |
45 | help | |
46 | If enabled, reports show more information about the system state that | |
47 | may help better analyze and debug races. This includes held locks and | |
48 | IRQ trace events. | |
49 | ||
50 | While this option should generally be benign, we call into more | |
51 | external functions on report generation; if a race report is | |
52 | generated from any one of them, system stability may suffer due to | |
53 | deadlocks or recursion. If in doubt, say N. | |
54 | ||
dfd402a4 ME |
55 | config KCSAN_DEBUG |
56 | bool "Debugging of KCSAN internals" | |
dfd402a4 ME |
57 | |
58 | config KCSAN_SELFTEST | |
59 | bool "Perform short selftests on boot" | |
60 | default y | |
61 | help | |
5cbaefe9 | 62 | Run KCSAN selftests on boot. On test failure, causes the kernel to panic. |
dfd402a4 ME |
63 | |
64 | config KCSAN_EARLY_ENABLE | |
65 | bool "Early enable during boot" | |
66 | default y | |
67 | help | |
68 | If KCSAN should be enabled globally as soon as possible. KCSAN can | |
69 | later be enabled/disabled via debugfs. | |
70 | ||
71 | config KCSAN_NUM_WATCHPOINTS | |
72 | int "Number of available watchpoints" | |
73 | default 64 | |
74 | help | |
75 | Total number of available watchpoints. An address range maps into a | |
76 | specific watchpoint slot as specified in kernel/kcsan/encoding.h. | |
77 | Although larger number of watchpoints may not be usable due to | |
78 | limited number of CPUs, a larger value helps to improve performance | |
79 | due to reducing cache-line contention. The chosen default is a | |
80 | conservative value; we should almost never observe "no_capacity" | |
81 | events (see /sys/kernel/debug/kcsan). | |
82 | ||
83 | config KCSAN_UDELAY_TASK | |
84 | int "Delay in microseconds (for tasks)" | |
85 | default 80 | |
86 | help | |
87 | For tasks, the microsecond delay after setting up a watchpoint. | |
88 | ||
89 | config KCSAN_UDELAY_INTERRUPT | |
90 | int "Delay in microseconds (for interrupts)" | |
91 | default 20 | |
92 | help | |
93 | For interrupts, the microsecond delay after setting up a watchpoint. | |
94 | Interrupts have tighter latency requirements, and their delay should | |
95 | be lower than for tasks. | |
96 | ||
97 | config KCSAN_DELAY_RANDOMIZE | |
98 | bool "Randomize above delays" | |
99 | default y | |
100 | help | |
101 | If delays should be randomized, where the maximum is KCSAN_UDELAY_*. | |
5cbaefe9 IM |
102 | If false, the chosen delays are always the KCSAN_UDELAY_* values |
103 | as defined above. | |
dfd402a4 ME |
104 | |
105 | config KCSAN_SKIP_WATCH | |
106 | int "Skip instructions before setting up watchpoint" | |
107 | default 4000 | |
108 | help | |
109 | The number of per-CPU memory operations to skip, before another | |
110 | watchpoint is set up, i.e. one in KCSAN_WATCH_SKIP per-CPU | |
111 | memory operations are used to set up a watchpoint. A smaller value | |
112 | results in more aggressive race detection, whereas a larger value | |
113 | improves system performance at the cost of missing some races. | |
114 | ||
115 | config KCSAN_SKIP_WATCH_RANDOMIZE | |
116 | bool "Randomize watchpoint instruction skip count" | |
117 | default y | |
118 | help | |
119 | If instruction skip count should be randomized, where the maximum is | |
120 | KCSAN_WATCH_SKIP. If false, the chosen value is always | |
121 | KCSAN_WATCH_SKIP. | |
122 | ||
48b1fc19 ME |
123 | config KCSAN_INTERRUPT_WATCHER |
124 | bool "Interruptible watchers" | |
125 | help | |
126 | If enabled, a task that set up a watchpoint may be interrupted while | |
127 | delayed. This option will allow KCSAN to detect races between | |
128 | interrupted tasks and other threads of execution on the same CPU. | |
129 | ||
130 | Currently disabled by default, because not all safe per-CPU access | |
131 | primitives and patterns may be accounted for, and therefore could | |
132 | result in false positives. | |
133 | ||
05f9a406 | 134 | config KCSAN_REPORT_ONCE_IN_MS |
d591ec3d | 135 | int "Duration in milliseconds, in which any given race is only reported once" |
05f9a406 ME |
136 | default 3000 |
137 | help | |
d591ec3d ME |
138 | Any given race is only reported once in the defined time window. |
139 | Different races may still generate reports within a duration that is | |
140 | smaller than the duration defined here. This allows rate limiting | |
141 | reporting to avoid flooding the console with reports. Setting this | |
142 | to 0 disables rate limiting. | |
05f9a406 | 143 | |
1e6ee2f0 ME |
144 | # The main purpose of the below options is to control reported data races (e.g. |
145 | # in fuzzer configs), and are not expected to be switched frequently by other | |
146 | # users. We could turn some of them into boot parameters, but given they should | |
147 | # not be switched normally, let's keep them here to simplify configuration. | |
148 | # | |
149 | # The defaults below are chosen to be very conservative, and may miss certain | |
150 | # bugs. | |
dfd402a4 ME |
151 | |
152 | config KCSAN_REPORT_RACE_UNKNOWN_ORIGIN | |
153 | bool "Report races of unknown origin" | |
154 | default y | |
155 | help | |
156 | If KCSAN should report races where only one access is known, and the | |
157 | conflicting access is of unknown origin. This type of race is | |
158 | reported if it was only possible to infer a race due to a data value | |
159 | change while an access is being delayed on a watchpoint. | |
160 | ||
161 | config KCSAN_REPORT_VALUE_CHANGE_ONLY | |
162 | bool "Only report races where watcher observed a data value change" | |
163 | default y | |
164 | help | |
5cbaefe9 | 165 | If enabled and a conflicting write is observed via a watchpoint, but |
dfd402a4 ME |
166 | the data value of the memory location was observed to remain |
167 | unchanged, do not report the data race. | |
168 | ||
1e6ee2f0 ME |
169 | config KCSAN_ASSUME_PLAIN_WRITES_ATOMIC |
170 | bool "Assume that plain aligned writes up to word size are atomic" | |
171 | default y | |
172 | help | |
173 | Assume that plain aligned writes up to word size are atomic by | |
174 | default, and also not subject to other unsafe compiler optimizations | |
175 | resulting in data races. This will cause KCSAN to not report data | |
176 | races due to conflicts where the only plain accesses are aligned | |
177 | writes up to word size: conflicts between marked reads and plain | |
178 | aligned writes up to word size will not be reported as data races; | |
179 | notice that data races between two conflicting plain aligned writes | |
180 | will also not be reported. | |
181 | ||
dfd402a4 ME |
182 | config KCSAN_IGNORE_ATOMICS |
183 | bool "Do not instrument marked atomic accesses" | |
dfd402a4 | 184 | help |
a249a732 ME |
185 | Never instrument marked atomic accesses. This option can be used for |
186 | additional filtering. Conflicting marked atomic reads and plain | |
187 | writes will never be reported as a data race, however, will cause | |
188 | plain reads and marked writes to result in "unknown origin" reports. | |
189 | If combined with CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN=n, data | |
190 | races where at least one access is marked atomic will never be | |
191 | reported. | |
192 | ||
193 | Similar to KCSAN_ASSUME_PLAIN_WRITES_ATOMIC, but including unaligned | |
194 | accesses, conflicting marked atomic reads and plain writes will not | |
195 | be reported as data races; however, unlike that option, data races | |
196 | due to two conflicting plain writes will be reported (aligned and | |
197 | unaligned, if CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC=n). | |
dfd402a4 ME |
198 | |
199 | endif # KCSAN |