Commit | Line | Data |
---|---|---|
dfd402a4 ME |
1 | # SPDX-License-Identifier: GPL-2.0-only |
2 | ||
3 | config HAVE_ARCH_KCSAN | |
4 | bool | |
5 | ||
6 | menuconfig KCSAN | |
8cfbb04f ME |
7 | bool "KCSAN: dynamic data race detector" |
8 | depends on HAVE_ARCH_KCSAN && DEBUG_KERNEL && !KASAN | |
9 | select STACKTRACE | |
dfd402a4 | 10 | help |
8cfbb04f ME |
11 | The Kernel Concurrency Sanitizer (KCSAN) is a dynamic data race |
12 | detector, which relies on compile-time instrumentation, and uses a | |
13 | watchpoint-based sampling approach to detect data races. | |
14 | ||
15 | See <file:Documentation/dev-tools/kcsan.rst> for more details. | |
dfd402a4 ME |
16 | |
17 | if KCSAN | |
18 | ||
19 | config KCSAN_DEBUG | |
20 | bool "Debugging of KCSAN internals" | |
dfd402a4 ME |
21 | |
22 | config KCSAN_SELFTEST | |
23 | bool "Perform short selftests on boot" | |
24 | default y | |
25 | help | |
5cbaefe9 | 26 | Run KCSAN selftests on boot. On test failure, causes the kernel to panic. |
dfd402a4 ME |
27 | |
28 | config KCSAN_EARLY_ENABLE | |
29 | bool "Early enable during boot" | |
30 | default y | |
31 | help | |
32 | If KCSAN should be enabled globally as soon as possible. KCSAN can | |
33 | later be enabled/disabled via debugfs. | |
34 | ||
35 | config KCSAN_NUM_WATCHPOINTS | |
36 | int "Number of available watchpoints" | |
37 | default 64 | |
38 | help | |
39 | Total number of available watchpoints. An address range maps into a | |
40 | specific watchpoint slot as specified in kernel/kcsan/encoding.h. | |
41 | Although larger number of watchpoints may not be usable due to | |
42 | limited number of CPUs, a larger value helps to improve performance | |
43 | due to reducing cache-line contention. The chosen default is a | |
44 | conservative value; we should almost never observe "no_capacity" | |
45 | events (see /sys/kernel/debug/kcsan). | |
46 | ||
47 | config KCSAN_UDELAY_TASK | |
48 | int "Delay in microseconds (for tasks)" | |
49 | default 80 | |
50 | help | |
51 | For tasks, the microsecond delay after setting up a watchpoint. | |
52 | ||
53 | config KCSAN_UDELAY_INTERRUPT | |
54 | int "Delay in microseconds (for interrupts)" | |
55 | default 20 | |
56 | help | |
57 | For interrupts, the microsecond delay after setting up a watchpoint. | |
58 | Interrupts have tighter latency requirements, and their delay should | |
59 | be lower than for tasks. | |
60 | ||
61 | config KCSAN_DELAY_RANDOMIZE | |
62 | bool "Randomize above delays" | |
63 | default y | |
64 | help | |
65 | If delays should be randomized, where the maximum is KCSAN_UDELAY_*. | |
5cbaefe9 IM |
66 | If false, the chosen delays are always the KCSAN_UDELAY_* values |
67 | as defined above. | |
dfd402a4 ME |
68 | |
69 | config KCSAN_SKIP_WATCH | |
70 | int "Skip instructions before setting up watchpoint" | |
71 | default 4000 | |
72 | help | |
73 | The number of per-CPU memory operations to skip, before another | |
74 | watchpoint is set up, i.e. one in KCSAN_WATCH_SKIP per-CPU | |
75 | memory operations are used to set up a watchpoint. A smaller value | |
76 | results in more aggressive race detection, whereas a larger value | |
77 | improves system performance at the cost of missing some races. | |
78 | ||
79 | config KCSAN_SKIP_WATCH_RANDOMIZE | |
80 | bool "Randomize watchpoint instruction skip count" | |
81 | default y | |
82 | help | |
83 | If instruction skip count should be randomized, where the maximum is | |
84 | KCSAN_WATCH_SKIP. If false, the chosen value is always | |
85 | KCSAN_WATCH_SKIP. | |
86 | ||
05f9a406 ME |
87 | config KCSAN_REPORT_ONCE_IN_MS |
88 | int "Duration in milliseconds, in which any given data race is only reported once" | |
89 | default 3000 | |
90 | help | |
91 | Any given data race is only reported once in the defined time window. | |
92 | Different data races may still generate reports within a duration | |
93 | that is smaller than the duration defined here. This allows rate | |
94 | limiting reporting to avoid flooding the console with reports. | |
95 | Setting this to 0 disables rate limiting. | |
96 | ||
1e6ee2f0 ME |
97 | # The main purpose of the below options is to control reported data races (e.g. |
98 | # in fuzzer configs), and are not expected to be switched frequently by other | |
99 | # users. We could turn some of them into boot parameters, but given they should | |
100 | # not be switched normally, let's keep them here to simplify configuration. | |
101 | # | |
102 | # The defaults below are chosen to be very conservative, and may miss certain | |
103 | # bugs. | |
dfd402a4 ME |
104 | |
105 | config KCSAN_REPORT_RACE_UNKNOWN_ORIGIN | |
106 | bool "Report races of unknown origin" | |
107 | default y | |
108 | help | |
109 | If KCSAN should report races where only one access is known, and the | |
110 | conflicting access is of unknown origin. This type of race is | |
111 | reported if it was only possible to infer a race due to a data value | |
112 | change while an access is being delayed on a watchpoint. | |
113 | ||
114 | config KCSAN_REPORT_VALUE_CHANGE_ONLY | |
115 | bool "Only report races where watcher observed a data value change" | |
116 | default y | |
117 | help | |
5cbaefe9 | 118 | If enabled and a conflicting write is observed via a watchpoint, but |
dfd402a4 ME |
119 | the data value of the memory location was observed to remain |
120 | unchanged, do not report the data race. | |
121 | ||
1e6ee2f0 ME |
122 | config KCSAN_ASSUME_PLAIN_WRITES_ATOMIC |
123 | bool "Assume that plain aligned writes up to word size are atomic" | |
124 | default y | |
125 | help | |
126 | Assume that plain aligned writes up to word size are atomic by | |
127 | default, and also not subject to other unsafe compiler optimizations | |
128 | resulting in data races. This will cause KCSAN to not report data | |
129 | races due to conflicts where the only plain accesses are aligned | |
130 | writes up to word size: conflicts between marked reads and plain | |
131 | aligned writes up to word size will not be reported as data races; | |
132 | notice that data races between two conflicting plain aligned writes | |
133 | will also not be reported. | |
134 | ||
dfd402a4 ME |
135 | config KCSAN_IGNORE_ATOMICS |
136 | bool "Do not instrument marked atomic accesses" | |
dfd402a4 | 137 | help |
a249a732 ME |
138 | Never instrument marked atomic accesses. This option can be used for |
139 | additional filtering. Conflicting marked atomic reads and plain | |
140 | writes will never be reported as a data race, however, will cause | |
141 | plain reads and marked writes to result in "unknown origin" reports. | |
142 | If combined with CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN=n, data | |
143 | races where at least one access is marked atomic will never be | |
144 | reported. | |
145 | ||
146 | Similar to KCSAN_ASSUME_PLAIN_WRITES_ATOMIC, but including unaligned | |
147 | accesses, conflicting marked atomic reads and plain writes will not | |
148 | be reported as data races; however, unlike that option, data races | |
149 | due to two conflicting plain writes will be reported (aligned and | |
150 | unaligned, if CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC=n). | |
dfd402a4 ME |
151 | |
152 | endif # KCSAN |