[linux-block.git] / lib / Kconfig.kcsan

# SPDX-License-Identifier: GPL-2.0-only

config HAVE_ARCH_KCSAN
	bool

menuconfig KCSAN
	bool "KCSAN: dynamic data race detector"
	depends on HAVE_ARCH_KCSAN && DEBUG_KERNEL && !KASAN
	select STACKTRACE
	help
	  The Kernel Concurrency Sanitizer (KCSAN) is a dynamic data race
	  detector, which relies on compile-time instrumentation, and uses a
	  watchpoint-based sampling approach to detect data races.

	  See <file:Documentation/dev-tools/kcsan.rst> for more details.

if KCSAN

config KCSAN_DEBUG
	bool "Debugging of KCSAN internals"

config KCSAN_SELFTEST
	bool "Perform short selftests on boot"
	default y
	help
	  Run KCSAN selftests on boot. On test failure, causes the kernel to panic.

config KCSAN_EARLY_ENABLE
	bool "Early enable during boot"
	default y
	help
	  If KCSAN should be enabled globally as soon as possible. KCSAN can
	  later be enabled/disabled via debugfs.

config KCSAN_NUM_WATCHPOINTS
	int "Number of available watchpoints"
	default 64
	help
	  Total number of available watchpoints. An address range maps into a
	  specific watchpoint slot as specified in kernel/kcsan/encoding.h.
	  Although larger number of watchpoints may not be usable due to
	  limited number of CPUs, a larger value helps to improve performance
	  due to reducing cache-line contention. The chosen default is a
	  conservative value; we should almost never observe "no_capacity"
	  events (see /sys/kernel/debug/kcsan).

config KCSAN_UDELAY_TASK
	int "Delay in microseconds (for tasks)"
	default 80
	help
	  For tasks, the microsecond delay after setting up a watchpoint.

config KCSAN_UDELAY_INTERRUPT
	int "Delay in microseconds (for interrupts)"
	default 20
	help
	  For interrupts, the microsecond delay after setting up a watchpoint.
	  Interrupts have tighter latency requirements, and their delay should
	  be lower than for tasks.

config KCSAN_DELAY_RANDOMIZE
	bool "Randomize above delays"
	default y
	help
	  If delays should be randomized, where the maximum is KCSAN_UDELAY_*.
	  If false, the chosen delays are always the KCSAN_UDELAY_* values
	  as defined above.

config KCSAN_SKIP_WATCH
	int "Skip instructions before setting up watchpoint"
	default 4000
	help
	  The number of per-CPU memory operations to skip, before another
	  watchpoint is set up, i.e. one in KCSAN_WATCH_SKIP per-CPU
	  memory operations are used to set up a watchpoint. A smaller value
	  results in more aggressive race detection, whereas a larger value
	  improves system performance at the cost of missing some races.

config KCSAN_SKIP_WATCH_RANDOMIZE
	bool "Randomize watchpoint instruction skip count"
	default y
	help
	  If instruction skip count should be randomized, where the maximum is
	  KCSAN_WATCH_SKIP. If false, the chosen value is always
	  KCSAN_WATCH_SKIP.

config KCSAN_REPORT_ONCE_IN_MS
	int "Duration in milliseconds, in which any given data race is only reported once"
	default 3000
	help
	  Any given data race is only reported once in the defined time window.
	  Different data races may still generate reports within a duration
	  that is smaller than the duration defined here. This allows rate
	  limiting reporting to avoid flooding the console with reports.
	  Setting this to 0 disables rate limiting.

# The main purpose of the below options is to control reported data races (e.g.
# in fuzzer configs), and are not expected to be switched frequently by other
# users. We could turn some of them into boot parameters, but given they should
# not be switched normally, let's keep them here to simplify configuration.
#
# The defaults below are chosen to be very conservative, and may miss certain
# bugs.

config KCSAN_REPORT_RACE_UNKNOWN_ORIGIN
	bool "Report races of unknown origin"
	default y
	help
	  If KCSAN should report races where only one access is known, and the
	  conflicting access is of unknown origin. This type of race is
	  reported if it was only possible to infer a race due to a data value
	  change while an access is being delayed on a watchpoint.

config KCSAN_REPORT_VALUE_CHANGE_ONLY
	bool "Only report races where watcher observed a data value change"
	default y
	help
	  If enabled and a conflicting write is observed via a watchpoint, but
	  the data value of the memory location was observed to remain
	  unchanged, do not report the data race.

config KCSAN_ASSUME_PLAIN_WRITES_ATOMIC
	bool "Assume that plain aligned writes up to word size are atomic"
	default y
	help
	  Assume that plain aligned writes up to word size are atomic by
	  default, and also not subject to other unsafe compiler optimizations
	  resulting in data races. This will cause KCSAN to not report data
	  races due to conflicts where the only plain accesses are aligned
	  writes up to word size: conflicts between marked reads and plain
	  aligned writes up to word size will not be reported as data races;
	  notice that data races between two conflicting plain aligned writes
	  will also not be reported.

config KCSAN_IGNORE_ATOMICS
	bool "Do not instrument marked atomic accesses"
	help
	  Never instrument marked atomic accesses. This option can be used for
	  additional filtering. Conflicting marked atomic reads and plain
	  writes will never be reported as a data race, however, will cause
	  plain reads and marked writes to result in "unknown origin" reports.
	  If combined with CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN=n, data
	  races where at least one access is marked atomic will never be
	  reported.

	  Similar to KCSAN_ASSUME_PLAIN_WRITES_ATOMIC, but including unaligned
	  accesses, conflicting marked atomic reads and plain writes will not
	  be reported as data races; however, unlike that option, data races
	  due to two conflicting plain writes will be reported (aligned and
	  unaligned, if CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC=n).

endif # KCSAN
Commit	Line	Data
dfd402a4 ME	1	# SPDX-License-Identifier: GPL-2.0-only
	2
	3	config HAVE_ARCH_KCSAN
	4	bool
	5
	6	menuconfig KCSAN
8cfbb04f ME	7	bool "KCSAN: dynamic data race detector"
	8	depends on HAVE_ARCH_KCSAN && DEBUG_KERNEL && !KASAN
	9	select STACKTRACE
dfd402a4	10	help
8cfbb04f ME	11	The Kernel Concurrency Sanitizer (KCSAN) is a dynamic data race
	12	detector, which relies on compile-time instrumentation, and uses a
	13	watchpoint-based sampling approach to detect data races.
	14
	15	See <file:Documentation/dev-tools/kcsan.rst> for more details.
dfd402a4 ME	16
	17	if KCSAN
	18
	19	config KCSAN_DEBUG
	20	bool "Debugging of KCSAN internals"
dfd402a4 ME	21
	22	config KCSAN_SELFTEST
	23	bool "Perform short selftests on boot"
	24	default y
	25	help
5cbaefe9	26	Run KCSAN selftests on boot. On test failure, causes the kernel to panic.
dfd402a4 ME	27
	28	config KCSAN_EARLY_ENABLE
	29	bool "Early enable during boot"
	30	default y
	31	help
	32	If KCSAN should be enabled globally as soon as possible. KCSAN can
	33	later be enabled/disabled via debugfs.
	34
	35	config KCSAN_NUM_WATCHPOINTS
	36	int "Number of available watchpoints"
	37	default 64
	38	help
	39	Total number of available watchpoints. An address range maps into a
	40	specific watchpoint slot as specified in kernel/kcsan/encoding.h.
	41	Although larger number of watchpoints may not be usable due to
	42	limited number of CPUs, a larger value helps to improve performance
	43	due to reducing cache-line contention. The chosen default is a
	44	conservative value; we should almost never observe "no_capacity"
	45	events (see /sys/kernel/debug/kcsan).
	46
	47	config KCSAN_UDELAY_TASK
	48	int "Delay in microseconds (for tasks)"
	49	default 80
	50	help
	51	For tasks, the microsecond delay after setting up a watchpoint.
	52
	53	config KCSAN_UDELAY_INTERRUPT
	54	int "Delay in microseconds (for interrupts)"
	55	default 20
	56	help
	57	For interrupts, the microsecond delay after setting up a watchpoint.
	58	Interrupts have tighter latency requirements, and their delay should
	59	be lower than for tasks.
	60
	61	config KCSAN_DELAY_RANDOMIZE
	62	bool "Randomize above delays"
	63	default y
	64	help
	65	If delays should be randomized, where the maximum is KCSAN_UDELAY_*.
5cbaefe9 IM	66	If false, the chosen delays are always the KCSAN_UDELAY_* values
5cbaefe9 IM	67	as defined above.
dfd402a4 ME	68
	69	config KCSAN_SKIP_WATCH
	70	int "Skip instructions before setting up watchpoint"
	71	default 4000
	72	help
	73	The number of per-CPU memory operations to skip, before another
	74	watchpoint is set up, i.e. one in KCSAN_WATCH_SKIP per-CPU
	75	memory operations are used to set up a watchpoint. A smaller value
	76	results in more aggressive race detection, whereas a larger value
	77	improves system performance at the cost of missing some races.
	78
	79	config KCSAN_SKIP_WATCH_RANDOMIZE
	80	bool "Randomize watchpoint instruction skip count"
	81	default y
	82	help
	83	If instruction skip count should be randomized, where the maximum is
	84	KCSAN_WATCH_SKIP. If false, the chosen value is always
	85	KCSAN_WATCH_SKIP.
	86
05f9a406 ME	87	config KCSAN_REPORT_ONCE_IN_MS
	88	int "Duration in milliseconds, in which any given data race is only reported once"
	89	default 3000
	90	help
	91	Any given data race is only reported once in the defined time window.
	92	Different data races may still generate reports within a duration
	93	that is smaller than the duration defined here. This allows rate
	94	limiting reporting to avoid flooding the console with reports.
	95	Setting this to 0 disables rate limiting.
	96
1e6ee2f0 ME	97	# The main purpose of the below options is to control reported data races (e.g.
	98	# in fuzzer configs), and are not expected to be switched frequently by other
	99	# users. We could turn some of them into boot parameters, but given they should
	100	# not be switched normally, let's keep them here to simplify configuration.
	101	#
	102	# The defaults below are chosen to be very conservative, and may miss certain
	103	# bugs.
dfd402a4 ME	104
	105	config KCSAN_REPORT_RACE_UNKNOWN_ORIGIN
	106	bool "Report races of unknown origin"
	107	default y
	108	help
	109	If KCSAN should report races where only one access is known, and the
	110	conflicting access is of unknown origin. This type of race is
	111	reported if it was only possible to infer a race due to a data value
	112	change while an access is being delayed on a watchpoint.
	113
	114	config KCSAN_REPORT_VALUE_CHANGE_ONLY
	115	bool "Only report races where watcher observed a data value change"
	116	default y
	117	help
5cbaefe9	118	If enabled and a conflicting write is observed via a watchpoint, but
dfd402a4 ME	119	the data value of the memory location was observed to remain
	120	unchanged, do not report the data race.
	121
1e6ee2f0 ME	122	config KCSAN_ASSUME_PLAIN_WRITES_ATOMIC
	123	bool "Assume that plain aligned writes up to word size are atomic"
	124	default y
	125	help
	126	Assume that plain aligned writes up to word size are atomic by
	127	default, and also not subject to other unsafe compiler optimizations
	128	resulting in data races. This will cause KCSAN to not report data
	129	races due to conflicts where the only plain accesses are aligned
	130	writes up to word size: conflicts between marked reads and plain
	131	aligned writes up to word size will not be reported as data races;
	132	notice that data races between two conflicting plain aligned writes
	133	will also not be reported.
	134
dfd402a4 ME	135	config KCSAN_IGNORE_ATOMICS
dfd402a4 ME	136	bool "Do not instrument marked atomic accesses"
dfd402a4	137	help
a249a732 ME	138	Never instrument marked atomic accesses. This option can be used for
	139	additional filtering. Conflicting marked atomic reads and plain
	140	writes will never be reported as a data race, however, will cause
	141	plain reads and marked writes to result in "unknown origin" reports.
	142	If combined with CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN=n, data
	143	races where at least one access is marked atomic will never be
	144	reported.
	145
	146	Similar to KCSAN_ASSUME_PLAIN_WRITES_ATOMIC, but including unaligned
	147	accesses, conflicting marked atomic reads and plain writes will not
	148	be reported as data races; however, unlike that option, data races
	149	due to two conflicting plain writes will be reported (aligned and
	150	unaligned, if CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC=n).
dfd402a4 ME	151
dfd402a4 ME	152	endif # KCSAN