Page MenuHomeFreeBSD

amd64: prevent KCSan false positives on LAPIC mapping
ClosedPublic

Authored by jah on Tue, Sep 8, 12:56 AM.

Details

Summary

For configurations without x2APIC support (guests, older hardware), the global
LAPIC MMIO mapping will trigger false-positive KCSan reports as it will appear
that multiple CPUs are concurrently reading and writing the same address.
This isn't actually true, as the underlying physical access will be performed
on the local CPU's APIC. Additionally, because LAPIC access can happen during
event timer configuration, the resulting KCSan printf can produce a panic due
to attempted recursion on event timer resources.

Add a __nosanitizethread preprocessor define to prevent the compiler from
inserting TSan hooks, and apply it to the x86 LAPIC accessors.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jah created this revision.Tue, Sep 8, 12:56 AM
jah requested review of this revision.Tue, Sep 8, 12:56 AM
jah updated this revision to Diff 76750.Tue, Sep 8, 12:57 AM

Whitespace

jah added reviewers: kib, gbe, andrew.Tue, Sep 8, 1:00 AM
jah added inline comments.
sys/x86/x86/local_apic.c
228 ↗(On Diff #76750)

I'm not sure if this is the preferred way to prevent TSan instrumentation; I didn't see a blacklist or anything similar in our codebase. I really wanted to annotate lapic_map with __nosanitizethread, but clang seems to only allow the attribute on functions.

andrew accepted this revision.Tue, Sep 8, 10:04 AM
This revision is now accepted and ready to land.Tue, Sep 8, 10:04 AM
kib accepted this revision.Tue, Sep 8, 10:38 AM

Ideally tools like KSAN should exempt all non-WB memory. The normal race definition is not appropriate there.

Normally non-WB memory would be accessed via bus_space. KCSan will ignore these.

This revision was automatically updated to reflect the committed changes.