Re: KCSAN: data-race in __alloc_file / __alloc_file

[Alan Stern]

On Tue, 12 Nov 2019, Linus Torvalds wrote:

> Honestly, my preferred model would have been to just add a comment,
> and have the reporting tool know to then just ignore it. So something
> like
> 
> +               // Benign data-race on min_flt
>                 tsk->min_flt++;
>                 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, regs, address);
> 
> for the case that Eric mentioned - the tool would trigger on
> "data-race", and the rest of the comment could/should be for humans.
> Without making the code uglier, but giving the potential for a nice
> leghibl.e explanation instead of a completely illegible "let's
> randomly use WRITE_ONCE() here" or something like that.

Just to be perfectly clear, then:

Your feeling is that we don't need to tell the compiler anything at all 
about these races, because if a compiler generates code that is 
non-robust against such things then you don't want to use it for the 
kernel.

And as a corollary, the only changes you want to make to the source
code are things that tell KCSAN not to worry about these races when
they occur.

Right?

> +		// Benign data-race on min_flt
> 		tsk->min_flt++;
> 		perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, regs, address);

I suggest grouping the accesses into classes somehow, and telling KCSAN
that races between accesses in the same class are okay but racing
accesses in different classes should trigger a warning.  That would
give the tool a better chance of finding genuine races.

Alan Stern