lib/Kconfig.kcsan

# SPDX-License-Identifier: GPL-2.0-only

config HAVE_ARCH_KCSAN
	bool

menuconfig KCSAN
	bool "KCSAN: watchpoint-based dynamic data race detector"
	depends on HAVE_ARCH_KCSAN && !KASAN && STACKTRACE
	help
	  Kernel Concurrency Sanitizer is a dynamic data race detector, which
	  uses a watchpoint-based sampling approach to detect races. See
	  <file:Documentation/dev-tools/kcsan.rst> for more details.

if KCSAN

config KCSAN_DEBUG
	bool "Debugging of KCSAN internals"

config KCSAN_SELFTEST
	bool "Perform short selftests on boot"
	default y
	help
	  Run KCSAN selftests on boot. On test failure, causes the kernel to panic.

config KCSAN_EARLY_ENABLE
	bool "Early enable during boot"
	default y
	help
	  If KCSAN should be enabled globally as soon as possible. KCSAN can
	  later be enabled/disabled via debugfs.

config KCSAN_NUM_WATCHPOINTS
	int "Number of available watchpoints"
	default 64
	help
	  Total number of available watchpoints. An address range maps into a
	  specific watchpoint slot as specified in kernel/kcsan/encoding.h.
	  Although larger number of watchpoints may not be usable due to
	  limited number of CPUs, a larger value helps to improve performance
	  due to reducing cache-line contention. The chosen default is a
	  conservative value; we should almost never observe "no_capacity"
	  events (see /sys/kernel/debug/kcsan).

config KCSAN_UDELAY_TASK
	int "Delay in microseconds (for tasks)"
	default 80
	help
	  For tasks, the microsecond delay after setting up a watchpoint.

config KCSAN_UDELAY_INTERRUPT
	int "Delay in microseconds (for interrupts)"
	default 20
	help
	  For interrupts, the microsecond delay after setting up a watchpoint.
	  Interrupts have tighter latency requirements, and their delay should
	  be lower than for tasks.

config KCSAN_DELAY_RANDOMIZE
	bool "Randomize above delays"
	default y
	help
	  If delays should be randomized, where the maximum is KCSAN_UDELAY_*.
	  If false, the chosen delays are always the KCSAN_UDELAY_* values
	  as defined above.

config KCSAN_SKIP_WATCH
	int "Skip instructions before setting up watchpoint"
	default 4000
	help
	  The number of per-CPU memory operations to skip, before another
	  watchpoint is set up, i.e. one in KCSAN_WATCH_SKIP per-CPU
	  memory operations are used to set up a watchpoint. A smaller value
	  results in more aggressive race detection, whereas a larger value
	  improves system performance at the cost of missing some races.

config KCSAN_SKIP_WATCH_RANDOMIZE
	bool "Randomize watchpoint instruction skip count"
	default y
	help
	  If instruction skip count should be randomized, where the maximum is
	  KCSAN_WATCH_SKIP. If false, the chosen value is always
	  KCSAN_WATCH_SKIP.

config KCSAN_REPORT_ONCE_IN_MS
	int "Duration in milliseconds, in which any given data race is only reported once"
	default 3000
	help
	  Any given data race is only reported once in the defined time window.
	  Different data races may still generate reports within a duration
	  that is smaller than the duration defined here. This allows rate
	  limiting reporting to avoid flooding the console with reports.
	  Setting this to 0 disables rate limiting.

# The main purpose of the below options is to control reported data races (e.g.
# in fuzzer configs), and are not expected to be switched frequently by other
# users. We could turn some of them into boot parameters, but given they should
# not be switched normally, let's keep them here to simplify configuration.
#
# The defaults below are chosen to be very conservative, and may miss certain
# bugs.

config KCSAN_REPORT_RACE_UNKNOWN_ORIGIN
	bool "Report races of unknown origin"
	default y
	help
	  If KCSAN should report races where only one access is known, and the
	  conflicting access is of unknown origin. This type of race is
	  reported if it was only possible to infer a race due to a data value
	  change while an access is being delayed on a watchpoint.

config KCSAN_REPORT_VALUE_CHANGE_ONLY
	bool "Only report races where watcher observed a data value change"
	default y
	help
	  If enabled and a conflicting write is observed via a watchpoint, but
	  the data value of the memory location was observed to remain
	  unchanged, do not report the data race.

config KCSAN_ASSUME_PLAIN_WRITES_ATOMIC
	bool "Assume that plain aligned writes up to word size are atomic"
	default y
	help
	  Assume that plain aligned writes up to word size are atomic by
	  default, and also not subject to other unsafe compiler optimizations
	  resulting in data races. This will cause KCSAN to not report data
	  races due to conflicts where the only plain accesses are aligned
	  writes up to word size: conflicts between marked reads and plain
	  aligned writes up to word size will not be reported as data races;
	  notice that data races between two conflicting plain aligned writes
	  will also not be reported.

config KCSAN_IGNORE_ATOMICS
	bool "Do not instrument marked atomic accesses"
	help
	  If enabled, never instruments marked atomic accesses. This results in
	  not reporting data races where one access is atomic and the other is
	  a plain access.

endif # KCSAN