// SPDX-License-Identifier: GPL-2.0
/*
 * KCSAN test with various race scenarious to test runtime behaviour. Since the
 * interface with which KCSAN's reports are obtained is via the console, this is
 * the output we should verify. For each test case checks the presence (or
 * absence) of generated reports. Relies on 'console' tracepoint to capture
 * reports as they appear in the kernel log.
 *
 * Makes use of KUnit for test organization, and the Torture framework for test
 * thread control.
 *
 * Copyright (C) 2020, Google LLC.
 * Author: Marco Elver <elver@google.com>
 */

#include <kunit/test.h>
#include <linux/jiffies.h>
#include <linux/kcsan-checks.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/seqlock.h>
#include <linux/spinlock.h>
#include <linux/string.h>
#include <linux/timer.h>
#include <linux/torture.h>
#include <linux/tracepoint.h>
#include <linux/types.h>
#include <trace/events/printk.h>

#ifdef CONFIG_CC_HAS_TSAN_COMPOUND_READ_BEFORE_WRITE
#define __KCSAN_ACCESS_RW(alt) (KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE)
#else
#define __KCSAN_ACCESS_RW(alt) (alt)
#endif

/* Points to current test-case memory access "kernels". */
static void (*access_kernels[2])(void);

static struct task_struct **threads; /* Lists of threads. */
static unsigned long end_time;       /* End time of test. */

/* Report as observed from console. */
static struct {
        spinlock_t lock;
        int nlines;
        char lines[3][512];
} observed = {
        .lock = __SPIN_LOCK_UNLOCKED(observed.lock),
};

/* Setup test checking loop. */
static __no_kcsan inline void
begin_test_checks(void (*func1)(void), void (*func2)(void))
{
        kcsan_disable_current();

        /*
         * Require at least as long as KCSAN_REPORT_ONCE_IN_MS, to ensure at
         * least one race is reported.
         */
        end_time = jiffies + msecs_to_jiffies(CONFIG_KCSAN_REPORT_ONCE_IN_MS + 500);

        /* Signal start; release potential initialization of shared data. */
        smp_store_release(&access_kernels[0], func1);
        smp_store_release(&access_kernels[1], func2);
}

/* End test checking loop. */
static __no_kcsan inline bool
end_test_checks(bool stop)
{
        if (!stop && time_before(jiffies, end_time)) {
                /* Continue checking */
                might_sleep();
                return false;
        }

        kcsan_enable_current();
        return true;
}

/*
 * Probe for console output: checks if a race was reported, and obtains observed
 * lines of interest.
 */
__no_kcsan
static void probe_console(void *ignore, const char *buf, size_t len)
{
        unsigned long flags;
        int nlines;

        /*
         * Note that KCSAN reports under a global lock, so we do not risk the
         * possibility of having multiple reports interleaved. If that were the
         * case, we'd expect tests to fail.
         */

        spin_lock_irqsave(&observed.lock, flags);
        nlines = observed.nlines;

        if (strnstr(buf, "BUG: KCSAN: ", len) && strnstr(buf, "test_", len)) {
                /*
                 * KCSAN report and related to the test.
                 *
                 * The provided @buf is not NUL-terminated; copy no more than
                 * @len bytes and let strscpy() add the missing NUL-terminator.
                 */
                strscpy(observed.lines[0], buf, min(len + 1, sizeof(observed.lines[0])));
                nlines = 1;
        } else if ((nlines == 1 || nlines == 2) && strnstr(buf, "bytes by", len)) {
                strscpy(observed.lines[nlines++], buf, min(len + 1, sizeof(observed.lines[0])));

                if (strnstr(buf, "race at unknown origin", len)) {
                        if (WARN_ON(nlines != 2))
                                goto out;

                        /* No second line of interest. */
                        strcpy(observed.lines[nlines++], "<none>");
                }
        }

out:
        WRITE_ONCE(observed.nlines, nlines); /* Publish new nlines. */
        spin_unlock_irqrestore(&observed.lock, flags);
}

/* Check if a report related to the test exists. */
__no_kcsan
static bool report_available(void)
{
        return READ_ONCE(observed.nlines) == ARRAY_SIZE(observed.lines);
}

/* Report information we expect in a report. */
struct expect_report {
        /* Access information of both accesses. */
        struct {
                void *fn;    /* Function pointer to expected function of top frame. */
                void *addr;  /* Address of access; unchecked if NULL. */
                size_t size; /* Size of access; unchecked if @addr is NULL. */
                int type;    /* Access type, see KCSAN_ACCESS definitions. */
        } access[2];
};

/* Check observed report matches information in @r. */
__no_kcsan
static bool report_matches(const struct expect_report *r)
{
        const bool is_assert = (r->access[0].type | r->access[1].type) & KCSAN_ACCESS_ASSERT;
        bool ret = false;
        unsigned long flags;
        typeof(observed.lines) expect;
        const char *end;
        char *cur;
        int i;

        /* Doubled-checked locking. */
        if (!report_available())
                return false;

        /* Generate expected report contents. */

        /* Title */
        cur = expect[0];
        end = &expect[0][sizeof(expect[0]) - 1];
        cur += scnprintf(cur, end - cur, "BUG: KCSAN: %s in ",
                         is_assert ? "assert: race" : "data-race");
        if (r->access[1].fn) {
                char tmp[2][64];
                int cmp;

                /* Expect lexographically sorted function names in title. */
                scnprintf(tmp[0], sizeof(tmp[0]), "%pS", r->access[0].fn);
                scnprintf(tmp[1], sizeof(tmp[1]), "%pS", r->access[1].fn);
                cmp = strcmp(tmp[0], tmp[1]);
                cur += scnprintf(cur, end - cur, "%ps / %ps",
                                 cmp < 0 ? r->access[0].fn : r->access[1].fn,
                                 cmp < 0 ? r->access[1].fn : r->access[0].fn);
        } else {
                scnprintf(cur, end - cur, "%pS", r->access[0].fn);
                /* The exact offset won't match, remove it. */
                cur = strchr(expect[0], '+');
                if (cur)
                        *cur = '\0';
        }

        /* Access 1 */
        cur = expect[1];
        end = &expect[1][sizeof(expect[1]) - 1];
        if (!r->access[1].fn)
                cur += scnprintf(cur, end - cur, "race at unknown origin, with ");

        /* Access 1 & 2 */
        for (i = 0; i < 2; ++i) {
                const int ty = r->access[i].type;
                const char *const access_type =
                        (ty & KCSAN_ACCESS_ASSERT) ?
                                      ((ty & KCSAN_ACCESS_WRITE) ?
                                               "assert no accesses" :
                                               "assert no writes") :
                                      ((ty & KCSAN_ACCESS_WRITE) ?
                                               ((ty & KCSAN_ACCESS_COMPOUND) ?
                                                        "read-write" :
                                                        "write") :
                                               "read");
                const char *const access_type_aux =
                        (ty & KCSAN_ACCESS_ATOMIC) ?
                                      " (marked)" :
                                      ((ty & KCSAN_ACCESS_SCOPED) ? " (scoped)" : "");

                if (i == 1) {
                        /* Access 2 */
                        cur = expect[2];
                        end = &expect[2][sizeof(expect[2]) - 1];

                        if (!r->access[1].fn) {
                                /* Dummy string if no second access is available. */
                                strcpy(cur, "<none>");
                                break;
                        }
                }

                cur += scnprintf(cur, end - cur, "%s%s to ", access_type,
                                 access_type_aux);

                if (r->access[i].addr) /* Address is optional. */
                        cur += scnprintf(cur, end - cur, "0x%px of %zu bytes",
                                         r->access[i].addr, r->access[i].size);
        }

        spin_lock_irqsave(&observed.lock, flags);
        if (!report_available())
                goto out; /* A new report is being captured. */

        /* Finally match expected output to what we actually observed. */
        ret = strstr(observed.lines[0], expect[0]) &&
              /* Access info may appear in any order. */
              ((strstr(observed.lines[1], expect[1]) &&
                strstr(observed.lines[2], expect[2])) ||
               (strstr(observed.lines[1], expect[2]) &&
                strstr(observed.lines[2], expect[1])));
out:
        spin_unlock_irqrestore(&observed.lock, flags);
        return ret;
}

/* ===== Test kernels ===== */

static long test_sink;
static long test_var;
/* @test_array should be large enough to fall into multiple watchpoint slots. */
static long test_array[3 * PAGE_SIZE / sizeof(long)];
static struct {
        long val[8];
} test_struct;
static DEFINE_SEQLOCK(test_seqlock);

/*
 * Helper to avoid compiler optimizing out reads, and to generate source values
 * for writes.
 */
__no_kcsan
static noinline void sink_value(long v) { WRITE_ONCE(test_sink, v); }

static noinline void test_kernel_read(void) { sink_value(test_var); }

static noinline void test_kernel_write(void)
{
        test_var = READ_ONCE_NOCHECK(test_sink) + 1;
}

static noinline void test_kernel_write_nochange(void) { test_var = 42; }

/* Suffixed by value-change exception filter. */
static noinline void test_kernel_write_nochange_rcu(void) { test_var = 42; }

static noinline void test_kernel_read_atomic(void)
{
        sink_value(READ_ONCE(test_var));
}

static noinline void test_kernel_write_atomic(void)
{
        WRITE_ONCE(test_var, READ_ONCE_NOCHECK(test_sink) + 1);
}

static noinline void test_kernel_atomic_rmw(void)
{
        /* Use builtin, so we can set up the "bad" atomic/non-atomic scenario. */
        __atomic_fetch_add(&test_var, 1, __ATOMIC_RELAXED);
}

__no_kcsan
static noinline void test_kernel_write_uninstrumented(void) { test_var++; }

static noinline void test_kernel_data_race(void) { data_race(test_var++); }

static noinline void test_kernel_assert_writer(void)
{
        ASSERT_EXCLUSIVE_WRITER(test_var);
}

static noinline void test_kernel_assert_access(void)
{
        ASSERT_EXCLUSIVE_ACCESS(test_var);
}

#define TEST_CHANGE_BITS 0xff00ff00

static noinline void test_kernel_change_bits(void)
{
        if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS)) {
                /*
                 * Avoid race of unknown origin for this test, just pretend they
                 * are atomic.
                 */
                kcsan_nestable_atomic_begin();
                test_var ^= TEST_CHANGE_BITS;
                kcsan_nestable_atomic_end();
        } else
                WRITE_ONCE(test_var, READ_ONCE(test_var) ^ TEST_CHANGE_BITS);
}

static noinline void test_kernel_assert_bits_change(void)
{
        ASSERT_EXCLUSIVE_BITS(test_var, TEST_CHANGE_BITS);
}

static noinline void test_kernel_assert_bits_nochange(void)
{
        ASSERT_EXCLUSIVE_BITS(test_var, ~TEST_CHANGE_BITS);
}

/* To check that scoped assertions do trigger anywhere in scope. */
static noinline void test_enter_scope(void)
{
        int x = 0;

        /* Unrelated accesses to scoped assert. */
        READ_ONCE(test_sink);
        kcsan_check_read(&x, sizeof(x));
}

static noinline void test_kernel_assert_writer_scoped(void)
{
        ASSERT_EXCLUSIVE_WRITER_SCOPED(test_var);
        test_enter_scope();
}

static noinline void test_kernel_assert_access_scoped(void)
{
        ASSERT_EXCLUSIVE_ACCESS_SCOPED(test_var);
        test_enter_scope();
}

static noinline void test_kernel_rmw_array(void)
{
        int i;

        for (i = 0; i < ARRAY_SIZE(test_array); ++i)
                test_array[i]++;
}

static noinline void test_kernel_write_struct(void)
{
        kcsan_check_write(&test_struct, sizeof(test_struct));
        kcsan_disable_current();
        test_struct.val[3]++; /* induce value change */
        kcsan_enable_current();
}

static noinline void test_kernel_write_struct_part(void)
{
        test_struct.val[3] = 42;
}

static noinline void test_kernel_read_struct_zero_size(void)
{
        kcsan_check_read(&test_struct.val[3], 0);
}

static noinline void test_kernel_jiffies_reader(void)
{
        sink_value((long)jiffies);
}

static noinline void test_kernel_seqlock_reader(void)
{
        unsigned int seq;

        do {
                seq = read_seqbegin(&test_seqlock);
                sink_value(test_var);
        } while (read_seqretry(&test_seqlock, seq));
}

static noinline void test_kernel_seqlock_writer(void)
{
        unsigned long flags;

        write_seqlock_irqsave(&test_seqlock, flags);
        test_var++;
        write_sequnlock_irqrestore(&test_seqlock, flags);
}

static noinline void test_kernel_atomic_builtins(void)
{
        /*
         * Generate concurrent accesses, expecting no reports, ensuring KCSAN
         * treats builtin atomics as actually atomic.
         */
        __atomic_load_n(&test_var, __ATOMIC_RELAXED);
}

/* ===== Test cases ===== */

/* Simple test with normal data race. */
__no_kcsan
static void test_basic(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                },
        };
        static const struct expect_report never = {
                .access = {
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                },
        };
        bool match_expect = false;
        bool match_never = false;

        begin_test_checks(test_kernel_write, test_kernel_read);
        do {
                match_expect |= report_matches(&expect);
                match_never = report_matches(&never);
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_TRUE(test, match_expect);
        KUNIT_EXPECT_FALSE(test, match_never);
}

/*
 * Stress KCSAN with lots of concurrent races on different addresses until
 * timeout.
 */
__no_kcsan
static void test_concurrent_races(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        /* NULL will match any address. */
                        { test_kernel_rmw_array, NULL, 0, __KCSAN_ACCESS_RW(KCSAN_ACCESS_WRITE) },
                        { test_kernel_rmw_array, NULL, 0, __KCSAN_ACCESS_RW(0) },
                },
        };
        static const struct expect_report never = {
                .access = {
                        { test_kernel_rmw_array, NULL, 0, 0 },
                        { test_kernel_rmw_array, NULL, 0, 0 },
                },
        };
        bool match_expect = false;
        bool match_never = false;

        begin_test_checks(test_kernel_rmw_array, test_kernel_rmw_array);
        do {
                match_expect |= report_matches(&expect);
                match_never |= report_matches(&never);
        } while (!end_test_checks(false));
        KUNIT_EXPECT_TRUE(test, match_expect); /* Sanity check matches exist. */
        KUNIT_EXPECT_FALSE(test, match_never);
}

/* Test the KCSAN_REPORT_VALUE_CHANGE_ONLY option. */
__no_kcsan
static void test_novalue_change(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_write_nochange, test_kernel_read);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        if (IS_ENABLED(CONFIG_KCSAN_REPORT_VALUE_CHANGE_ONLY))
                KUNIT_EXPECT_FALSE(test, match_expect);
        else
                KUNIT_EXPECT_TRUE(test, match_expect);
}

/*
 * Test that the rules where the KCSAN_REPORT_VALUE_CHANGE_ONLY option should
 * never apply work.
 */
__no_kcsan
static void test_novalue_change_exception(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_write_nochange_rcu, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_write_nochange_rcu, test_kernel_read);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        KUNIT_EXPECT_TRUE(test, match_expect);
}

/* Test that data races of unknown origin are reported. */
__no_kcsan
static void test_unknown_origin(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                        { NULL },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_write_uninstrumented, test_kernel_read);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        if (IS_ENABLED(CONFIG_KCSAN_REPORT_RACE_UNKNOWN_ORIGIN))
                KUNIT_EXPECT_TRUE(test, match_expect);
        else
                KUNIT_EXPECT_FALSE(test, match_expect);
}

/* Test KCSAN_ASSUME_PLAIN_WRITES_ATOMIC if it is selected. */
__no_kcsan
static void test_write_write_assume_atomic(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
                        { test_kernel_write, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_write, test_kernel_write);
        do {
                sink_value(READ_ONCE(test_var)); /* induce value-change */
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        if (IS_ENABLED(CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC))
                KUNIT_EXPECT_FALSE(test, match_expect);
        else
                KUNIT_EXPECT_TRUE(test, match_expect);
}

/*
 * Test that data races with writes larger than word-size are always reported,
 * even if KCSAN_ASSUME_PLAIN_WRITES_ATOMIC is selected.
 */
__no_kcsan
static void test_write_write_struct(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
                        { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_write_struct, test_kernel_write_struct);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        KUNIT_EXPECT_TRUE(test, match_expect);
}

/*
 * Test that data races where only one write is larger than word-size are always
 * reported, even if KCSAN_ASSUME_PLAIN_WRITES_ATOMIC is selected.
 */
__no_kcsan
static void test_write_write_struct_part(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
                        { test_kernel_write_struct_part, &test_struct.val[3], sizeof(test_struct.val[3]), KCSAN_ACCESS_WRITE },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_write_struct, test_kernel_write_struct_part);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        KUNIT_EXPECT_TRUE(test, match_expect);
}

/* Test that races with atomic accesses never result in reports. */
__no_kcsan
static void test_read_atomic_write_atomic(struct kunit *test)
{
        bool match_never = false;

        begin_test_checks(test_kernel_read_atomic, test_kernel_write_atomic);
        do {
                match_never = report_available();
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_FALSE(test, match_never);
}

/* Test that a race with an atomic and plain access result in reports. */
__no_kcsan
static void test_read_plain_atomic_write(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                        { test_kernel_write_atomic, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC },
                },
        };
        bool match_expect = false;

        if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS))
                return;

        begin_test_checks(test_kernel_read, test_kernel_write_atomic);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        KUNIT_EXPECT_TRUE(test, match_expect);
}

/* Test that atomic RMWs generate correct report. */
__no_kcsan
static void test_read_plain_atomic_rmw(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                        { test_kernel_atomic_rmw, &test_var, sizeof(test_var),
                                KCSAN_ACCESS_COMPOUND | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ATOMIC },
                },
        };
        bool match_expect = false;

        if (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS))
                return;

        begin_test_checks(test_kernel_read, test_kernel_atomic_rmw);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        KUNIT_EXPECT_TRUE(test, match_expect);
}

/* Zero-sized accesses should never cause data race reports. */
__no_kcsan
static void test_zero_size_access(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
                        { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
                },
        };
        const struct expect_report never = {
                .access = {
                        { test_kernel_write_struct, &test_struct, sizeof(test_struct), KCSAN_ACCESS_WRITE },
                        { test_kernel_read_struct_zero_size, &test_struct.val[3], 0, 0 },
                },
        };
        bool match_expect = false;
        bool match_never = false;

        begin_test_checks(test_kernel_write_struct, test_kernel_read_struct_zero_size);
        do {
                match_expect |= report_matches(&expect);
                match_never = report_matches(&never);
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_TRUE(test, match_expect); /* Sanity check. */
        KUNIT_EXPECT_FALSE(test, match_never);
}

/* Test the data_race() macro. */
__no_kcsan
static void test_data_race(struct kunit *test)
{
        bool match_never = false;

        begin_test_checks(test_kernel_data_race, test_kernel_data_race);
        do {
                match_never = report_available();
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_FALSE(test, match_never);
}

__no_kcsan
static void test_assert_exclusive_writer(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
                        { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_assert_writer, test_kernel_write_nochange);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        KUNIT_EXPECT_TRUE(test, match_expect);
}

__no_kcsan
static void test_assert_exclusive_access(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_assert_access, test_kernel_read);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        KUNIT_EXPECT_TRUE(test, match_expect);
}

__no_kcsan
static void test_assert_exclusive_access_writer(struct kunit *test)
{
        const struct expect_report expect_access_writer = {
                .access = {
                        { test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
                        { test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
                },
        };
        const struct expect_report expect_access_access = {
                .access = {
                        { test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
                        { test_kernel_assert_access, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE },
                },
        };
        const struct expect_report never = {
                .access = {
                        { test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
                        { test_kernel_assert_writer, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
                },
        };
        bool match_expect_access_writer = false;
        bool match_expect_access_access = false;
        bool match_never = false;

        begin_test_checks(test_kernel_assert_access, test_kernel_assert_writer);
        do {
                match_expect_access_writer |= report_matches(&expect_access_writer);
                match_expect_access_access |= report_matches(&expect_access_access);
                match_never |= report_matches(&never);
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_TRUE(test, match_expect_access_writer);
        KUNIT_EXPECT_TRUE(test, match_expect_access_access);
        KUNIT_EXPECT_FALSE(test, match_never);
}

__no_kcsan
static void test_assert_exclusive_bits_change(struct kunit *test)
{
        const struct expect_report expect = {
                .access = {
                        { test_kernel_assert_bits_change, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT },
                        { test_kernel_change_bits, &test_var, sizeof(test_var),
                                KCSAN_ACCESS_WRITE | (IS_ENABLED(CONFIG_KCSAN_IGNORE_ATOMICS) ? 0 : KCSAN_ACCESS_ATOMIC) },
                },
        };
        bool match_expect = false;

        begin_test_checks(test_kernel_assert_bits_change, test_kernel_change_bits);
        do {
                match_expect = report_matches(&expect);
        } while (!end_test_checks(match_expect));
        KUNIT_EXPECT_TRUE(test, match_expect);
}

__no_kcsan
static void test_assert_exclusive_bits_nochange(struct kunit *test)
{
        bool match_never = false;

        begin_test_checks(test_kernel_assert_bits_nochange, test_kernel_change_bits);
        do {
                match_never = report_available();
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_FALSE(test, match_never);
}

__no_kcsan
static void test_assert_exclusive_writer_scoped(struct kunit *test)
{
        const struct expect_report expect_start = {
                .access = {
                        { test_kernel_assert_writer_scoped, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_SCOPED },
                        { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
                },
        };
        const struct expect_report expect_anywhere = {
                .access = {
                        { test_enter_scope, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_SCOPED },
                        { test_kernel_write_nochange, &test_var, sizeof(test_var), KCSAN_ACCESS_WRITE },
                },
        };
        bool match_expect_start = false;
        bool match_expect_anywhere = false;

        begin_test_checks(test_kernel_assert_writer_scoped, test_kernel_write_nochange);
        do {
                match_expect_start |= report_matches(&expect_start);
                match_expect_anywhere |= report_matches(&expect_anywhere);
        } while (!end_test_checks(match_expect_start && match_expect_anywhere));
        KUNIT_EXPECT_TRUE(test, match_expect_start);
        KUNIT_EXPECT_TRUE(test, match_expect_anywhere);
}

__no_kcsan
static void test_assert_exclusive_access_scoped(struct kunit *test)
{
        const struct expect_report expect_start1 = {
                .access = {
                        { test_kernel_assert_access_scoped, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_SCOPED },
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                },
        };
        const struct expect_report expect_start2 = {
                .access = { expect_start1.access[0], expect_start1.access[0] },
        };
        const struct expect_report expect_inscope = {
                .access = {
                        { test_enter_scope, &test_var, sizeof(test_var), KCSAN_ACCESS_ASSERT | KCSAN_ACCESS_WRITE | KCSAN_ACCESS_SCOPED },
                        { test_kernel_read, &test_var, sizeof(test_var), 0 },
                },
        };
        bool match_expect_start = false;
        bool match_expect_inscope = false;

        begin_test_checks(test_kernel_assert_access_scoped, test_kernel_read);
        end_time += msecs_to_jiffies(1000); /* This test requires a bit more time. */
        do {
                match_expect_start |= report_matches(&expect_start1) || report_matches(&expect_start2);
                match_expect_inscope |= report_matches(&expect_inscope);
        } while (!end_test_checks(match_expect_start && match_expect_inscope));
        KUNIT_EXPECT_TRUE(test, match_expect_start);
        KUNIT_EXPECT_TRUE(test, match_expect_inscope);
}

/*
 * jiffies is special (declared to be volatile) and its accesses are typically
 * not marked; this test ensures that the compiler nor KCSAN gets confused about
 * jiffies's declaration on different architectures.
 */
__no_kcsan
static void test_jiffies_noreport(struct kunit *test)
{
        bool match_never = false;

        begin_test_checks(test_kernel_jiffies_reader, test_kernel_jiffies_reader);
        do {
                match_never = report_available();
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_FALSE(test, match_never);
}

/* Test that racing accesses in seqlock critical sections are not reported. */
__no_kcsan
static void test_seqlock_noreport(struct kunit *test)
{
        bool match_never = false;

        begin_test_checks(test_kernel_seqlock_reader, test_kernel_seqlock_writer);
        do {
                match_never = report_available();
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_FALSE(test, match_never);
}

/*
 * Test atomic builtins work and required instrumentation functions exist. We
 * also test that KCSAN understands they're atomic by racing with them via
 * test_kernel_atomic_builtins(), and expect no reports.
 *
 * The atomic builtins _SHOULD NOT_ be used in normal kernel code!
 */
static void test_atomic_builtins(struct kunit *test)
{
        bool match_never = false;

        begin_test_checks(test_kernel_atomic_builtins, test_kernel_atomic_builtins);
        do {
                long tmp;

                kcsan_enable_current();

                __atomic_store_n(&test_var, 42L, __ATOMIC_RELAXED);
                KUNIT_EXPECT_EQ(test, 42L, __atomic_load_n(&test_var, __ATOMIC_RELAXED));

                KUNIT_EXPECT_EQ(test, 42L, __atomic_exchange_n(&test_var, 20, __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, 20L, test_var);

                tmp = 20L;
                KUNIT_EXPECT_TRUE(test, __atomic_compare_exchange_n(&test_var, &tmp, 30L,
                                                                    0, __ATOMIC_RELAXED,
                                                                    __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, tmp, 20L);
                KUNIT_EXPECT_EQ(test, test_var, 30L);
                KUNIT_EXPECT_FALSE(test, __atomic_compare_exchange_n(&test_var, &tmp, 40L,
                                                                     1, __ATOMIC_RELAXED,
                                                                     __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, tmp, 30L);
                KUNIT_EXPECT_EQ(test, test_var, 30L);

                KUNIT_EXPECT_EQ(test, 30L, __atomic_fetch_add(&test_var, 1, __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, 31L, __atomic_fetch_sub(&test_var, 1, __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, 30L, __atomic_fetch_and(&test_var, 0xf, __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, 14L, __atomic_fetch_xor(&test_var, 0xf, __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, 1L, __atomic_fetch_or(&test_var, 0xf0, __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, 241L, __atomic_fetch_nand(&test_var, 0xf, __ATOMIC_RELAXED));
                KUNIT_EXPECT_EQ(test, -2L, test_var);

                __atomic_thread_fence(__ATOMIC_SEQ_CST);
                __atomic_signal_fence(__ATOMIC_SEQ_CST);

                kcsan_disable_current();

                match_never = report_available();
        } while (!end_test_checks(match_never));
        KUNIT_EXPECT_FALSE(test, match_never);
}

/*
 * Each test case is run with different numbers of threads. Until KUnit supports
 * passing arguments for each test case, we encode #threads in the test case
 * name (read by get_num_threads()). [The '-' was chosen as a stylistic
 * preference to separate test name and #threads.]
 *
 * The thread counts are chosen to cover potentially interesting boundaries and
 * corner cases (range 2-5), and then stress the system with larger counts.
 */
#define KCSAN_KUNIT_CASE(test_name)                                            \
        { .run_case = test_name, .name = #test_name "-02" },                   \
        { .run_case = test_name, .name = #test_name "-03" },                   \
        { .run_case = test_name, .name = #test_name "-04" },                   \
        { .run_case = test_name, .name = #test_name "-05" },                   \
        { .run_case = test_name, .name = #test_name "-08" },                   \
        { .run_case = test_name, .name = #test_name "-16" }

static struct kunit_case kcsan_test_cases[] = {
        KCSAN_KUNIT_CASE(test_basic),
        KCSAN_KUNIT_CASE(test_concurrent_races),
        KCSAN_KUNIT_CASE(test_novalue_change),
        KCSAN_KUNIT_CASE(test_novalue_change_exception),
        KCSAN_KUNIT_CASE(test_unknown_origin),
        KCSAN_KUNIT_CASE(test_write_write_assume_atomic),
        KCSAN_KUNIT_CASE(test_write_write_struct),
        KCSAN_KUNIT_CASE(test_write_write_struct_part),
        KCSAN_KUNIT_CASE(test_read_atomic_write_atomic),
        KCSAN_KUNIT_CASE(test_read_plain_atomic_write),
        KCSAN_KUNIT_CASE(test_read_plain_atomic_rmw),
        KCSAN_KUNIT_CASE(test_zero_size_access),
        KCSAN_KUNIT_CASE(test_data_race),
        KCSAN_KUNIT_CASE(test_assert_exclusive_writer),
        KCSAN_KUNIT_CASE(test_assert_exclusive_access),
        KCSAN_KUNIT_CASE(test_assert_exclusive_access_writer),
        KCSAN_KUNIT_CASE(test_assert_exclusive_bits_change),
        KCSAN_KUNIT_CASE(test_assert_exclusive_bits_nochange),
        KCSAN_KUNIT_CASE(test_assert_exclusive_writer_scoped),
        KCSAN_KUNIT_CASE(test_assert_exclusive_access_scoped),
        KCSAN_KUNIT_CASE(test_jiffies_noreport),
        KCSAN_KUNIT_CASE(test_seqlock_noreport),
        KCSAN_KUNIT_CASE(test_atomic_builtins),
        {},
};

/* ===== End test cases ===== */

/* Get number of threads encoded in test name. */
static bool __no_kcsan

get_num_threads(const char *test, int *nthreads)
{
        int len = strlen(test);

        if (WARN_ON(len < 3))
                return false;

        *nthreads = test[len - 1] - '0';
        *nthreads += (test[len - 2] - '0') * 10;

        if (WARN_ON(*nthreads < 0))
                return false;

        return true;
}

/* Concurrent accesses from interrupts. */
__no_kcsan
static void access_thread_timer(struct timer_list *timer)
{
        static atomic_t cnt = ATOMIC_INIT(0);
        unsigned int idx;
        void (*func)(void);

        idx = (unsigned int)atomic_inc_return(&cnt) % ARRAY_SIZE(access_kernels);
        /* Acquire potential initialization. */
        func = smp_load_acquire(&access_kernels[idx]);
        if (func)
                func();
}

/* The main loop for each thread. */
__no_kcsan
static int access_thread(void *arg)
{
        struct timer_list timer;
        unsigned int cnt = 0;
        unsigned int idx;
        void (*func)(void);

        timer_setup_on_stack(&timer, access_thread_timer, 0);
        do {
                might_sleep();

                if (!timer_pending(&timer))
                        mod_timer(&timer, jiffies + 1);
                else {
                        /* Iterate through all kernels. */
                        idx = cnt++ % ARRAY_SIZE(access_kernels);
                        /* Acquire potential initialization. */
                        func = smp_load_acquire(&access_kernels[idx]);
                        if (func)
                                func();
                }
        } while (!torture_must_stop());
        del_timer_sync(&timer);
        destroy_timer_on_stack(&timer);

        torture_kthread_stopping("access_thread");
        return 0;
}

__no_kcsan
static int test_init(struct kunit *test)
{
        unsigned long flags;
        int nthreads;
        int i;

        spin_lock_irqsave(&observed.lock, flags);
        for (i = 0; i < ARRAY_SIZE(observed.lines); ++i)
                observed.lines[i][0] = '\0';
        observed.nlines = 0;
        spin_unlock_irqrestore(&observed.lock, flags);

        if (!torture_init_begin((char *)test->name, 1))
                return -EBUSY;

        if (!get_num_threads(test->name, &nthreads))
                goto err;

        if (WARN_ON(threads))
                goto err;

        for (i = 0; i < ARRAY_SIZE(access_kernels); ++i) {
                if (WARN_ON(access_kernels[i]))
                        goto err;
        }

        if (!IS_ENABLED(CONFIG_PREEMPT) || !IS_ENABLED(CONFIG_KCSAN_INTERRUPT_WATCHER)) {
                /*
                 * Without any preemption, keep 2 CPUs free for other tasks, one
                 * of which is the main test case function checking for
                 * completion or failure.
                 */
                const int min_unused_cpus = IS_ENABLED(CONFIG_PREEMPT_NONE) ? 2 : 0;
                const int min_required_cpus = 2 + min_unused_cpus;

                if (num_online_cpus() < min_required_cpus) {
                        pr_err("%s: too few online CPUs (%u < %d) for test",
                               test->name, num_online_cpus(), min_required_cpus);
                        goto err;
                } else if (nthreads > num_online_cpus() - min_unused_cpus) {
                        nthreads = num_online_cpus() - min_unused_cpus;
                        pr_warn("%s: limiting number of threads to %d\n",
                                test->name, nthreads);
                }
        }

        if (nthreads) {
                threads = kcalloc(nthreads + 1, sizeof(struct task_struct *),
                                  GFP_KERNEL);
                if (WARN_ON(!threads))
                        goto err;

                threads[nthreads] = NULL;
                for (i = 0; i < nthreads; ++i) {
                        if (torture_create_kthread(access_thread, NULL,
                                                   threads[i]))
                                goto err;
                }
        }

        torture_init_end();

        return 0;

err:
        kfree(threads);
        threads = NULL;
        torture_init_end();
        return -EINVAL;
}

__no_kcsan
static void test_exit(struct kunit *test)
{
        struct task_struct **stop_thread;
        int i;

        if (torture_cleanup_begin())
                return;

        for (i = 0; i < ARRAY_SIZE(access_kernels); ++i)
                WRITE_ONCE(access_kernels[i], NULL);

        if (threads) {
                for (stop_thread = threads; *stop_thread; stop_thread++)
                        torture_stop_kthread(reader_thread, *stop_thread);

                kfree(threads);
                threads = NULL;
        }

        torture_cleanup_end();
}

static struct kunit_suite kcsan_test_suite = {
        .name = "kcsan-test",
        .test_cases = kcsan_test_cases,
        .init = test_init,
        .exit = test_exit,
};
static struct kunit_suite *kcsan_test_suites[] = { &kcsan_test_suite, NULL };

__no_kcsan
static void register_tracepoints(struct tracepoint *tp, void *ignore)
{
        check_trace_callback_type_console(probe_console);
        if (!strcmp(tp->name, "console"))
                WARN_ON(tracepoint_probe_register(tp, probe_console, NULL));
}

__no_kcsan
static void unregister_tracepoints(struct tracepoint *tp, void *ignore)
{
        if (!strcmp(tp->name, "console"))
                tracepoint_probe_unregister(tp, probe_console, NULL);
}

/*
 * We only want to do tracepoints setup and teardown once, therefore we have to
 * customize the init and exit functions and cannot rely on kunit_test_suite().
 */
static int __init kcsan_test_init(void)
{
        /*
         * Because we want to be able to build the test as a module, we need to
         * iterate through all known tracepoints, since the static registration
         * won't work here.
         */
        for_each_kernel_tracepoint(register_tracepoints, NULL);
        return __kunit_test_suites_init(kcsan_test_suites);
}

static void kcsan_test_exit(void)
{
        __kunit_test_suites_exit(kcsan_test_suites);
        for_each_kernel_tracepoint(unregister_tracepoints, NULL);
        tracepoint_synchronize_unregister();
}

late_initcall(kcsan_test_init);
module_exit(kcsan_test_exit);

MODULE_LICENSE("GPL v2");
MODULE_AUTHOR("Marco Elver <elver@google.com>");