From: Marco Elver <elver@google.com>
To: elver@google.com, Peter Zijlstra <peterz@infradead.org>,
Boqun Feng <boqun.feng@gmail.com>,
Ingo Molnar <mingo@kernel.org>, Will Deacon <will@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>,
Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
Chris Li <sparse@chrisli.org>,
"Paul E. McKenney" <paulmck@kernel.org>,
Alexander Potapenko <glider@google.com>,
Arnd Bergmann <arnd@arndb.de>,
Bart Van Assche <bvanassche@acm.org>,
Christoph Hellwig <hch@lst.de>,
Dmitry Vyukov <dvyukov@google.com>,
Eric Dumazet <edumazet@google.com>,
Frederic Weisbecker <frederic@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ian Rogers <irogers@google.com>, Jann Horn <jannh@google.com>,
Joel Fernandes <joelagnelf@nvidia.com>,
Johannes Berg <johannes.berg@intel.com>,
Jonathan Corbet <corbet@lwn.net>,
Josh Triplett <josh@joshtriplett.org>,
Justin Stitt <justinstitt@google.com>,
Kees Cook <kees@kernel.org>,
Kentaro Takeda <takedakn@nttdata.co.jp>,
Lukas Bulwahn <lukas.bulwahn@gmail.com>,
Mark Rutland <mark.rutland@arm.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Miguel Ojeda <ojeda@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Neeraj Upadhyay <neeraj.upadhyay@kernel.org>,
Nick Desaulniers <nick.desaulniers+lkml@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Thomas Gleixner <tglx@linutronix.de>,
Thomas Graf <tgraf@suug.ch>, Uladzislau Rezki <urezki@gmail.com>,
Waiman Long <longman@redhat.com>,
kasan-dev@googlegroups.com, linux-crypto@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-security-module@vger.kernel.org,
linux-sparse@vger.kernel.org, linux-wireless@vger.kernel.org,
llvm@lists.linux.dev, rcu@vger.kernel.org
Subject: [PATCH v4 06/35] cleanup: Basic compatibility with context analysis
Date: Thu, 20 Nov 2025 16:09:31 +0100 [thread overview]
Message-ID: <20251120151033.3840508-7-elver@google.com> (raw)
In-Reply-To: <20251120145835.3833031-2-elver@google.com>
Introduce basic compatibility with cleanup.h infrastructure: introduce
DECLARE_LOCK_GUARD_*_ATTRS() helpers to add attributes to constructors
and destructors respectively.
Note: Due to the scoped cleanup helpers used for lock guards wrapping
acquire and release around their own constructors/destructors that store
pointers to the passed locks in a separate struct, we currently cannot
accurately annotate *destructors* which lock was released. While it's
possible to annotate the constructor to say which lock was acquired,
that alone would result in false positives claiming the lock was not
released on function return.
Instead, to avoid false positives, we can claim that the constructor
"assumes" that the taken lock is held via __assumes_ctx_guard().
This will ensure we can still benefit from the analysis where scoped
guards are used to protect access to guarded variables, while avoiding
false positives. The only downside are false negatives where we might
accidentally lock the same lock again:
raw_spin_lock(&my_lock);
...
guard(raw_spinlock)(&my_lock); // no warning
Arguably, lockdep will immediately catch issues like this.
While Clang's analysis supports scoped guards in C++ [1], there's no way
to apply this to C right now. Better support for Linux's scoped guard
design could be added in future if deemed critical.
[1] https://clang.llvm.org/docs/ThreadSafetyAnalysis.html#scoped-context
Signed-off-by: Marco Elver <elver@google.com>
---
v4:
* Rename capability -> context analysis.
v3:
* Add *_ATTRS helpers instead of implicit __assumes_cap (suggested by Peter)
* __assert -> __assume rename
---
include/linux/cleanup.h | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/include/linux/cleanup.h b/include/linux/cleanup.h
index 2573585b7f06..4f5e9ea02f54 100644
--- a/include/linux/cleanup.h
+++ b/include/linux/cleanup.h
@@ -274,16 +274,21 @@ const volatile void * __must_check_fn(const volatile void *val)
#define DEFINE_CLASS(_name, _type, _exit, _init, _init_args...) \
typedef _type class_##_name##_t; \
+typedef _type lock_##_name##_t; \
static inline void class_##_name##_destructor(_type *p) \
+ __no_context_analysis \
{ _type _T = *p; _exit; } \
static inline _type class_##_name##_constructor(_init_args) \
+ __no_context_analysis \
{ _type t = _init; return t; }
#define EXTEND_CLASS(_name, ext, _init, _init_args...) \
+typedef lock_##_name##_t lock_##_name##ext##_t; \
typedef class_##_name##_t class_##_name##ext##_t; \
static inline void class_##_name##ext##_destructor(class_##_name##_t *p)\
{ class_##_name##_destructor(p); } \
static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
+ __no_context_analysis \
{ class_##_name##_t t = _init; return t; }
#define CLASS(_name, var) \
@@ -461,12 +466,14 @@ _label: \
*/
#define __DEFINE_UNLOCK_GUARD(_name, _type, _unlock, ...) \
+typedef _type lock_##_name##_t; \
typedef struct { \
_type *lock; \
__VA_ARGS__; \
} class_##_name##_t; \
\
static inline void class_##_name##_destructor(class_##_name##_t *_T) \
+ __no_context_analysis \
{ \
if (!__GUARD_IS_ERR(_T->lock)) { _unlock; } \
} \
@@ -475,6 +482,7 @@ __DEFINE_GUARD_LOCK_PTR(_name, &_T->lock)
#define __DEFINE_LOCK_GUARD_1(_name, _type, _lock) \
static inline class_##_name##_t class_##_name##_constructor(_type *l) \
+ __no_context_analysis \
{ \
class_##_name##_t _t = { .lock = l }, *_T = &_t; \
_lock; \
@@ -483,6 +491,7 @@ static inline class_##_name##_t class_##_name##_constructor(_type *l) \
#define __DEFINE_LOCK_GUARD_0(_name, _lock) \
static inline class_##_name##_t class_##_name##_constructor(void) \
+ __no_context_analysis \
{ \
class_##_name##_t _t = { .lock = (void*)1 }, \
*_T __maybe_unused = &_t; \
@@ -490,6 +499,14 @@ static inline class_##_name##_t class_##_name##_constructor(void) \
return _t; \
}
+#define DECLARE_LOCK_GUARD_0_ATTRS(_name, _lock, _unlock) \
+static inline class_##_name##_t class_##_name##_constructor(void) _lock;\
+static inline void class_##_name##_destructor(class_##_name##_t *_T) _unlock;
+
+#define DECLARE_LOCK_GUARD_1_ATTRS(_name, _lock, _unlock) \
+static inline class_##_name##_t class_##_name##_constructor(lock_##_name##_t *_T) _lock;\
+static inline void class_##_name##_destructor(class_##_name##_t *_T) _unlock;
+
#define DEFINE_LOCK_GUARD_1(_name, _type, _lock, _unlock, ...) \
__DEFINE_CLASS_IS_CONDITIONAL(_name, false); \
__DEFINE_UNLOCK_GUARD(_name, _type, _unlock, __VA_ARGS__) \
--
2.52.0.rc1.455.g30608eb744-goog
next prev parent reply other threads:[~2025-11-20 15:11 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-20 14:49 [PATCH v4 00/35] Compiler-Based Context- and Locking-Analysis Marco Elver
2025-11-20 14:49 ` [PATCH v4 01/35] compiler_types: Move lock checking attributes to compiler-context-analysis.h Marco Elver
2025-11-20 14:49 ` [PATCH v4 02/35] compiler-context-analysis: Add infrastructure for Context Analysis with Clang Marco Elver
2025-11-20 18:14 ` Linus Torvalds
2025-11-20 23:51 ` Marco Elver
2025-12-11 11:44 ` Peter Zijlstra
2025-12-11 12:04 ` Peter Zijlstra
2025-12-11 13:12 ` Marco Elver
2025-12-12 9:31 ` Peter Zijlstra
2025-12-12 10:37 ` Marco Elver
2025-11-20 14:49 ` [PATCH v4 03/35] compiler-context-analysis: Add test stub Marco Elver
2025-11-20 14:49 ` [PATCH v4 04/35] Documentation: Add documentation for Compiler-Based Context Analysis Marco Elver
2025-11-20 14:49 ` [PATCH v4 05/35] checkpatch: Warn about context_unsafe() without comment Marco Elver
2025-11-20 15:09 ` Marco Elver [this message]
2025-11-20 15:09 ` [PATCH v4 07/35] lockdep: Annotate lockdep assertions for context analysis Marco Elver
2025-12-11 11:43 ` Peter Zijlstra
2025-12-11 13:24 ` Marco Elver
2025-12-12 9:59 ` Peter Zijlstra
2025-12-12 10:48 ` Marco Elver
2025-11-20 15:09 ` [PATCH v4 08/35] locking/rwlock, spinlock: Support Clang's " Marco Elver
2025-12-11 11:49 ` Peter Zijlstra
2025-11-20 15:09 ` [PATCH v4 09/35] compiler-context-analysis: Change __cond_acquires to take return value Marco Elver
2025-11-20 15:09 ` [PATCH v4 10/35] locking/mutex: Support Clang's context analysis Marco Elver
2025-11-20 15:09 ` [PATCH v4 11/35] locking/seqlock: " Marco Elver
2025-11-20 15:09 ` [PATCH v4 12/35] bit_spinlock: Include missing <asm/processor.h> Marco Elver
2025-11-20 15:09 ` [PATCH v4 13/35] bit_spinlock: Support Clang's context analysis Marco Elver
2025-11-20 15:09 ` [PATCH v4 14/35] rcu: " Marco Elver
2025-12-10 19:30 ` Paul E. McKenney
2025-12-10 21:50 ` Marco Elver
2025-12-10 22:49 ` Paul E. McKenney
2025-11-20 15:09 ` [PATCH v4 15/35] srcu: " Marco Elver
2025-11-20 15:09 ` [PATCH v4 16/35] kref: Add context-analysis annotations Marco Elver
2025-12-11 12:26 ` Peter Zijlstra
2025-12-11 13:54 ` Marco Elver
2025-12-12 9:33 ` Peter Zijlstra
2025-11-20 15:09 ` [PATCH v4 17/35] locking/rwsem: Support Clang's context analysis Marco Elver
2025-11-20 15:09 ` [PATCH v4 18/35] locking/local_lock: Include missing headers Marco Elver
2025-11-20 15:09 ` [PATCH v4 19/35] locking/local_lock: Support Clang's context analysis Marco Elver
2025-11-20 15:09 ` [PATCH v4 20/35] locking/ww_mutex: " Marco Elver
2025-11-20 15:09 ` [PATCH v4 21/35] debugfs: Make debugfs_cancellation a context guard struct Marco Elver
2025-11-20 15:09 ` [PATCH v4 22/35] compiler-context-analysis: Remove Sparse support Marco Elver
2025-11-20 15:09 ` [PATCH v4 23/35] compiler-context-analysis: Remove __cond_lock() function-like helper Marco Elver
2025-11-20 15:09 ` [PATCH v4 24/35] compiler-context-analysis: Introduce header suppressions Marco Elver
2025-11-20 15:09 ` [PATCH v4 25/35] compiler: Let data_race() imply disabled context analysis Marco Elver
2025-11-20 15:09 ` [PATCH v4 26/35] MAINTAINERS: Add entry for Context Analysis Marco Elver
2025-11-20 15:09 ` [PATCH v4 27/35] kfence: Enable context analysis Marco Elver
2025-11-20 15:09 ` [PATCH v4 28/35] kcov: " Marco Elver
2025-11-20 15:09 ` [PATCH v4 29/35] kcsan: " Marco Elver
2025-11-20 15:09 ` [PATCH v4 30/35] stackdepot: " Marco Elver
2025-11-20 15:09 ` [PATCH v4 31/35] rhashtable: " Marco Elver
2025-11-20 15:09 ` [PATCH v4 32/35] printk: Move locking annotation to printk.c Marco Elver
2025-11-20 15:09 ` [PATCH v4 33/35] security/tomoyo: Enable context analysis Marco Elver
2025-11-20 15:09 ` [PATCH v4 34/35] crypto: " Marco Elver
2025-11-20 15:10 ` [PATCH v4 35/35] sched: Enable context analysis for core.c and fair.c Marco Elver
2025-12-11 9:55 ` [PATCH v4 06/35] cleanup: Basic compatibility with context analysis Peter Zijlstra
2025-12-11 11:51 ` Peter Zijlstra
2025-12-11 12:16 ` Peter Zijlstra
2025-12-11 13:19 ` Marco Elver
2025-12-12 9:43 ` Peter Zijlstra
2025-12-12 10:15 ` Marco Elver
2025-12-12 11:09 ` Peter Zijlstra
2025-12-15 13:38 ` Marco Elver
2025-12-15 15:53 ` Marco Elver
2025-12-16 11:01 ` Marco Elver
2025-12-16 15:57 ` Marco Elver
2025-12-18 11:23 ` Peter Zijlstra
2025-12-16 12:23 ` Peter Zijlstra
2025-12-16 13:26 ` Marco Elver
2025-12-19 18:59 ` Bart Van Assche
2025-12-16 12:32 ` Peter Zijlstra
2025-12-16 13:23 ` Marco Elver
2025-12-16 13:41 ` Peter Zijlstra
2025-12-10 16:18 ` [PATCH v4 00/35] Compiler-Based Context- and Locking-Analysis Marco Elver
2025-12-10 16:37 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251120151033.3840508-7-elver@google.com \
--to=elver@google.com \
--cc=arnd@arndb.de \
--cc=boqun.feng@gmail.com \
--cc=bvanassche@acm.org \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=frederic@kernel.org \
--cc=glider@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=irogers@google.com \
--cc=jannh@google.com \
--cc=joelagnelf@nvidia.com \
--cc=johannes.berg@intel.com \
--cc=josh@joshtriplett.org \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sparse@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=longman@redhat.com \
--cc=luc.vanoostenryck@gmail.com \
--cc=lukas.bulwahn@gmail.com \
--cc=mark.rutland@arm.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mingo@kernel.org \
--cc=nathan@kernel.org \
--cc=neeraj.upadhyay@kernel.org \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=ojeda@kernel.org \
--cc=paulmck@kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=peterz@infradead.org \
--cc=rcu@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=sparse@chrisli.org \
--cc=takedakn@nttdata.co.jp \
--cc=tglx@linutronix.de \
--cc=tgraf@suug.ch \
--cc=urezki@gmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).