From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F10E53093AE for ; Mon, 17 Nov 2025 20:55:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763412940; cv=none; b=c9hR0ncVjLXbxW+/KrsnVpgXsnYwX82uW8b92Smf8uYrJK0VsLSH6ZkJKE4mtilhqPUBsTdW0UaMIqy3fjgPwNV64B2YB/J2jI/uGLnD8yTAbCNqMd7W3+ocrauwHL0eMBo21m3Ku2Wy4eaV79/vnL5jztYX4LOA3tecZ1gfXAY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763412940; c=relaxed/simple; bh=+mXbLThHTMU4crIhN5wiT2TF1jMn5zLL6EoeIJCqPX4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=nYb6TkcB0S7iYei/au2yfSWJtbOSHcaetC2wc4yztnPTnhkYsdeizdgbsLRXAOqxGiHR1MahnsAdhqpjrz5fPZy2EehcLi8MaiQ3H9XcN1rr3uXWsztvHSFPWAh1+RlDpWz42oBsM8qxp3Hnl+a0B9y6irSqj8FjCenbKfADA2o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nl4XpJUz; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nl4XpJUz" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BE485C2BC86; Mon, 17 Nov 2025 20:55:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1763412938; bh=+mXbLThHTMU4crIhN5wiT2TF1jMn5zLL6EoeIJCqPX4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=nl4XpJUzSjUvYzE8yNwcv+hMal3C4rl/sB35/yGGuufYC8rwuFapiMns0GmDWYIWY WxD7OKuTr3fkBNpTEeZLaZJcOWM4kfcbe1amGMeko3NXkjUQoVaZZny7H10HXycPAh cuYO/+3Fk39+sZeGrFMh4v3cOzw1G9sYNYF7R471/Elt4yNBMLCBqJGUDBN1WwWQc3 E2QgekaYC5GZc36UVKbATkRY3ReEOrrl6d4DroyMDap5HuJ7Ys6yS1OPPNRYg53yub Tr/TR6fgmG/cgBlMRL0WA+4aVM31RRNAzkMs2+sQ34EGPJlo72m2utxvRGaIFiNF+2 pOcKO8Sgy5/xQ== Date: Mon, 17 Nov 2025 12:55:37 -0800 From: Kees Cook To: Tzung-Bi Shih Cc: Arnd Bergmann , Greg Kroah-Hartman , linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] lkdtm: Add lockdep related crash tests Message-ID: <202511171253.0E307E6@keescook> References: <20251117033337.3730681-1-tzungbi@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20251117033337.3730681-1-tzungbi@kernel.org> On Mon, Nov 17, 2025 at 03:33:37AM +0000, Tzung-Bi Shih wrote: > Introduce various lockdep related crash tests. Cool! Do the existing lockdep tests not cover these things? And are these tests "survivable"? I ask because I'd like to see tools/testing/selftests/lkdtm/tests.txt updated at the same time when new tests are added, so they can either get tested, or have some documentation about why that can't be tested by a CI. e.g.: #PANIC_STOP_IRQOFF Crashes entire system Otherwise looks good. It'd be nice to get lockdep maintainers on CC as well too. -Kees > > Signed-off-by: Tzung-Bi Shih > --- > v2: > - Fix "warning: suggest braces around empty body in an 'else' statement [-Wempty-body]" > reported by 0day test robot. > > v1: https://lore.kernel.org/lkml/20251114062535.1827309-1-tzungbi@kernel.org/T/#u > > drivers/misc/lkdtm/Makefile | 1 + > drivers/misc/lkdtm/core.c | 1 + > drivers/misc/lkdtm/lkdtm.h | 1 + > drivers/misc/lkdtm/lockdep.c | 98 ++++++++++++++++++++++++++++++++++++ > 4 files changed, 101 insertions(+) > create mode 100644 drivers/misc/lkdtm/lockdep.c > > diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile > index 03ebe33185f9..830b71c8e6a0 100644 > --- a/drivers/misc/lkdtm/Makefile > +++ b/drivers/misc/lkdtm/Makefile > @@ -11,6 +11,7 @@ lkdtm-$(CONFIG_LKDTM) += usercopy.o > lkdtm-$(CONFIG_LKDTM) += kstack_erase.o > lkdtm-$(CONFIG_LKDTM) += cfi.o > lkdtm-$(CONFIG_LKDTM) += fortify.o > +lkdtm-$(CONFIG_LKDTM) += lockdep.o > lkdtm-$(CONFIG_PPC_64S_HASH_MMU) += powerpc.o > > KASAN_SANITIZE_stackleak.o := n > diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c > index 5732fd59a227..43e91388940f 100644 > --- a/drivers/misc/lkdtm/core.c > +++ b/drivers/misc/lkdtm/core.c > @@ -96,6 +96,7 @@ static const struct crashtype_category *crashtype_categories[] = { > &stackleak_crashtypes, > &cfi_crashtypes, > &fortify_crashtypes, > + &lockdep_crashtypes, > #ifdef CONFIG_PPC_64S_HASH_MMU > &powerpc_crashtypes, > #endif > diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h > index 015e0484026b..d2d97e6f323e 100644 > --- a/drivers/misc/lkdtm/lkdtm.h > +++ b/drivers/misc/lkdtm/lkdtm.h > @@ -84,6 +84,7 @@ extern struct crashtype_category usercopy_crashtypes; > extern struct crashtype_category stackleak_crashtypes; > extern struct crashtype_category cfi_crashtypes; > extern struct crashtype_category fortify_crashtypes; > +extern struct crashtype_category lockdep_crashtypes; > extern struct crashtype_category powerpc_crashtypes; > > /* Each category's init/exit routines. */ > diff --git a/drivers/misc/lkdtm/lockdep.c b/drivers/misc/lkdtm/lockdep.c > new file mode 100644 > index 000000000000..e029e9e60ce6 > --- /dev/null > +++ b/drivers/misc/lkdtm/lockdep.c > @@ -0,0 +1,98 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Copyright 2025 Google LLC > + * > + * Tests related to lockdep warnings. > + */ > +#include "lkdtm.h" > +#include > +#include > +#include > +#include > +#include > + > +static DEFINE_SPINLOCK(lock_A); > +static DEFINE_SPINLOCK(lock_B); > + > +/* For "WARNING: possible circular locking dependency detected". */ > +static void lkdtm_LOCKDEP_CIRCULAR_LOCK(void) > +{ > + scoped_guard(spinlock, &lock_A) > + scoped_guard(spinlock, &lock_B) {} > + scoped_guard(spinlock, &lock_B) > + scoped_guard(spinlock, &lock_A) {} > +} > + > +/* For "WARNING: possible recursive locking detected". */ > +static void lkdtm_LOCKDEP_RECURSIVE_LOCK(void) > +{ > + guard(spinlock)(&lock_A); > + guard(spinlock)(&lock_A); > +} > + > +/* For "WARNING: inconsistent lock state". */ > +static void lkdtm_LOCKDEP_INCONSISTENT_LOCK(void) > +{ > + lockdep_softirq_enter(); > + scoped_guard(spinlock, &lock_A) {} > + lockdep_softirq_exit(); > + > + scoped_guard(spinlock, &lock_A) {} > +} > + > +/* For "WARNING: Nested lock was not taken". */ > +static void lkdtm_LOCKDEP_NESTED_LOCK_NOT_HELD(void) > +{ > + spin_lock_nest_lock(&lock_B, &lock_A); > +} > + > +/* For "WARNING: bad unlock balance detected!". */ > +static void lkdtm_LOCKDEP_BAD_UNLOCK_BALANCE(void) > +{ > + spin_unlock(&lock_A); > +} > + > +/* For "WARNING: held lock freed!". */ > +static void lkdtm_LOCKDEP_HELD_LOCK_FREED(void) > +{ > + spin_lock(&lock_A); > + spin_lock_init(&lock_A); > +} > + > +/* For "WARNING: lock held when returning to user space!". */ > +static void lkdtm_LOCKDEP_HELD_LOCK(void) > +{ > + spin_lock(&lock_A); > +} > + > +/* For "WARNING: suspicious RCU usage". */ > +static void lkdtm_LOCKDEP_SUSPICIOUS_RCU(void) > +{ > + struct srcu_struct srcu; > + void __rcu *res = NULL; > + int idx; > + > + init_srcu_struct(&srcu); > + > + idx = srcu_read_lock(&srcu); > + rcu_dereference(res); > + srcu_read_unlock(&srcu, idx); > + > + cleanup_srcu_struct(&srcu); > +} > + > +static struct crashtype crashtypes[] = { > + CRASHTYPE(LOCKDEP_CIRCULAR_LOCK), > + CRASHTYPE(LOCKDEP_RECURSIVE_LOCK), > + CRASHTYPE(LOCKDEP_INCONSISTENT_LOCK), > + CRASHTYPE(LOCKDEP_NESTED_LOCK_NOT_HELD), > + CRASHTYPE(LOCKDEP_BAD_UNLOCK_BALANCE), > + CRASHTYPE(LOCKDEP_HELD_LOCK_FREED), > + CRASHTYPE(LOCKDEP_HELD_LOCK), > + CRASHTYPE(LOCKDEP_SUSPICIOUS_RCU), > +}; > + > +struct crashtype_category lockdep_crashtypes = { > + .crashtypes = crashtypes, > + .len = ARRAY_SIZE(crashtypes), > +}; > -- > 2.52.0.rc1.455.g30608eb744-goog > -- Kees Cook