This patchset enables strict percpu address space checks via x86 named 
address space qualifiers. Percpu variables are declared in
__seg_gs/__seg_fs named AS and kept named AS qualified until they
are dereferenced via percpu accessor. This approach enables various
compiler checks for cross-namespace variable assignments.

Please note that sparse doesn't know anything about __typeof_unqual__()
operator, so the usage of __typeof_unqual__() breaks sparse checking.

Also, the last patch hijacks __percpu tag and repurposes it as a named
address space qualifier. While this works surprisingly well in this RFC
patchset, I would really appreciate some help on how to rewrite this
hack into some "production ready" code.

Cc: Dennis Zhou <dennis@kernel.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Nadav Amit <nadav.amit@gmail.com>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>

Uros Bizjak (3):
  percpu: Define __pcpu_typeof()
  percpu: Assorted fixes found by strict percpu address space checks
  percpu/x86: [RFH] Enable strict percpu checks via named AS qualifiers

 arch/x86/include/asm/percpu.h  | 53 ++++++++++++++++++++++++----------
 arch/x86/kernel/head64.c       |  3 +-
 drivers/base/devres.c          |  2 +-
 fs/aio.c                       |  2 +-
 include/linux/cleanup.h        |  4 +--
 include/linux/compiler_types.h |  2 +-
 include/linux/part_stat.h      |  2 +-
 include/linux/percpu-defs.h    | 39 ++++++++++++++++++++-----
 include/linux/prandom.h        |  1 +
 init/Kconfig                   |  3 ++
 kernel/events/hw_breakpoint.c  |  4 +--
 kernel/locking/percpu-rwsem.c  |  2 +-
 kernel/workqueue.c             |  2 +-
 lib/percpu_counter.c           |  2 +-
 net/core/dev.c                 |  2 +-
 15 files changed, 87 insertions(+), 36 deletions(-)

-- 
2.45.2

On Mon, 5 Aug 2024, Uros Bizjak wrote:

> Also, the last patch hijacks __percpu tag and repurposes it as a named
> address space qualifier. While this works surprisingly well in this RFC
> patchset, I would really appreciate some help on how to rewrite this
> hack into some "production ready" code.

This looks like good work to find issues with per cpu macro usage. Per cpu 
macros are a bit esoteric and it would be a good benefit if you can 
get this done.

Sadly I cannot help you much with the address space qualifier.

On Tue, Aug 6, 2024 at 10:32 PM Christoph Lameter (Ampere)
<cl@gentwo.org> wrote:
>
> On Mon, 5 Aug 2024, Uros Bizjak wrote:
>
> > Also, the last patch hijacks __percpu tag and repurposes it as a named
> > address space qualifier. While this works surprisingly well in this RFC
> > patchset, I would really appreciate some help on how to rewrite this
> > hack into some "production ready" code.
>
> This looks like good work to find issues with per cpu macro usage. Per cpu
> macros are a bit esoteric and it would be a good benefit if you can
> get this done.

Thanks, I will do my best.

> Sadly I cannot help you much with the address space qualifier.

I have solved this in RFC v2, please see [1].

[1] https://lore.kernel.org/lkml/20240812115945.484051-1-ubizjak@gmail.com/

Thanks and best regards,
Uros.