From nobody Thu Oct 2 10:55:49 2025 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DB05314A62 for ; Thu, 18 Sep 2025 14:06:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758204384; cv=none; b=ocKOXNQrZiqfaEwSTZDc/FXTJZVXxwG8wuHBLmBL0q7zZJONPtKoGyIa57H0JRkj8Ghe2bYbShzGduXyeiZxhpM6rF7XakKsIKmDL3NSoJqq1VPw+OaMXzg0JSPE2hVEnezdCe+JIZ7yr4ue0hoNVlf++9cuH4oDhxlIOYcndQQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758204384; c=relaxed/simple; bh=oGnIDu1+DUNZfv/fxId83XO6FxlQeksOxcc+5i4BfPw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=O1CWijeQZaxkSz5wNP1QN/k+WEsW1u2RhnKdNIR5fuw7+FHLbssmYZjHv1wGkZeX5Im99LwHzDy1jgfg9Vr8/KzMRM1LbM0rRweXkxmZoh8afEe+4wlAKgTqbEGwykK/57PW0GG824rKXVK9gEjMueD1ysj5paulpg7Czpu2JY0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--elver.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=OAuOJzvJ; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--elver.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OAuOJzvJ" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-3eae869cb3fso575747f8f.0 for ; Thu, 18 Sep 2025 07:06:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1758204379; x=1758809179; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=q4us2nxi3JpTZDeL0scdeAdIw4lyPkneoFt53x8qoK8=; b=OAuOJzvJRUx0G2x9ZKlEgsTq1zSPrqfpdiYje50bzS9cLTeULECPV0hXRkR0EjiVKC Pz2mkciblmYZoPj8KZGO/YerLLf7/Jhj+Fqc0GVAEwbxAFKG6nVLnVMYu7oJ85pcwv18 1dCQQ3Mt4q6nSzF8IPN0mjFZna7sH6Oq1jzmhEcSQ3ZHVy2Ljv+xk9Im5NPQ404dRKW/ 4Uu3ovL0/+bfqJkXy7ipxVUyYNP+BGe8RVyu/PzN+EEJr4HT+jbMnuy6jS12YWuLxIsd UXXWhlUScNy2lVyYUz6/fntW/4TmO6pLyxsSd9JudOFfl+BqARmGU0D19vUxgsCEPf6g Qh1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758204379; x=1758809179; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=q4us2nxi3JpTZDeL0scdeAdIw4lyPkneoFt53x8qoK8=; b=o/DPrRrfbSokfLZVIEvPXMz45r/uGe6RnUMAquj6mDH5tQY9nc66rRgxLjSsCagc1u NAZGItyh1m5t9I7pk0NHCjyq7aLB6ChJgzBlfV9FciDefsaDAmXMQdY06ZdXRmeL29Gx KLHITIMOZkP9nOmvRZffle+diGB9fgfbTHp+tK8dtxmd7JFSA+hTFG+tLlEmrkwbKiIA ZkiYPGJe+myo0Mkvl5gv6F6bd1yTBj7Tw63W1OPbtwNZC8BObrZIMqIpchWH0PI93IqC rWZpW2ds5qAHf6BBvB+YkXyRrQv3wumgixK0dBmKzp1WfqyueGtVgmcgnNECObdL7zp/ AVtw== X-Forwarded-Encrypted: i=1; AJvYcCUTaLhcq8uAw6Dcd/h4Sxlcb2sncP79USQ9LM/JEXHnc+J6qO1WwDM43xUAa4ecJmFMgusiEYlTTd/duLY=@vger.kernel.org X-Gm-Message-State: AOJu0YxJl9VV7rd5rJ30htYngxcYZM/TpcWKi45XorIeO6DA3r8yVcKq a/X51laCgGGTEmHgcdFUdUUCsFU8xhMM1/BzHzy6KhZ6PZemT2e6Q08MB/VRgkNmoRn14scutWy 9TA== X-Google-Smtp-Source: AGHT+IForSgCnBdMYy4/yrbRoi3Bz0KlZrVTBci3S8BpGG4Qe7XF200pZ2l6iAG+7UNZ0b5azB0o4FG6fw== X-Received: from wrml2.prod.google.com ([2002:adf:e582:0:b0:3ec:dab8:7d45]) (user=elver job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2307:b0:3e4:bb5f:ee6d with SMTP id ffacd0b85a97d-3ecdf9bed46mr5359337f8f.15.1758204378633; Thu, 18 Sep 2025 07:06:18 -0700 (PDT) Date: Thu, 18 Sep 2025 15:59:30 +0200 In-Reply-To: <20250918140451.1289454-1-elver@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250918140451.1289454-1-elver@google.com> X-Mailer: git-send-email 2.51.0.384.g4c02a37b29-goog Message-ID: <20250918140451.1289454-20-elver@google.com> Subject: [PATCH v3 19/35] locking/local_lock: Support Clang's capability analysis From: Marco Elver To: elver@google.com, Peter Zijlstra , Boqun Feng , Ingo Molnar , Will Deacon Cc: "David S. Miller" , Luc Van Oostenryck , "Paul E. McKenney" , Alexander Potapenko , Arnd Bergmann , Bart Van Assche , Bill Wendling , Christoph Hellwig , Dmitry Vyukov , Eric Dumazet , Frederic Weisbecker , Greg Kroah-Hartman , Herbert Xu , Ian Rogers , Jann Horn , Joel Fernandes , Jonathan Corbet , Josh Triplett , Justin Stitt , Kees Cook , Kentaro Takeda , Lukas Bulwahn , Mark Rutland , Mathieu Desnoyers , Miguel Ojeda , Nathan Chancellor , Neeraj Upadhyay , Nick Desaulniers , Steven Rostedt , Tetsuo Handa , Thomas Gleixner , Thomas Graf , Uladzislau Rezki , Waiman Long , kasan-dev@googlegroups.com, linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-security-module@vger.kernel.org, linux-sparse@vger.kernel.org, llvm@lists.linux.dev, rcu@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add support for Clang's capability analysis for local_lock_t and local_trylock_t. Signed-off-by: Marco Elver --- v3: * Switch to DECLARE_LOCK_GUARD_1_ATTRS() (suggested by Peter) * __assert -> __assume rename * Rework __this_cpu_local_lock helper * Support local_trylock_t --- .../dev-tools/capability-analysis.rst | 2 +- include/linux/local_lock.h | 45 +++++++----- include/linux/local_lock_internal.h | 71 ++++++++++++++---- lib/test_capability-analysis.c | 73 +++++++++++++++++++ 4 files changed, 156 insertions(+), 35 deletions(-) diff --git a/Documentation/dev-tools/capability-analysis.rst b/Documentatio= n/dev-tools/capability-analysis.rst index 7a4c2238c910..9fb964e94920 100644 --- a/Documentation/dev-tools/capability-analysis.rst +++ b/Documentation/dev-tools/capability-analysis.rst @@ -82,7 +82,7 @@ Supported Kernel Primitives =20 Currently the following synchronization primitives are supported: `raw_spinlock_t`, `spinlock_t`, `rwlock_t`, `mutex`, `seqlock_t`, -`bit_spinlock`, RCU, SRCU (`srcu_struct`), `rw_semaphore`. +`bit_spinlock`, RCU, SRCU (`srcu_struct`), `rw_semaphore`, `local_lock_t`. =20 For capabilities with an initialization function (e.g., `spin_lock_init()`= ), calling this function on the capability instance before initializing any diff --git a/include/linux/local_lock.h b/include/linux/local_lock.h index 2ba846419524..cfdca5bee89e 100644 --- a/include/linux/local_lock.h +++ b/include/linux/local_lock.h @@ -13,13 +13,13 @@ * local_lock - Acquire a per CPU local lock * @lock: The lock variable */ -#define local_lock(lock) __local_lock(this_cpu_ptr(lock)) +#define local_lock(lock) __local_lock(__this_cpu_local_lock(lock)) =20 /** * local_lock_irq - Acquire a per CPU local lock and disable interrupts * @lock: The lock variable */ -#define local_lock_irq(lock) __local_lock_irq(this_cpu_ptr(lock)) +#define local_lock_irq(lock) __local_lock_irq(__this_cpu_local_lock(lock)) =20 /** * local_lock_irqsave - Acquire a per CPU local lock, save and disable @@ -28,19 +28,19 @@ * @flags: Storage for interrupt flags */ #define local_lock_irqsave(lock, flags) \ - __local_lock_irqsave(this_cpu_ptr(lock), flags) + __local_lock_irqsave(__this_cpu_local_lock(lock), flags) =20 /** * local_unlock - Release a per CPU local lock * @lock: The lock variable */ -#define local_unlock(lock) __local_unlock(this_cpu_ptr(lock)) +#define local_unlock(lock) __local_unlock(__this_cpu_local_lock(lock)) =20 /** * local_unlock_irq - Release a per CPU local lock and enable interrupts * @lock: The lock variable */ -#define local_unlock_irq(lock) __local_unlock_irq(this_cpu_ptr(lock)) +#define local_unlock_irq(lock) __local_unlock_irq(__this_cpu_local_lock(l= ock)) =20 /** * local_unlock_irqrestore - Release a per CPU local lock and restore @@ -49,7 +49,7 @@ * @flags: Interrupt flags to restore */ #define local_unlock_irqrestore(lock, flags) \ - __local_unlock_irqrestore(this_cpu_ptr(lock), flags) + __local_unlock_irqrestore(__this_cpu_local_lock(lock), flags) =20 /** * local_lock_init - Runtime initialize a lock instance @@ -64,7 +64,7 @@ * locking constrains it will _always_ fail to acquire the lock in NMI or * HARDIRQ context on PREEMPT_RT. */ -#define local_trylock(lock) __local_trylock(this_cpu_ptr(lock)) +#define local_trylock(lock) __local_trylock(__this_cpu_local_lock(lock)) =20 /** * local_trylock_irqsave - Try to acquire a per CPU local lock, save and d= isable @@ -77,27 +77,32 @@ * HARDIRQ context on PREEMPT_RT. */ #define local_trylock_irqsave(lock, flags) \ - __local_trylock_irqsave(this_cpu_ptr(lock), flags) - -DEFINE_GUARD(local_lock, local_lock_t __percpu*, - local_lock(_T), - local_unlock(_T)) -DEFINE_GUARD(local_lock_irq, local_lock_t __percpu*, - local_lock_irq(_T), - local_unlock_irq(_T)) + __local_trylock_irqsave(__this_cpu_local_lock(lock), flags) + +DEFINE_LOCK_GUARD_1(local_lock, local_lock_t __percpu, + local_lock(_T->lock), + local_unlock(_T->lock)) +DEFINE_LOCK_GUARD_1(local_lock_irq, local_lock_t __percpu, + local_lock_irq(_T->lock), + local_unlock_irq(_T->lock)) DEFINE_LOCK_GUARD_1(local_lock_irqsave, local_lock_t __percpu, local_lock_irqsave(_T->lock, _T->flags), local_unlock_irqrestore(_T->lock, _T->flags), unsigned long flags) =20 #define local_lock_nested_bh(_lock) \ - __local_lock_nested_bh(this_cpu_ptr(_lock)) + __local_lock_nested_bh(__this_cpu_local_lock(_lock)) =20 #define local_unlock_nested_bh(_lock) \ - __local_unlock_nested_bh(this_cpu_ptr(_lock)) + __local_unlock_nested_bh(__this_cpu_local_lock(_lock)) =20 -DEFINE_GUARD(local_lock_nested_bh, local_lock_t __percpu*, - local_lock_nested_bh(_T), - local_unlock_nested_bh(_T)) +DEFINE_LOCK_GUARD_1(local_lock_nested_bh, local_lock_t __percpu, + local_lock_nested_bh(_T->lock), + local_unlock_nested_bh(_T->lock)) + +DECLARE_LOCK_GUARD_1_ATTRS(local_lock, __assumes_cap(_T), /* */) +DECLARE_LOCK_GUARD_1_ATTRS(local_lock_irq, __assumes_cap(_T), /* */) +DECLARE_LOCK_GUARD_1_ATTRS(local_lock_irqsave, __assumes_cap(_T), /* */) +DECLARE_LOCK_GUARD_1_ATTRS(local_lock_nested_bh, __assumes_cap(_T), /* */) =20 #endif diff --git a/include/linux/local_lock_internal.h b/include/linux/local_lock= _internal.h index 4c0e117d2d08..22ffaf06d9eb 100644 --- a/include/linux/local_lock_internal.h +++ b/include/linux/local_lock_internal.h @@ -10,18 +10,20 @@ =20 #ifndef CONFIG_PREEMPT_RT =20 -typedef struct { +struct_with_capability(local_lock) { #ifdef CONFIG_DEBUG_LOCK_ALLOC struct lockdep_map dep_map; struct task_struct *owner; #endif -} local_lock_t; +}; +typedef struct local_lock local_lock_t; =20 /* local_trylock() and local_trylock_irqsave() only work with local_tryloc= k_t */ -typedef struct { +struct_with_capability(local_trylock) { local_lock_t llock; u8 acquired; -} local_trylock_t; +}; +typedef struct local_trylock local_trylock_t; =20 #ifdef CONFIG_DEBUG_LOCK_ALLOC # define LOCAL_LOCK_DEBUG_INIT(lockname) \ @@ -81,9 +83,14 @@ do { \ 0, LD_WAIT_CONFIG, LD_WAIT_INV, \ LD_LOCK_PERCPU); \ local_lock_debug_init(lock); \ + __assume_cap(lock); \ } while (0) =20 -#define __local_trylock_init(lock) __local_lock_init(lock.llock) +#define __local_trylock_init(lock) \ +do { \ + __local_lock_init(lock.llock); \ + __assume_cap(lock); \ +} while (0) =20 #define __spinlock_nested_bh_init(lock) \ do { \ @@ -94,6 +101,7 @@ do { \ 0, LD_WAIT_CONFIG, LD_WAIT_INV, \ LD_LOCK_NORMAL); \ local_lock_debug_init(lock); \ + __assume_cap(lock); \ } while (0) =20 #define __local_lock_acquire(lock) \ @@ -116,22 +124,25 @@ do { \ do { \ preempt_disable(); \ __local_lock_acquire(lock); \ + __acquire(lock); \ } while (0) =20 #define __local_lock_irq(lock) \ do { \ local_irq_disable(); \ __local_lock_acquire(lock); \ + __acquire(lock); \ } while (0) =20 #define __local_lock_irqsave(lock, flags) \ do { \ local_irq_save(flags); \ __local_lock_acquire(lock); \ + __acquire(lock); \ } while (0) =20 #define __local_trylock(lock) \ - ({ \ + __try_acquire_cap(lock, ({ \ local_trylock_t *tl; \ \ preempt_disable(); \ @@ -145,10 +156,10 @@ do { \ (local_lock_t *)tl); \ } \ !!tl; \ - }) + })) =20 #define __local_trylock_irqsave(lock, flags) \ - ({ \ + __try_acquire_cap(lock, ({ \ local_trylock_t *tl; \ \ local_irq_save(flags); \ @@ -162,7 +173,7 @@ do { \ (local_lock_t *)tl); \ } \ !!tl; \ - }) + })) =20 #define __local_lock_release(lock) \ do { \ @@ -182,18 +193,21 @@ do { \ =20 #define __local_unlock(lock) \ do { \ + __release(lock); \ __local_lock_release(lock); \ preempt_enable(); \ } while (0) =20 #define __local_unlock_irq(lock) \ do { \ + __release(lock); \ __local_lock_release(lock); \ local_irq_enable(); \ } while (0) =20 #define __local_unlock_irqrestore(lock, flags) \ do { \ + __release(lock); \ __local_lock_release(lock); \ local_irq_restore(flags); \ } while (0) @@ -202,13 +216,19 @@ do { \ do { \ lockdep_assert_in_softirq(); \ local_lock_acquire((lock)); \ + __acquire(lock); \ } while (0) =20 #define __local_unlock_nested_bh(lock) \ - local_lock_release((lock)) + do { \ + __release(lock); \ + local_lock_release((lock)); \ + } while (0) =20 #else /* !CONFIG_PREEMPT_RT */ =20 +#include + /* * On PREEMPT_RT local_lock maps to a per CPU spinlock, which protects the * critical section while staying preemptible. @@ -263,7 +283,7 @@ do { \ } while (0) =20 #define __local_trylock(lock) \ - ({ \ + __try_acquire_cap(lock, capability_unsafe(({ \ int __locked; \ \ if (in_nmi() | in_hardirq()) { \ @@ -275,13 +295,36 @@ do { \ migrate_enable(); \ } \ __locked; \ - }) + }))) =20 #define __local_trylock_irqsave(lock, flags) \ - ({ \ + __try_acquire_cap(lock, ({ \ typecheck(unsigned long, flags); \ flags =3D 0; \ __local_trylock(lock); \ - }) + })) + +#endif /* CONFIG_PREEMPT_RT */ =20 +#if defined(WARN_CAPABILITY_ANALYSIS) +/* + * Because the compiler only knows about the base per-CPU variable, use th= is + * helper function to make the compiler think we lock/unlock the @base var= iable, + * and hide the fact we actually pass the per-CPU instance to lock/unlock + * functions. + */ +static __always_inline local_lock_t *__this_cpu_local_lock(local_lock_t __= percpu *base) + __returns_cap(base) __attribute__((overloadable)) +{ + return this_cpu_ptr(base); +} +#ifndef CONFIG_PREEMPT_RT +static __always_inline local_trylock_t *__this_cpu_local_lock(local_tryloc= k_t __percpu *base) + __returns_cap(base) __attribute__((overloadable)) +{ + return this_cpu_ptr(base); +} #endif /* CONFIG_PREEMPT_RT */ +#else /* WARN_CAPABILITY_ANALYSIS */ +#define __this_cpu_local_lock(base) this_cpu_ptr(base) +#endif /* WARN_CAPABILITY_ANALYSIS */ diff --git a/lib/test_capability-analysis.c b/lib/test_capability-analysis.c index 3c6dad0ba065..e506dadb3933 100644 --- a/lib/test_capability-analysis.c +++ b/lib/test_capability-analysis.c @@ -6,7 +6,9 @@ =20 #include #include +#include #include +#include #include #include #include @@ -450,3 +452,74 @@ static void __used test_srcu_guard(struct test_srcu_da= ta *d) guard(srcu)(&d->srcu); (void)srcu_dereference(d->data, &d->srcu); } + +struct test_local_lock_data { + local_lock_t lock; + int counter __guarded_by(&lock); +}; + +static DEFINE_PER_CPU(struct test_local_lock_data, test_local_lock_data) = =3D { + .lock =3D INIT_LOCAL_LOCK(lock), +}; + +static void __used test_local_lock_init(struct test_local_lock_data *d) +{ + local_lock_init(&d->lock); + d->counter =3D 0; +} + +static void __used test_local_lock(void) +{ + unsigned long flags; + + local_lock(&test_local_lock_data.lock); + this_cpu_add(test_local_lock_data.counter, 1); + local_unlock(&test_local_lock_data.lock); + + local_lock_irq(&test_local_lock_data.lock); + this_cpu_add(test_local_lock_data.counter, 1); + local_unlock_irq(&test_local_lock_data.lock); + + local_lock_irqsave(&test_local_lock_data.lock, flags); + this_cpu_add(test_local_lock_data.counter, 1); + local_unlock_irqrestore(&test_local_lock_data.lock, flags); + + local_lock_nested_bh(&test_local_lock_data.lock); + this_cpu_add(test_local_lock_data.counter, 1); + local_unlock_nested_bh(&test_local_lock_data.lock); +} + +static void __used test_local_lock_guard(void) +{ + { guard(local_lock)(&test_local_lock_data.lock); this_cpu_add(test_local_= lock_data.counter, 1); } + { guard(local_lock_irq)(&test_local_lock_data.lock); this_cpu_add(test_lo= cal_lock_data.counter, 1); } + { guard(local_lock_irqsave)(&test_local_lock_data.lock); this_cpu_add(tes= t_local_lock_data.counter, 1); } + { guard(local_lock_nested_bh)(&test_local_lock_data.lock); this_cpu_add(t= est_local_lock_data.counter, 1); } +} + +struct test_local_trylock_data { + local_trylock_t lock; + int counter __guarded_by(&lock); +}; + +static DEFINE_PER_CPU(struct test_local_trylock_data, test_local_trylock_d= ata) =3D { + .lock =3D INIT_LOCAL_TRYLOCK(lock), +}; + +static void __used test_local_trylock_init(struct test_local_trylock_data = *d) +{ + local_trylock_init(&d->lock); + d->counter =3D 0; +} + +static void __used test_local_trylock(void) +{ + local_lock(&test_local_trylock_data.lock); + this_cpu_add(test_local_trylock_data.counter, 1); + local_unlock(&test_local_trylock_data.lock); + + if (local_trylock(&test_local_trylock_data.lock)) { + this_cpu_add(test_local_trylock_data.counter, 1); + local_unlock(&test_local_trylock_data.lock); + } +} --=20 2.51.0.384.g4c02a37b29-goog