From nobody Thu Oct 2 10:55:45 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 76EFA31D387 for ; Thu, 18 Sep 2025 14:07:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758204423; cv=none; b=LIy4dQQrr/b7a97P4JlltDOHEWJta7nddfeXicGQtEaawD3zgid/kEV658HuUtd4SCMCrbsnBx5lKZtt8bnVWlKzSYzA0+YRCgsZZrZQlfQoVwbN1+ffdCmnRRuQxkdbYh3Xu34/Hf5pSx/mvd0o9GueRJwA2wofo27w7u5Ki5Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758204423; c=relaxed/simple; bh=41zYcnwdahTtmTnsLSfjaNV/RBUfdx4KxCxFo+VAJKU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YsH6Ac8P5VdeKh3q73ZDVxLTLEJNlOPhUZWwWElBjfz7xo2T8q8kV+D3pY17u3+uhVNejD92qlV0WNcMXvuEPzyRYX8AcVRCgAkAIHT4Mbr6+kukX1fPrxe7KoxX9kBDGxKw5SOEv2bsm3FaI1/ARyp8M13EjdAKeq/ofSXxb0E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--elver.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sND9cOIO; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--elver.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sND9cOIO" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-45dd9a66c3fso3739955e9.1 for ; Thu, 18 Sep 2025 07:07:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1758204419; x=1758809219; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Z5tu8oxzXQKTnOUiHAzfcXoFAwF2lpCAIFKrvKZ236c=; b=sND9cOIOHcWTcKp1+JrGNROEgUMTnj5gqUVlMB6zldArRhm7zZfVEXADwmP9DXxm9g d99Rywq0b1erqhbEc7QDdWAeqDRroxtdHJMYu04BNUAjll2xyhe+9vjch5cR9GEvpHI3 RBw8RAAvXE3ASUAEWYBqkiRrGV0VVhSvNY9kW+pIKYf8IyPOoCAKR9Ptp65dhe2hHFM9 eO/AS6aZpAmGojjIBQZHDLZMft/bBlCf+c22b+ZfjZUD6mPwFqD8PFpXl9ctkzBlZA81 jCfHC3Kjh4R9Mtgc28oKaokvC2L85QiSA9FjOICIM9+sBC8AfSHDufZJutLreKXyoDqX BqmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758204419; x=1758809219; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Z5tu8oxzXQKTnOUiHAzfcXoFAwF2lpCAIFKrvKZ236c=; b=EUzWWpypAAvuFiSUG5h8tYPuzDMnX/YuqtnHLRLzrA92j+dKfI/MttpmbQmNuS4NKD YKIH98gk3UrwYuUrmrhbFT3SO+Fj+9qhc4iWDuFmnuGfrzkeh4ipS6ARucSAykN1Ciiu rFx8cCIKJ4mlK8ar2OnhJshmbmQUtHhD5N6lqdyWk7gINJginp7UkSCWG7uTKqithWKA m2oXvloS8Ct9IReIhJKHz7KaMjjx4qkNty5WJCHe059uSQXZAS5s8O3a1qbucqjBoTON qn7NDek6HYy89YkWwRDe6NbfvcJL688ZL+PWVz0bS6DzOTKN2O7WPDVEmOBrLFyeQ+YF LuuQ== X-Forwarded-Encrypted: i=1; AJvYcCVNQL3sszBEo33T6MhgW4LGi++Kh14Xx5uQ7e0OjLIxQpPngoJ0cx+cq5SPEGWYIas5f6U9c0nJixB6fDg=@vger.kernel.org X-Gm-Message-State: AOJu0Yym23MME4a2gLtIoTCdf/5LvVEOepKa1j/kG52uBBu387bTdzcz 1iue9zqUzrOQZGHZWJJUqhHvKUIN0MCIvSC4HhI/k9mMOO7lL5F/8TkSNrDtrHJT2BMNF9/8TSM jrA== X-Google-Smtp-Source: AGHT+IH+umzdQR8EWriNaP0azXypNz5QaBQ31wAEGywI54fdXNfmDlDf3O1KLKu8hdrdKwLm79wsq3wW1g== X-Received: from wmby18.prod.google.com ([2002:a05:600c:c052:b0:45b:883d:4704]) (user=elver job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c4b8:b0:45b:8477:de1a with SMTP id 5b1f17b1804b1-46201f8a98fmr48626095e9.7.1758204418672; Thu, 18 Sep 2025 07:06:58 -0700 (PDT) Date: Thu, 18 Sep 2025 15:59:45 +0200 In-Reply-To: <20250918140451.1289454-1-elver@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250918140451.1289454-1-elver@google.com> X-Mailer: git-send-email 2.51.0.384.g4c02a37b29-goog Message-ID: <20250918140451.1289454-35-elver@google.com> Subject: [PATCH v3 34/35] crypto: Enable capability analysis From: Marco Elver To: elver@google.com, Peter Zijlstra , Boqun Feng , Ingo Molnar , Will Deacon Cc: "David S. Miller" , Luc Van Oostenryck , "Paul E. McKenney" , Alexander Potapenko , Arnd Bergmann , Bart Van Assche , Bill Wendling , Christoph Hellwig , Dmitry Vyukov , Eric Dumazet , Frederic Weisbecker , Greg Kroah-Hartman , Herbert Xu , Ian Rogers , Jann Horn , Joel Fernandes , Jonathan Corbet , Josh Triplett , Justin Stitt , Kees Cook , Kentaro Takeda , Lukas Bulwahn , Mark Rutland , Mathieu Desnoyers , Miguel Ojeda , Nathan Chancellor , Neeraj Upadhyay , Nick Desaulniers , Steven Rostedt , Tetsuo Handa , Thomas Gleixner , Thomas Graf , Uladzislau Rezki , Waiman Long , kasan-dev@googlegroups.com, linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-security-module@vger.kernel.org, linux-sparse@vger.kernel.org, llvm@lists.linux.dev, rcu@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Enable capability analysis for crypto subsystem. This demonstrates a larger conversion to use Clang's capability analysis. The benefit is additional static checking of locking rules, along with better documentation. Note the use of the __acquire_ret macro how to define an API where a function returns a pointer to an object (struct scomp_scratch) with a lock held. Additionally, the analysis only resolves aliases where the analysis unambiguously sees that a variable was not reassigned after initialization, requiring minor code changes. Signed-off-by: Marco Elver Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org --- v3: * Rebase - make use of __acquire_ret macro for new functions. * Initialize variables once where we want the analysis to recognize aliases. v2: * New patch. --- crypto/Makefile | 2 ++ crypto/acompress.c | 6 +++--- crypto/algapi.c | 2 ++ crypto/api.c | 1 + crypto/crypto_engine.c | 2 +- crypto/drbg.c | 5 +++++ crypto/internal.h | 2 +- crypto/proc.c | 3 +++ crypto/scompress.c | 24 ++++++++++++------------ include/crypto/internal/acompress.h | 7 ++++--- include/crypto/internal/engine.h | 2 +- 11 files changed, 35 insertions(+), 21 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index 6c5d59369dac..e73c50a54119 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -3,6 +3,8 @@ # Cryptographic API # =20 +CAPABILITY_ANALYSIS :=3D y + obj-$(CONFIG_CRYPTO) +=3D crypto.o crypto-y :=3D api.o cipher.o =20 diff --git a/crypto/acompress.c b/crypto/acompress.c index be28cbfd22e3..25df368df098 100644 --- a/crypto/acompress.c +++ b/crypto/acompress.c @@ -449,8 +449,8 @@ int crypto_acomp_alloc_streams(struct crypto_acomp_stre= ams *s) } EXPORT_SYMBOL_GPL(crypto_acomp_alloc_streams); =20 -struct crypto_acomp_stream *crypto_acomp_lock_stream_bh( - struct crypto_acomp_streams *s) __acquires(stream) +struct crypto_acomp_stream *_crypto_acomp_lock_stream_bh( + struct crypto_acomp_streams *s) { struct crypto_acomp_stream __percpu *streams =3D s->streams; int cpu =3D raw_smp_processor_id(); @@ -469,7 +469,7 @@ struct crypto_acomp_stream *crypto_acomp_lock_stream_bh( spin_lock(&ps->lock); return ps; } -EXPORT_SYMBOL_GPL(crypto_acomp_lock_stream_bh); +EXPORT_SYMBOL_GPL(_crypto_acomp_lock_stream_bh); =20 void acomp_walk_done_src(struct acomp_walk *walk, int used) { diff --git a/crypto/algapi.c b/crypto/algapi.c index e604d0d8b7b4..abc9333327d4 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -244,6 +244,7 @@ EXPORT_SYMBOL_GPL(crypto_remove_spawns); =20 static void crypto_alg_finish_registration(struct crypto_alg *alg, struct list_head *algs_to_put) + __must_hold(&crypto_alg_sem) { struct crypto_alg *q; =20 @@ -299,6 +300,7 @@ static struct crypto_larval *crypto_alloc_test_larval(s= truct crypto_alg *alg) =20 static struct crypto_larval * __crypto_register_alg(struct crypto_alg *alg, struct list_head *algs_to_pu= t) + __must_hold(&crypto_alg_sem) { struct crypto_alg *q; struct crypto_larval *larval; diff --git a/crypto/api.c b/crypto/api.c index 5724d62e9d07..05629644a688 100644 --- a/crypto/api.c +++ b/crypto/api.c @@ -57,6 +57,7 @@ EXPORT_SYMBOL_GPL(crypto_mod_put); =20 static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask) + __must_hold_shared(&crypto_alg_sem) { struct crypto_alg *q, *alg =3D NULL; int best =3D -2; diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c index 18e1689efe12..1653a4bf5b31 100644 --- a/crypto/crypto_engine.c +++ b/crypto/crypto_engine.c @@ -453,8 +453,8 @@ struct crypto_engine *crypto_engine_alloc_init_and_set(= struct device *dev, snprintf(engine->name, sizeof(engine->name), "%s-engine", dev_name(dev)); =20 - crypto_init_queue(&engine->queue, qlen); spin_lock_init(&engine->queue_lock); + crypto_init_queue(&engine->queue, qlen); =20 engine->kworker =3D kthread_run_worker(0, "%s", engine->name); if (IS_ERR(engine->kworker)) { diff --git a/crypto/drbg.c b/crypto/drbg.c index dbe4c8bb5ceb..9684d952fdfd 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -231,6 +231,7 @@ static inline unsigned short drbg_sec_strength(drbg_fla= g_t flags) */ static int drbg_fips_continuous_test(struct drbg_state *drbg, const unsigned char *entropy) + __must_hold(&drbg->drbg_mutex) { unsigned short entropylen =3D drbg_sec_strength(drbg->core->flags); int ret =3D 0; @@ -1061,6 +1062,7 @@ static inline int __drbg_seed(struct drbg_state *drbg= , struct list_head *seed, static inline int drbg_get_random_bytes(struct drbg_state *drbg, unsigned char *entropy, unsigned int entropylen) + __must_hold(&drbg->drbg_mutex) { int ret; =20 @@ -1075,6 +1077,7 @@ static inline int drbg_get_random_bytes(struct drbg_s= tate *drbg, } =20 static int drbg_seed_from_random(struct drbg_state *drbg) + __must_hold(&drbg->drbg_mutex) { struct drbg_string data; LIST_HEAD(seedlist); @@ -1132,6 +1135,7 @@ static bool drbg_nopr_reseed_interval_elapsed(struct = drbg_state *drbg) */ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers, bool reseed) + __must_hold(&drbg->drbg_mutex) { int ret; unsigned char entropy[((32 + 16) * 2)]; @@ -1368,6 +1372,7 @@ static inline int drbg_alloc_state(struct drbg_state = *drbg) static int drbg_generate(struct drbg_state *drbg, unsigned char *buf, unsigned int buflen, struct drbg_string *addtl) + __must_hold(&drbg->drbg_mutex) { int len =3D 0; LIST_HEAD(addtllist); diff --git a/crypto/internal.h b/crypto/internal.h index b9afd68767c1..8fbe0226d48e 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -61,8 +61,8 @@ enum { /* Maximum number of (rtattr) parameters for each template. */ #define CRYPTO_MAX_ATTRS 32 =20 -extern struct list_head crypto_alg_list; extern struct rw_semaphore crypto_alg_sem; +extern struct list_head crypto_alg_list __guarded_by(&crypto_alg_sem); extern struct blocking_notifier_head crypto_chain; =20 int alg_test(const char *driver, const char *alg, u32 type, u32 mask); diff --git a/crypto/proc.c b/crypto/proc.c index 82f15b967e85..5fb9fe86d023 100644 --- a/crypto/proc.c +++ b/crypto/proc.c @@ -19,17 +19,20 @@ #include "internal.h" =20 static void *c_start(struct seq_file *m, loff_t *pos) + __acquires_shared(&crypto_alg_sem) { down_read(&crypto_alg_sem); return seq_list_start(&crypto_alg_list, *pos); } =20 static void *c_next(struct seq_file *m, void *p, loff_t *pos) + __must_hold_shared(&crypto_alg_sem) { return seq_list_next(p, &crypto_alg_list, pos); } =20 static void c_stop(struct seq_file *m, void *p) + __releases_shared(&crypto_alg_sem) { up_read(&crypto_alg_sem); } diff --git a/crypto/scompress.c b/crypto/scompress.c index c651e7f2197a..fb87f3716426 100644 --- a/crypto/scompress.c +++ b/crypto/scompress.c @@ -28,8 +28,8 @@ struct scomp_scratch { spinlock_t lock; union { - void *src; - unsigned long saddr; + void *src __guarded_by(&lock); + unsigned long saddr __guarded_by(&lock); }; }; =20 @@ -38,8 +38,8 @@ static DEFINE_PER_CPU(struct scomp_scratch, scomp_scratch= ) =3D { }; =20 static const struct crypto_type crypto_scomp_type; -static int scomp_scratch_users; static DEFINE_MUTEX(scomp_lock); +static int scomp_scratch_users __guarded_by(&scomp_lock); =20 static cpumask_t scomp_scratch_want; static void scomp_scratch_workfn(struct work_struct *work); @@ -67,6 +67,7 @@ static void crypto_scomp_show(struct seq_file *m, struct = crypto_alg *alg) } =20 static void crypto_scomp_free_scratches(void) + __capability_unsafe(/* frees @scratch */) { struct scomp_scratch *scratch; int i; @@ -101,7 +102,7 @@ static void scomp_scratch_workfn(struct work_struct *wo= rk) struct scomp_scratch *scratch; =20 scratch =3D per_cpu_ptr(&scomp_scratch, cpu); - if (scratch->src) + if (capability_unsafe(scratch->src)) continue; if (scomp_alloc_scratch(scratch, cpu)) break; @@ -111,6 +112,7 @@ static void scomp_scratch_workfn(struct work_struct *wo= rk) } =20 static int crypto_scomp_alloc_scratches(void) + __capability_unsafe(/* allocates @scratch */) { unsigned int i =3D cpumask_first(cpu_possible_mask); struct scomp_scratch *scratch; @@ -139,7 +141,8 @@ static int crypto_scomp_init_tfm(struct crypto_tfm *tfm) return ret; } =20 -static struct scomp_scratch *scomp_lock_scratch(void) __acquires(scratch) +#define scomp_lock_scratch(...) __acquire_ret(_scomp_lock_scratch(__VA_ARG= S__), &__ret->lock) +static struct scomp_scratch *_scomp_lock_scratch(void) __acquires_ret { int cpu =3D raw_smp_processor_id(); struct scomp_scratch *scratch; @@ -159,7 +162,7 @@ static struct scomp_scratch *scomp_lock_scratch(void) _= _acquires(scratch) } =20 static inline void scomp_unlock_scratch(struct scomp_scratch *scratch) - __releases(scratch) + __releases(&scratch->lock) { spin_unlock(&scratch->lock); } @@ -171,8 +174,6 @@ static int scomp_acomp_comp_decomp(struct acomp_req *re= q, int dir) bool src_isvirt =3D acomp_request_src_isvirt(req); bool dst_isvirt =3D acomp_request_dst_isvirt(req); struct crypto_scomp *scomp =3D *tfm_ctx; - struct crypto_acomp_stream *stream; - struct scomp_scratch *scratch; unsigned int slen =3D req->slen; unsigned int dlen =3D req->dlen; struct page *spage, *dpage; @@ -232,13 +233,12 @@ static int scomp_acomp_comp_decomp(struct acomp_req *= req, int dir) } while (0); } =20 - stream =3D crypto_acomp_lock_stream_bh(&crypto_scomp_alg(scomp)->streams); + struct crypto_acomp_stream *stream =3D crypto_acomp_lock_stream_bh(&crypt= o_scomp_alg(scomp)->streams); =20 if (!src_isvirt && !src) { - const u8 *src; + struct scomp_scratch *scratch =3D scomp_lock_scratch(); + const u8 *src =3D scratch->src; =20 - scratch =3D scomp_lock_scratch(); - src =3D scratch->src; memcpy_from_sglist(scratch->src, req->src, 0, slen); =20 if (dir) diff --git a/include/crypto/internal/acompress.h b/include/crypto/internal/= acompress.h index 2d97440028ff..9a3f28baa804 100644 --- a/include/crypto/internal/acompress.h +++ b/include/crypto/internal/acompress.h @@ -191,11 +191,12 @@ static inline bool crypto_acomp_req_virt(struct crypt= o_acomp *tfm) void crypto_acomp_free_streams(struct crypto_acomp_streams *s); int crypto_acomp_alloc_streams(struct crypto_acomp_streams *s); =20 -struct crypto_acomp_stream *crypto_acomp_lock_stream_bh( - struct crypto_acomp_streams *s) __acquires(stream); +#define crypto_acomp_lock_stream_bh(...) __acquire_ret(_crypto_acomp_lock_= stream_bh(__VA_ARGS__), &__ret->lock); +struct crypto_acomp_stream *_crypto_acomp_lock_stream_bh( + struct crypto_acomp_streams *s) __acquires_ret; =20 static inline void crypto_acomp_unlock_stream_bh( - struct crypto_acomp_stream *stream) __releases(stream) + struct crypto_acomp_stream *stream) __releases(&stream->lock) { spin_unlock_bh(&stream->lock); } diff --git a/include/crypto/internal/engine.h b/include/crypto/internal/eng= ine.h index f19ef376833f..6a1d27880615 100644 --- a/include/crypto/internal/engine.h +++ b/include/crypto/internal/engine.h @@ -45,7 +45,7 @@ struct crypto_engine { =20 struct list_head list; spinlock_t queue_lock; - struct crypto_queue queue; + struct crypto_queue queue __guarded_by(&queue_lock); struct device *dev; =20 struct kthread_worker *kworker; --=20 2.51.0.384.g4c02a37b29-goog