From nobody Sun Feb 8 20:33:09 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF36A352FB6 for ; Fri, 19 Dec 2025 15:47:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766159271; cv=none; b=Vl+RLIS7ZRRhtgxLeVI1fy64xOpPt0X4ytILDnVbmc0xZq+rAfJXSUzJCTadcn7Wg+VMbJNnZDkrYUV6E+M+o4UszBbZ/DrCdFn0fSAvKs9AvKqcUe/FCJ4apWQRSYvwyOKYSvXZkCy3JiqvshdTeMXI/wQs+j4Pl+5tePJL1qI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766159271; c=relaxed/simple; bh=RcYy4DcBjQcvDuV2dx3u0OsYl9tA/CvADAWDIg/f4Fw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nPbL1215jP+Pe1v6mz8Pq+qyYCEBCA8H+zpWGUVVh0E9llTIJgV528FQMFRuzjoKI9nWFAgRmfNj0knJ1jRvC4fiJErC9ZxXWGX7/cYRSShlawoArO0bFM7HWHThLxcn9m9zmlGcAFCpwWDuMBjfr6o6mdJADtXgw82se54SQVA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--elver.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=hrYr/nCb; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--elver.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="hrYr/nCb" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-477bf8c1413so11139235e9.1 for ; Fri, 19 Dec 2025 07:47:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1766159265; x=1766764065; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ZHn8aDcdtAKeJcCs/59KrgcXnzNTM7tjpMFEs44zRkY=; b=hrYr/nCb2sEjjcWBzFjzpP+s7mieW1pcan8mXP6SKI169ic7avyK0vDBTv0Z4de4A6 ONsQSuxMngVpRXqs7ajoh34w3EailK8u0EK6zAMK3AkLekL/rywllNHkJsLPDxztsodB rZR+83ISPePQQLjoJ4Em7THuokN+h/9TJVqDqovON+1vC/jPj4feduBiGoEp7piaATex ngNp+o0godkcnZ0SK6XRelOQKE7WgezWnzqTn3F95CiYCIzbRq/G2yUddnIxckj2U6ey +Nt3JvjEoYfEz5lGBLCTBrtmufaH7zZW747FTtoXBIJmYYH5ZNSNBFDwbl/imDbtrJRE sfRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766159265; x=1766764065; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZHn8aDcdtAKeJcCs/59KrgcXnzNTM7tjpMFEs44zRkY=; b=XqCIuGT7E4lFmp7b4jUTvG4lX0z/G5awNxwdkd68hGIPOVW9EouWCFlSJFLz0+aQYh i7cAxndPUTooefvjLNuFzEDsTHv+xfKs85u0sSd7J7RXvPVuC6mZ8/l+QtrQf1Ya2CAO QxkOeQ8OAeD76eif+umssrVIyTITTc3KvIdZN9HTZNKBcT2pAwhcczSOD/PJGKYshQ5Z YqhwThNlz2mW8P1Qdaao2/17BAHmyGEhkhJ65UwokWivnQ3tHQkHgBQofWXiYVNoktXq 4i12v+xTOrPNUMkJjptoFZ0/fFq2FN3AavTW5jhgES3zi/8mTJrzL2Y4bTZW4wfbFpP5 Zp2Q== X-Forwarded-Encrypted: i=1; AJvYcCUAWag2baZ6qmr2ttxqgdjjVS3VYECevX+UYAro6YD4AtI2JW5Sng6r7A7MCNfvL96TSvrGYPWuLT+qDB0=@vger.kernel.org X-Gm-Message-State: AOJu0YwNLaHoo6oMw2R6ebZno8JxTDNAx/32UjEk0MyfeMHjF6s3ymZg lhyIF27jvi8RKeX3T06Mkpi1HoTinMNwkbuq7h66vUavhP716cT/w/aEpxEZ6NpFORbjpdTVs0v 6pA== X-Google-Smtp-Source: AGHT+IGHpp21+mCBycweEqT8Ht6B+jtSAoz0ySY2DWy+4u2Qiurrqu+3+OezAzO/55ihn/7y3obtbqs2RA== X-Received: from wmgp3.prod.google.com ([2002:a05:600c:2043:b0:477:98de:d8aa]) (user=elver job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b8d:b0:477:7725:c16a with SMTP id 5b1f17b1804b1-47d1953da58mr36604365e9.10.1766159265020; Fri, 19 Dec 2025 07:47:45 -0800 (PST) Date: Fri, 19 Dec 2025 16:40:24 +0100 In-Reply-To: <20251219154418.3592607-1-elver@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251219154418.3592607-1-elver@google.com> X-Mailer: git-send-email 2.52.0.322.g1dd061c0dc-goog Message-ID: <20251219154418.3592607-36-elver@google.com> Subject: [PATCH v5 35/36] crypto: Enable context analysis From: Marco Elver To: elver@google.com, Peter Zijlstra , Boqun Feng , Ingo Molnar , Will Deacon Cc: "David S. Miller" , Luc Van Oostenryck , Chris Li , "Paul E. McKenney" , Alexander Potapenko , Arnd Bergmann , Bart Van Assche , Christoph Hellwig , Dmitry Vyukov , Eric Dumazet , Frederic Weisbecker , Greg Kroah-Hartman , Herbert Xu , Ian Rogers , Jann Horn , Joel Fernandes , Johannes Berg , Jonathan Corbet , Josh Triplett , Justin Stitt , Kees Cook , Kentaro Takeda , Lukas Bulwahn , Mark Rutland , Mathieu Desnoyers , Miguel Ojeda , Nathan Chancellor , Neeraj Upadhyay , Nick Desaulniers , Steven Rostedt , Tetsuo Handa , Thomas Gleixner , Thomas Graf , Uladzislau Rezki , Waiman Long , kasan-dev@googlegroups.com, linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-security-module@vger.kernel.org, linux-sparse@vger.kernel.org, linux-wireless@vger.kernel.org, llvm@lists.linux.dev, rcu@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Enable context analysis for crypto subsystem. This demonstrates a larger conversion to use Clang's context analysis. The benefit is additional static checking of locking rules, along with better documentation. Note the use of the __acquire_ret macro how to define an API where a function returns a pointer to an object (struct scomp_scratch) with a lock held. Additionally, the analysis only resolves aliases where the analysis unambiguously sees that a variable was not reassigned after initialization, requiring minor code changes. Signed-off-by: Marco Elver Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org --- v4: * Rename capability -> context analysis. v3: * Rebase - make use of __acquire_ret macro for new functions. * Initialize variables once where we want the analysis to recognize aliases. v2: * New patch. --- crypto/Makefile | 2 ++ crypto/acompress.c | 6 +++--- crypto/algapi.c | 2 ++ crypto/api.c | 1 + crypto/crypto_engine.c | 2 +- crypto/drbg.c | 5 +++++ crypto/internal.h | 2 +- crypto/proc.c | 3 +++ crypto/scompress.c | 24 ++++++++++++------------ include/crypto/internal/acompress.h | 7 ++++--- include/crypto/internal/engine.h | 2 +- 11 files changed, 35 insertions(+), 21 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index 16a35649dd91..db264feab7e7 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -3,6 +3,8 @@ # Cryptographic API # =20 +CONTEXT_ANALYSIS :=3D y + obj-$(CONFIG_CRYPTO) +=3D crypto.o crypto-y :=3D api.o cipher.o =20 diff --git a/crypto/acompress.c b/crypto/acompress.c index be28cbfd22e3..25df368df098 100644 --- a/crypto/acompress.c +++ b/crypto/acompress.c @@ -449,8 +449,8 @@ int crypto_acomp_alloc_streams(struct crypto_acomp_stre= ams *s) } EXPORT_SYMBOL_GPL(crypto_acomp_alloc_streams); =20 -struct crypto_acomp_stream *crypto_acomp_lock_stream_bh( - struct crypto_acomp_streams *s) __acquires(stream) +struct crypto_acomp_stream *_crypto_acomp_lock_stream_bh( + struct crypto_acomp_streams *s) { struct crypto_acomp_stream __percpu *streams =3D s->streams; int cpu =3D raw_smp_processor_id(); @@ -469,7 +469,7 @@ struct crypto_acomp_stream *crypto_acomp_lock_stream_bh( spin_lock(&ps->lock); return ps; } -EXPORT_SYMBOL_GPL(crypto_acomp_lock_stream_bh); +EXPORT_SYMBOL_GPL(_crypto_acomp_lock_stream_bh); =20 void acomp_walk_done_src(struct acomp_walk *walk, int used) { diff --git a/crypto/algapi.c b/crypto/algapi.c index e604d0d8b7b4..abc9333327d4 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -244,6 +244,7 @@ EXPORT_SYMBOL_GPL(crypto_remove_spawns); =20 static void crypto_alg_finish_registration(struct crypto_alg *alg, struct list_head *algs_to_put) + __must_hold(&crypto_alg_sem) { struct crypto_alg *q; =20 @@ -299,6 +300,7 @@ static struct crypto_larval *crypto_alloc_test_larval(s= truct crypto_alg *alg) =20 static struct crypto_larval * __crypto_register_alg(struct crypto_alg *alg, struct list_head *algs_to_pu= t) + __must_hold(&crypto_alg_sem) { struct crypto_alg *q; struct crypto_larval *larval; diff --git a/crypto/api.c b/crypto/api.c index 5724d62e9d07..05629644a688 100644 --- a/crypto/api.c +++ b/crypto/api.c @@ -57,6 +57,7 @@ EXPORT_SYMBOL_GPL(crypto_mod_put); =20 static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask) + __must_hold_shared(&crypto_alg_sem) { struct crypto_alg *q, *alg =3D NULL; int best =3D -2; diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c index 18e1689efe12..1653a4bf5b31 100644 --- a/crypto/crypto_engine.c +++ b/crypto/crypto_engine.c @@ -453,8 +453,8 @@ struct crypto_engine *crypto_engine_alloc_init_and_set(= struct device *dev, snprintf(engine->name, sizeof(engine->name), "%s-engine", dev_name(dev)); =20 - crypto_init_queue(&engine->queue, qlen); spin_lock_init(&engine->queue_lock); + crypto_init_queue(&engine->queue, qlen); =20 engine->kworker =3D kthread_run_worker(0, "%s", engine->name); if (IS_ERR(engine->kworker)) { diff --git a/crypto/drbg.c b/crypto/drbg.c index 1d433dae9955..0a6f6c05a78f 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -232,6 +232,7 @@ static inline unsigned short drbg_sec_strength(drbg_fla= g_t flags) */ static int drbg_fips_continuous_test(struct drbg_state *drbg, const unsigned char *entropy) + __must_hold(&drbg->drbg_mutex) { unsigned short entropylen =3D drbg_sec_strength(drbg->core->flags); int ret =3D 0; @@ -848,6 +849,7 @@ static inline int __drbg_seed(struct drbg_state *drbg, = struct list_head *seed, static inline int drbg_get_random_bytes(struct drbg_state *drbg, unsigned char *entropy, unsigned int entropylen) + __must_hold(&drbg->drbg_mutex) { int ret; =20 @@ -862,6 +864,7 @@ static inline int drbg_get_random_bytes(struct drbg_sta= te *drbg, } =20 static int drbg_seed_from_random(struct drbg_state *drbg) + __must_hold(&drbg->drbg_mutex) { struct drbg_string data; LIST_HEAD(seedlist); @@ -919,6 +922,7 @@ static bool drbg_nopr_reseed_interval_elapsed(struct dr= bg_state *drbg) */ static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers, bool reseed) + __must_hold(&drbg->drbg_mutex) { int ret; unsigned char entropy[((32 + 16) * 2)]; @@ -1153,6 +1157,7 @@ static inline int drbg_alloc_state(struct drbg_state = *drbg) static int drbg_generate(struct drbg_state *drbg, unsigned char *buf, unsigned int buflen, struct drbg_string *addtl) + __must_hold(&drbg->drbg_mutex) { int len =3D 0; LIST_HEAD(addtllist); diff --git a/crypto/internal.h b/crypto/internal.h index b9afd68767c1..8fbe0226d48e 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -61,8 +61,8 @@ enum { /* Maximum number of (rtattr) parameters for each template. */ #define CRYPTO_MAX_ATTRS 32 =20 -extern struct list_head crypto_alg_list; extern struct rw_semaphore crypto_alg_sem; +extern struct list_head crypto_alg_list __guarded_by(&crypto_alg_sem); extern struct blocking_notifier_head crypto_chain; =20 int alg_test(const char *driver, const char *alg, u32 type, u32 mask); diff --git a/crypto/proc.c b/crypto/proc.c index 82f15b967e85..5fb9fe86d023 100644 --- a/crypto/proc.c +++ b/crypto/proc.c @@ -19,17 +19,20 @@ #include "internal.h" =20 static void *c_start(struct seq_file *m, loff_t *pos) + __acquires_shared(&crypto_alg_sem) { down_read(&crypto_alg_sem); return seq_list_start(&crypto_alg_list, *pos); } =20 static void *c_next(struct seq_file *m, void *p, loff_t *pos) + __must_hold_shared(&crypto_alg_sem) { return seq_list_next(p, &crypto_alg_list, pos); } =20 static void c_stop(struct seq_file *m, void *p) + __releases_shared(&crypto_alg_sem) { up_read(&crypto_alg_sem); } diff --git a/crypto/scompress.c b/crypto/scompress.c index 1a7ed8ae65b0..7aee1d50e148 100644 --- a/crypto/scompress.c +++ b/crypto/scompress.c @@ -28,8 +28,8 @@ struct scomp_scratch { spinlock_t lock; union { - void *src; - unsigned long saddr; + void *src __guarded_by(&lock); + unsigned long saddr __guarded_by(&lock); }; }; =20 @@ -38,8 +38,8 @@ static DEFINE_PER_CPU(struct scomp_scratch, scomp_scratch= ) =3D { }; =20 static const struct crypto_type crypto_scomp_type; -static int scomp_scratch_users; static DEFINE_MUTEX(scomp_lock); +static int scomp_scratch_users __guarded_by(&scomp_lock); =20 static cpumask_t scomp_scratch_want; static void scomp_scratch_workfn(struct work_struct *work); @@ -67,6 +67,7 @@ static void crypto_scomp_show(struct seq_file *m, struct = crypto_alg *alg) } =20 static void crypto_scomp_free_scratches(void) + __context_unsafe(/* frees @scratch */) { struct scomp_scratch *scratch; int i; @@ -101,7 +102,7 @@ static void scomp_scratch_workfn(struct work_struct *wo= rk) struct scomp_scratch *scratch; =20 scratch =3D per_cpu_ptr(&scomp_scratch, cpu); - if (scratch->src) + if (context_unsafe(scratch->src)) continue; if (scomp_alloc_scratch(scratch, cpu)) break; @@ -111,6 +112,7 @@ static void scomp_scratch_workfn(struct work_struct *wo= rk) } =20 static int crypto_scomp_alloc_scratches(void) + __context_unsafe(/* allocates @scratch */) { unsigned int i =3D cpumask_first(cpu_possible_mask); struct scomp_scratch *scratch; @@ -139,7 +141,8 @@ static int crypto_scomp_init_tfm(struct crypto_tfm *tfm) return ret; } =20 -static struct scomp_scratch *scomp_lock_scratch(void) __acquires(scratch) +#define scomp_lock_scratch(...) __acquire_ret(_scomp_lock_scratch(__VA_ARG= S__), &__ret->lock) +static struct scomp_scratch *_scomp_lock_scratch(void) __acquires_ret { int cpu =3D raw_smp_processor_id(); struct scomp_scratch *scratch; @@ -159,7 +162,7 @@ static struct scomp_scratch *scomp_lock_scratch(void) _= _acquires(scratch) } =20 static inline void scomp_unlock_scratch(struct scomp_scratch *scratch) - __releases(scratch) + __releases(&scratch->lock) { spin_unlock(&scratch->lock); } @@ -171,8 +174,6 @@ static int scomp_acomp_comp_decomp(struct acomp_req *re= q, int dir) bool src_isvirt =3D acomp_request_src_isvirt(req); bool dst_isvirt =3D acomp_request_dst_isvirt(req); struct crypto_scomp *scomp =3D *tfm_ctx; - struct crypto_acomp_stream *stream; - struct scomp_scratch *scratch; unsigned int slen =3D req->slen; unsigned int dlen =3D req->dlen; struct page *spage, *dpage; @@ -232,13 +233,12 @@ static int scomp_acomp_comp_decomp(struct acomp_req *= req, int dir) } while (0); } =20 - stream =3D crypto_acomp_lock_stream_bh(&crypto_scomp_alg(scomp)->streams); + struct crypto_acomp_stream *stream =3D crypto_acomp_lock_stream_bh(&crypt= o_scomp_alg(scomp)->streams); =20 if (!src_isvirt && !src) { - const u8 *src; + struct scomp_scratch *scratch =3D scomp_lock_scratch(); + const u8 *src =3D scratch->src; =20 - scratch =3D scomp_lock_scratch(); - src =3D scratch->src; memcpy_from_sglist(scratch->src, req->src, 0, slen); =20 if (dir) diff --git a/include/crypto/internal/acompress.h b/include/crypto/internal/= acompress.h index 2d97440028ff..9a3f28baa804 100644 --- a/include/crypto/internal/acompress.h +++ b/include/crypto/internal/acompress.h @@ -191,11 +191,12 @@ static inline bool crypto_acomp_req_virt(struct crypt= o_acomp *tfm) void crypto_acomp_free_streams(struct crypto_acomp_streams *s); int crypto_acomp_alloc_streams(struct crypto_acomp_streams *s); =20 -struct crypto_acomp_stream *crypto_acomp_lock_stream_bh( - struct crypto_acomp_streams *s) __acquires(stream); +#define crypto_acomp_lock_stream_bh(...) __acquire_ret(_crypto_acomp_lock_= stream_bh(__VA_ARGS__), &__ret->lock); +struct crypto_acomp_stream *_crypto_acomp_lock_stream_bh( + struct crypto_acomp_streams *s) __acquires_ret; =20 static inline void crypto_acomp_unlock_stream_bh( - struct crypto_acomp_stream *stream) __releases(stream) + struct crypto_acomp_stream *stream) __releases(&stream->lock) { spin_unlock_bh(&stream->lock); } diff --git a/include/crypto/internal/engine.h b/include/crypto/internal/eng= ine.h index f19ef376833f..6a1d27880615 100644 --- a/include/crypto/internal/engine.h +++ b/include/crypto/internal/engine.h @@ -45,7 +45,7 @@ struct crypto_engine { =20 struct list_head list; spinlock_t queue_lock; - struct crypto_queue queue; + struct crypto_queue queue __guarded_by(&queue_lock); struct device *dev; =20 struct kthread_worker *kworker; --=20 2.52.0.322.g1dd061c0dc-goog