From nobody Mon Jun  8 15:33:13 2026
Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com
 [209.85.221.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 31BFF46AF12
	for <linux-kernel@vger.kernel.org>; Fri, 15 May 2026 12:44:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1778849096; cv=none;
 b=plMzs2AIPXSYylxRLirBZ8YaJApCzvwyr7/golgSJMpdwadIcRn/946X9IAbn/K3UbiOFzU9reHxB5vwEfny2FlxkWXqJu/48noJZYPJZBwtruYvjuTsMGlD7TQNIsSe4qtb9EeTvFOm5J9nnXMMDOrLVSH9ROlt+dlYd6g6XLY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1778849096; c=relaxed/simple;
	bh=nyiOHNTpIqa5GShCRJT0qcUoKCXMtNXJhT/V9wsFm5c=;
	h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type;
 b=rbksONT7DwWsEiXwWLAmb209UPq1Q+1FMX7H5irqphZpPY2CvnAPU8/28X4/cY+0Z5X8QXyLJYa3qyrcMBNCgrYuTtN0nFkvHrdy71Z6vvL0hUNxfAMMAKpLxxz8hOmr0KF67/qUZ9aemO8coBZ4Or2VCzFg3rHbIOcx//3UHZg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--elver.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=qCqDaDYO; arc=none smtp.client-ip=209.85.221.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--elver.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="qCqDaDYO"
Received: by mail-wr1-f74.google.com with SMTP id
 ffacd0b85a97d-43ff19e54beso6315213f8f.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 15 May 2026 05:44:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1778849094; x=1779453894;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=Pbh4Qg73uwlfOIJjw2qYvzpJU0TMMQOLYio/xNC7lmc=;
        b=qCqDaDYOQhfu3zC+nCsHWVhIQVNXPDHgKlJpdot54AH4hIXYtmpSGBIZkDyATfVxu7
         Axc+6pkJ4eAmjRhuC3Z6l2tzOxjgTuEpI7MDDSFHIyHkgrC1+Hc+90xZN1Jj9c8MRFC0
         +oehjWObSmYHvBGZA05XfKW8gwGdB0jvgXOfuYVMf7pFoonHTHD0hqei96NdHzy443P6
         AmJjZPqn37/0DLcCmmgH9XetFTuZhGRN1d8s+qEthCDPhfnJSkM5xySwv0+VNxCI//mr
         aEaoCL055wYe4UvWk7NRXjcu4EFpReCph6LVbb4ZvkGyFcLEd6gqysfvMcljOFvW1wwq
         zeUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1778849094; x=1779453894;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=Pbh4Qg73uwlfOIJjw2qYvzpJU0TMMQOLYio/xNC7lmc=;
        b=HFyzM5DK0eO/DuwUAglCspETWtVtDbdhzWg6J+LHCsmhSAxreAGaCotCkstpr6bqLe
         SOAPNXiYg+DaWK+Nj46Sog298vWL9f71CA6m1kJ32g9FVWT8n5ORRS0poPbG7gO2zDyo
         ikMJtgN722al4jzWmJErxp/u2F/55Do68X+yo6zMoTH+/5uIWOSk1Rm5CYZTLNmLS1HJ
         EjLI4+cVOM90xAl2Ef1zpYsibhw78wUwzsRC0aMMZfUFn8wtTd7bp9Xno635K5C6NVap
         erJHwDnOmtEDd5kP3B9FxBhZ0nH67Es/zCgBFFH549s6Sw1+Gk3Lm06Al6kV/Glt2GkG
         ayZQ==
X-Forwarded-Encrypted: i=1;
 AFNElJ8XExZGd/0G2xrRVe32kfWNF9QDLX7ocETS1PyBiwaD1AEMsO1b//nKfb0pUCxHI7Ptr9bQf35p8xTpEso=@vger.kernel.org
X-Gm-Message-State: AOJu0YzfFfosM3TVgp5s9c169Vhgh72kqZXi6azLP7c6OHBuCcvkI07Q
	4muHrKfAaZW3dbcEJYXnnl4gd/0Ahqpsbaej/ZeH2fHOAJt9qijglxn3x7gpKOpSUHKv/r+J6Za
	NmA==
X-Received: from wmg20.prod.google.com ([2002:a05:600c:22d4:b0:48a:73ac:6247])
 (user=elver job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:34cd:b0:488:936a:6220
 with SMTP id 5b1f17b1804b1-48fe61f2c03mr56743685e9.21.1778849093510; Fri, 15
 May 2026 05:44:53 -0700 (PDT)
Date: Fri, 15 May 2026 14:43:31 +0200
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260515124426.2227783-1-elver@google.com>
Subject: [PATCH tip/locking/core v3] compiler-context-analysis: Bump required
 Clang version to 23
From: Marco Elver <elver@google.com>
To: elver@google.com, Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>, Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <nick.desaulniers+lkml@gmail.com>,
 Bill Wendling <morbo@google.com>,
	Justin Stitt <justinstitt@google.com>, llvm@lists.linux.dev,
	Bart Van Assche <bvanassche@acm.org>, linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Clang 23 introduces several major improvements:

1. Support for multiple arguments in the `guarded_by` and
   `pt_guarded_by` attributes [1]. This allows defining variables
   protected by multiple context locks, where read access requires
   holding at least one lock (shared or exclusive), and write access
   requires holding all of them exclusively.

2. Function pointer support [2]. We can now add attributes to function
   pointers just like we do on normal functions.

3. A fix to use arrays of locks [3]. Each index is now correctly treated
   as a separate lock instance.

4. A fix for implicit member access in attributes [4]. This allows to
   use __guarded_by(&foo->lock) correctly.

Overall that makes it worthwhile bumping the compiler version instead of
trying to make both Clang 22 and later work while supporting these new
features.

Link: https://github.com/llvm/llvm-project/pull/186838 [1]
Link: https://github.com/llvm/llvm-project/pull/191187 [2]
Link: https://github.com/llvm/llvm-project/pull/148551 [3]
Link: https://github.com/llvm/llvm-project/pull/194457 [4]
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Marco Elver <elver@google.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
---
v3:
* Rebase and update laundry-list of new features and fixes.

v2:
* Bump version instead of __guarded_by_any workaround.
---
 Documentation/dev-tools/context-analysis.rst |  2 +-
 include/linux/compiler-context-analysis.h    | 30 ++++++++++++++------
 lib/Kconfig.debug                            |  4 +--
 lib/test_context-analysis.c                  | 24 ++++++++++++++++
 4 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/Documentation/dev-tools/context-analysis.rst b/Documentation/d=
ev-tools/context-analysis.rst
index 54d9ee28de98..8e71e1e75b5b 100644
--- a/Documentation/dev-tools/context-analysis.rst
+++ b/Documentation/dev-tools/context-analysis.rst
@@ -17,7 +17,7 @@ features. To enable for Clang, configure the kernel with::
=20
     CONFIG_WARN_CONTEXT_ANALYSIS=3Dy
=20
-The feature requires Clang 22 or later.
+The feature requires Clang 23 or later.
=20
 The analysis is *opt-in by default*, and requires declaring which modules =
and
 subsystems should be analyzed in the respective `Makefile`::
diff --git a/include/linux/compiler-context-analysis.h b/include/linux/comp=
iler-context-analysis.h
index a9317571e6af..8302ebc2ea8c 100644
--- a/include/linux/compiler-context-analysis.h
+++ b/include/linux/compiler-context-analysis.h
@@ -39,12 +39,14 @@
 # define __assumes_shared_ctx_lock(...)	__attribute__((assert_shared_capab=
ility(__VA_ARGS__)))
=20
 /**
- * __guarded_by - struct member and globals attribute, declares variable
- *                only accessible within active context
+ * __guarded_by() - struct member and globals attribute, declares variable
+ *                  only accessible within active context
+ * @...: context lock instance pointer(s)
  *
  * Declares that the struct member or global variable is only accessible w=
ithin
- * the context entered by the given context lock. Read operations on the d=
ata
- * require shared access, while write operations require exclusive access.
+ * the context entered by the given context lock(s). Read operations on th=
e data
+ * require shared access to at least one of the context locks, while write
+ * operations require exclusive access to all listed context locks.
  *
  * .. code-block:: c
  *
@@ -52,17 +54,24 @@
  *		spinlock_t lock;
  *		long counter __guarded_by(&lock);
  *	};
+ *
+ *	struct some_state {
+ *		spinlock_t lock1, lock2;
+ *		long counter __guarded_by(&lock1, &lock2);
+ *	};
  */
 # define __guarded_by(...)		__attribute__((guarded_by(__VA_ARGS__)))
=20
 /**
- * __pt_guarded_by - struct member and globals attribute, declares pointed=
-to
- *                   data only accessible within active context
+ * __pt_guarded_by() - struct member and globals attribute, declares point=
ed-to
+ *                     data only accessible within active context
+ * @...: context lock instance pointer(s)
  *
  * Declares that the data pointed to by the struct member pointer or global
  * pointer is only accessible within the context entered by the given cont=
ext
- * lock. Read operations on the data require shared access, while write
- * operations require exclusive access.
+ * lock(s). Read operations on the data require shared access to at least =
one
+ * of the context locks, while write operations require exclusive access t=
o all
+ * listed context locks.
  *
  * .. code-block:: c
  *
@@ -70,6 +79,11 @@
  *		spinlock_t lock;
  *		long *counter __pt_guarded_by(&lock);
  *	};
+ *
+ *	struct some_state {
+ *		spinlock_t lock1, lock2;
+ *		long *counter __pt_guarded_by(&lock1, &lock2);
+ *	};
  */
 # define __pt_guarded_by(...)		__attribute__((pt_guarded_by(__VA_ARGS__)))
=20
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 8ff5adcfe1e0..b0f3028a213d 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -630,7 +630,7 @@ config DEBUG_FORCE_WEAK_PER_CPU
=20
 config WARN_CONTEXT_ANALYSIS
 	bool "Compiler context-analysis warnings"
-	depends on CC_IS_CLANG && CLANG_VERSION >=3D 220100
+	depends on CC_IS_CLANG && CLANG_VERSION >=3D 230000
 	# Branch profiling re-defines "if", which messes with the compiler's
 	# ability to analyze __cond_acquires(..), resulting in false positives.
 	depends on !TRACE_BRANCH_PROFILING
@@ -641,7 +641,7 @@ config WARN_CONTEXT_ANALYSIS
 	  and releasing user-definable "context locks".
=20
 	  Clang's name of the feature is "Thread Safety Analysis". Requires
-	  Clang 22.1.0 or later.
+	  Clang 23 or later.
=20
 	  Produces warnings by default. Select CONFIG_WERROR if you wish to
 	  turn these warnings into errors.
diff --git a/lib/test_context-analysis.c b/lib/test_context-analysis.c
index 06b4a6a028e0..316f4dfcda65 100644
--- a/lib/test_context-analysis.c
+++ b/lib/test_context-analysis.c
@@ -159,6 +159,10 @@ TEST_SPINLOCK_COMMON(read_lock,
 struct test_mutex_data {
 	struct mutex mtx;
 	int counter __guarded_by(&mtx);
+
+	struct mutex mtx2;
+	int anyread __guarded_by(&mtx, &mtx2);
+	int *anyptr __pt_guarded_by(&mtx, &mtx2);
 };
=20
 static void __used test_mutex_init(struct test_mutex_data *d)
@@ -219,6 +223,26 @@ static void __used test_mutex_cond_guard(struct test_m=
utex_data *d)
 	}
 }
=20
+static void __used test_mutex_multiguard(struct test_mutex_data *d)
+{
+	mutex_lock(&d->mtx);
+	(void)d->anyread;
+	(void)*d->anyptr;
+	mutex_unlock(&d->mtx);
+
+	mutex_lock(&d->mtx2);
+	(void)d->anyread;
+	(void)*d->anyptr;
+	mutex_unlock(&d->mtx2);
+
+	mutex_lock(&d->mtx);
+	mutex_lock(&d->mtx2);
+	d->anyread++;
+	(*d->anyptr)++;
+	mutex_unlock(&d->mtx2);
+	mutex_unlock(&d->mtx);
+}
+
 struct test_seqlock_data {
 	seqlock_t sl;
 	int counter __guarded_by(&sl);
--=20
2.54.0.563.g4f69b47b94-goog