| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250207083335.GW7145@noisy.programming.kicks-ass.net>
Date: Fri, 7 Feb 2025 09:33:35 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Marco Elver <elver@...gle.com>
Cc: Bart Van Assche <bvanassche@....org>,
"Paul E. McKenney" <paulmck@...nel.org>,
Alexander Potapenko <glider@...gle.com>,
Bill Wendling <morbo@...gle.com>, Boqun Feng <boqun.feng@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Frederic Weisbecker <frederic@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ingo Molnar <mingo@...nel.org>, Jann Horn <jannh@...gle.com>,
Joel Fernandes <joel@...lfernandes.org>,
Jonathan Corbet <corbet@....net>,
Josh Triplett <josh@...htriplett.org>,
Justin Stitt <justinstitt@...gle.com>, Kees Cook <kees@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Miguel Ojeda <ojeda@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Neeraj Upadhyay <neeraj.upadhyay@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Steven Rostedt <rostedt@...dmis.org>,
Thomas Gleixner <tglx@...utronix.de>,
Uladzislau Rezki <urezki@...il.com>,
Waiman Long <longman@...hat.com>, Will Deacon <will@...nel.org>,
kasan-dev@...glegroups.com, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev, rcu@...r.kernel.org,
linux-crypto@...r.kernel.org
Subject: Re: [PATCH RFC 01/24] compiler_types: Move lock checking attributes
to compiler-capability-analysis.h
On Thu, Feb 06, 2025 at 07:48:38PM +0100, Marco Elver wrote:
> On Thu, 6 Feb 2025 at 19:40, Bart Van Assche <bvanassche@....org> wrote:
> >
> > On 2/6/25 10:09 AM, Marco Elver wrote:
> > > +/* Sparse context/lock checking support. */
> > > +# define __must_hold(x) __attribute__((context(x,1,1)))
> > > +# define __acquires(x) __attribute__((context(x,0,1)))
> > > +# define __cond_acquires(x) __attribute__((context(x,0,-1)))
> > > +# define __releases(x) __attribute__((context(x,1,0)))
> > > +# define __acquire(x) __context__(x,1)
> > > +# define __release(x) __context__(x,-1)
> > > +# define __cond_lock(x, c) ((c) ? ({ __acquire(x); 1; }) : 0)
> >
> > If support for Clang thread-safety attributes is added, an important
> > question is what to do with the sparse context attribute. I think that
> > more developers are working on improving and maintaining Clang than
> > sparse. How about reducing the workload of kernel maintainers by
> > only supporting the Clang thread-safety approach and by dropping support
> > for the sparse context attribute?
>
> My 2c: I think Sparse's context tracking is a subset, and generally
> less complete, favoring false negatives over false positives (also
> does not support guarded_by).
> So in theory they can co-exist.
> In practice, I agree, there will be issues with maintaining both,
> because there will always be some odd corner-case which doesn't quite
> work with one or the other (specifically Sparse is happy to auto-infer
> acquired and released capabilities/contexts of functions and doesn't
> warn you if you still hold a lock when returning from a function).
>
> I'd be in favor of deprecating Sparse's context tracking support,
> should there be consensus on that.
I don't think I've ever seen a useful sparse locking report, so yeah, no
tears shed on removing it.
Powered by blists - more mailing lists