| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <53f17978-40e5-4b2e-b719-552612b0e775@kzalloc.com> Date: Thu, 11 Dec 2025 13:30:19 +0900 From: Yunseong Kim <ysk@...lloc.com> To: Nam Cao <namcao@...utronix.de>, Gabriele Monaco <gmonaco@...hat.com> Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de>, rostedt@...dmis.org, Tomas Glozar <tglozar@...hat.com>, Shung-Hsi Yu <shung-hsi.yu@...e.com>, Byungchul Park <byungchul@...com>, syzkaller@...glegroups.com, linux-rt-devel@...ts.linux.dev, LKML <linux-kernel@...r.kernel.org>, Dan Carpenter <dan.carpenter@...aro.org> Subject: Re: [Question] Detecting Sleep-in-Atomic Context in PREEMPT_RT via RV (Runtime Verification) monitor rtapp:sleep Hi Nam and Gabriele, Thanks for the great presentation at LPC 2025. I have a follow-up question during the Gabriele's Session RV and real-time properties, regarding spinlock behavior in atomic contexts (IRQ/preempt disabled) on the PREEMPT_RT kernel. On 12/2/25 20:26, Sebastian Andrzej Siewior wrote: > On 2025-12-02 12:14:09 [+0100], Nam Cao wrote: >>> RV is not a static checker, it is a run-time checker. >>> >>> Just in case you are not aware yet, there is also Smatch: >>> https://github.com/error27/smatch. But I can't offer much help there. >> >> I was looking up something unrelated, and I found that Smatch does >> detect this sleep-in-atomic problem: >> https://staticthinking.wordpress.com/2024/05/24/sleeping-in-atomic-warnings/ >> >> I'm not sure if its design takes PREEMPT_RT into consideration. But >> seems worth having a look. > > It does not look like it does. Judging from > https://github.com/error27/smatch/blob/master/check_preempt_info.c > > it increments the preempt-counter on preempt_disable() and spin_lock(). > So it won't yell at > preempt_disable(); > spin_lock(); > > while CONFIG_DEBUG_ATOMIC_SLEEP would. I specifically believe that RV can encompass the role of CONFIG_DEBUG_ATOMIC_SLEEP and even go beyond it. My reasoning is that even if a sleepable (PREEMPT_RT) spinlock is used within an IRQ/preemption disabled section, CONFIG_DEBUG_ATOMIC_SLEEP might not trigger a warning if scheduling does not actually occur (i.e., if there is no contention for that spinlock). This is because the actual debugging check happens in __might_resched(). Therefore, I think RV could catch these potential bugs that might otherwise be missed. Is my understanding in the right direction? >> Nam > > Sebastian I really appreciate Nam and Sebastian for sharing valuable insights on static analysis tools again. I recently discussed this with the Kernel CVE team, and Greg confirmed that such usage (sleepable spinlocks in IRQ/preempt disabled sections) is handled as a CVE. I would appreciate your insights on this matter. Best regards, Yunseong Kim
Powered by blists - more mailing lists