lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dd65bb7b-0dac-437a-a370-38efeb4737ba@acm.org>
Date: Mon, 26 Jan 2026 09:31:09 -0800
From: Bart Van Assche <bvanassche@....org>
To: Marco Elver <elver@...gle.com>, Peter Zijlstra <peterz@...radead.org>,
 Boqun Feng <boqun.feng@...il.com>, Ingo Molnar <mingo@...nel.org>,
 Will Deacon <will@...nel.org>
Cc: "David S. Miller" <davem@...emloft.net>,
 Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
 Chris Li <sparse@...isli.org>, "Paul E. McKenney" <paulmck@...nel.org>,
 Alexander Potapenko <glider@...gle.com>, Arnd Bergmann <arnd@...db.de>,
 Christoph Hellwig <hch@....de>, Dmitry Vyukov <dvyukov@...gle.com>,
 Eric Dumazet <edumazet@...gle.com>, Frederic Weisbecker
 <frederic@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 Herbert Xu <herbert@...dor.apana.org.au>, Ian Rogers <irogers@...gle.com>,
 Jann Horn <jannh@...gle.com>, Joel Fernandes <joelagnelf@...dia.com>,
 Johannes Berg <johannes.berg@...el.com>, Jonathan Corbet <corbet@....net>,
 Josh Triplett <josh@...htriplett.org>, Justin Stitt
 <justinstitt@...gle.com>, Kees Cook <kees@...nel.org>,
 Kentaro Takeda <takedakn@...data.co.jp>,
 Lukas Bulwahn <lukas.bulwahn@...il.com>, Mark Rutland
 <mark.rutland@....com>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
 Miguel Ojeda <ojeda@...nel.org>, Nathan Chancellor <nathan@...nel.org>,
 Neeraj Upadhyay <neeraj.upadhyay@...nel.org>,
 Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
 Steven Rostedt <rostedt@...dmis.org>,
 Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
 Thomas Gleixner <tglx@...utronix.de>, Thomas Graf <tgraf@...g.ch>,
 Uladzislau Rezki <urezki@...il.com>, Waiman Long <longman@...hat.com>,
 kasan-dev@...glegroups.com, linux-crypto@...r.kernel.org,
 linux-doc@...r.kernel.org, linux-kbuild@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-mm@...ck.org,
 linux-security-module@...r.kernel.org, linux-sparse@...r.kernel.org,
 linux-wireless@...r.kernel.org, llvm@...ts.linux.dev, rcu@...r.kernel.org
Subject: Re: [PATCH v5 15/36] srcu: Support Clang's context analysis

On 12/19/25 7:40 AM, Marco Elver wrote:
> +/*
> + * No-op helper to denote that ssp must be held. Because SRCU-protected pointers
> + * should still be marked with __rcu_guarded, and we do not want to mark them
> + * with __guarded_by(ssp) as it would complicate annotations for writers, we
> + * choose the following strategy: srcu_dereference_check() calls this helper
> + * that checks that the passed ssp is held, and then fake-acquires 'RCU'.
> + */
> +static inline void __srcu_read_lock_must_hold(const struct srcu_struct *ssp) __must_hold_shared(ssp) { }
>   
>   /**
>    * srcu_dereference_check - fetch SRCU-protected pointer for later dereferencing
> @@ -223,9 +233,15 @@ static inline int srcu_read_lock_held(const struct srcu_struct *ssp)
>    * to 1.  The @c argument will normally be a logical expression containing
>    * lockdep_is_held() calls.
>    */
> -#define srcu_dereference_check(p, ssp, c) \
> -	__rcu_dereference_check((p), __UNIQUE_ID(rcu), \
> -				(c) || srcu_read_lock_held(ssp), __rcu)
> +#define srcu_dereference_check(p, ssp, c)					\
> +({										\
> +	__srcu_read_lock_must_hold(ssp);					\
> +	__acquire_shared_ctx_lock(RCU);					\
> +	__auto_type __v = __rcu_dereference_check((p), __UNIQUE_ID(rcu),	\
> +				(c) || srcu_read_lock_held(ssp), __rcu);	\
> +	__release_shared_ctx_lock(RCU);					\
> +	__v;									\
> +})

Hi Marco,

The above change is something I'm not happy about. The original
implementation of the srcu_dereference_check() macro shows that it is
sufficient to either hold an SRCU reader lock or the updater lock ('c').
The addition of "__srcu_read_lock_must_hold()" will cause compilation to
fail if the caller doesn't hold an SRCU reader lock. I'm concerned that
this will either lead to adding __no_context_analysis to SRCU updater
code that uses srcu_dereference_check() or to adding misleading
__assume_ctx_lock(ssp) annotations in SRCU updater code.

Thanks,

Bart.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ