Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp21599546ybl; Mon, 6 Jan 2020 07:42:28 -0800 (PST) X-Google-Smtp-Source: APXvYqyMaDLtog9jLk10hLwb+AlGSx5Ss2WZ2q3oQY1nnen5ufVkww+kKfFQeWyb1FjrlI8nv6OU X-Received: by 2002:a9d:3d0a:: with SMTP id a10mr114739537otc.327.1578325348386; Mon, 06 Jan 2020 07:42:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578325348; cv=none; d=google.com; s=arc-20160816; b=D7VEGE821+3tyEKETtT+U4wWb4ay8Tnd86c995EG8mwqm+qFFM0YHfPSdBqOvUqQ5h FSACDcoobb1TZgqYSFb5kPo6/wvt8QfjhthXyiEaIQDqpXz+2pZEtpO8G7zRJSrbKrBu 2DDekH1uonalf5wuW7l2MD92gY7NrRcVQl2evCDMgegnGRju96c9Jh+N8ccuo4YsGP16 wNHUjzYr1XWH0gMfvwvGEnALeAOOAyE/4a8lCaPTpYLFys6FGMfjIu/uUiUOHDnhIMRe F2A5ASY88sHNeUxB+KVDot8nYBQeWrLL0fAABtYWXvrGqhrOX+CXR/ZM6Txj3BUBjTk/ LcgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Pr+QJhLWon8Zy2xzdYFdw8f98/n5SlmPPCm9dGfNuCU=; b=IEb3w54X6NHiKNG9zFycCnPnq9F6Mx4OqziyupKabdTjsc3CB2hL8igY8Du2Q2Jv/n HA3lco3xqV6Y6EoEVr7biC6SqHnPMYkZBuUym1ZQER608nNiAY446q2CAhKyGzyOlx8c IUyOyZW/1ZCjCh6F+hJdE5QtO0Rkb+0v0h7NDOOjRjNDglNx689N+ZhHYUJ6BMWLISOF 7GvUtBllMHGVVGJI30zcmVBJTm8sRzI759iPWZ7OVcP139s0k72uL8ZA+EGFc1B8+wHk FJbd0yxGxRwBiNZ4tBUezbqvCXSGzKAl3Bz/84docRI4/dkZ8tsqwN6Kx5B72jLNWvyS hGVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="c3/Johp/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r26si35235772otc.163.2020.01.06.07.42.15; Mon, 06 Jan 2020 07:42:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="c3/Johp/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726540AbgAFPlb (ORCPT + 99 others); Mon, 6 Jan 2020 10:41:31 -0500 Received: from merlin.infradead.org ([205.233.59.134]:42570 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726296AbgAFPla (ORCPT ); Mon, 6 Jan 2020 10:41:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Pr+QJhLWon8Zy2xzdYFdw8f98/n5SlmPPCm9dGfNuCU=; b=c3/Johp/zrnjTKuah4azV/J/z jHBViK0l3EwXzBzuZWUdyQQkJKnZL7zuKVNl6K08BVxu6TNGMkua4JmFf7Xu7dw/HiHRLh3zykrEq xkpI8oKCTPBdIwkcAxq8iPS0JA9BHMDYpSRn2oO7DknGdsHH8hwghXZodIVbrM9VFhIi7BmGi2A/Q FA2VwLuNSmgNAZR82xfiBIPmYBdmzxC7U7XVwR7gBr2LG4wZdFGwajQPbhcRS2NrirK6H8pXgWfZ/ 8qxXNhok1Kaxm9tHDZHUrvpgG/ITQKI9zgSBxOv8FsTPw0g0GPF5FDKYuXKrtGJb8nRcRH/pBwcvY 5FW1a2Rpw==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1ioUVO-0003LZ-2q; Mon, 06 Jan 2020 15:41:22 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 513453006E0; Mon, 6 Jan 2020 16:39:47 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 3A67D2B2844FB; Mon, 6 Jan 2020 16:41:19 +0100 (CET) Date: Mon, 6 Jan 2020 16:41:19 +0100 From: Peter Zijlstra To: Luc Van Oostenryck Cc: Kees Cook , Eric Biggers , linux-kernel@vger.kernel.org, Ingo Molnar , Will Deacon , Elena Reshetova , Thomas Gleixner , Anna-Maria Gleixner , Sebastian Andrzej Siewior , linux-sparse@vger.kernel.org Subject: Re: [PATCH] locking/refcount: add sparse annotations to dec-and-lock functions Message-ID: <20200106154119.GV2810@hirez.programming.kicks-ass.net> References: <20191226152922.2034-1-ebiggers@kernel.org> <20191228114918.GU2827@hirez.programming.kicks-ass.net> <201912301042.FB806E1133@keescook> <20191230191547.GA1501@zzz.localdomain> <201912301131.2C7C51E8C6@keescook> <20191230233814.2fgmsgtnhruhklnu@ltop.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191230233814.2fgmsgtnhruhklnu@ltop.local> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 31, 2019 at 12:38:14AM +0100, Luc Van Oostenryck wrote: > On Mon, Dec 30, 2019 at 11:32:31AM -0800, Kees Cook wrote: > > On Mon, Dec 30, 2019 at 01:15:47PM -0600, Eric Biggers wrote: > > > > > > The annotation needs to go in the .h file, not the .c file, because sparse only > > > analyzes individual translation units. > > > > > > It needs to be a wrapper macro because it needs to tie the acquisition of the > > > lock to the return value being true. I.e. there's no annotation you can apply > > > directly to the function prototype that means "if this function returns true, it > > > acquires the lock that was passed in parameter N". > > > > Gotcha. Well, I guess I leave it to Will and Peter to hash out... > > > > Is there a meaningful proposal anywhere for sparse to DTRT here? If > > not, it seems best to use what you've proposed until sparse reaches the > > point of being able to do this on its own. > > What "Right Thing" are you thinking about? > One of the simplest situation with these conditional locks is: > > if (test) > lock(); > > do_stuff(); > > if (test) > unlock(); > > No program can check that the second test gives the same result than > the first one, it's undecidable. I mean, it's undecidable even on > if single threaded and without interrupts. The best you can do is > to simulate the whole thing (and be sure your simulation will halt). Not quite what we're talking about. Instead consider this: The normal flow would be something like: extern void spin_lock(spinlock_t *lock) __acquires(lock); extern void spin_unlock(spinlock_t *lock) __releases(lock); extern bool _spin_trylock(spinlock_t *lock) __acquires(lock); #define __cond_lock(x, c) ((c) ? ({ __acquire(x); 1; }) : 0) #define spin_trylock(lock) __cond_lock(lock, _spin_lock) if (spin_trylock(lock)) { /* do crap */ spin_unlock(); } So the proposal here: https://markmail.org/message/4obybcgqscznnx63 would have us write: extern bool spin_trylock(spinlock_t *lock) __attribute__((context(lock, 0, spin_trylock(lock)); Basically have sparse do a transform on its own expression tree and inject the very same crud we now do manually. This avoids cluttering the kernel tree with this nonsense.