[PATCH v5 17/36] locking/rwsem: Support Clang's context analysis
Marco Elver
elver at google.com
Sat Dec 20 12:52:13 UTC 2025
On Fri, 19 Dec 2025 at 21:55, 'Bart Van Assche' via kasan-dev
<kasan-dev at googlegroups.com> wrote:
>
> On 12/19/25 7:40 AM, Marco Elver wrote:
> > static inline void rwsem_assert_held_nolockdep(const struct rw_semaphore *sem)
> > + __assumes_ctx_lock(sem)
> > {
> > WARN_ON(atomic_long_read(&sem->count) == RWSEM_UNLOCKED_VALUE);
> > }
> >
> > static inline void rwsem_assert_held_write_nolockdep(const struct rw_semaphore *sem)
> > + __assumes_ctx_lock(sem)
> > {
> > WARN_ON(!(atomic_long_read(&sem->count) & RWSEM_WRITER_LOCKED));
> > }
> > @@ -119,6 +121,7 @@ do { \
> > static struct lock_class_key __key; \
> > \
> > __init_rwsem((sem), #sem, &__key); \
> > + __assume_ctx_lock(sem); \
> > } while (0)
>
> Just like as for lockdep.h, I think that the above annotations should be
> changed into __must_hold().
My point is the same: we use it to delegate to dynamic analysis where
we reach the limits of static analysis, to avoid false positives [1].
Code should apply __must_hold() or __guarded_by() to called or
protected variables respectively, which is both cleaner and the
idiomatic way to use all this.
[1] https://lore.kernel.org/all/CANpmjNPp6Gkz3rdaD0V7EkPrm60sA5tPpw+m8Xg3u8MTXuc2mg@mail.gmail.com/
More information about the Linux-security-module-archive
mailing list