On 12/19/25 7:39 AM, Marco Elver wrote:
+#if defined(WARN_CONTEXT_ANALYSIS)
+
+/*
+ * These attributes define new context lock (Clang: capability) types.
+ * Internal only.
+ */
How can macros be "internal only" that are defined in a header file that
will be included by almost all kernel code? Please consider changing
"internal only" into something that is more clear, e.g. "should only be
used in the macro definitions in this header file".
+/*
+ * The below are used to annotate code being checked. Internal only.
+ */
Same comment here about "internal only".
+/**
+ * context_lock_struct() - declare or define a context lock struct
+ * @name: struct name
+ *
+ * Helper to declare or define a struct type that is also a context lock.
+ *
+ * .. code-block:: c
+ *
+ * context_lock_struct(my_handle) {
+ * int foo;
+ * long bar;
+ * };
+ *
+ * struct some_state {
+ * ...
+ * };
+ * // ... declared elsewhere ...
+ * context_lock_struct(some_state);
+ *
+ * Note: The implementation defines several helper functions that can acquire
+ * and release the context lock.
+ */
+# define context_lock_struct(name, ...)
\
+ struct __ctx_lock_type(name) __VA_ARGS__ name;
\
+ static __always_inline void __acquire_ctx_lock(const struct name *var)
\
+ __attribute__((overloadable)) __no_context_analysis
__acquires_ctx_lock(var) { } \
+ static __always_inline void __acquire_shared_ctx_lock(const struct name
*var) \
+ __attribute__((overloadable)) __no_context_analysis
__acquires_shared_ctx_lock(var) { } \
+ static __always_inline bool __try_acquire_ctx_lock(const struct name
*var, bool ret) \
+ __attribute__((overloadable)) __no_context_analysis
__try_acquires_ctx_lock(1, var) \
+ { return ret; }
\
+ static __always_inline bool __try_acquire_shared_ctx_lock(const struct
name *var, bool ret) \
+ __attribute__((overloadable)) __no_context_analysis
__try_acquires_shared_ctx_lock(1, var) \
+ { return ret; }
\
+ static __always_inline void __release_ctx_lock(const struct name *var)
\
+ __attribute__((overloadable)) __no_context_analysis
__releases_ctx_lock(var) { } \
+ static __always_inline void __release_shared_ctx_lock(const struct name
*var) \
+ __attribute__((overloadable)) __no_context_analysis
__releases_shared_ctx_lock(var) { } \
+ static __always_inline void __assume_ctx_lock(const struct name *var)
\
+ __attribute__((overloadable)) __assumes_ctx_lock(var) { }
\
+ static __always_inline void __assume_shared_ctx_lock(const struct name
*var) \
+ __attribute__((overloadable)) __assumes_shared_ctx_lock(var) {
} \
+ struct name
I'm concerned that the context_lock_struct() macro will make code harder
to read. Anyone who encounters the context_lock_struct() macro will have
to look up its definition to learn what it does. I propose to split this
macro into two macros:
* One macro that expands into "__ctx_lock_type(name)".
* A second macro that expands into the rest of the above macro.
In other words, instead of having to write
context_lock_struct(struct_name, { ... }); developers will have to write
struct context_lock_type struct_name {
...;
};
context_struct_helper_functions(struct_name);
My opinion is that the alternative that I'm proposing is easier to read.
Additionally, it doesn't break existing tools that support jumping from
the name of a struct to its definition, e.g. ctags and etags.
+config WARN_CONTEXT_ANALYSIS_ALL
+ bool "Enable context analysis for all source files"
+ depends on WARN_CONTEXT_ANALYSIS
+ depends on EXPERT && !COMPILE_TEST
+ help
+ Enable tree-wide context analysis. This is likely to produce a
+ large number of false positives - enable at your own risk.
+
+ If unsure, say N.
Why !COMPILE_TEST?
Thanks,
Bart.
