git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Marco Elver <elver@google.com>
	Fri, 19 Dec 2025 15:40:23 +0000 (16:40 +0100)
committer	Peter Zijlstra <peterz@infradead.org>
	Mon, 5 Jan 2026 15:43:36 +0000 (16:43 +0100)
commit	87335b61a23bd10e4aec132bd3a48a009d406973
tree	dc2ada234b41cb02d85a25050555f657dd63692e	tree
parent	8ec56d9aaba9667b0c6429de7aeb4ec691944a5e	commit \| diff

security/tomoyo: Enable context analysis

Enable context analysis for security/tomoyo.

This demonstrates a larger conversion to use Clang's context
analysis. The benefit is additional static checking of locking rules,
along with better documentation.

Tomoyo makes use of several synchronization primitives, yet its clear
design made it relatively straightforward to enable context analysis.

One notable finding was:

  security/tomoyo/gc.c:664:20: error: reading variable 'write_buf' requires holding mutex '&tomoyo_io_buffer::io_sem'
    664 |                 is_write = head->write_buf != NULL;

For which Tetsuo writes:

  "Good catch. This should be data_race(), for tomoyo_write_control()
   might concurrently update head->write_buf from non-NULL to non-NULL
   with head->io_sem held."

Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://patch.msgid.link/20251219154418.3592607-35-elver@google.com

security/tomoyo/Makefile		diff \| blob \| blame \| history
security/tomoyo/common.c		diff \| blob \| blame \| history
security/tomoyo/common.h		diff \| blob \| blame \| history
security/tomoyo/domain.c		diff \| blob \| blame \| history
security/tomoyo/environ.c		diff \| blob \| blame \| history
security/tomoyo/file.c		diff \| blob \| blame \| history
security/tomoyo/gc.c		diff \| blob \| blame \| history
security/tomoyo/mount.c		diff \| blob \| blame \| history
security/tomoyo/network.c		diff \| blob \| blame \| history