Re: [Question] Detecting Sleep-in-Atomic Context in PREEMPT_RT via RV (Runtime Verification) monitor rtapp:sleep

[Yunseong Kim]

Hi Nam and Gabriele,

Thanks for the great presentation at LPC 2025.

I have a follow-up question during the Gabriele's Session RV and 
real-time properties, regarding spinlock behavior in atomic
contexts (IRQ/preempt disabled) on the PREEMPT_RT kernel.

On 12/2/25 20:26, Sebastian Andrzej Siewior wrote:
> On 2025-12-02 12:14:09 [+0100], Nam Cao wrote:
> > > RV is not a static checker, it is a run-time checker.
> > >
> > > Just in case you are not aware yet, there is also Smatch:
> > > https://github.com/error27/smatch. But I can't offer much help there.
> >
> > I was looking up something unrelated, and I found that Smatch does
> > detect this sleep-in-atomic problem:
> > https://staticthinking.wordpress.com/2024/05/24/sleeping-in-atomic-warnings/
> >
> > I'm not sure if its design takes PREEMPT_RT into consideration. But
> > seems worth having a look.
>
> It does not look like it does. Judging from
> 	https://github.com/error27/smatch/blob/master/check_preempt_info.c
>
> it increments the preempt-counter on preempt_disable() and spin_lock().
> So it won't yell at
> 	preempt_disable();
> 	spin_lock();
>
> while CONFIG_DEBUG_ATOMIC_SLEEP would.

I specifically believe that RV can encompass the role of
CONFIG_DEBUG_ATOMIC_SLEEP and even go beyond it.

My reasoning is that even if a sleepable (PREEMPT_RT) spinlock is used 
within an IRQ/preemption disabled section, CONFIG_DEBUG_ATOMIC_SLEEP 
might not trigger a warning if scheduling does not actually occur (i.e., 
if there is no contention for that spinlock). This is because the actual 
debugging check happens in __might_resched().

Therefore, I think RV could catch these potential bugs that might
otherwise be missed. Is my understanding in the right direction?

> > Nam
>
> Sebastian

I really appreciate Nam and Sebastian for sharing valuable insights on
static analysis tools again.

I recently discussed this with the Kernel CVE team, and Greg confirmed
that such usage (sleepable spinlocks in IRQ/preempt disabled sections)
is handled as a CVE.

I would appreciate your insights on this matter.

Best regards,
Yunseong Kim