From nobody Tue Nov 26 09:50:05 2024 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7FBA152E12 for ; Fri, 18 Oct 2024 23:17:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293443; cv=none; b=fVVu+xAupZXNr8weZCAP1QyTWBv2bbal9NdIyVrwTiNYwENQT7RONjQ+HM9ILXpJvVklwiwg+fNo1g0FyXgXYYpH3gnHsaGDgwrUOLwl7uBCOx9BhgiO8Q8U6OcUcYHnoj3YN6oTuxQvppaMpSGVmzg3MyqWzK9TCyrJm8MTgLc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293443; c=relaxed/simple; bh=VrbmIuO/RIhlXdFNhariGcGO4aTnceCtMQqUUGRgUgI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=k4t2PBJUKVCPJ5NjkAJbDe/ZIRSc0VeuI7upeInN1OyRKQiWW2dzl8oE/iqM6V24Psz3peRJRoomZiAFduxAAw4R8wahiGlXwnRu4LYqBvrO9vDZXdP9rgds543lGo1Dh2BSr/Y5dsFxZL6+dU7rNormPYoXQjmRsZ6xwYrqD+4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=BFGapntk; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="BFGapntk" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729293439; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bpCf4GnRsBzVG5NDqyR9YwYCDPi3z83zps8lDdRr5FA=; b=BFGapntkFSnvUcRjfzEVRggmSw6ieJs4w2eLJzbwYuV6k795ZIoV2hsWm/C65yYfxIOxF+ rJ0tmWfblWiteV5k+x4HSwqMilpNWHLA8zx2bCwdsp9SjXEkjqEJ09khIdl40bvqGn/lZz ebqE7PruRc49ecI+PnEWlwIlDFOuwNM= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-680-Dutq-wkGM7GXAsK1IXF-ig-1; Fri, 18 Oct 2024 19:17:16 -0400 X-MC-Unique: Dutq-wkGM7GXAsK1IXF-ig-1 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B514B195608D; Fri, 18 Oct 2024 23:17:13 +0000 (UTC) Received: from chopper.redhat.com (unknown [10.22.65.88]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A7932195607C; Fri, 18 Oct 2024 23:17:08 +0000 (UTC) From: Lyude Paul To: rust-for-linux@vger.kernel.org Cc: Danilo Krummrich , airlied@redhat.com, Ingo Molnar , Will Deacon , Waiman Long , Peter Zijlstra , Thomas Gleixner , linux-kernel@vger.kernel.org, Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Wedson Almeida Filho , Danilo Krummrich , FUJITA Tomonori , Valentin Obst Subject: [PATCH v7 1/3] rust: Introduce local_irq module Date: Fri, 18 Oct 2024 19:13:50 -0400 Message-ID: <20241018231621.474601-3-lyude@redhat.com> In-Reply-To: <20241018231621.474601-2-lyude@redhat.com> References: <20241018231621.474601-2-lyude@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Content-Type: text/plain; charset="utf-8" This introduces a module for adding marker types to indicate the type of interrupt context a function is called in. Note that nothing here enables or disables interrupts on its own, this is simply for verifying correctness at compile-time. Signed-off-by: Lyude Paul --- V2: * Actually make it so that we check whether or not we have interrupts disabled with debug assertions * Fix issues in the documentation (added suggestions, missing periods, made sure that all rustdoc examples compile properly) * Pass IrqDisabled by value, not reference * Ensure that IrqDisabled is !Send and !Sync using PhantomData<(&'a (), *mut ())> * Add all of the suggested derives from Benno Lossin V3: * Use `impl` for FnOnce bounds in with_irqs_disabled() * Use higher-ranked trait bounds for the lifetime of with_irqs_disabled() * Wording changes in the documentation for the module itself V4: * Use the actual unsafe constructor for IrqDisabled in with_irqs_disabled() * Fix comment style in with_irqs_disabled example * Check before calling local_irq_restore() in with_irqs_disabled that interrupts are still disabled. It would have been nice to do this from a Drop implementation like I hoped, but I realized rust doesn't allow that for types that implement Copy. * Document that interrupts can't be re-enabled within the `cb` provided to `with_irqs_disabled`, and link to the github issue I just filed about this that describes the solution for this. V5: * Rebase against rust-next for the helpers split * Fix typo (enabled -> disabled) - Dirk V6: * s/indicate/require/ in IrqDisabled docs * Reword comment above with_irqs_disabled in code example requested by Benno * Add paragraph to with_irqs_disabled docs requested by Benno * Apply the comments from Boqun's review for V4 that I missed * Document type invariants of `IrqDisabled` V7: * Change name of module to local_irq.rs * Remove with_interrupts_disabled() * Update documentation wording a bit to make mention of PREEMPT_RT This patch depends on https://lore.kernel.org/rust-for-linux/20240808-alice-file-v9-1-2cb7b934e0e= 1@google.com/ Signed-off-by: Lyude Paul --- rust/helpers/helpers.c | 1 + rust/helpers/irq.c | 8 ++++++ rust/kernel/lib.rs | 1 + rust/kernel/local_irq.rs | 56 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+) create mode 100644 rust/helpers/irq.c create mode 100644 rust/kernel/local_irq.rs diff --git a/rust/helpers/helpers.c b/rust/helpers/helpers.c index 20a0c69d5cc7b..fd70afe5069ca 100644 --- a/rust/helpers/helpers.c +++ b/rust/helpers/helpers.c @@ -12,6 +12,7 @@ #include "build_assert.c" #include "build_bug.c" #include "err.c" +#include "irq.c" #include "kunit.c" #include "mutex.c" #include "page.c" diff --git a/rust/helpers/irq.c b/rust/helpers/irq.c new file mode 100644 index 0000000000000..d129094cc1940 --- /dev/null +++ b/rust/helpers/irq.c @@ -0,0 +1,8 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include + +bool rust_helper_irqs_disabled(void) +{ + return irqs_disabled(); +} diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 620de74d128f9..b7e604bc968ce 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -40,6 +40,7 @@ #[cfg(CONFIG_KUNIT)] pub mod kunit; pub mod list; +pub mod local_irq; #[cfg(CONFIG_NET)] pub mod net; pub mod page; diff --git a/rust/kernel/local_irq.rs b/rust/kernel/local_irq.rs new file mode 100644 index 0000000000000..e9e82347392c7 --- /dev/null +++ b/rust/kernel/local_irq.rs @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0 + +//! Interrupt controls +//! +//! This module allows Rust code to annotate functions which can only be c= alled in contexts where +//! local interrupts on the CPU may be disabled. + +use crate::types::NotThreadSafe; +use bindings; +use core::marker::*; + +/// A token that is only available in contexts where interrupts are disabl= ed on non-PREEMPT_RT +/// kernels. +/// +/// [`IrqDisabled`] is marker made available when local processor interrup= ts are disabled on +/// non-PREEMPT_RT kernels. A function may require a [`IrqDisabled`] to en= sure that functions may +/// only be run with processor interrupts disabled on such kernels. +/// +/// This is a marker type; it has no size, and is simply used as a compile= -time guarantee that +/// interrupts are disabled where required. +/// +/// # Invariants +/// +/// On kernels where `CONFIG_PREEMPT_RT=3Dn` is set in the kernel config, = local processor interrupts +/// are disabled whenever an object of this type exists. +#[derive(Copy, Clone, Debug, Ord, Eq, PartialOrd, PartialEq, Hash)] +pub struct IrqDisabled<'a>(PhantomData<(&'a (), NotThreadSafe)>); + +impl IrqDisabled<'_> { + /// Create a new [`IrqDisabled`] token in an interrupt disabled contex= t. + /// + /// This creates a [`IrqDisabled`] token, which can be passed to funct= ions that must + /// be run without interrupts on kernels where `CONFIG_PREEMPT_RT=3Dn`= . If debug assertions are + /// enabled, this function will assert that interrupts match the expec= ted state. Otherwise, it + /// has no size or cost at runtime. + /// + /// # Panics + /// + /// If debug assertions are enabled, then this function will assert on= non-PREEMPT_RT kernels + /// that local processor interrupts are disabled upon creation. + /// + /// # Safety + /// + /// This function must only be called in contexts where it is known th= at on a non-PREEMPT_RT + /// kernel, local interrupts have been disabled for the current CPU. T= he user is making a + /// promise that they will remain disabled at least until this [`IrqDi= sabled`] is + /// dropped. + pub unsafe fn new() -> Self { + // SAFETY: FFI call with no special requirements + debug_assert!(unsafe { bindings::irqs_disabled() }); + + // INVARIANT: The safety requirements of this function ensure that= IRQs are disabled on + // non-PREEMPT_RT kernels. + Self(PhantomData) + } +} --=20 2.47.0 From nobody Tue Nov 26 09:50:05 2024 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF48B1917C7 for ; Fri, 18 Oct 2024 23:17:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293451; cv=none; b=H0yGPci6BY9DuM0BR8gAcgz9tc6jv60xuz/Y1FMt5QIGobXI0JF1Ma2aXR67U+0FmN1WvarMDp6IVDggoJk2gzKyLxZMz9qxysqouSfXckeDsQC54t9n0fxwDC8b/HzKjOz2DTda1keyZNpfeqyzhKgtTBNrkWPF3IpGYg5cYVs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293451; c=relaxed/simple; bh=k5T5wTYTqgSy7/I+hbZvHYXemGzjiQgMfT6xYzXLZck=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=D3PQLtCQXUHaC4w4regG/0Vrea5RO6P1cYTUMt8Jw618iI6IWIqsa5EzRMXv4aN9GrxN9yfN9igpt95i0w/gc5L/AcRN+4108QgU+55uFtXP6ZBTTzlXls+/s98GtJI0rj2dOSjzOgTpTW8Vfj5ScKtP72Glrbln6OWI8oUSCMM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=YjOG37WX; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="YjOG37WX" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729293448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PgUruadhckuS2hgU+skGXtFOZJytmmA5aqcmbk2gB3o=; b=YjOG37WXNHj0bOzeDeaSRxqxs+WpmmUuMyNTP52khUigs2hQFmUNymMbMzsGpaCqsl2r3u dwoGyWbaUQjrza7085SY2agHJdDzj9uK9G7V24nz2ur+4jNX5o1lgWPbGv277CENMF9Htk hqJPDFINwEGGwMMaHNbCqzqXli+23kg= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-614-mWtCu5YfMeGDzG6MbOtB7A-1; Fri, 18 Oct 2024 19:17:24 -0400 X-MC-Unique: mWtCu5YfMeGDzG6MbOtB7A-1 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 183FF19560A5; Fri, 18 Oct 2024 23:17:21 +0000 (UTC) Received: from chopper.redhat.com (unknown [10.22.65.88]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 537721956086; Fri, 18 Oct 2024 23:17:15 +0000 (UTC) From: Lyude Paul To: rust-for-linux@vger.kernel.org Cc: Danilo Krummrich , airlied@redhat.com, Ingo Molnar , Will Deacon , Waiman Long , Peter Zijlstra , Thomas Gleixner , linux-kernel@vger.kernel.org, Benno Lossin , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Andreas Hindborg , Alice Ryhl , Trevor Gross , Martin Rodriguez Reboredo , Valentin Obst , Filipe Xavier , Fiona Behrens , Wedson Almeida Filho , Danilo Krummrich Subject: [PATCH v7 2/3] rust: sync: Introduce lock::Backend::Context and lock::BackendWithContext Date: Fri, 18 Oct 2024 19:13:51 -0400 Message-ID: <20241018231621.474601-4-lyude@redhat.com> In-Reply-To: <20241018231621.474601-2-lyude@redhat.com> References: <20241018231621.474601-2-lyude@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Content-Type: text/plain; charset="utf-8" Now that we've introduced an `IrqDisabled` token for marking contexts in which IRQs are disabled, we need a way to be able to pass it to locks that require that IRQs are disabled. In order to continue using the `lock::Backend` type instead of inventing our own thing, we accomplish this by adding the associated Context type, along with a `lock_with()` function that can accept a Context when acquiring a lock. To allow current users of context-less locks to keep using the normal `lock()` method, we take an example from Wedson Almeida Filho's work and add a `where T<'a>: Default` bound to `lock()` so that it can only be called on lock types where the context is simply a placeholder value, then re-implement it through the new `lock_with()` function. We additionally add a BackendWithContext trait, to handle calling the various locking primatives necessary for these types - along with providing a `lock_with_new()` function for using those primitives and creating the relevant context tokens. Signed-off-by: Lyude Paul Suggested-by: Benno Lossin --- V3: * Use explicit lifetimes in lock_with() to ensure self and _context have the same lifetime (Benno) * Use () for locks that don't need a Context instead of PhantomData (Benno) V4: * Fix typo (Dirk) V7: * Introduce BackendWithContext and lock_with_new following tglx's feedback * Name functions lock_with_context_saved and unlock_with_context_restored Signed-off-by: Lyude Paul --- rust/kernel/sync/lock.rs | 118 ++++++++++++++++++++++++++++-- rust/kernel/sync/lock/mutex.rs | 1 + rust/kernel/sync/lock/spinlock.rs | 1 + 3 files changed, 115 insertions(+), 5 deletions(-) diff --git a/rust/kernel/sync/lock.rs b/rust/kernel/sync/lock.rs index 7b4859b05d3a7..8949a69dd53c5 100644 --- a/rust/kernel/sync/lock.rs +++ b/rust/kernel/sync/lock.rs @@ -12,7 +12,7 @@ str::CStr, types::{NotThreadSafe, Opaque, ScopeGuard}, }; -use core::{cell::UnsafeCell, marker::PhantomPinned}; +use core::{cell::UnsafeCell, marker::PhantomPinned, mem::ManuallyDrop}; use macros::pin_data; =20 pub mod mutex; @@ -43,6 +43,11 @@ pub unsafe trait Backend { /// [`unlock`]: Backend::unlock type GuardState; =20 + /// The context which must be provided to acquire the lock. + /// + /// Can be `()`, or another type if [`BackendWithContext`] is implemen= ted. + type Context<'a>; + /// Initialises the lock. /// /// # Safety @@ -89,6 +94,54 @@ unsafe fn relock(ptr: *mut Self::State, guard_state: &mu= t Self::GuardState) { } } =20 +/// An additional trait for [`Backend`] implementations with a non-`()` [`= Context`]. +/// +/// Restricts the context in which a [`Lock`] may be locked. It can initia= lly be created using +/// [`Lock::lock_with_new`], and can be reused to acquire additional [`Loc= k`] objects using +/// [`Lock::lock_with`]. +/// +/// An example of a locking context would be a context in which local CPU = interrupts are disabled, +/// where we must restrict the ability to acquire the [`Lock`] so that it = can only be acquired +/// within that context. +/// +/// [`Context`]: `Backend::Context` +pub trait BackendWithContext: Backend { + /// The type that represents the state of this [`Context`]. + /// + /// [`Context`]: Backend::Context + type ContextState; + + /// Fulfills the invariants of [`State`] and acquires the lock, making= the caller its owner. + /// + /// This returns any state data ([`Context::State`]) needed upon unloc= k. + /// + /// # Safety + /// + /// * Same as [`Backend::lock`]. + /// + /// [`State`]: Context::State + unsafe fn lock_with_context_saved<'a>( + ptr: *mut Self::State, + ) -> (Self::Context<'a>, Self::ContextState, Self::GuardState); + + /// Performs the final unlock within [`Context`]. + /// + /// Passes the [`Context::State`] returned from [`first_lock`]. + /// + /// # Safety + /// + /// * This function may only be called after [`first_lock`]. + /// * `state` must be the value returned from [`first_lock`]. + /// + /// [`first_lock`]: Backend::first_lock + /// [`Context`]: Backend::Context + unsafe fn unlock_with_context_restored( + ptr: *mut Self::State, + guard_state: &Self::GuardState, + context_state: Self::ContextState, + ); +} + /// A mutual exclusion primitive. /// /// Exposes one of the kernel locking primitives. Which one is exposed dep= ends on the lock @@ -132,8 +185,9 @@ pub fn new(t: T, name: &'static CStr, key: &'static Loc= kClassKey) -> impl PinIni } =20 impl Lock { - /// Acquires the lock and gives the caller access to the data protecte= d by it. - pub fn lock(&self) -> Guard<'_, T, B> { + /// Acquires the lock with the given context and gives the caller acce= ss to the data protected + /// by it. + pub fn lock_with<'a>(&'a self, _context: B::Context<'a>) -> Guard<'a, = T, B> { // SAFETY: The constructor of the type calls `init`, so the existe= nce of the object proves // that `init` was called. let state =3D unsafe { B::lock(self.state.get()) }; @@ -141,14 +195,68 @@ pub fn lock(&self) -> Guard<'_, T, B> { unsafe { Guard::new(self, state) } } =20 - /// Tries to acquire the lock. + /// Acquires the lock and gives the caller access to the data protecte= d by it. + #[inline] + pub fn lock<'a>(&'a self) -> Guard<'a, T, B> + where + B::Context<'a>: Default, + { + self.lock_with(Default::default()) + } + + /// Tries to acquire the lock with the given context. /// /// Returns a guard that can be used to access the data protected by t= he lock if successful. - pub fn try_lock(&self) -> Option> { + pub fn try_lock_with<'a>(&'a self, _context: B::Context<'a>) -> Option= > { // SAFETY: The constructor of the type calls `init`, so the existe= nce of the object proves // that `init` was called. unsafe { B::try_lock(self.state.get()).map(|state| Guard::new(self= , state)) } } + + /// Tries to acquire the lock. + /// + /// Returns a guard that can be used to access the data protected by t= he lock if successful. + #[inline] + pub fn try_lock<'a>(&'a self) -> Option> + where + B::Context<'a>: Default, + { + self.try_lock_with(Default::default()) + } +} + +impl Lock { + /// Acquire the lock with a new [`Context`]. + /// + /// Creates a new instance of [`Context`], and then calls `cb` with sa= id [`Context`] and a + /// [`Guard`] for `self`. The [`Context`] will be dropped once `cb` fi= nishes, and it may be used + /// within `cb` to acquire additional locks. + /// + /// [`Context`]: Backend::Context + pub fn lock_with_new<'a, R>( + &self, + cb: impl FnOnce(&mut Guard<'_, T, B>, B::Context<'a>) -> R, + ) -> R { + let ptr =3D self.state.get(); + + // SAFETY: The constructor of the type calls `init`, so the existe= nce of the object proves + // that `init` was called. + let (context, context_state, guard_state) =3D unsafe { B::lock_wit= h_context_saved(ptr) }; + + // We don't want Guard's destructor to get called, since we'll dro= p the lock manually with + // B::unlock_with_context_restored later. So we store it in a Manu= allyDrop and pass it to cb + // via reference. + // SAFETY: We acquired the lock when we called [`B::lock_with_cont= ext_saved`] above. + let mut guard =3D ManuallyDrop::new(unsafe { Guard::new(self, guar= d_state) }); + + let result =3D cb(&mut guard, context); + + // SAFETY: We called `B::lock_with_context_saved` above, `context_= state` was returned from + // there. + unsafe { B::unlock_with_context_restored(ptr, &guard.state, contex= t_state) }; + + result + } } =20 /// A lock guard. diff --git a/rust/kernel/sync/lock/mutex.rs b/rust/kernel/sync/lock/mutex.rs index 9ce43ccb45158..9a873cb5b438b 100644 --- a/rust/kernel/sync/lock/mutex.rs +++ b/rust/kernel/sync/lock/mutex.rs @@ -93,6 +93,7 @@ macro_rules! new_mutex { unsafe impl super::Backend for MutexBackend { type State =3D bindings::mutex; type GuardState =3D (); + type Context<'a> =3D (); =20 unsafe fn init( ptr: *mut Self::State, diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spin= lock.rs index 040dc16975a68..9fbfd96ffba3e 100644 --- a/rust/kernel/sync/lock/spinlock.rs +++ b/rust/kernel/sync/lock/spinlock.rs @@ -92,6 +92,7 @@ macro_rules! new_spinlock { unsafe impl super::Backend for SpinLockBackend { type State =3D bindings::spinlock_t; type GuardState =3D (); + type Context<'a> =3D (); =20 unsafe fn init( ptr: *mut Self::State, --=20 2.47.0 From nobody Tue Nov 26 09:50:05 2024 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8BBD191F95 for ; Fri, 18 Oct 2024 23:17:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293458; cv=none; b=Xs75IT31NqTsL+8egO2D0bDb0ili8SpEpP5mL1xy+1m3bXsY7xGFG77FUOqgDvfynSlOLqacs4ItrbIQuHvdW+sPZpppXZrHR3FcelHduIqv6e7iJg5+Eqx24UGm45z1jiGq6VG4QNH3UyWFiim0bTbxjh9vCFGk1RBUPyftFjI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293458; c=relaxed/simple; bh=lWcEJkw3hYPr1RLVom/NteB4xsniQTSQzqNrhkGI44k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fm3nbSbgYEJ+iI20QVoWROlO1/EVyif8eBmhZ6VCTIzg4R9Smo2TfqAwFRAkhZOz1n+174AydMXEVaE8H+rsUb6paKHZv9ojwYTvIijnAt4xm2q8aCr47Y7QyRYzpDIEPMZ1eRUcTkU7G8l/4QJXD61NYYqkjU8bT8LBwtYsiFc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=b27pB7KK; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="b27pB7KK" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729293455; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=biPTK0BtXdZICEumRgw4TKdq/ZVJHlmpmUBbIKP0l5E=; b=b27pB7KKDIBh/BpL/Mmup52t47DSTT5A/Rjth7X32LsXHg3yN2gdXYU1XJl2wbptIvGH7A hhLZS0QzKcNIZG/1DnS3ggYACZYexZwLgzpJAbAdDtXBdDmafTQPt5rxUacDxpoIf3Bb+D git+QfwvZLTS3hHDa0RHizpYgrQWKhI= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-452-R0nWbruwP-yZA8dz8FOtHQ-1; Fri, 18 Oct 2024 19:17:30 -0400 X-MC-Unique: R0nWbruwP-yZA8dz8FOtHQ-1 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 851571956088; Fri, 18 Oct 2024 23:17:27 +0000 (UTC) Received: from chopper.redhat.com (unknown [10.22.65.88]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 6341F1956086; Fri, 18 Oct 2024 23:17:23 +0000 (UTC) From: Lyude Paul To: rust-for-linux@vger.kernel.org Cc: Danilo Krummrich , airlied@redhat.com, Ingo Molnar , Will Deacon , Waiman Long , Peter Zijlstra , Thomas Gleixner , linux-kernel@vger.kernel.org, Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Filipe Xavier , Martin Rodriguez Reboredo , Danilo Krummrich , Valentin Obst , Wedson Almeida Filho Subject: [PATCH v7 3/3] rust: sync: Add SpinLockIrq Date: Fri, 18 Oct 2024 19:13:52 -0400 Message-ID: <20241018231621.474601-5-lyude@redhat.com> In-Reply-To: <20241018231621.474601-2-lyude@redhat.com> References: <20241018231621.474601-2-lyude@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Content-Type: text/plain; charset="utf-8" A variant of SpinLock that is expected to be used in noirq contexts, and thus requires that the user provide an kernel::irq::IrqDisabled to prove they are in such a context upon lock acquisition. This is the rust equivalent of spin_lock_irqsave()/spin_lock_irqrestore(). Signed-off-by: Lyude Paul --- V2: * s/IrqSpinLock/SpinLockIrq/ * Implement `lock::Backend` now that we have `Context` * Add missing periods * Make sure rustdoc examples compile correctly * Add documentation suggestions Signed-off-by: Lyude Paul --- rust/helpers/spinlock.c | 14 +++ rust/kernel/sync.rs | 2 +- rust/kernel/sync/lock/spinlock.rs | 145 ++++++++++++++++++++++++++++++ 3 files changed, 160 insertions(+), 1 deletion(-) diff --git a/rust/helpers/spinlock.c b/rust/helpers/spinlock.c index 775ed4d549aef..f4108d2d78648 100644 --- a/rust/helpers/spinlock.c +++ b/rust/helpers/spinlock.c @@ -27,3 +27,17 @@ int rust_helper_spin_trylock(spinlock_t *lock) { return spin_trylock(lock); } + +size_t rust_helper_spin_lock_irqsave(spinlock_t *lock) +{ + size_t flags =3D 0; + + spin_lock_irqsave(lock, flags); + + return flags; +} + +void rust_helper_spin_unlock_irqrestore(spinlock_t *lock, size_t flags) +{ + spin_unlock_irqrestore(lock, flags); +} diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs index 0ab20975a3b5d..b028ee325f2a6 100644 --- a/rust/kernel/sync.rs +++ b/rust/kernel/sync.rs @@ -15,7 +15,7 @@ pub use arc::{Arc, ArcBorrow, UniqueArc}; pub use condvar::{new_condvar, CondVar, CondVarTimeoutResult}; pub use lock::mutex::{new_mutex, Mutex}; -pub use lock::spinlock::{new_spinlock, SpinLock}; +pub use lock::spinlock::{new_spinlock, new_spinlock_irq, SpinLock, SpinLoc= kIrq}; pub use locked_by::LockedBy; =20 /// Represents a lockdep class. It's a wrapper around C's `lock_class_key`. diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spin= lock.rs index 9fbfd96ffba3e..d342ee954f6a8 100644 --- a/rust/kernel/sync/lock/spinlock.rs +++ b/rust/kernel/sync/lock/spinlock.rs @@ -3,6 +3,7 @@ //! A kernel spinlock. //! //! This module allows Rust code to use the kernel's `spinlock_t`. +use kernel::local_irq::*; =20 /// Creates a [`SpinLock`] initialiser with the given name and a newly-cre= ated lock class. /// @@ -116,6 +117,123 @@ unsafe fn unlock(ptr: *mut Self::State, _guard_state:= &Self::GuardState) { unsafe { bindings::spin_unlock(ptr) } } =20 + unsafe fn try_lock(ptr: *mut Self::State) -> Option { + // SAFETY: The `ptr` pointer is guaranteed to be valid and initial= ized before use. + let result =3D unsafe { bindings::spin_trylock(ptr) }; + + (result !=3D 0).then_some(()) + } +} + +/// Creates a [`SpinLockIrq`] initialiser with the given name and a newly-= created lock class. +/// +/// It uses the name if one is given, otherwise it generates one based on = the file name and line +/// number. +#[macro_export] +macro_rules! new_spinlock_irq { + ($inner:expr $(, $name:literal)? $(,)?) =3D> { + $crate::sync::SpinLockIrq::new( + $inner, $crate::optional_name!($($name)?), $crate::static_lock= _class!()) + }; +} +pub use new_spinlock_irq; + +/// A spinlock that may be acquired when interrupts are disabled. +/// +/// A version of [`SpinLock`] that can only be used in contexts where inte= rrupts for the local CPU +/// are disabled. It requires that the user acquiring the lock provide pro= of that interrupts are +/// disabled through [`IrqDisabled`]. +/// +/// For more info, see [`SpinLock`]. +/// +/// # Examples +/// +/// The following example shows how to declare, allocate initialise and ac= cess a struct (`Example`) +/// that contains two inner structs of type `Inner` that are protected by = separate spinlocks. +/// +/// ``` +/// use kernel::{ +/// sync::{new_spinlock_irq, SpinLockIrq}, +/// local_irq::IrqDisabled +/// }; +/// +/// struct Inner { +/// a: u32, +/// b: u32, +/// } +/// +/// #[pin_data] +/// struct Example { +/// c: u32, +/// #[pin] +/// first: SpinLockIrq, +/// #[pin] +/// second: SpinLockIrq, +/// } +/// +/// impl Example { +/// fn new() -> impl PinInit { +/// pin_init!(Self { +/// c: 10, +/// first <- new_spinlock_irq!(Inner { a: 20, b: 30 }), +/// second <- new_spinlock_irq!(Inner { a: 10, b: 20 }), +/// }) +/// } +/// } +/// +/// // Allocate a boxed `Example` +/// let example =3D KBox::pin_init(Example::new(), GFP_KERNEL)?; +/// +/// // Accessing an `Inner` from a context where we don't have a `LocalInt= erruptsDisabled` token +/// // already. +/// let bb =3D example.first.lock_with_new(|first, irq| { +/// assert_eq!(example.c, 10); +/// assert_eq!(first.a, 20); +/// +/// // Since we already have a `LocalInterruptsDisabled` token, we can= reuse it to acquire the +/// // second lock. This allows us to skip changing the local interrup= t state unnecessarily on +/// // non-PREEMPT_RT kernels. +/// let second =3D example.second.lock_with(irq); +/// assert_eq!(second.a, 10); +/// +/// (first.b, second.b) +/// }); +/// +/// assert_eq!(bb, (30, 20)); +/// # Ok::<(), Error>(()) +/// ``` +pub type SpinLockIrq =3D super::Lock; + +/// A kernel `spinlock_t` lock backend that is acquired in no-irq contexts. +pub struct SpinLockIrqBackend; + +unsafe impl super::Backend for SpinLockIrqBackend { + type State =3D bindings::spinlock_t; + type GuardState =3D (); + type Context<'a> =3D IrqDisabled<'a>; + + unsafe fn init( + ptr: *mut Self::State, + name: *const core::ffi::c_char, + key: *mut bindings::lock_class_key, + ) { + // SAFETY: The safety requirements ensure that `ptr` is valid for = writes, and `name` and + // `key` are valid for read indefinitely. + unsafe { bindings::__spin_lock_init(ptr, name, key) } + } + + unsafe fn lock(ptr: *mut Self::State) -> Self::GuardState { + // SAFETY: The safety requirements of this function ensure that `p= tr` points to valid + // memory, and that it has been initialised before. + unsafe { bindings::spin_lock(ptr) } + } + + unsafe fn unlock(ptr: *mut Self::State, _guard_state: &Self::GuardStat= e) { + // SAFETY: The safety requirements of this function ensure that `p= tr` is valid and that the + // caller is the owner of the spinlock. + unsafe { bindings::spin_unlock(ptr) } + } + unsafe fn try_lock(ptr: *mut Self::State) -> Option { // SAFETY: The `ptr` pointer is guaranteed to be valid and initial= ized before use. let result =3D unsafe { bindings::spin_trylock(ptr) }; @@ -127,3 +245,30 @@ unsafe fn try_lock(ptr: *mut Self::State) -> Option { } } } + +impl super::BackendWithContext for SpinLockIrqBackend { + type ContextState =3D usize; + + unsafe fn lock_with_context_saved<'a>( + ptr: *mut Self::State, + ) -> (Self::Context<'a>, Self::ContextState, Self::GuardState) { + // SAFETY: The safety requirements of this function ensure that `p= tr` points to valid + // memory, and that it has been initialised before. + let flags =3D unsafe { bindings::spin_lock_irqsave(ptr) }; + + // SAFETY: We just disabled interrupts above + let context =3D unsafe { IrqDisabled::new() }; + + (context, flags, ()) + } + + unsafe fn unlock_with_context_restored( + ptr: *mut Self::State, + _guard_state: &Self::GuardState, + context_state: Self::ContextState, + ) { + // SAFETY: The safety requirements of this function ensure that `p= tr` is valid and that the + // caller is the owner of the spinlock. + unsafe { bindings::spin_unlock_irqrestore(ptr, context_state) } + } +} --=20 2.47.0