From nobody Tue Nov 26 09:38:56 2024 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A87819046E for ; Fri, 18 Oct 2024 23:23:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293812; cv=none; b=CdRl5DNdencLcgJ2olBurbbYpwhzJf3YwTtkEoYiXiJIqfMSuCCze9/VyvF0hiVrnPtXiTfnaapsk+VnXHB4CzHRdishrr+hxnsRd/INfEPowXqErMnpCdrWLjAwNKDT/bhNNdR2FuZ9rDbnERZqmmThqqc7aXjbE1LtgrjWP/c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293812; c=relaxed/simple; bh=VrbmIuO/RIhlXdFNhariGcGO4aTnceCtMQqUUGRgUgI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bjaC4jx1d/1ZmEYGzrGoXVSCvh3gVorA8btrn2V/oc5rzm6aCl4ng8CfrDq59Fp6CmvTokOdHL5oNBhBv1ltEcPTFlzj5xU0JAj3skW1nv6Uso8gzTSQrD10Ujn2TuDaAeKUC8xEb1tzetOgvGIWYG5/hb2IO74wm/eYSKXJAVs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=WmTlJZ1Q; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="WmTlJZ1Q" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729293809; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bpCf4GnRsBzVG5NDqyR9YwYCDPi3z83zps8lDdRr5FA=; b=WmTlJZ1Qg85V6E1Yg+uzZbkBsTWFx3NzvTSuMiWQJN9OBqBEz6megQO7vt5da+MgQgNkNr nHK0u8ZY9tNw0Gvklmui2r9qpIL2yuTS4Lno4D/JA46Um1Vzpm1HxaNCkiHR2doBL8EBhL XU10XAVU+mfEEQA/Csm9p789VmAtbTs= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-478-7JMYh_gDNjSMqgT6wa62oQ-1; Fri, 18 Oct 2024 19:23:26 -0400 X-MC-Unique: 7JMYh_gDNjSMqgT6wa62oQ-1 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9237019560B1; Fri, 18 Oct 2024 23:23:23 +0000 (UTC) Received: from chopper.redhat.com (unknown [10.22.65.88]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D388B19560A2; Fri, 18 Oct 2024 23:23:18 +0000 (UTC) From: Lyude Paul To: rust-for-linux@vger.kernel.org Cc: Danilo Krummrich , airlied@redhat.com, Ingo Molnar , Will Deacon , Waiman Long , Peter Zijlstra , Thomas Gleixner , linux-kernel@vger.kernel.org, Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Wedson Almeida Filho , Danilo Krummrich , FUJITA Tomonori , Valentin Obst Subject: [PATCH v8 1/3] rust: Introduce local_irq module Date: Fri, 18 Oct 2024 19:22:25 -0400 Message-ID: <20241018232306.476664-2-lyude@redhat.com> In-Reply-To: <20241018232306.476664-1-lyude@redhat.com> References: <20241018232306.476664-1-lyude@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 Content-Type: text/plain; charset="utf-8" This introduces a module for adding marker types to indicate the type of interrupt context a function is called in. Note that nothing here enables or disables interrupts on its own, this is simply for verifying correctness at compile-time. Signed-off-by: Lyude Paul --- V2: * Actually make it so that we check whether or not we have interrupts disabled with debug assertions * Fix issues in the documentation (added suggestions, missing periods, made sure that all rustdoc examples compile properly) * Pass IrqDisabled by value, not reference * Ensure that IrqDisabled is !Send and !Sync using PhantomData<(&'a (), *mut ())> * Add all of the suggested derives from Benno Lossin V3: * Use `impl` for FnOnce bounds in with_irqs_disabled() * Use higher-ranked trait bounds for the lifetime of with_irqs_disabled() * Wording changes in the documentation for the module itself V4: * Use the actual unsafe constructor for IrqDisabled in with_irqs_disabled() * Fix comment style in with_irqs_disabled example * Check before calling local_irq_restore() in with_irqs_disabled that interrupts are still disabled. It would have been nice to do this from a Drop implementation like I hoped, but I realized rust doesn't allow that for types that implement Copy. * Document that interrupts can't be re-enabled within the `cb` provided to `with_irqs_disabled`, and link to the github issue I just filed about this that describes the solution for this. V5: * Rebase against rust-next for the helpers split * Fix typo (enabled -> disabled) - Dirk V6: * s/indicate/require/ in IrqDisabled docs * Reword comment above with_irqs_disabled in code example requested by Benno * Add paragraph to with_irqs_disabled docs requested by Benno * Apply the comments from Boqun's review for V4 that I missed * Document type invariants of `IrqDisabled` V7: * Change name of module to local_irq.rs * Remove with_interrupts_disabled() * Update documentation wording a bit to make mention of PREEMPT_RT This patch depends on https://lore.kernel.org/rust-for-linux/20240808-alice-file-v9-1-2cb7b934e0e= 1@google.com/ Signed-off-by: Lyude Paul --- rust/helpers/helpers.c | 1 + rust/helpers/irq.c | 8 ++++++ rust/kernel/lib.rs | 1 + rust/kernel/local_irq.rs | 56 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+) create mode 100644 rust/helpers/irq.c create mode 100644 rust/kernel/local_irq.rs diff --git a/rust/helpers/helpers.c b/rust/helpers/helpers.c index 20a0c69d5cc7b..fd70afe5069ca 100644 --- a/rust/helpers/helpers.c +++ b/rust/helpers/helpers.c @@ -12,6 +12,7 @@ #include "build_assert.c" #include "build_bug.c" #include "err.c" +#include "irq.c" #include "kunit.c" #include "mutex.c" #include "page.c" diff --git a/rust/helpers/irq.c b/rust/helpers/irq.c new file mode 100644 index 0000000000000..d129094cc1940 --- /dev/null +++ b/rust/helpers/irq.c @@ -0,0 +1,8 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include + +bool rust_helper_irqs_disabled(void) +{ + return irqs_disabled(); +} diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 620de74d128f9..b7e604bc968ce 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -40,6 +40,7 @@ #[cfg(CONFIG_KUNIT)] pub mod kunit; pub mod list; +pub mod local_irq; #[cfg(CONFIG_NET)] pub mod net; pub mod page; diff --git a/rust/kernel/local_irq.rs b/rust/kernel/local_irq.rs new file mode 100644 index 0000000000000..e9e82347392c7 --- /dev/null +++ b/rust/kernel/local_irq.rs @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0 + +//! Interrupt controls +//! +//! This module allows Rust code to annotate functions which can only be c= alled in contexts where +//! local interrupts on the CPU may be disabled. + +use crate::types::NotThreadSafe; +use bindings; +use core::marker::*; + +/// A token that is only available in contexts where interrupts are disabl= ed on non-PREEMPT_RT +/// kernels. +/// +/// [`IrqDisabled`] is marker made available when local processor interrup= ts are disabled on +/// non-PREEMPT_RT kernels. A function may require a [`IrqDisabled`] to en= sure that functions may +/// only be run with processor interrupts disabled on such kernels. +/// +/// This is a marker type; it has no size, and is simply used as a compile= -time guarantee that +/// interrupts are disabled where required. +/// +/// # Invariants +/// +/// On kernels where `CONFIG_PREEMPT_RT=3Dn` is set in the kernel config, = local processor interrupts +/// are disabled whenever an object of this type exists. +#[derive(Copy, Clone, Debug, Ord, Eq, PartialOrd, PartialEq, Hash)] +pub struct IrqDisabled<'a>(PhantomData<(&'a (), NotThreadSafe)>); + +impl IrqDisabled<'_> { + /// Create a new [`IrqDisabled`] token in an interrupt disabled contex= t. + /// + /// This creates a [`IrqDisabled`] token, which can be passed to funct= ions that must + /// be run without interrupts on kernels where `CONFIG_PREEMPT_RT=3Dn`= . If debug assertions are + /// enabled, this function will assert that interrupts match the expec= ted state. Otherwise, it + /// has no size or cost at runtime. + /// + /// # Panics + /// + /// If debug assertions are enabled, then this function will assert on= non-PREEMPT_RT kernels + /// that local processor interrupts are disabled upon creation. + /// + /// # Safety + /// + /// This function must only be called in contexts where it is known th= at on a non-PREEMPT_RT + /// kernel, local interrupts have been disabled for the current CPU. T= he user is making a + /// promise that they will remain disabled at least until this [`IrqDi= sabled`] is + /// dropped. + pub unsafe fn new() -> Self { + // SAFETY: FFI call with no special requirements + debug_assert!(unsafe { bindings::irqs_disabled() }); + + // INVARIANT: The safety requirements of this function ensure that= IRQs are disabled on + // non-PREEMPT_RT kernels. + Self(PhantomData) + } +} --=20 2.47.0 From nobody Tue Nov 26 09:38:56 2024 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8174D1917E9 for ; Fri, 18 Oct 2024 23:23:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293820; cv=none; b=flOV6JpWhuNKAWCZliD0YHBy3aCu8Z5aAjL/T5l5G8QIVhBqC3fpv8dutd0yApjMunN7ETKhe99pPNp7V8j2RsKbq/y+io6IOVvfr0uxvv0WH6UnhNlIOEWRzTcwa1+HdxW2GhzNtFrxk5kvHRahZqgNMmKo/gMeno++3yBSDFc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293820; c=relaxed/simple; bh=k5T5wTYTqgSy7/I+hbZvHYXemGzjiQgMfT6xYzXLZck=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DKzJ6UpvFJ2hR4z0SzOPlVHjDU/65DPx0oXqhhJeDed/iZAmeKIm6yq0pHQfdZFb40yh/eBfPiovsUwsfVQqrHic1FFcBhREAFB463FNBjXGSHhbVhM83ngGoQHGRXeMGhPE46YOOyZhRy3elOrTpptAWjIqmGRXDJemdF6jpzw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=BkcvOLZm; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="BkcvOLZm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729293817; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PgUruadhckuS2hgU+skGXtFOZJytmmA5aqcmbk2gB3o=; b=BkcvOLZm0fTKhvLWE8CgnlMd6z2Az4aRg93e/E39rp3MayNQOuREFL8hGifHKkarer1xHG wwSc70uSPCjra8UNzkaP/5jEwSUzmM+JJznWfqLiObt1ESTauF0sWlo2AHgAHbdOuMnXUU x/pNeQ5QHlJ9PhSj3RKaUm5zEFQAw0w= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-549-gT4vO0qMM1-2q_ZrPUvzBg-1; Fri, 18 Oct 2024 19:23:34 -0400 X-MC-Unique: gT4vO0qMM1-2q_ZrPUvzBg-1 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9E23C19560AA; Fri, 18 Oct 2024 23:23:30 +0000 (UTC) Received: from chopper.redhat.com (unknown [10.22.65.88]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 6513A19560A3; Fri, 18 Oct 2024 23:23:25 +0000 (UTC) From: Lyude Paul To: rust-for-linux@vger.kernel.org Cc: Danilo Krummrich , airlied@redhat.com, Ingo Molnar , Will Deacon , Waiman Long , Peter Zijlstra , Thomas Gleixner , linux-kernel@vger.kernel.org, Benno Lossin , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Andreas Hindborg , Alice Ryhl , Trevor Gross , Martin Rodriguez Reboredo , Valentin Obst , Filipe Xavier , Fiona Behrens , Wedson Almeida Filho , Danilo Krummrich Subject: [PATCH v8 2/3] rust: sync: Introduce lock::Backend::Context and lock::BackendWithContext Date: Fri, 18 Oct 2024 19:22:26 -0400 Message-ID: <20241018232306.476664-3-lyude@redhat.com> In-Reply-To: <20241018232306.476664-1-lyude@redhat.com> References: <20241018232306.476664-1-lyude@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 Content-Type: text/plain; charset="utf-8" Now that we've introduced an `IrqDisabled` token for marking contexts in which IRQs are disabled, we need a way to be able to pass it to locks that require that IRQs are disabled. In order to continue using the `lock::Backend` type instead of inventing our own thing, we accomplish this by adding the associated Context type, along with a `lock_with()` function that can accept a Context when acquiring a lock. To allow current users of context-less locks to keep using the normal `lock()` method, we take an example from Wedson Almeida Filho's work and add a `where T<'a>: Default` bound to `lock()` so that it can only be called on lock types where the context is simply a placeholder value, then re-implement it through the new `lock_with()` function. We additionally add a BackendWithContext trait, to handle calling the various locking primatives necessary for these types - along with providing a `lock_with_new()` function for using those primitives and creating the relevant context tokens. Signed-off-by: Lyude Paul Suggested-by: Benno Lossin --- V3: * Use explicit lifetimes in lock_with() to ensure self and _context have the same lifetime (Benno) * Use () for locks that don't need a Context instead of PhantomData (Benno) V4: * Fix typo (Dirk) V7: * Introduce BackendWithContext and lock_with_new following tglx's feedback * Name functions lock_with_context_saved and unlock_with_context_restored Signed-off-by: Lyude Paul --- rust/kernel/sync/lock.rs | 118 ++++++++++++++++++++++++++++-- rust/kernel/sync/lock/mutex.rs | 1 + rust/kernel/sync/lock/spinlock.rs | 1 + 3 files changed, 115 insertions(+), 5 deletions(-) diff --git a/rust/kernel/sync/lock.rs b/rust/kernel/sync/lock.rs index 7b4859b05d3a7..8949a69dd53c5 100644 --- a/rust/kernel/sync/lock.rs +++ b/rust/kernel/sync/lock.rs @@ -12,7 +12,7 @@ str::CStr, types::{NotThreadSafe, Opaque, ScopeGuard}, }; -use core::{cell::UnsafeCell, marker::PhantomPinned}; +use core::{cell::UnsafeCell, marker::PhantomPinned, mem::ManuallyDrop}; use macros::pin_data; =20 pub mod mutex; @@ -43,6 +43,11 @@ pub unsafe trait Backend { /// [`unlock`]: Backend::unlock type GuardState; =20 + /// The context which must be provided to acquire the lock. + /// + /// Can be `()`, or another type if [`BackendWithContext`] is implemen= ted. + type Context<'a>; + /// Initialises the lock. /// /// # Safety @@ -89,6 +94,54 @@ unsafe fn relock(ptr: *mut Self::State, guard_state: &mu= t Self::GuardState) { } } =20 +/// An additional trait for [`Backend`] implementations with a non-`()` [`= Context`]. +/// +/// Restricts the context in which a [`Lock`] may be locked. It can initia= lly be created using +/// [`Lock::lock_with_new`], and can be reused to acquire additional [`Loc= k`] objects using +/// [`Lock::lock_with`]. +/// +/// An example of a locking context would be a context in which local CPU = interrupts are disabled, +/// where we must restrict the ability to acquire the [`Lock`] so that it = can only be acquired +/// within that context. +/// +/// [`Context`]: `Backend::Context` +pub trait BackendWithContext: Backend { + /// The type that represents the state of this [`Context`]. + /// + /// [`Context`]: Backend::Context + type ContextState; + + /// Fulfills the invariants of [`State`] and acquires the lock, making= the caller its owner. + /// + /// This returns any state data ([`Context::State`]) needed upon unloc= k. + /// + /// # Safety + /// + /// * Same as [`Backend::lock`]. + /// + /// [`State`]: Context::State + unsafe fn lock_with_context_saved<'a>( + ptr: *mut Self::State, + ) -> (Self::Context<'a>, Self::ContextState, Self::GuardState); + + /// Performs the final unlock within [`Context`]. + /// + /// Passes the [`Context::State`] returned from [`first_lock`]. + /// + /// # Safety + /// + /// * This function may only be called after [`first_lock`]. + /// * `state` must be the value returned from [`first_lock`]. + /// + /// [`first_lock`]: Backend::first_lock + /// [`Context`]: Backend::Context + unsafe fn unlock_with_context_restored( + ptr: *mut Self::State, + guard_state: &Self::GuardState, + context_state: Self::ContextState, + ); +} + /// A mutual exclusion primitive. /// /// Exposes one of the kernel locking primitives. Which one is exposed dep= ends on the lock @@ -132,8 +185,9 @@ pub fn new(t: T, name: &'static CStr, key: &'static Loc= kClassKey) -> impl PinIni } =20 impl Lock { - /// Acquires the lock and gives the caller access to the data protecte= d by it. - pub fn lock(&self) -> Guard<'_, T, B> { + /// Acquires the lock with the given context and gives the caller acce= ss to the data protected + /// by it. + pub fn lock_with<'a>(&'a self, _context: B::Context<'a>) -> Guard<'a, = T, B> { // SAFETY: The constructor of the type calls `init`, so the existe= nce of the object proves // that `init` was called. let state =3D unsafe { B::lock(self.state.get()) }; @@ -141,14 +195,68 @@ pub fn lock(&self) -> Guard<'_, T, B> { unsafe { Guard::new(self, state) } } =20 - /// Tries to acquire the lock. + /// Acquires the lock and gives the caller access to the data protecte= d by it. + #[inline] + pub fn lock<'a>(&'a self) -> Guard<'a, T, B> + where + B::Context<'a>: Default, + { + self.lock_with(Default::default()) + } + + /// Tries to acquire the lock with the given context. /// /// Returns a guard that can be used to access the data protected by t= he lock if successful. - pub fn try_lock(&self) -> Option> { + pub fn try_lock_with<'a>(&'a self, _context: B::Context<'a>) -> Option= > { // SAFETY: The constructor of the type calls `init`, so the existe= nce of the object proves // that `init` was called. unsafe { B::try_lock(self.state.get()).map(|state| Guard::new(self= , state)) } } + + /// Tries to acquire the lock. + /// + /// Returns a guard that can be used to access the data protected by t= he lock if successful. + #[inline] + pub fn try_lock<'a>(&'a self) -> Option> + where + B::Context<'a>: Default, + { + self.try_lock_with(Default::default()) + } +} + +impl Lock { + /// Acquire the lock with a new [`Context`]. + /// + /// Creates a new instance of [`Context`], and then calls `cb` with sa= id [`Context`] and a + /// [`Guard`] for `self`. The [`Context`] will be dropped once `cb` fi= nishes, and it may be used + /// within `cb` to acquire additional locks. + /// + /// [`Context`]: Backend::Context + pub fn lock_with_new<'a, R>( + &self, + cb: impl FnOnce(&mut Guard<'_, T, B>, B::Context<'a>) -> R, + ) -> R { + let ptr =3D self.state.get(); + + // SAFETY: The constructor of the type calls `init`, so the existe= nce of the object proves + // that `init` was called. + let (context, context_state, guard_state) =3D unsafe { B::lock_wit= h_context_saved(ptr) }; + + // We don't want Guard's destructor to get called, since we'll dro= p the lock manually with + // B::unlock_with_context_restored later. So we store it in a Manu= allyDrop and pass it to cb + // via reference. + // SAFETY: We acquired the lock when we called [`B::lock_with_cont= ext_saved`] above. + let mut guard =3D ManuallyDrop::new(unsafe { Guard::new(self, guar= d_state) }); + + let result =3D cb(&mut guard, context); + + // SAFETY: We called `B::lock_with_context_saved` above, `context_= state` was returned from + // there. + unsafe { B::unlock_with_context_restored(ptr, &guard.state, contex= t_state) }; + + result + } } =20 /// A lock guard. diff --git a/rust/kernel/sync/lock/mutex.rs b/rust/kernel/sync/lock/mutex.rs index 9ce43ccb45158..9a873cb5b438b 100644 --- a/rust/kernel/sync/lock/mutex.rs +++ b/rust/kernel/sync/lock/mutex.rs @@ -93,6 +93,7 @@ macro_rules! new_mutex { unsafe impl super::Backend for MutexBackend { type State =3D bindings::mutex; type GuardState =3D (); + type Context<'a> =3D (); =20 unsafe fn init( ptr: *mut Self::State, diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spin= lock.rs index 040dc16975a68..9fbfd96ffba3e 100644 --- a/rust/kernel/sync/lock/spinlock.rs +++ b/rust/kernel/sync/lock/spinlock.rs @@ -92,6 +92,7 @@ macro_rules! new_spinlock { unsafe impl super::Backend for SpinLockBackend { type State =3D bindings::spinlock_t; type GuardState =3D (); + type Context<'a> =3D (); =20 unsafe fn init( ptr: *mut Self::State, --=20 2.47.0 From nobody Tue Nov 26 09:38:56 2024 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42F241922D8 for ; Fri, 18 Oct 2024 23:23:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293826; cv=none; b=WZ+BsGJzeRN4LefsHeSywU59hwbS0ywIgRLUV+Vhy2cvkWHKrOmcJP8DwK4TccB25YlwUia1miGhXs3KMbVplslshvH34HdH1Y8WLeW5Zo836UcBA0kRTrOScaQMc2BC64RiG5CarymkLGx6ug8XIMMzJL2WHv6/NlShEXkQcgI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729293826; c=relaxed/simple; bh=PNNecKQuV9V0o1+rNr2a969kydwjt8uH35/pj2T9ce4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XtqQFYy+PrabDcjXzy/sfCtWsfRsvsCvubvsqo93sh3a8nfeYyMULYCJ1ibS1ZzgW7/RmfS7zQAikkgkVsSP7uEWOCL8CxYCmUuLbsEQXTVE7sQEDLJGJTQ/uSNBLHuK1L6iAqjvuLwFNumQcYXHkheOJkmAPaTShvZceJS1MFs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=B9WRuZN6; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="B9WRuZN6" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729293823; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yuLoqOdQBXZ8L/MsWSY6N1XQPGfO9k90fvfqIe04iYI=; b=B9WRuZN6qK6Mzx4575Jslf/qLfXxdBa9Yq8xqpaOH46hPkCgiGMsOtUnlL1yAbQDmlJR3s gnXPA9C7BqCvXko+qTBESvvx9rM+lCy6XWSbSnGKNDzj+XP9yQPULWtraHBc7HINLcgVsr rGj4i+wVOyJ2c+wmRn0MkA0r0VPnm88= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-588-KYNnIusWNtietsc9Qx-nTQ-1; Fri, 18 Oct 2024 19:23:39 -0400 X-MC-Unique: KYNnIusWNtietsc9Qx-nTQ-1 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0FC96195609D; Fri, 18 Oct 2024 23:23:37 +0000 (UTC) Received: from chopper.redhat.com (unknown [10.22.65.88]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id DD76419560A2; Fri, 18 Oct 2024 23:23:32 +0000 (UTC) From: Lyude Paul To: rust-for-linux@vger.kernel.org Cc: Danilo Krummrich , airlied@redhat.com, Ingo Molnar , Will Deacon , Waiman Long , Peter Zijlstra , Thomas Gleixner , linux-kernel@vger.kernel.org, Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Filipe Xavier , Martin Rodriguez Reboredo , Valentin Obst , Danilo Krummrich , Wedson Almeida Filho Subject: [PATCH v8 3/3] rust: sync: Add SpinLockIrq Date: Fri, 18 Oct 2024 19:22:27 -0400 Message-ID: <20241018232306.476664-4-lyude@redhat.com> In-Reply-To: <20241018232306.476664-1-lyude@redhat.com> References: <20241018232306.476664-1-lyude@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 Content-Type: text/plain; charset="utf-8" A variant of SpinLock that is expected to be used in noirq contexts, and thus requires that the user provide an kernel::irq::IrqDisabled to prove they are in such a context upon lock acquisition. This is the rust equivalent of spin_lock_irqsave()/spin_lock_irqrestore(). Signed-off-by: Lyude Paul --- V2: * s/IrqSpinLock/SpinLockIrq/ * Implement `lock::Backend` now that we have `Context` * Add missing periods * Make sure rustdoc examples compile correctly * Add documentation suggestions V8: * Drop a completely unrelated change that got staged into this patch by mistake Signed-off-by: Lyude Paul --- rust/helpers/spinlock.c | 14 +++ rust/kernel/sync.rs | 2 +- rust/kernel/sync/lock/spinlock.rs | 149 ++++++++++++++++++++++++++++++ 3 files changed, 164 insertions(+), 1 deletion(-) diff --git a/rust/helpers/spinlock.c b/rust/helpers/spinlock.c index 775ed4d549aef..f4108d2d78648 100644 --- a/rust/helpers/spinlock.c +++ b/rust/helpers/spinlock.c @@ -27,3 +27,17 @@ int rust_helper_spin_trylock(spinlock_t *lock) { return spin_trylock(lock); } + +size_t rust_helper_spin_lock_irqsave(spinlock_t *lock) +{ + size_t flags =3D 0; + + spin_lock_irqsave(lock, flags); + + return flags; +} + +void rust_helper_spin_unlock_irqrestore(spinlock_t *lock, size_t flags) +{ + spin_unlock_irqrestore(lock, flags); +} diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs index 0ab20975a3b5d..b028ee325f2a6 100644 --- a/rust/kernel/sync.rs +++ b/rust/kernel/sync.rs @@ -15,7 +15,7 @@ pub use arc::{Arc, ArcBorrow, UniqueArc}; pub use condvar::{new_condvar, CondVar, CondVarTimeoutResult}; pub use lock::mutex::{new_mutex, Mutex}; -pub use lock::spinlock::{new_spinlock, SpinLock}; +pub use lock::spinlock::{new_spinlock, new_spinlock_irq, SpinLock, SpinLoc= kIrq}; pub use locked_by::LockedBy; =20 /// Represents a lockdep class. It's a wrapper around C's `lock_class_key`. diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spin= lock.rs index 9fbfd96ffba3e..b376920424dc6 100644 --- a/rust/kernel/sync/lock/spinlock.rs +++ b/rust/kernel/sync/lock/spinlock.rs @@ -3,6 +3,7 @@ //! A kernel spinlock. //! //! This module allows Rust code to use the kernel's `spinlock_t`. +use kernel::local_irq::*; =20 /// Creates a [`SpinLock`] initialiser with the given name and a newly-cre= ated lock class. /// @@ -127,3 +128,151 @@ unsafe fn try_lock(ptr: *mut Self::State) -> Option { } } } + +/// Creates a [`SpinLockIrq`] initialiser with the given name and a newly-= created lock class. +/// +/// It uses the name if one is given, otherwise it generates one based on = the file name and line +/// number. +#[macro_export] +macro_rules! new_spinlock_irq { + ($inner:expr $(, $name:literal)? $(,)?) =3D> { + $crate::sync::SpinLockIrq::new( + $inner, $crate::optional_name!($($name)?), $crate::static_lock= _class!()) + }; +} +pub use new_spinlock_irq; + +/// A spinlock that may be acquired when interrupts are disabled. +/// +/// A version of [`SpinLock`] that can only be used in contexts where inte= rrupts for the local CPU +/// are disabled. It requires that the user acquiring the lock provide pro= of that interrupts are +/// disabled through [`IrqDisabled`]. +/// +/// For more info, see [`SpinLock`]. +/// +/// # Examples +/// +/// The following example shows how to declare, allocate initialise and ac= cess a struct (`Example`) +/// that contains two inner structs of type `Inner` that are protected by = separate spinlocks. +/// +/// ``` +/// use kernel::{ +/// sync::{new_spinlock_irq, SpinLockIrq}, +/// local_irq::IrqDisabled +/// }; +/// +/// struct Inner { +/// a: u32, +/// b: u32, +/// } +/// +/// #[pin_data] +/// struct Example { +/// c: u32, +/// #[pin] +/// first: SpinLockIrq, +/// #[pin] +/// second: SpinLockIrq, +/// } +/// +/// impl Example { +/// fn new() -> impl PinInit { +/// pin_init!(Self { +/// c: 10, +/// first <- new_spinlock_irq!(Inner { a: 20, b: 30 }), +/// second <- new_spinlock_irq!(Inner { a: 10, b: 20 }), +/// }) +/// } +/// } +/// +/// // Allocate a boxed `Example` +/// let example =3D KBox::pin_init(Example::new(), GFP_KERNEL)?; +/// +/// // Accessing an `Inner` from a context where we don't have a `LocalInt= erruptsDisabled` token +/// // already. +/// let bb =3D example.first.lock_with_new(|first, irq| { +/// assert_eq!(example.c, 10); +/// assert_eq!(first.a, 20); +/// +/// // Since we already have a `LocalInterruptsDisabled` token, we can= reuse it to acquire the +/// // second lock. This allows us to skip changing the local interrup= t state unnecessarily on +/// // non-PREEMPT_RT kernels. +/// let second =3D example.second.lock_with(irq); +/// assert_eq!(second.a, 10); +/// +/// (first.b, second.b) +/// }); +/// +/// assert_eq!(bb, (30, 20)); +/// # Ok::<(), Error>(()) +/// ``` +pub type SpinLockIrq =3D super::Lock; + +/// A kernel `spinlock_t` lock backend that is acquired in no-irq contexts. +pub struct SpinLockIrqBackend; + +unsafe impl super::Backend for SpinLockIrqBackend { + type State =3D bindings::spinlock_t; + type GuardState =3D (); + type Context<'a> =3D IrqDisabled<'a>; + + unsafe fn init( + ptr: *mut Self::State, + name: *const core::ffi::c_char, + key: *mut bindings::lock_class_key, + ) { + // SAFETY: The safety requirements ensure that `ptr` is valid for = writes, and `name` and + // `key` are valid for read indefinitely. + unsafe { bindings::__spin_lock_init(ptr, name, key) } + } + + unsafe fn lock(ptr: *mut Self::State) -> Self::GuardState { + // SAFETY: The safety requirements of this function ensure that `p= tr` points to valid + // memory, and that it has been initialised before. + unsafe { bindings::spin_lock(ptr) } + } + + unsafe fn unlock(ptr: *mut Self::State, _guard_state: &Self::GuardStat= e) { + // SAFETY: The safety requirements of this function ensure that `p= tr` is valid and that the + // caller is the owner of the spinlock. + unsafe { bindings::spin_unlock(ptr) } + } + + unsafe fn try_lock(ptr: *mut Self::State) -> Option { + // SAFETY: The `ptr` pointer is guaranteed to be valid and initial= ized before use. + let result =3D unsafe { bindings::spin_trylock(ptr) }; + + if result !=3D 0 { + Some(()) + } else { + None + } + } +} + +impl super::BackendWithContext for SpinLockIrqBackend { + type ContextState =3D usize; + + unsafe fn lock_with_context_saved<'a>( + ptr: *mut Self::State, + ) -> (Self::Context<'a>, Self::ContextState, Self::GuardState) { + // SAFETY: The safety requirements of this function ensure that `p= tr` points to valid + // memory, and that it has been initialised before. + let flags =3D unsafe { bindings::spin_lock_irqsave(ptr) }; + + // SAFETY: We just disabled interrupts above + let context =3D unsafe { IrqDisabled::new() }; + + (context, flags, ()) + } + + unsafe fn unlock_with_context_restored( + ptr: *mut Self::State, + _guard_state: &Self::GuardState, + context_state: Self::ContextState, + ) { + // SAFETY: The safety requirements of this function ensure that `p= tr` is valid and that the + // caller is the owner of the spinlock. + unsafe { bindings::spin_unlock_irqrestore(ptr, context_state) } + } +} --=20 2.47.0