This series adds a Rust bitmap API for porting the approach from
commit 15d9da3f818c ("binder: use bitmap for faster descriptor lookup")
to Rust. The functionality in dbitmap.h makes use of bitmap and bitops.

The Rust bitmap API provides a safe abstraction to underlying bitmap
and bitops operations. For now, only includes method necessary for
dbitmap.h, more can be added later. We perform bounds checks for
hardening, violations are programmer errors that result in panics.

We include set_bit_atomic and clear_bit_atomic operations. One has
to avoid races with non-atomic operations, which is ensure by the
Rust type system: either callers have shared references &bitmap in
which case the mutations are atomic operations. Or there is a
exclusive reference &mut bitmap, in which case there is no concurrent
access.

This version includes an optimization to represent the bitmap inline,
as suggested by Yury.

We introduce a Rust API that would replace (dbitmap.h) in file id_pool.rs. 
This data structure is tightly coupled to the bitmap API. Includes an example of usage
that requires releasing a spinlock, as expected in Binder driver.

This is v6 of a patch introducing Rust bitmap API [v5]. Thanks
for all the helpful comments, this series has improved significantly
as a result of your work.

Not adding separate unit tests: the Rust unit test infrastructure
is very new, and there does not seem to be benchmarking support
for Rust tests yet. Are the # Examples tests enough?
Alternatively, can we add more test cases to those until 
the unit test infrastructure is in place?

Changes v5 --> v6:
- Added SAFETY comment for atomic operations.
- Added missing volatile to bitops set_bit and clear_bit bindings.
- Fixed condition on `nbits` to be <= i32::MAX, update SAFETY comments.
- Readability improvements.
- Updated doc comments wording and indentation.

Changes v4 --> v5: (suggested by Yury and Alice)
- rebased on next-20250318
- split MAINTAINERS changes
- no dependencies on [1] and [2] anymore - Viresh,
  please do add a separate section if you want to maintain cpumask.rs
  separately.
- imports atomic and non-atomic variants, introduces a naming convention
  set_bit and set_bit_atomic on the Rust side.
- changed naming and comments. Keeping `new`.
- change dynamic_id_pool to id_pool
- represent bitmap inline when possible
- add some more tests
- add myself to M: line for the Rust abstractions

Changes v3 --> v4:
- Rebased on Viresh's v3 [2].
- split into multiple patches, separate Rust and bindings. (Yury)
- adds dynamic_id_pool.rs to show the Binder use case. (Yury)
- include example usage that requires release of spinlock (Alice)
- changed bounds checks to `assert!`, shorter (Yury)
- fix param names in binding helpers. (Miguel)
- proper rustdoc formatting, and use examples as kunit tests. (Miguel)
- reduce number of Bitmap methods, and simplify API through
  use Option<usize> to handle the "not found" case.
- make Bitmap pointer accessors private, so Rust Bitmap API
  provides an actual abstraction boundary (Tamir)
- we still return `AllocError` in `Bitmap::new` in case client code
  asks for a size that is too large. Intentionally
  different from other bounds checks because it is not about
  access but allocation, and we expect that client code need
  never handle AllocError and nbits > u32::MAX situations
  differently.

Changes v2 --> v3:
- change `bitmap_copy` to `copy_from_bitmap_and_extend` which
  zeroes out extra bits. This enables dbitmap shrink and grow use
  cases while offering a consistent and understandable Rust API for
  other uses (Alice)

Changes v1 --> v2:
- Rebased on Yury's v2 [1] and Viresh's v3 [2] changes related to
  bitmap.
- Removed import of `bindings::*`, keeping only prefix (Miguel)
- Renamed panic methods to make more explicit (Miguel)
- use markdown in doc comments and added example/kunit test (Miguel)
- Added maintainer section for BITOPS API BINDINGS [RUST] (Yury)
- Added M: entry for bitmap.rs which goes to Alice (Viresh, Alice)
- Changed calls from find_* to _find_*, removed helpers (Yury)
- Use non-atomic __set_bit and __clear_bit from Bitmap Rust API (Yury)

Link [1] https://lore.kernel.org/all/20250224233938.3158-1-yury.norov@gmail.com/
Link [2] https://lore.kernel.org/rust-for-linux/cover.1742296835.git.viresh.kumar@linaro.org/
Link [v5]: https://lore.kernel.org/lkml/20250321111535.3740332-1-bqe@google.com/


Burak Emir (4):
  rust: add bindings for bitmap.h
  rust: add bindings for bitops.h
  rust: add bitmap API.
  rust: add dynamic ID pool abstraction for bitmap

 MAINTAINERS                     |  14 ++
 rust/bindings/bindings_helper.h |   1 +
 rust/helpers/bitmap.c           |   9 +
 rust/helpers/bitops.c           |  23 +++
 rust/helpers/helpers.c          |   2 +
 rust/kernel/bitmap.rs           | 306 ++++++++++++++++++++++++++++++++
 rust/kernel/id_pool.rs          | 201 +++++++++++++++++++++
 rust/kernel/lib.rs              |   2 +
 8 files changed, 558 insertions(+)
 create mode 100644 rust/helpers/bitmap.c
 create mode 100644 rust/helpers/bitops.c
 create mode 100644 rust/kernel/bitmap.rs
 create mode 100644 rust/kernel/id_pool.rs

-- 
2.49.0.395.g12beb8f557-goog

On Thu, Mar 27, 2025 at 04:16:10PM +0000, Burak Emir wrote:
> This series adds a Rust bitmap API for porting the approach from
> commit 15d9da3f818c ("binder: use bitmap for faster descriptor lookup")
> to Rust. The functionality in dbitmap.h makes use of bitmap and bitops.
> 
> The Rust bitmap API provides a safe abstraction to underlying bitmap
> and bitops operations. For now, only includes method necessary for
> dbitmap.h, more can be added later. We perform bounds checks for
> hardening, violations are programmer errors that result in panics.

So, I hung around and found the bit_set crate. Rust implements BitSet,
BitVec, and it seems it has functionality that you bind here.

I didn't find any discussions related to the bit_set in kernel context.
Is it possible to use it in kernel? If not, can you mention that in commit
message? If yes, I think you should consider to use internal language
tools.

> We include set_bit_atomic and clear_bit_atomic operations. One has
> to avoid races with non-atomic operations, which is ensure by the
> Rust type system: either callers have shared references &bitmap in
> which case the mutations are atomic operations. Or there is a
> exclusive reference &mut bitmap, in which case there is no concurrent
> access.
> 
> This version includes an optimization to represent the bitmap inline,
> as suggested by Yury.
> 
> We introduce a Rust API that would replace (dbitmap.h) in file id_pool.rs. 
> This data structure is tightly coupled to the bitmap API. Includes an example of usage
> that requires releasing a spinlock, as expected in Binder driver.
> 
> This is v6 of a patch introducing Rust bitmap API [v5]. Thanks
> for all the helpful comments, this series has improved significantly
> as a result of your work.
> 
> Not adding separate unit tests: the Rust unit test infrastructure
> is very new, and there does not seem to be benchmarking support
> for Rust tests yet.

I don't understand this.

Benchmarking is a very simple procedure - as simple as surrounding
blocks of tested code with ktime_get(). And I see that Alice even
implemented the Ktime class last year.

> Are the # Examples tests enough?
> Alternatively, can we add more test cases to those until 
> the unit test infrastructure is in place?

I encourage you to implement the tests as normal kernel tests - in
source files that may be enabled in config. I can't insist on that,
and will not block the series because of lack of benchmarks and
tests written in a traditional way.

But to me, scattered wrongly formatted commented-out in-place way of
writing tests is something fundamentally wrong. Not mentioning that
it bloats source files, making them harder to read.

Thanks,
Yury

On Mon, Mar 31, 2025 at 6:39 PM Yury Norov <yury.norov@gmail.com> wrote:
>
> I didn't find any discussions related to the bit_set in kernel context.
> Is it possible to use it in kernel? If not, can you mention that in commit

In principle, from a very quick look, yes, it supports `no_std` and
should be very easy to vendor since they don't have dependencies (i.e.
`bit_set` and `bit_vec`).

> message? If yes, I think you should consider to use internal language
> tools.

Hmm... if by "internal language tools" you mean a normal library (like
that one you mention), then yeah, they can be considered.

In general, we have been prudent about using third-party libraries so
far, but it is possible if it is the right choice -- please see:

    https://rust-for-linux.com/third-party-crates#suitability-of-a-crate

So if everyone agrees that or another library would be the best fit
than mimicking or using the C side (performance-wise,
maintainability-wise, etc.), then I am happy to integrate it.

> I encourage you to implement the tests as normal kernel tests - in
> source files that may be enabled in config. I can't insist on that,
> and will not block the series because of lack of benchmarks and
> tests written in a traditional way.
>
> But to me, scattered wrongly formatted commented-out in-place way of
> writing tests is something fundamentally wrong. Not mentioning that
> it bloats source files, making them harder to read.

I don't think documentation makes things harder to read; quite the
opposite -- if the docs are good.

But, yeah, if it is an actual test that is not suitable as an example,
then it should be a separate test (whether as a `#[test]` one, if that
works already for this use case, or as a sample module otherwise).

Thanks!

Cheers,
Miguel

On Mon, Mar 31, 2025 at 8:52 PM Miguel Ojeda
<miguel.ojeda.sandonis@gmail.com> wrote:
>
> On Mon, Mar 31, 2025 at 6:39 PM Yury Norov <yury.norov@gmail.com> wrote:
> >
> > I didn't find any discussions related to the bit_set in kernel context.
> > Is it possible to use it in kernel? If not, can you mention that in commit
>
> In principle, from a very quick look, yes, it supports `no_std` and
> should be very easy to vendor since they don't have dependencies (i.e.
> `bit_set` and `bit_vec`).
>
> > message? If yes, I think you should consider to use internal language
> > tools.
>
> Hmm... if by "internal language tools" you mean a normal library (like
> that one you mention), then yeah, they can be considered.
>
> In general, we have been prudent about using third-party libraries so
> far, but it is possible if it is the right choice -- please see:
>
>     https://rust-for-linux.com/third-party-crates#suitability-of-a-crate
>
> So if everyone agrees that or another library would be the best fit
> than mimicking or using the C side (performance-wise,
> maintainability-wise, etc.), then I am happy to integrate it.
>

IMHO, we should strive to avoid parallel implementations of basic data
structures.

This little patch series was started to replace a self-contained C
code with Rust implementation. It may not representative for all Rust
code, but building an abstraction over C code will make porting a lot
easier to write and review.

Now, one can argue that Rust abstractions could use alternative
implementations instead of binding the C code underneath. This opens
the door to subtle differences in performance or correctness (e.g. the
case with atomics and inner mutability).

> > I encourage you to implement the tests as normal kernel tests - in
> > source files that may be enabled in config. I can't insist on that,
> > and will not block the series because of lack of benchmarks and
> > tests written in a traditional way.
> >
> > But to me, scattered wrongly formatted commented-out in-place way of
> > writing tests is something fundamentally wrong. Not mentioning that
> > it bloats source files, making them harder to read.
>
> I don't think documentation makes things harder to read; quite the
> opposite -- if the docs are good.
>
> But, yeah, if it is an actual test that is not suitable as an example,
> then it should be a separate test (whether as a `#[test]` one, if that
> works already for this use case, or as a sample module otherwise).
>

Now that I figured out how to do it, I'll add the separate kunit test
that exercise code paths which are not helpful in documentation.

Thanks,
Burak