From nobody Fri Dec 19 20:59:47 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A6FC13C3F2 for ; Mon, 26 May 2025 15:01:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271709; cv=none; b=uWsk/bE/CIB2S2Ksz5MlweBdzTIjP555/xjeyiC0AC3MDDbB+CBW+/z7wdxWQUqCi/WjvL4r2cgD1qTX8Hdu7Jl/4OeBYMlvC1liSq4lqq2kmTYBZ0+66AshPBsFIIcbe0MDmCgc6Z4704FOALKEe7Y2ZzIB98kC8mCDIRi53Lc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271709; c=relaxed/simple; bh=rCRXTHiAgtKu3dsFNLxOBHNNzDWRNYIKX6JbwfEQaok=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qmESKACpE84Ee6/MbIvnBPODKJXlmN9lVZv12QZcy+wlJE4Z/bspdlycRv4e3Ix6HDregEvqtXu8CSQWhLtWBZCHVRXodlwkBi8oy+fGRWl0LUaoKYPg7x4qsHFrSEPEVA9NUoxVDd5MXtoncj4T7qyr9m+9kAk6OZrKmlUden8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WRfZMEcT; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WRfZMEcT" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-44a3b5996d2so11422055e9.1 for ; Mon, 26 May 2025 08:01:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748271706; x=1748876506; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=NHkjvhIISCSHj9u0ZO7czldP5cDtBrvbmLtc67N+RWM=; b=WRfZMEcTJmTBZAvYYUSgVOlGFLHwQ7DqEo+jLdIypERwTT7DD0YjX2q90EHRzzKgsq vL7dOwUnnSWcSEAGCvVu6/RAtPCNk2RgvFMZXu2Qfy17TZFheVgHzKgz5Ewehpc/GFdo t8FXVYQzi+EkAaWp5CTIWmkoR0dmoXVU5P8S3EN/K/9GZ77ISVKIf/7+48fzcTHRQE7U jZSWgMVH1YVhCkGb7H4LM/arOUc9YG+/UlGeKSjKJKWZGib3Ks+Aoxen3yxiqA0/vN0O gVPaoSg/nC2fezCVCxbjeMNGjV8pylTtqBjjpSRZMwEayLEjhCw734/NaEgD3ieGAE9F tsyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748271706; x=1748876506; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NHkjvhIISCSHj9u0ZO7czldP5cDtBrvbmLtc67N+RWM=; b=tz+hnGWfErqCNEzY+GR2vBDdONincm+LggeoFTkRBGpiCtYTEwC9XnkBGMWCpYYv0d DPsdfYgOZXUj04b2X+9lYLD+Np8cBMgP6Ty6sN4E0jDODsUlWVUC8CfDSTADmDVwKhxl kK87O+hu1GYtPlYx4L+exE+4BNULIe82/1YBfcmoIlscFmVooe0C2uZ+ICjDQSR4iSNP uLZGXUq0udDypTW6QAMDkPutCb4rbSJiunUqfsND7xx6Ae5s3doJpMwXQqeGr+q8mpIL C0TfmpaV0Q8n3uWNNAt/yaJtilrki+5rympIvSwgFxMqa8pNiBn/Y9+mIka5jM1tRIgl no4Q== X-Forwarded-Encrypted: i=1; AJvYcCVP+nSAluEPaGQO/Y2wZjoSiKaQPz1c4Qt4x4zaRNQ5uWVJ93mhbcUGJIx+qcwSzgP2H4SKQYc4RJ7T6K0=@vger.kernel.org X-Gm-Message-State: AOJu0Yx4uPVJwjImCofB5obuJibhaac38u3YX9cfMS4g5Cb5D34ID+PK DD1nMehLloRZSGg/iMuxXO7mBL6IuNnGgQ8mtRaYuKSEfq82CBX7pBNuZnwTQKBYoKYUpQ== X-Google-Smtp-Source: AGHT+IGPo8nUzY2Rj6nkPhVFDqh1Zc0DKoHnIQDw9+T3ld33w/KON4X7whx9IUxnJRj1Tiiw5NGdXf4= X-Received: from wmbez3.prod.google.com ([2002:a05:600c:83c3:b0:442:f8e9:a2ac]) (user=bqe job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c1f:b0:43d:300f:fa3d with SMTP id 5b1f17b1804b1-44c9141d8a2mr73618805e9.5.1748271706538; Mon, 26 May 2025 08:01:46 -0700 (PDT) Date: Mon, 26 May 2025 15:01:30 +0000 In-Reply-To: <20250526150141.3407433-1-bqe@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250526150141.3407433-1-bqe@google.com> X-Mailer: git-send-email 2.49.0.1151.ga128411c76-goog Message-ID: <20250526150141.3407433-2-bqe@google.com> Subject: [PATCH v9 1/5] rust: add bindings for bitmap.h From: Burak Emir To: Yury Norov , Kees Cook Cc: Burak Emir , Rasmus Villemoes , Viresh Kumar , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , "=?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?=" , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , "Gustavo A . R . Silva" , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Makes the bitmap_copy_and_extend inline function available to Rust. Adds F: to existing MAINTAINERS section BITMAP API BINDINGS [RUST]. Suggested-by: Alice Ryhl Suggested-by: Yury Norov Signed-off-by: Burak Emir Acked-by: Yury Norov [NVIDIA] --- MAINTAINERS | 1 + rust/bindings/bindings_helper.h | 1 + rust/helpers/bitmap.c | 9 +++++++++ rust/helpers/helpers.c | 1 + 4 files changed, 12 insertions(+) create mode 100644 rust/helpers/bitmap.c diff --git a/MAINTAINERS b/MAINTAINERS index d48dd6726fe6..86cae0ca5287 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4124,6 +4124,7 @@ F: tools/lib/find_bit.c BITMAP API BINDINGS [RUST] M: Yury Norov S: Maintained +F: rust/helpers/bitmap.c F: rust/helpers/cpumask.c =20 BITOPS API diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helpe= r.h index ab37e1d35c70..b6bf3b039c1b 100644 --- a/rust/bindings/bindings_helper.h +++ b/rust/bindings/bindings_helper.h @@ -7,6 +7,7 @@ */ =20 #include +#include #include #include #include diff --git a/rust/helpers/bitmap.c b/rust/helpers/bitmap.c new file mode 100644 index 000000000000..a50e2f082e47 --- /dev/null +++ b/rust/helpers/bitmap.c @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include + +void rust_helper_bitmap_copy_and_extend(unsigned long *to, const unsigned = long *from, + unsigned int count, unsigned int size) +{ + bitmap_copy_and_extend(to, from, count, size); +} diff --git a/rust/helpers/helpers.c b/rust/helpers/helpers.c index 1e7c84df7252..92721d165e35 100644 --- a/rust/helpers/helpers.c +++ b/rust/helpers/helpers.c @@ -7,6 +7,7 @@ * Sorted alphabetically. */ =20 +#include "bitmap.c" #include "blk.c" #include "bug.c" #include "build_assert.c" --=20 2.49.0.1151.ga128411c76-goog From nobody Fri Dec 19 20:59:47 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 433E7213240 for ; Mon, 26 May 2025 15:01:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271712; cv=none; b=AcgNHpkhzCxHIvn7WVQKqxh2BkeeWhYyKY4gpro9YJmm8zDZa9R2S0P9iIdX5/BcfeUB0UgJ/+o4xtXZvrz/6J8B88p6Z2NuBat/ywl5WfHwv0ajVqZ8F/LyhGQqmVKnR88XM0WTrJqn21BYQFWdDQJRDHmqGhjnh2RE8VhFUsY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271712; c=relaxed/simple; bh=Q/2BsgKz24Vtl8wIJjkgERERw7Spq2sdcAdXYaotMo4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=moDSbtmL1dn/+T5Fb09eaReX1+dLw6kersBTVKefQ8tH311kbjC1YywLYMB1s6tDMqokMOv2+EUvyPxll1c91z3//xgQ0gQ/jq/bs71WSXsab5QsWq81eQgGy8xPIvKpgB9+bGofd0betEYFnvp9jWlhL3iTupJkU7dRNaNpUv0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=xyfCek5l; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="xyfCek5l" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43ea256f039so18437315e9.0 for ; Mon, 26 May 2025 08:01:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748271709; x=1748876509; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=SQP6Td3kWKuKqRj2KRN0QM8NzsKBYR8G0PzCVMLQtO0=; b=xyfCek5lFvjMqll2gBHEc4LafERAqOh7SnvH4KLBQgPSAQFTOhtNbqI0SX4hZo7u96 xgbQy5+7CWGo7wUy+jSRqEu2/u7Q2Gwy173jcqadFh4Z6XsrKrXX1BmH3PccBk5uGQ2+ KEnjZ7orfy0gZiFGbso8nsnR2CJBAAujtTCtwfdFZZ0mqUhlSlzg+TGwcqfDJ7UWCH7S iAKkQt789pwFGTMSQQ9lhkdSWVjBdg6KKscPwYMRfdxhg+GwMge8l2u4C9B5sLqshPQL dBNZAu6wKQGbLswM/pKfEOoX39RSgd1nRkAjP1cNJBefH+Hc4a/v6GOaluL2HP+Wf5nj PQmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748271709; x=1748876509; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SQP6Td3kWKuKqRj2KRN0QM8NzsKBYR8G0PzCVMLQtO0=; b=El2res85+hd2qoSzmvrH5Nb+2bM/3VSuVSHocLq7NmWQ7hsfrAPFptgv0c/nB8S5lL ii5Z0/+7xFxSxxB9tuxejNaz9FpcWthQrkX0AqEEXVaOY7NHoVG0DeWPjn3C5yGqvob4 QxWqlZ+6WgCFtFXsUFSbnDySeRU/YuzDV/51BmUfHY7fegI0SJKDV/CnYu/OoHkpDnls 2JJxe/oj4otgj0xDCMX88qxSzEMJU8Ckr2Gf7QrT/Sb/d6D6L1dQ7vGMDLoMpCrqFHh8 JLSOpMq5UV+mcSbeTeXjdhDs67o4kYo70AK5plYbNQLBI9y35jQFpUwDBieitLPWeLV6 JrnA== X-Forwarded-Encrypted: i=1; AJvYcCX4vk49gxMYPFIk2xvLaqRWWmQTgnGT8yXwVGFeZF8KnBbcN1z7qkBQhVHHMZt9p3iZcD3MfNGlVgKophE=@vger.kernel.org X-Gm-Message-State: AOJu0YzJ4MZqKneq8fx87OMJAKhiNnOvnO7BsoC8fMQQgf7ll4K7LjK5 0J+YXnZAaljnEmLr3B+bhi+3yFI9Z1WpoeVlY/Il0Vn6JVHYM7MhwqaXKP2gYPKROjgSLw== X-Google-Smtp-Source: AGHT+IG7bMDz+nyV21aR+cR9rz6T4gu5RRq0QfvbqOxOM4k37bGT04jZzRz8bA5euIEZI5NyPC9+hsM= X-Received: from wmrn43.prod.google.com ([2002:a05:600c:502b:b0:43c:ef1f:48d3]) (user=bqe job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:5396:b0:43c:f63c:babb with SMTP id 5b1f17b1804b1-44c91607264mr72968455e9.1.1748271708454; Mon, 26 May 2025 08:01:48 -0700 (PDT) Date: Mon, 26 May 2025 15:01:31 +0000 In-Reply-To: <20250526150141.3407433-1-bqe@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250526150141.3407433-1-bqe@google.com> X-Mailer: git-send-email 2.49.0.1151.ga128411c76-goog Message-ID: <20250526150141.3407433-3-bqe@google.com> Subject: [PATCH v9 2/5] rust: add bindings for bitops.h From: Burak Emir To: Yury Norov , Kees Cook Cc: Burak Emir , Rasmus Villemoes , Viresh Kumar , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , "=?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?=" , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , "Gustavo A . R . Silva" , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Makes atomic set_bit and clear_bit inline functions as well as the non-atomic variants __set_bit and __clear_bit available to Rust. Adds a new MAINTAINERS section BITOPS API BINDINGS [RUST]. Suggested-by: Alice Ryhl Suggested-by: Yury Norov Signed-off-by: Burak Emir Acked-by: Yury Norov [NVIDIA] --- MAINTAINERS | 5 +++++ rust/helpers/bitops.c | 23 +++++++++++++++++++++++ rust/helpers/helpers.c | 1 + 3 files changed, 29 insertions(+) create mode 100644 rust/helpers/bitops.c diff --git a/MAINTAINERS b/MAINTAINERS index 86cae0ca5287..04d6727e944c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4141,6 +4141,11 @@ F: include/linux/bitops.h F: lib/test_bitops.c F: tools/*/bitops* =20 +BITOPS API BINDINGS [RUST] +M: Yury Norov +S: Maintained +F: rust/helpers/bitops.c + BLINKM RGB LED DRIVER M: Jan-Simon Moeller S: Maintained diff --git a/rust/helpers/bitops.c b/rust/helpers/bitops.c new file mode 100644 index 000000000000..1fe9e3b23a39 --- /dev/null +++ b/rust/helpers/bitops.c @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include + +void rust_helper___set_bit(unsigned int nr, unsigned long *addr) +{ + __set_bit(nr, addr); +} + +void rust_helper___clear_bit(unsigned int nr, unsigned long *addr) +{ + __clear_bit(nr, addr); +} + +void rust_helper_set_bit(unsigned int nr, volatile unsigned long *addr) +{ + set_bit(nr, addr); +} + +void rust_helper_clear_bit(unsigned int nr, volatile unsigned long *addr) +{ + clear_bit(nr, addr); +} diff --git a/rust/helpers/helpers.c b/rust/helpers/helpers.c index 92721d165e35..4de8ac390241 100644 --- a/rust/helpers/helpers.c +++ b/rust/helpers/helpers.c @@ -8,6 +8,7 @@ */ =20 #include "bitmap.c" +#include "bitops.c" #include "blk.c" #include "bug.c" #include "build_assert.c" --=20 2.49.0.1151.ga128411c76-goog From nobody Fri Dec 19 20:59:47 2025 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 83FE42144DD for ; Mon, 26 May 2025 15:01:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271715; cv=none; b=T+7gRYddkvS/vfT/dT4zHyhQUrdpYxGES76Su5SFuDhAj4DOKrpSg6d0DA2/HptNqAp3ABHvFHCjkIPjWM/mitc1+4N696vw8VHreWRMwkelVgR/5p9frEus8B156MtudYCX8HSLtwRRD2JdcxrMnsAJB6tcsnTulBeY9eqoyhA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271715; c=relaxed/simple; bh=PKsjk27z4abQDNpJJfmLI6eiiaH9g2ZMd7BW7glP2vI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=lEcKKRSAIyf+WPvPDd7SqIsoyHi5yxjOaWYmPNvHZ3Vv7IiVSPSmoz015lmIC4qfFnO9fpbT2gu5WyNdOA9X7fCjRklSxmxuEA5S8I0kbI30fVJE+iVVR6CZ1J0BSl1OD/sNdEstAagCVPFh5ADw0HZF9MV8hQ+QXfmxxcvv3is= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=yhj/c/hX; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="yhj/c/hX" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-445135eb689so15408555e9.2 for ; Mon, 26 May 2025 08:01:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748271711; x=1748876511; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1/PTjKCdteP0OqZ3DGTwyCRcaawNKa8OcZ7BGqbI7xw=; b=yhj/c/hXAXDXNpUkukfvJq4zlAw6FBTnxo13cCfCQletJy6HolpQw4L4IK0Liv17/N cyIy5t8wAhx+vnGOpI9UqMqDPFG5Z9ssyeThdzYKLAkEzPxswiOej9IEd8CfI4qCM5yQ nqPlntlL/I89FTopnr09jHE2e0h997VJPi/naA3kEQ0ear3pAM9CCmccUSFPFh9Pc/Ao dzf+GfFp75pzN6DZI1O+HVCmcHW4CCe7fdyXiuz6Hf9pF2SKtN/OB07InMNtauOcH8Sg Qa1NdvxYfkQIEYT4ToVIMV3Q7oFkuRUSlecKAF4rCDMV6Y32Um90dTLHTqHcwxvElISS X1Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748271711; x=1748876511; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1/PTjKCdteP0OqZ3DGTwyCRcaawNKa8OcZ7BGqbI7xw=; b=TfdQGvZImlDTNFffWoi98KyH4WgOuuDieFdMMLVBeAEOcg3+pxh7YGmFJft9fd8vST +8uPGDixIMQHRoMP1Ldi/jvA5uO22mLZI9Km71asqg6jhfN+lRPnN1JlVNTxH4RjOlKX j55UJg/12E7aeMCQ/YzECxittouqhDFnDqPPP5rca9DvU9K2LC09tsReHVePSV2evDbC 6Ve9Cbfv2B05xhohIok1UAjHw01xhSHPROZgMuVTAAY9PcUbMfM6NQ9Lwk9gTvXz1Dca A/nDxQmoedZtuVW3Fga+QYQTLoFkvhGUxjbojU1HGfUdjJGNpb6T0YtmBNP5VkN5GuMP v/Vw== X-Forwarded-Encrypted: i=1; AJvYcCX381h0jCuwejyWCYymgS0Ll0dnBXqy9mGIm6DBFs4+lBJ26B1uznWJM1ppfSASLRAJm/m8wequbJ0T8Xc=@vger.kernel.org X-Gm-Message-State: AOJu0Yy3XPPSKBJVwEi5lMIV/X3nXgq4JM9NIATCh61Zx3wU6U4ZK0RG Ry+0xjsOczIgW2IknxqSrnvhI4LT1E4xdtocawYD3nWETXRfWAq6TDcoL0S9w5bxj882rQ== X-Google-Smtp-Source: AGHT+IGGuKNPwwb2aDQQ5UOLvSXsXlob1l+Tjy5F5tyMEDq9rwIreqcQT+oqsUK6OZ8BDUCtV6Flewc= X-Received: from wmrm3.prod.google.com ([2002:a05:600c:37c3:b0:442:cab2:15c3]) (user=bqe job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:26d1:b0:43b:cb12:ba6d with SMTP id 5b1f17b1804b1-44c9465aff1mr70984135e9.3.1748271711196; Mon, 26 May 2025 08:01:51 -0700 (PDT) Date: Mon, 26 May 2025 15:01:32 +0000 In-Reply-To: <20250526150141.3407433-1-bqe@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250526150141.3407433-1-bqe@google.com> X-Mailer: git-send-email 2.49.0.1151.ga128411c76-goog Message-ID: <20250526150141.3407433-4-bqe@google.com> Subject: [PATCH v9 3/5] rust: add bitmap API. From: Burak Emir To: Yury Norov , Kees Cook Cc: Burak Emir , Rasmus Villemoes , Viresh Kumar , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , "=?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?=" , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , "Gustavo A . R . Silva" , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Provides an abstraction for C bitmap API and bitops operations. This commit enables a Rust implementation of an Android Binder data structure from commit 15d9da3f818c ("binder: use bitmap for faster descriptor lookup"), which can be found in drivers/android/dbitmap.h. It is a step towards upstreaming the Rust port of Android Binder driver. We follow the C Bitmap API closely in naming and semantics, with a few differences that take advantage of Rust language facilities and idioms: * We leverage Rust type system guarantees as follows: * all (non-atomic) mutating operations require a &mut reference which amounts to exclusive access. * the Bitmap type implements Send. This enables transferring ownership between threads and is needed for Binder. * the Bitmap type implements Sync, which enables passing shared references &Bitmap between threads. Atomic operations can be used to safely modify from multiple threads (interior mutability), though without ordering guarantees. * The Rust API uses `{set,clear}_bit` vs `{set,clear}_bit_atomic` as names, which differs from the C naming convention which uses set_bit for atomic vs __set_bit for non-atomic. * we include enough operations for the API to be useful, but not all operations are exposed yet in order to avoid dead code. The missing ones can be added later. * We follow the C API closely with a fine-grained approach to safety: * Low-level bit-ops get a safe API with bounds checks. Calling with an out-of-bounds arguments to {set,clear}_bit becomes a no-op and get logged as errors. * We introduce a RUST_BITMAP_HARDENED config, which causes invocations with out-of-bounds arguments to panic. * methods correspond to find_* C methods tolerate out-of-bounds since the C implementation does. Also here, we log out-of-bounds arguments as errors and panic in RUST_BITMAP_HARDENED mode. * We add a way to "borrow" bitmaps from C in Rust, to make C bitmaps that were allocated in C directly usable in Rust code (`CBitmap`). * the Rust API is optimized to represent the bitmap inline if it would fit into a pointer. This saves allocations which is relevant in the Binder use case. The underlying C bitmap is *not* exposed, and must never be exposed (except in tests). Exposing the representation of the owned bitmap would lose static guarantees. An alternative route of vendoring an existing Rust bitmap package was considered but suboptimal overall. Reusing the C implementation is preferable for a basic data structure like bitmaps. It enables Rust code to be a lot more similar and predictable with respect to C code that uses the same data structures and enables the use of code that has been tried-and-tested in the kernel, with the same performance characteristics whenever possible. We use the `usize` type for sizes and indices into the bitmap, because Rust generally always uses that type for indices and lengths and it will be more convenient if the API accepts that type. This means that we need to perform some casts to/from u32 and usize, since the C headers use unsigned int instead of size_t/unsigned long for these numbers in some places. Adds new MAINTAINERS section BITMAP API [RUST]. Suggested-by: Alice Ryhl Suggested-by: Yury Norov Signed-off-by: Burak Emir --- MAINTAINERS | 7 + rust/kernel/bitmap.rs | 554 +++++++++++++++++++++++++++++++++++++ rust/kernel/lib.rs | 1 + security/Kconfig.hardening | 10 + 4 files changed, 572 insertions(+) create mode 100644 rust/kernel/bitmap.rs diff --git a/MAINTAINERS b/MAINTAINERS index 04d6727e944c..565eaa015d9e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4127,6 +4127,13 @@ S: Maintained F: rust/helpers/bitmap.c F: rust/helpers/cpumask.c =20 +BITMAP API [RUST] +M: Alice Ryhl +M: Burak Emir +R: Yury Norov +S: Maintained +F: rust/kernel/bitmap.rs + BITOPS API M: Yury Norov R: Rasmus Villemoes diff --git a/rust/kernel/bitmap.rs b/rust/kernel/bitmap.rs new file mode 100644 index 000000000000..a6edd4889518 --- /dev/null +++ b/rust/kernel/bitmap.rs @@ -0,0 +1,554 @@ +// SPDX-License-Identifier: GPL-2.0 + +// Copyright (C) 2025 Google LLC. + +//! Rust API for bitmap. +//! +//! C headers: [`include/linux/bitmap.h`](srctree/include/linux/bitmap.h). + +use crate::alloc::{AllocError, Flags}; +use crate::bindings; +use crate::pr_err; +use core::ptr::NonNull; + +/// Represents a C bitmap. Wraps underlying C bitmap API. +/// +/// # Invariants +/// +/// Must reference a `[c_ulong]` long enough to fit `data.len()` bits. +pub struct CBitmap { + _align: [usize; 0], + data: [()], +} + +impl CBitmap { + /// Borrows a C bitmap. + /// + /// # Safety + /// + /// * `ptr` holds a non-null address of an initialized array of `unsig= ned long` + /// that is large enough to hold `nbits` bits. + /// * the array must not be freed for the lifetime of this [`CBitmap`] + /// * concurrent access only happens through atomic operations + pub unsafe fn from_raw<'a>(ptr: *const usize, nbits: usize) -> &'a CBi= tmap { + let data: *const [()] =3D core::ptr::slice_from_raw_parts(ptr.cast= (), nbits); + unsafe { &*(data as *const CBitmap) } + } + + /// Borrows a C bitmap exclusively. + /// + /// # Safety + /// + /// * `ptr` holds a non-null address of an initialized array of `unsig= ned long` + /// that is large enough to hold `nbits` bits. + /// * the array must not be freed for the lifetime of this [`CBitmap`] + /// * no concurrent access may happen. + pub unsafe fn from_raw_mut<'a>(ptr: *mut usize, nbits: usize) -> &'a m= ut CBitmap { + let data: *mut [()] =3D core::ptr::slice_from_raw_parts_mut(ptr.ca= st(), nbits); + unsafe { &mut *(data as *mut CBitmap) } + } + + /// Returns a raw pointer to the backing [`Bitmap`]. + pub fn as_ptr(&self) -> *const usize { + self as *const CBitmap as *const usize + } + + /// Returns a mutable raw pointer to the backing [`Bitmap`]. + pub fn as_mut_ptr(&mut self) -> *mut usize { + self as *mut CBitmap as *mut usize + } + + /// Returns length of this [`CBitmap`]. + pub fn len(&self) -> usize { + self.data.len() + } +} + +/// Holds either a pointer to array of `unsigned long` or a small bitmap. +#[repr(C)] +union BitmapRepr { + bitmap: usize, + ptr: NonNull, +} + +macro_rules! bitmap_assert { + ($cond:expr, $($arg:tt)+) =3D> { + #[cfg(RUST_BITMAP_HARDENED)] + assert!($e, $($arg)*); + } +} + +macro_rules! bitmap_assert_return { + ($cond:expr, $($arg:tt)+) =3D> { + #[cfg(RUST_BITMAP_HARDENED)] + assert!($e, $($arg)*); + + #[cfg(not(RUST_BITMAP_HARDENED))] + if !($cond) { + pr_err!($($arg)*); + return + } + } +} + +/// Represents an owned bitmap. +/// +/// Wraps underlying C bitmap API. See [`CBitmap`] for available +/// methods. +/// +/// # Examples +/// +/// Basic usage +/// +/// ``` +/// use kernel::alloc::flags::GFP_KERNEL; +/// use kernel::bitmap::Bitmap; +/// +/// let mut b =3D Bitmap::new(16, GFP_KERNEL)?; +/// +/// assert_eq!(16, b.len()); +/// for i in 0..16 { +/// if i % 4 =3D=3D 0 { +/// b.set_bit(i); +/// } +/// } +/// assert_eq!(Some(0), b.next_bit(0)); +/// assert_eq!(Some(1), b.next_zero_bit(0)); +/// assert_eq!(Some(4), b.next_bit(1)); +/// assert_eq!(Some(5), b.next_zero_bit(4)); +/// assert_eq!(Some(12), b.last_bit()); +/// # Ok::<(), Error>(()) +/// ``` +/// +/// # Invariants +/// +/// * `inner.nbits` is `<=3D i32::MAX` and never changes. +/// * if `inner.nbits <=3D bindings::BITS_PER_LONG`, then `inner.repr` is +/// a `usize`. +/// * otherwise, `inner.repr` holds a non-null pointer to an initialized +/// array of `unsigned long` that is large enough to hold `nbits` bits. +pub struct Bitmap { + /// Representation of bitmap. + repr: BitmapRepr, + /// Length of this bitmap. Must be `<=3D i32::MAX`. + nbits: usize, +} + +impl core::ops::Deref for Bitmap { + type Target =3D CBitmap; + + fn deref(&self) -> &CBitmap { + let ptr =3D if self.nbits <=3D bindings::BITS_PER_LONG as _ { + // SAFETY: Bitmap is represented inline. + unsafe { core::ptr::addr_of!(self.repr.bitmap) } + } else { + // SAFETY: Bitmap is represented as array of `unsigned long`. + unsafe { self.repr.ptr.as_ptr() } + }; + + // SAFETY: We got the right pointer and invariants of [`Bitmap`] h= old. + // An inline bitmap is treated like an array with single element. + unsafe { CBitmap::from_raw(ptr, self.nbits) } + } +} + +impl core::ops::DerefMut for Bitmap { + fn deref_mut(&mut self) -> &mut CBitmap { + let ptr =3D if self.nbits <=3D bindings::BITS_PER_LONG as _ { + // SAFETY: Bitmap is represented inline. + unsafe { core::ptr::addr_of_mut!(self.repr.bitmap) } + } else { + // SAFETY: Bitmap is represented as array of `unsigned long`. + unsafe { self.repr.ptr.as_mut() } + }; + + // SAFETY: We got the right pointer and invariants of [`Bitmap`] h= old. + // An inline bitmap is treated like an array with single element. + unsafe { CBitmap::from_raw_mut(ptr, self.nbits) } + } +} + +/// Enable ownership transfer to other threads. +/// +/// # Safety +/// +/// We own the underlying bitmap representation. +unsafe impl Send for Bitmap {} + +/// Enable unsynchronized concurrent access to [`Bitmap`] through shared r= eferences. +/// +/// # Safety +/// +/// * When no thread performs any mutations, concurrent access is safe. +/// * Mutations are permitted through atomic operations and interior mutab= ility. +/// All such methods are marked unsafe, to account for the lack of order= ing +/// guarantees. Callers must acknowledge that updates may be observed in= any +/// order. +unsafe impl Sync for Bitmap {} + +impl Drop for Bitmap { + fn drop(&mut self) { + if self.nbits <=3D bindings::BITS_PER_LONG as _ { + return; + } + // SAFETY: `self.ptr` was returned by the C `bitmap_zalloc`. + // + // INVARIANT: there is no other use of the `self.ptr` after this + // call and the value is being dropped so the broken invariant is + // not observable on function exit. + unsafe { bindings::bitmap_free(self.repr.ptr.as_ptr()) }; + } +} + +impl Bitmap { + /// Constructs a new [`Bitmap`]. + /// + /// Fails with [`AllocError`] when the [`Bitmap`] could not be allocat= ed. This + /// includes the case when `nbits` is greater than `i32::MAX`. + #[inline] + pub fn new(nbits: usize, flags: Flags) -> Result { + if nbits <=3D bindings::BITS_PER_LONG as _ { + return Ok(Bitmap { + repr: BitmapRepr { bitmap: 0 }, + nbits, + }); + } + if nbits > i32::MAX.try_into().unwrap() { + return Err(AllocError); + } + let nbits_u32 =3D u32::try_from(nbits).unwrap(); + // SAFETY: `bindings::BITS_PER_LONG < nbits` and `nbits <=3D i32::= MAX`. + let ptr =3D unsafe { bindings::bitmap_zalloc(nbits_u32, flags.as_r= aw()) }; + let ptr =3D NonNull::new(ptr).ok_or(AllocError)?; + // INVARIANT: `ptr` returned by C `bitmap_zalloc` and `nbits` chec= ked. + return Ok(Bitmap { + repr: BitmapRepr { ptr }, + nbits, + }); + } + + /// Returns length of this [`CBitmap`]. + #[inline] + pub fn len(&self) -> usize { + self.nbits + } +} + +impl CBitmap { + /// Set bit with index `index`. + /// + /// ATTENTION: `set_bit` is non-atomic, which differs from the naming + /// convention in C code. The corresponding C function is `__set_bit`. + /// + /// If RUST_BITMAP_HARDENED is not enabled and `index` is greater than + /// or equal to `self.nbits`, does nothing. + /// + /// # Panics + /// + /// Panics if RUST_BITMAP_HARDENED is enabled and `index` is greater t= han + /// or equal to `self.nbits`. + #[inline] + pub fn set_bit(&mut self, index: usize) { + bitmap_assert_return!( + index < self.len(), + "Bit `index` must be < {}, was {}", + self.len(), + index + ); + // SAFETY: Bit `index` is within bounds. + unsafe { bindings::__set_bit(index as u32, self.as_mut_ptr()) }; + } + + /// Set bit with index `index`, atomically. + /// + /// This is a relaxed atomic operation (no implied memory barriers). + /// + /// ATTENTION: The naming convention differs from C, where the corresp= onding + /// function is called `set_bit`. + /// + /// If RUST_BITMAP_HARDENED is not enabled and `index` is greater than + /// or equal to `self.len()`, does nothing. + /// + /// # Panics + /// + /// Panics if RUST_BITMAP_HARDENED is enabled and `index` is greater t= han + /// or equal to `self.len()`. + #[inline] + pub fn set_bit_atomic(&self, index: usize) { + bitmap_assert_return!( + index < self.len(), + "Bit `index` must be < {}, was {}", + self.len(), + index + ); + // SAFETY: `index` is within bounds and the caller has ensured that + // there is no mix of non-atomic and atomic operations. + unsafe { bindings::set_bit(index as u32, self.as_ptr() as *mut usi= ze) }; + } + + /// Clear `index` bit. + /// + /// ATTENTION: `clear_bit` is non-atomic, which differs from the naming + /// convention in C code. The corresponding C function is `__clear_bit= `. + /// + /// If RUST_BITMAP_HARDENED is not enabled and `index` is greater than + /// or equal to `self.len()`, does nothing. + /// + /// # Panics + /// + /// Panics if RUST_BITMAP_HARDENED is enabled and `index` is greater t= han + /// or equal to `self.len()`. + #[inline] + pub fn clear_bit(&mut self, index: usize) { + bitmap_assert_return!( + index < self.len(), + "Bit `index` must be < {}, was {}", + self.len(), + index + ); + // SAFETY: `index` is within bounds. + unsafe { bindings::__clear_bit(index as u32, self.as_mut_ptr()) }; + } + + /// Clear `index` bit, atomically. + /// + /// This is a relaxed atomic operation (no implied memory barriers). + /// + /// ATTENTION: The naming convention differs from C, where the corresp= onding + /// function is called `clear_bit`. + /// + /// If RUST_BITMAP_HARDENED is not enabled and `index` is greater than + /// or equal to `self.len()`, does nothing. + /// + /// # Panics + /// + /// Panics if RUST_BITMAP_HARDENED is enabled and `index` is greater t= han + /// or equal to `self.len()`. + #[inline] + pub fn clear_bit_atomic(&self, index: usize) { + bitmap_assert_return!( + index < self.len(), + "Bit `index` must be < {}, was {}", + self.len(), + index + ); + // SAFETY: `index` is within bounds and the caller has ensured that + // there is no mix of non-atomic and atomic operations. + unsafe { bindings::clear_bit(index as u32, self.as_ptr() as *mut u= size) }; + } + + /// Copy `src` into this [`Bitmap`] and set any remaining bits to zero. + /// + /// # Examples + /// + /// ``` + /// use kernel::alloc::{AllocError, flags::GFP_KERNEL}; + /// use kernel::bitmap::Bitmap; + /// + /// let mut long_bitmap =3D Bitmap::new(256, GFP_KERNEL)?; + // + /// assert_eq!(None, long_bitmap.last_bit()); + // + /// let mut short_bitmap =3D Bitmap::new(16, GFP_KERNEL)?; + // + /// short_bitmap.set_bit(7); + /// long_bitmap.copy_and_extend(&short_bitmap); + /// assert_eq!(Some(7), long_bitmap.last_bit()); + /// + /// # Ok::<(), AllocError>(()) + /// ``` + #[inline] + pub fn copy_and_extend(&mut self, src: &Bitmap) { + let len =3D core::cmp::min(src.nbits, self.len()); + // SAFETY: access to `self` and `src` is within bounds. + unsafe { + bindings::bitmap_copy_and_extend( + self.as_mut_ptr(), + src.as_ptr(), + len as u32, + self.len() as u32, + ) + }; + } + + /// Finds last set bit. + /// + /// # Examples + /// + /// ``` + /// use kernel::alloc::{AllocError, flags::GFP_KERNEL}; + /// use kernel::bitmap::Bitmap; + /// + /// let bitmap =3D Bitmap::new(64, GFP_KERNEL)?; + /// + /// match bitmap.last_bit() { + /// Some(idx) =3D> { + /// pr_info!("The last bit has index {idx}.\n"); + /// } + /// None =3D> { + /// pr_info!("All bits in this bitmap are 0.\n"); + /// } + /// } + /// # Ok::<(), AllocError>(()) + /// ``` + #[inline] + pub fn last_bit(&self) -> Option { + // SAFETY: `_find_next_bit` access is within bounds due to invaria= nt. + let index =3D unsafe { bindings::_find_last_bit(self.as_ptr(), sel= f.len()) }; + if index >=3D self.len() { + None + } else { + Some(index) + } + } + + /// Finds next set bit, starting from `start`. + /// Returns `None` if `start` is greater of equal than `self.nbits`. + #[inline] + pub fn next_bit(&self, start: usize) -> Option { + bitmap_assert!( + start < self.len(), + "`start` must be < {} was {}", + self.len(), + start + ); + // SAFETY: `_find_next_bit` tolerates out-of-bounds arguments and = returns a + // value larger than or equal to `self.len()` in that case. + let index =3D unsafe { bindings::_find_next_bit(self.as_ptr(), sel= f.len(), start) }; + if index >=3D self.len() { + None + } else { + Some(index) + } + } + + /// Finds next zero bit, starting from `start`. + /// Returns `None` if `start` is greater than or equal to `self.len()`. + #[inline] + pub fn next_zero_bit(&self, start: usize) -> Option { + bitmap_assert!( + start < self.len(), + "`start` must be < {} was {}", + self.len(), + start + ); + // SAFETY: `_find_next_zero_bit` tolerates out-of-bounds arguments= and returns a + // value larger than or equal to `self.len()` in that case. + let index =3D unsafe { bindings::_find_next_zero_bit(self.as_ptr()= , self.len(), start) }; + if index >=3D self.len() { + None + } else { + Some(index) + } + } +} + +use macros::kunit_tests; + +#[kunit_tests(rust_kernel_bitmap)] +mod tests { + use super::*; + use kernel::alloc::flags::GFP_KERNEL; + + #[test] + fn cbitmap_borrow() { + let fake_c_bitmap: [usize; 2] =3D [0, 0]; + // SAFETY: `fake_c_bitmap` is an array of expected length. + let b =3D unsafe { + CBitmap::from_raw( + core::ptr::addr_of!(fake_c_bitmap) as *const usize, + 2 * bindings::BITS_PER_LONG as usize, + ) + }; + assert_eq!(2 * bindings::BITS_PER_LONG as usize, b.len()); + assert_eq!(None, b.next_bit(0)); + } + + #[test] + fn cbitmap_copy() { + let fake_c_bitmap: usize =3D 0xFF; + // SAFETY: `fake_c_bitmap` can be used as one-element array of exp= ected length. + let b =3D unsafe { CBitmap::from_raw(core::ptr::addr_of!(fake_c_bi= tmap), 8) }; + assert_eq!(8, b.len()); + assert_eq!(None, b.next_zero_bit(0)); + } + + #[test] + fn bitmap_new() { + let b =3D Bitmap::new(0, GFP_KERNEL).unwrap(); + assert_eq!(0, b.len()); + + let b =3D Bitmap::new(3, GFP_KERNEL).unwrap(); + assert_eq!(3, b.len()); + + let b =3D Bitmap::new(1024, GFP_KERNEL).unwrap(); + assert_eq!(1024, b.len()); + + // Requesting too large values results in [`AllocError`]. + let b =3D Bitmap::new(1 << 31, GFP_KERNEL); + assert!(b.is_err()); + } + + #[test] + fn bitmap_set_clear_find() { + let mut b =3D Bitmap::new(128, GFP_KERNEL).unwrap(); + + // Zero-initialized + assert_eq!(None, b.next_bit(0)); + assert_eq!(Some(0), b.next_zero_bit(0)); + assert_eq!(None, b.last_bit()); + + b.set_bit(17); + + assert_eq!(Some(17), b.next_bit(0)); + assert_eq!(Some(17), b.next_bit(17)); + assert_eq!(None, b.next_bit(18)); + assert_eq!(Some(17), b.last_bit()); + + b.set_bit(107); + + assert_eq!(Some(17), b.next_bit(0)); + assert_eq!(Some(17), b.next_bit(17)); + assert_eq!(Some(107), b.next_bit(18)); + assert_eq!(Some(107), b.last_bit()); + + b.clear_bit(17); + + assert_eq!(Some(107), b.next_bit(0)); + assert_eq!(Some(107), b.last_bit()); + } + + #[cfg(not(RUST_BITMAP_HARDENED))] + #[test] + fn bitmap_out_of_bounds() { + let mut b =3D Bitmap::new(128, GFP_KERNEL).unwrap(); + + b.set_bit(2048); + b.set_bit_atomic(2048); + b.clear_bit(2048); + b.clear_bit_atomic(2048); + assert_eq!(None, b.next_bit(2048)); + assert_eq!(None, b.next_zero_bit(2048)); + assert_eq!(None, b.last_bit()); + } + + // TODO: add test RUST_BITMAP_HARDENED when KUnit supports this type o= f config. + + #[test] + fn bitmap_copy_and_extend() { + let mut long_bitmap =3D Bitmap::new(256, GFP_KERNEL).unwrap(); + + long_bitmap.set_bit(3); + long_bitmap.set_bit(200); + + let mut short_bitmap =3D Bitmap::new(32, GFP_KERNEL).unwrap(); + + short_bitmap.set_bit(17); + + long_bitmap.copy_and_extend(&short_bitmap); + + // Previous bits have been cleared. + assert_eq!(Some(17), long_bitmap.next_bit(0)); + assert_eq!(Some(17), long_bitmap.last_bit()); + } +} diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index de07aadd1ff5..8c4161cd82ac 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -38,6 +38,7 @@ pub use ffi; =20 pub mod alloc; +pub mod bitmap; #[cfg(CONFIG_BLOCK)] pub mod block; #[doc(hidden)] diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 3fe9d7b945c4..3ca3c7dc4381 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -324,6 +324,16 @@ config LIST_HARDENED =20 If unsure, say N. =20 +config RUST_BITMAP_HARDENED + bool "Check integrity of linked list manipulation" + depends on CONFIG_RUST + help + Enables additional assertions in the Rust Bitmap API to catch + arguments that are not guaranteed to result in an immediate access + fault. + + If unsure, say N. + config BUG_ON_DATA_CORRUPTION bool "Trigger a BUG when data corruption is detected" select LIST_HARDENED --=20 2.49.0.1151.ga128411c76-goog From nobody Fri Dec 19 20:59:47 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4029B214A97 for ; Mon, 26 May 2025 15:01:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271717; cv=none; b=EEnd0kXhN+fGUSbMgU6ODzbDyFFFjeqUGlMVSzIOEg1hJbIzxgMMklSOksg1ZthiHbvCXqgmxZ9HKWpWT8uFYlrHFMZPNL8wDe1Hr8HMmxCVEzO8OKySxtmEymtJ28eTo6qOm9DmdPv66cQ9jjGWSclWUMsDPiyKvETUcbeC/9w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271717; c=relaxed/simple; bh=rSZUkLp2dwHSm+UIzusRn5/xrj6dcJVbHJMXBdf75VI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Q2tIQ4h1JPkht4UGhb2zmQK7yO6RyXIfYIgZkQ13QtdXPr6kOud6noEeAalT2od4fa6eA860zYN1W2VBPc4hJtmNbTY9IUmBZ+mAzsg7CPnqPr3hOQSVvmD3UjA8JMsDM9zRfuyJBvTVgafBp06Euk5qOSrDAZBuhP9Iexvj4d0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=QjG/HLv9; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QjG/HLv9" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-442dc6f0138so11122765e9.0 for ; Mon, 26 May 2025 08:01:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748271714; x=1748876514; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gmu707McvzB9qrIM2SOB0uw2ZOo/VWhLS00FD7cGE34=; b=QjG/HLv9TgEZ14sijkWvj7hrBzcRVRbwNFuGx4MebiKbYocC5uRU5UiD7Win8T8nl9 39Mmp8+EzvAM0HOJAfNeBmqP7+nGSJBa1qiKLMLZLPLDVEz3KzJ0bPIiVBLb3zB24FK5 s85cn9Vet+riqw2Inmr4jGvwVET7Oqv38ygfbct+UrjkcAWka5EYwKMspsZdZEj9kyZH RhJPe2guQzuY7+PzObC3mNyNTJp8nOFcwG1VywhdtsWaCgMlDWDRfsjTu+94TE2gC02n nUT/NyzSiPbyWpdH0PWYv158UH755pcdcZi3NZ6eMIyyqL5YAsc2ksgZRDRIt1X7Hx+j nGzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748271714; x=1748876514; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gmu707McvzB9qrIM2SOB0uw2ZOo/VWhLS00FD7cGE34=; b=o9koTC1oOpjKAbsYb+35tVdBOpyb9ETaeZVBj3roQboXrSTfLBkDxly775uYWsfxIX mGGq3Pv4mhastFbPlf8Rv7q5edbE6cy2UNt0cCcauqC5lmUjlYmn/LevVDg6bNBjguQs 3yPniDGuC8nwXJLoqOSbYk1en3WH3CXm4vIbK6GR/mMkquVnQbPvlqaTlCNhuzcse4QJ ktVn5Ui3Ali5MA1ka0oio890ERliwzaULdP2c5TIIhipgoLEy/7VVC3uZ6LUBpCf/ebP DSz2vkXobpvSqRMeBFvviLGUcPvi//S4KU22R0uMTg8qTz22tGKqRHQlrmZPFwJHvalP NBug== X-Forwarded-Encrypted: i=1; AJvYcCXJ6LvnjKwHJ4xk/vUtsKFe/667S+eGavldLYzF0U3/6/MKk53CAOnIaaebkgGN7/0HPIWSkD7gdVYxWqs=@vger.kernel.org X-Gm-Message-State: AOJu0Yx626cFrODHC3vEMgFfMOFibh7HVNoyoAiFGqQ7dMBBN5a7dJFL 9SGW09Mp0h2ltXMjeyUwo/0O2DO1mny0KUT87LzYPWF+gSftPFm/1h4sFwNQVD1P+2i+Hg== X-Google-Smtp-Source: AGHT+IEuLXUfzhWfJxvRyzBZEmLcnV/eTe6MTDh2rld99RJvMnnSpAv1rAWOrWhFREvxiUW08HxJAT8= X-Received: from wmsd9.prod.google.com ([2002:a05:600c:3ac9:b0:442:f482:bba5]) (user=bqe job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8219:b0:442:d9f2:ded8 with SMTP id 5b1f17b1804b1-44c91dcbc7fmr97615135e9.15.1748271712942; Mon, 26 May 2025 08:01:52 -0700 (PDT) Date: Mon, 26 May 2025 15:01:33 +0000 In-Reply-To: <20250526150141.3407433-1-bqe@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250526150141.3407433-1-bqe@google.com> X-Mailer: git-send-email 2.49.0.1151.ga128411c76-goog Message-ID: <20250526150141.3407433-5-bqe@google.com> Subject: [PATCH v9 4/5] rust: add find_bit_benchmark_rust module. From: Burak Emir To: Yury Norov , Kees Cook Cc: Burak Emir , Rasmus Villemoes , Viresh Kumar , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , "=?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?=" , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , "Gustavo A . R . Silva" , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Microbenchmark protected by a config FIND_BIT_BENCHMARK_RUST, following `find_bit_benchmark.c` but testing the Rust Bitmap API. We add a fill_random() method protected by the config in order to maintain the abstraction. Suggested-by: Alice Ryhl Suggested-by: Yury Norov Signed-off-by: Burak Emir --- MAINTAINERS | 1 + lib/Kconfig.debug | 13 +++++ lib/Makefile | 1 + lib/find_bit_benchmark_rust.rs | 94 +++++++++++++++++++++++++++++++++ rust/bindings/bindings_helper.h | 1 + rust/kernel/bitmap.rs | 14 +++++ 6 files changed, 124 insertions(+) create mode 100644 lib/find_bit_benchmark_rust.rs diff --git a/MAINTAINERS b/MAINTAINERS index 565eaa015d9e..943d85ed1876 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4132,6 +4132,7 @@ M: Alice Ryhl M: Burak Emir R: Yury Norov S: Maintained +F: lib/find_bit_benchmark_rust.rs F: rust/kernel/bitmap.rs =20 BITOPS API diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index f9051ab610d5..37a07559243e 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2605,6 +2605,19 @@ config FIND_BIT_BENCHMARK =20 If unsure, say N. =20 +config FIND_BIT_BENCHMARK_RUST + tristate "Test find_bit functions in Rust" + help + This builds the "find_bit_benchmark_rust" module. It is a micro + benchmark that measures the performance of Rust functions that + correspond to the find_*_bit() operations in C. It follows the + FIND_BIT_BENCHMARK closely but will in general not yield same + numbers due to extra bounds checks and overhead of foreign + function calls. + + If unsure, say N. + + config TEST_FIRMWARE tristate "Test firmware loading via userspace interface" depends on FW_LOADER diff --git a/lib/Makefile b/lib/Makefile index f07b24ce1b3f..99e49a8f5bf8 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -62,6 +62,7 @@ obj-y +=3D hexdump.o obj-$(CONFIG_TEST_HEXDUMP) +=3D test_hexdump.o obj-y +=3D kstrtox.o obj-$(CONFIG_FIND_BIT_BENCHMARK) +=3D find_bit_benchmark.o +obj-$(CONFIG_FIND_BIT_BENCHMARK_RUST) +=3D find_bit_benchmark_rust.o obj-$(CONFIG_TEST_BPF) +=3D test_bpf.o test_dhry-objs :=3D dhry_1.o dhry_2.o dhry_run.o obj-$(CONFIG_TEST_DHRY) +=3D test_dhry.o diff --git a/lib/find_bit_benchmark_rust.rs b/lib/find_bit_benchmark_rust.rs new file mode 100644 index 000000000000..4966bfa497f1 --- /dev/null +++ b/lib/find_bit_benchmark_rust.rs @@ -0,0 +1,94 @@ +// SPDX-License-Identifier: GPL-2.0 +//! Benchmark for find_bit-like methods in Bitmap Rust API. + +use kernel::alloc::flags::GFP_KERNEL; +use kernel::bindings; +use kernel::bitmap::Bitmap; +use kernel::error::{code, Result}; +use kernel::pr_err; +use kernel::prelude::module; +use kernel::time::Ktime; +use kernel::ThisModule; + +const BITMAP_LEN: usize =3D 4096 * 8 * 10; +// Reciprocal of the fraction of bits that are set in sparse bitmap. +const SPARSENESS: usize =3D 500; + +/// Test module that benchmarks performance of traversing bitmaps. +struct FindBitBenchmarkModule(); + +fn test_next_bit(bitmap: &Bitmap) { + let mut time =3D Ktime::ktime_get(); + let mut cnt =3D 0; + let mut i =3D 0; + + while let Some(index) =3D bitmap.next_bit(i) { + cnt +=3D 1; + i =3D index + 1; + } + + time =3D Ktime::ktime_get() - time; + pr_err!( + "next_bit: {:18} ns, {:6} iterations\n", + time.to_ns(), + cnt + ); +} + +fn test_next_zero_bit(bitmap: &Bitmap) { + let mut time =3D Ktime::ktime_get(); + let mut cnt =3D 0; + let mut i =3D 0; + + while let Some(index) =3D bitmap.next_zero_bit(i) { + cnt +=3D 1; + i =3D index + 1; + } + + time =3D Ktime::ktime_get() - time; + pr_err!( + "next_zero_bit: {:18} ns, {:6} iterations\n", + time.to_ns(), + cnt + ); +} + +fn find_bit_test() { + pr_err!("Start testing find_bit() Rust with random-filled bitmap\n"); + + let mut bitmap =3D Bitmap::new(BITMAP_LEN, GFP_KERNEL).expect("alloc b= itmap failed"); + bitmap.fill_random(); + + test_next_bit(&bitmap); + test_next_zero_bit(&bitmap); + + pr_err!("Start testing find_bit() Rust with sparse bitmap\n"); + + let mut bitmap =3D Bitmap::new(BITMAP_LEN, GFP_KERNEL).expect("alloc s= parse bitmap failed"); + let nbits =3D BITMAP_LEN / SPARSENESS; + for _i in 0..nbits { + // SAFETY: BITMAP_LEN fits in 32 bits. + let bit: usize =3D + unsafe { bindings::__get_random_u32_below(BITMAP_LEN.try_into(= ).unwrap()) as _ }; + bitmap.set_bit(bit); + } + + test_next_bit(&bitmap); + test_next_zero_bit(&bitmap); +} + +impl kernel::Module for FindBitBenchmarkModule { + fn init(_module: &'static ThisModule) -> Result { + find_bit_test(); + // Return error so test module can be inserted again without rmmod. + Err(code::EINVAL) + } +} + +module! { + type: FindBitBenchmarkModule, + name: "find_bit_benchmark_rust_module", + authors: ["Burak Emir "], + description: "Module with benchmark for bitmap Rust API", + license: "GPL v2", +} diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helpe= r.h index b6bf3b039c1b..f6ca7f1dd08b 100644 --- a/rust/bindings/bindings_helper.h +++ b/rust/bindings/bindings_helper.h @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include diff --git a/rust/kernel/bitmap.rs b/rust/kernel/bitmap.rs index a6edd4889518..fa5fef0b6acd 100644 --- a/rust/kernel/bitmap.rs +++ b/rust/kernel/bitmap.rs @@ -232,6 +232,20 @@ pub fn new(nbits: usize, flags: Flags) -> Result { pub fn len(&self) -> usize { self.nbits } + + /// Fills this `Bitmap` with random bits. + #[cfg(CONFIG_FIND_BIT_BENCHMARK_RUST)] + pub fn fill_random(&mut self) { + // SAFETY: `self.as_mut_ptr` points to either an array of the + // appropriate length or one usize. + unsafe { + bindings::get_random_bytes( + self.as_mut_ptr() as *mut ffi::c_void, + usize::div_ceil(self.nbits, bindings::BITS_PER_LONG as usi= ze) + * bindings::BITS_PER_LONG as usize, + ); + } + } } =20 impl CBitmap { --=20 2.49.0.1151.ga128411c76-goog From nobody Fri Dec 19 20:59:47 2025 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CBE3A213240 for ; Mon, 26 May 2025 15:01:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271718; cv=none; b=o2/EmHCUiyG8i3qv1NqFK1MCDWeS0h4ggjS/hUfL9KarKf+McsVcQL7rUsh2QUOnoJ1LlZhRUZScP3MMVSRKLb9bvYYRP/AyQuZlN9Sa3ZKTXR58BmDmFpN2GswGu0iZ9UI4NQ6Vet1ubK3E0jDFwAk+CNGE5NcWTeYF/5hgLcc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748271718; c=relaxed/simple; bh=VvoZlhwxC1CR9pSeDpwnyRek3MbQmb/gC2C5ekD4kLU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GXmU3jqSg+ZoOlpnOUM6RS1J45oS1SkS5YEddmvrtl36fgwrv9hi69CFPteyZjn3BLtuNnAOUnRLxlbSiaxTbUI1hm2R0Wo59Q2Eoibr997ueE5F5+5TxhPwhCVfiayXAW6pZzogYbQDwwf4L2CLKj0pnBFpCFHeGFA6WWQSnmc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Teqv+g1t; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--bqe.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Teqv+g1t" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-442ffaa7dbeso17446295e9.3 for ; Mon, 26 May 2025 08:01:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748271715; x=1748876515; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YwqSAmf6/Ep/rBjlBKr3RxUitUbKRr9kZEP0SK5EUrg=; b=Teqv+g1tZnAMlyOMcfD467Nk2qGQ453iRdJ3JT1X4uBwt/k1jrrPJwC9OO/OyLY5h+ zvWmuiQHfM/4xnolDpHBElAmBZ+FrHKx1KbQ7oN8e2KabPh3c936w7/F2g5P/EwOIf63 enwXa+6egJPROtPksd/bwn0wbPFPjHciTw2CVnKr3QD9lHIwXBckLz17E6Ge6rwZQI3k VFHghTd6S75iiCYrCJV8RrosAg3+OHmrL1IOJMNg8IjVhicnRRnNmTGvH3v0q279q1tD go9cfPl8H3/L/NLJ4BctZmyusCt3Zt+N4H/TjY1q1Z5ZjdALSLmDi1csyrlbtl2IxI5A 0J0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748271715; x=1748876515; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YwqSAmf6/Ep/rBjlBKr3RxUitUbKRr9kZEP0SK5EUrg=; b=CqRKblcB0l7c4/e3fREIiEciJeLvwR/YYgFj+CNyj1dObOUFpA9kgJ8icrp2DpkcT1 zPDPWa9FpJZjfT3Q+XAMRX3gtjD9oUPDZe+U094r+utxZcsZ7sGIixw6WoXPzcxs/qCH FDL37VasQ9SHv7sYr9F/12cObweMGLKa0B4xJV7Vp6FZN9lnkmH7TrcphIsmgdSY82im J2UMRIyw/AN7YBOvUqnUfPg13j30gLi5T2Lo2wqH7WaEbCxovqQ3f2JaU/Jk7UlWiPSZ i35w/MpkbIrU8BWfh6Zz1tWpyCZCDUY7LvEzPK4WJ/sn5sgv50yskrdvtijivHpU2GZc Pjrw== X-Forwarded-Encrypted: i=1; AJvYcCWEeNWS+lsrGQCnKz1Q5YKJ8UY/oPMPHJzw1SDl8g+LC3q7jdwPoqF0SCrqTcIuupR6qYObSPJVMWnprFI=@vger.kernel.org X-Gm-Message-State: AOJu0YxlgUlv2W8zLaXc30GbpMs4fkroMvFCeMe6S+NRssMM4a6UG2xE ak9FrfYTcB+2okn4+wTf2ymgoGtkB5hD1gnuRPscInm3NOooyKFHKE9J8PP9TwyhAz/nOg== X-Google-Smtp-Source: AGHT+IEB7cMuTlLb7HKkkIS+Jsm8rSxyJlIIPKJvwa0MHgNrxtIoospK6jVxuDUB+SurigLdRBTYA88= X-Received: from wmqc13.prod.google.com ([2002:a05:600c:a4d:b0:43b:bf16:d6be]) (user=bqe job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8411:b0:43c:fe15:41cb with SMTP id 5b1f17b1804b1-44c91fbb039mr101751335e9.15.1748271715138; Mon, 26 May 2025 08:01:55 -0700 (PDT) Date: Mon, 26 May 2025 15:01:34 +0000 In-Reply-To: <20250526150141.3407433-1-bqe@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250526150141.3407433-1-bqe@google.com> X-Mailer: git-send-email 2.49.0.1151.ga128411c76-goog Message-ID: <20250526150141.3407433-6-bqe@google.com> Subject: [PATCH v9 5/5] rust: add dynamic ID pool abstraction for bitmap From: Burak Emir To: Yury Norov , Kees Cook Cc: Burak Emir , Rasmus Villemoes , Viresh Kumar , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , "=?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?=" , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , "Gustavo A . R . Silva" , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is a port of the Binder data structure introduced in commit 15d9da3f818c ("binder: use bitmap for faster descriptor lookup") to Rust. Like drivers/android/dbitmap.h, the ID pool abstraction lets clients acquire and release IDs. The implementation uses a bitmap to know what IDs are in use, and gives clients fine-grained control over the time of allocation. This fine-grained control is needed in the Android Binder. We provide an example that release a spinlock for allocation and unit tests (rustdoc examples). The implementation does not permit shrinking below capacity below BITS_PER_LONG. Suggested-by: Alice Ryhl Suggested-by: Yury Norov Signed-off-by: Burak Emir --- MAINTAINERS | 1 + rust/kernel/id_pool.rs | 222 +++++++++++++++++++++++++++++++++++++++++ rust/kernel/lib.rs | 1 + 3 files changed, 224 insertions(+) create mode 100644 rust/kernel/id_pool.rs diff --git a/MAINTAINERS b/MAINTAINERS index 943d85ed1876..bc95d98f266b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4134,6 +4134,7 @@ R: Yury Norov S: Maintained F: lib/find_bit_benchmark_rust.rs F: rust/kernel/bitmap.rs +F: rust/kernel/id_pool.rs =20 BITOPS API M: Yury Norov diff --git a/rust/kernel/id_pool.rs b/rust/kernel/id_pool.rs new file mode 100644 index 000000000000..cf26d405d9bb --- /dev/null +++ b/rust/kernel/id_pool.rs @@ -0,0 +1,222 @@ +// SPDX-License-Identifier: GPL-2.0 + +// Copyright (C) 2025 Google LLC. + +//! Rust API for an ID pool backed by a [`Bitmap`]. + +use crate::alloc::{AllocError, Flags}; +use crate::bitmap::Bitmap; + +/// Represents a dynamic ID pool backed by a [`Bitmap`]. +/// +/// Clients acquire and release IDs from unset bits in a bitmap. +/// +/// The capacity of the ID pool may be adjusted by users as +/// needed. The API supports the scenario where users need precise control +/// over the time of allocation of a new backing bitmap, which may require +/// release of spinlock. +/// Due to concurrent updates, all operations are re-verified to determine +/// if the grow or shrink is sill valid. +/// +/// # Examples +/// +/// Basic usage +/// +/// ``` +/// use kernel::alloc::{AllocError, flags::GFP_KERNEL}; +/// use kernel::id_pool::IdPool; +/// +/// let mut pool =3D IdPool::new(64, GFP_KERNEL)?; +/// for i in 0..64 { +/// assert_eq!(i, pool.acquire_next_id(i).ok_or(ENOSPC)?); +/// } +/// +/// pool.release_id(23); +/// assert_eq!(23, pool.acquire_next_id(0).ok_or(ENOSPC)?); +/// +/// assert_eq!(None, pool.acquire_next_id(0)); // time to realloc. +/// let resizer =3D pool.grow_request().ok_or(ENOSPC)?.realloc(GFP_KERNEL)= ?; +/// pool.grow(resizer); +/// +/// assert_eq!(pool.acquire_next_id(0), Some(64)); +/// # Ok::<(), Error>(()) +/// ``` +/// +/// Releasing spinlock to grow the pool +/// +/// ```no_run +/// use kernel::alloc::{AllocError, flags::GFP_KERNEL}; +/// use kernel::sync::{new_spinlock, SpinLock}; +/// use kernel::id_pool::IdPool; +/// +/// fn get_id_maybe_realloc(guarded_pool: &SpinLock) -> Result { +/// let mut pool =3D guarded_pool.lock(); +/// loop { +/// match pool.acquire_next_id(0) { +/// Some(index) =3D> return Ok(index), +/// None =3D> { +/// let alloc_request =3D pool.grow_request(); +/// drop(pool); +/// let resizer =3D alloc_request.ok_or(AllocError)?.realloc(GFP_K= ERNEL)?; +/// pool =3D guarded_pool.lock(); +/// pool.grow(resizer) +/// } +/// } +/// } +/// } +/// ``` +pub struct IdPool { + map: Bitmap, +} + +/// Indicates that an [`IdPool`] should change to a new target size. +pub struct ReallocRequest { + num_ids: usize, +} + +/// Contains a [`Bitmap`] of a size suitable for reallocating [`IdPool`]. +pub struct PoolResizer { + new: Bitmap, +} + +impl ReallocRequest { + /// Allocates a new backing [`Bitmap`] for [`IdPool`]. + /// + /// This method only prepares reallocation and does not complete it. + /// Reallocation will complete after passing the [`PoolResizer`] to the + /// [`IdPool::grow`] or [`IdPool::shrink`] operation, which will check + /// that reallocation still makes sense. + pub fn realloc(&self, flags: Flags) -> Result= { + let new =3D Bitmap::new(self.num_ids, flags)?; + Ok(PoolResizer { new }) + } +} + +impl IdPool { + /// Constructs a new `[IdPool]`. + /// + /// A capacity below [`BITS_PER_LONG`] is adjusted to [`BITS_PER_LONG`= ]. + #[inline] + pub fn new(num_ids: usize, flags: Flags) -> Result { + let num_ids =3D core::cmp::max(num_ids, bindings::BITS_PER_LONG as= usize); + let map =3D Bitmap::new(num_ids, flags)?; + Ok(Self { map }) + } + + /// Returns how many IDs this pool can currently have. + #[inline] + pub fn len(&self) -> usize { + self.map.len() + } + + /// Returns a [`ReallocRequest`] if the [`IdPool`] can be shrunk, [`No= ne`] otherwise. + /// + /// The capacity of an [`IdPool`] cannot be shrunk below [`BITS_PER_LO= NG`]. + /// + /// # Examples + /// + /// ``` + /// use kernel::alloc::{AllocError, flags::GFP_KERNEL}; + /// use kernel::id_pool::{ReallocRequest, IdPool}; + /// + /// let mut pool =3D IdPool::new(1024, GFP_KERNEL)?; + /// let alloc_request =3D pool.shrink_request().ok_or(AllocError)?; + /// let resizer =3D alloc_request.realloc(GFP_KERNEL)?; + /// pool.shrink(resizer); + /// assert_eq!(pool.len(), kernel::bindings::BITS_PER_LONG as usize); + /// # Ok::<(), AllocError>(()) + /// ``` + #[inline] + pub fn shrink_request(&self) -> Option { + let len =3D self.map.len(); + // Shrinking below [`BITS_PER_LONG`] is never possible. + if len <=3D bindings::BITS_PER_LONG as usize { + return None; + } + // Determine if the bitmap can shrink based on the position of + // its last set bit. If the bit is within the first quarter of + // the bitmap then shrinking is possible. In this case, the + // bitmap should shrink to half its current size. + let last_bit =3D self.map.last_bit(); + if last_bit.is_none() { + return Some(ReallocRequest { + num_ids: bindings::BITS_PER_LONG as usize, + }); + } + let bit =3D last_bit.unwrap(); + if bit >=3D (len / 4) { + return None; + } + let num_ids =3D core::cmp::max(bindings::BITS_PER_LONG as usize, l= en / 2); + Some(ReallocRequest { num_ids }) + } + + /// Shrinks pool by using a new [`Bitmap`], if still possible. + #[inline] + pub fn shrink(&mut self, mut resizer: PoolResizer) { + // Between request to shrink that led to allocation of `resizer` a= nd now, + // bits may have changed. + // Verify that shrinking is still possible. In case shrinking to + // the size of `resizer` is no longer possible, do nothing, + // drop `resizer` and move on. + let updated =3D self.shrink_request(); + if updated.is_none() { + return; + } + if updated.unwrap().num_ids > resizer.new.len() { + return; + } + + resizer.new.copy_and_extend(&self.map); + self.map =3D resizer.new; + } + + /// Returns a [`ReallocRequest`] for growing this [`IdPool`], if possi= ble. + /// + /// The capacity of an [`IdPool`] cannot be grown above [`i32::MAX`]. + #[inline] + pub fn grow_request(&self) -> Option { + let num_ids =3D self.map.len() * 2; + if num_ids > i32::MAX.try_into().unwrap() { + return None; + } + Some(ReallocRequest { num_ids }) + } + + /// Grows pool by using a new [`Bitmap`], if still necessary. + /// + /// The `resizer` arguments has to be obtained by calling [`grow_reque= st`] + /// on this object and performing a `realloc`. + #[inline] + pub fn grow(&mut self, mut resizer: PoolResizer) { + // Between request to grow that led to allocation of `resizer` and= now, + // another thread may have already grown the capacity. + // In this case, do nothing, drop `resizer` and move on. + if resizer.new.len() <=3D self.map.len() { + return; + } + + resizer.new.copy_and_extend(&self.map); + self.map =3D resizer.new; + } + + /// Acquires a new ID by finding and setting the next zero bit in the + /// bitmap. + /// + /// Upon success, returns its index. Otherwise, returns `None` + /// to indicate that a `grow_request` is needed. + #[inline] + pub fn acquire_next_id(&mut self, offset: usize) -> Option { + let next_zero_bit =3D self.map.next_zero_bit(offset); + if let Some(nr) =3D next_zero_bit { + self.map.set_bit(nr); + } + next_zero_bit + } + + /// Releases an ID. + #[inline] + pub fn release_id(&mut self, id: usize) { + self.map.clear_bit(id); + } +} diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 8c4161cd82ac..d7def807900a 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -54,6 +54,7 @@ #[cfg(CONFIG_RUST_FW_LOADER_ABSTRACTIONS)] pub mod firmware; pub mod fs; +pub mod id_pool; pub mod init; pub mod io; pub mod ioctl; --=20 2.49.0.1151.ga128411c76-goog