From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Danilo Krummrich <dakr@kernel.org>
Cc: "Matthew Maurer" <mmaurer@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Rafael J. Wysocki" <rafael@kernel.org>,
"Sami Tolvanen" <samitolvanen@google.com>,
"Timur Tabi" <ttabi@nvidia.com>,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org
Subject: Re: [PATCH v3 1/4] rust: debugfs: Bind DebugFS directory creation
Date: Fri, 2 May 2025 13:55:08 +0200 [thread overview]
Message-ID: <2025050208-jot-evolve-89b6@gregkh> (raw)
In-Reply-To: <aBR1O6d6YBszgVlU@pollux>
On Fri, May 02, 2025 at 09:33:15AM +0200, Danilo Krummrich wrote:
> On Fri, May 02, 2025 at 09:11:37AM +0200, Greg Kroah-Hartman wrote:
> > On Fri, May 02, 2025 at 09:05:25AM +0200, Danilo Krummrich wrote:
> > > On Fri, May 02, 2025 at 09:00:07AM +0200, Greg Kroah-Hartman wrote:
> > > > On Fri, May 02, 2025 at 08:37:40AM +0200, Danilo Krummrich wrote:
> > > > > On Thu, May 01, 2025 at 10:47:41PM +0000, Matthew Maurer wrote:
> > > > > > +/// Handle to a DebugFS directory that will stay alive after leaving scope.
> > > > > > +#[repr(transparent)]
> > > > > > +pub struct SubDir(ManuallyDrop<Dir>);
> > > > >
> > > > > I think it's not very intuitive if the default is that a SubDir still exists
> > > > > after it has been dropped. I think your first approach being explicit about this
> > > > > with keep() consuming the SubDir was much better; please keep this approach.
> > > >
> > > > Wait, let's step back. Why do we care about the difference between a
> > > > "subdir" and a "dir"? They both are the same thing, and how do you
> > > > describe a subdir of a subdir? :)
> > >
> > > We care about the difference, because Dir originally had keep() which drops the
> > > Dir instance without actually removing it. For subdirs this is fine, since
> > > they'll be cleaned up when the parent is removed.
> >
> > But does that mean a subdir can not be cleaned up without dropping the
> > parent first? For many subsystems, they make a "root" debugfs
> > directory, and then add/remove subdirs all the time within that.
>
> In the following I will call the first top level directory created by a module /
> driver "root".
>
> The logic I propose is that "root" is of type Dir, which means there is no
> keep() and if dropped the whole tree under root is removed.
>
> A subdir created under a Dir is of type SubDir and has the keep() method and if
> called consumes the type instance and subsequently can only ever be removed by
> dropping root.
>
> Alternatively a SubDir can be converted into a Dir, and hence don't has keep()
> anymore and if dropped will be removed.
>
> So, the result is that we still can add / remove subdirs as we want.
>
> The advantage is that we don't have keep() for root, which would be a dedicated
> API for driver / modules to create bugs. If a driver / module would call keep()
> on the root, it would not only mean that we leak the root directory, but also
> all subdirs and files that we called keep() on.
>
> This becomes even more problematic if we start attaching data to files. Think of
> an Arc that is attached to a file, which keeps driver data alive just because we
> leaked the root.
Ok, fair enough, let's try it this way, without keep()
> > > However, we don't want users to be able to call keep() on the directory that has
> > > been created first, since if that's done we loose our root anchor to ever free
> > > the tree, which almost always would be a bug.
> >
> > Then do a call to debugfs_lookup_and_remove() which is what I really
> > recommend doing for any C user anyway. That way no dentry is ever
> > "stored" anywhere.
> >
> > Anyway, if Dir always has an implicit keep() call in it, then I guess
> > this is ok. Let's see how this shakes out with some real-world users.
> > We can always change it over time if it gets unwieldy.
>
> I really advise against it, Rust allows us to model such subtile differences
> properly (and easily) with the type system to avoid bugs. Let's take advantage
> of that.
>
> Using debugfs_lookup_and_remove() wouldn't change anything, since we want to
> attach the lifetime of a directory to a corresponding object.
>
> (Otherwise we're back to where we are with C, i.e. the user has to remember to
> call the correct thing at the correct time, rather than letting the type system
> take care instead.)
>
> So, instead of debugfs_remove() we'd call debugfs_lookup_and_remove() from
> Dir::drop(), which only changes what we store in Dir, i.e. struct dentry pointer
> vs. CString.
Ok, that's fine, and it gives me an idea of how I can fix up the C api
over time to get rid of exporting the dentry entirely :)
thanks,
greg k-h
next prev parent reply other threads:[~2025-05-02 11:55 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-01 22:47 [PATCH v3 0/4] rust: DebugFS Bindings Matthew Maurer
2025-05-01 22:47 ` [PATCH v3 1/4] rust: debugfs: Bind DebugFS directory creation Matthew Maurer
2025-05-02 6:37 ` Danilo Krummrich
2025-05-02 7:00 ` Greg Kroah-Hartman
2025-05-02 7:05 ` Danilo Krummrich
2025-05-02 7:11 ` Greg Kroah-Hartman
2025-05-02 7:33 ` Danilo Krummrich
2025-05-02 7:39 ` Danilo Krummrich
2025-05-02 11:55 ` Greg Kroah-Hartman [this message]
2025-05-02 16:13 ` Matthew Maurer
2025-05-02 15:48 ` Matthew Maurer
2025-05-03 11:58 ` Danilo Krummrich
2025-05-02 8:12 ` Benno Lossin
2025-05-02 11:36 ` Greg Kroah-Hartman
2025-05-01 22:47 ` [PATCH v3 2/4] rust: debugfs: Bind file creation for long-lived Display Matthew Maurer
2025-05-02 6:52 ` Danilo Krummrich
2025-05-02 18:07 ` Matthew Maurer
2025-05-03 12:14 ` Danilo Krummrich
2025-05-01 22:47 ` [PATCH v3 3/4] rust: debugfs: Support format hooks Matthew Maurer
2025-05-01 22:47 ` [PATCH v3 4/4] rust: samples: Add debugfs sample Matthew Maurer
2025-05-02 7:01 ` Danilo Krummrich
2025-05-02 7:13 ` Greg Kroah-Hartman
2025-05-02 7:44 ` Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025050208-jot-evolve-89b6@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mmaurer@google.com \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=tmgross@umich.edu \
--cc=ttabi@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.