From: Peter Zijlstra <peterz@infradead.org>
To: Lyude Paul <lyude@redhat.com>
Cc: rust-for-linux@vger.kernel.org,
"Thomas Gleixner" <tglx@linutronix.de>,
"Boqun Feng" <boqun.feng@gmail.com>,
linux-kernel@vger.kernel.org,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Juri Lelli" <juri.lelli@redhat.com>,
"Vincent Guittot" <vincent.guittot@linaro.org>,
"Dietmar Eggemann" <dietmar.eggemann@arm.com>,
"Steven Rostedt" <rostedt@goodmis.org>,
"Ben Segall" <bsegall@google.com>, "Mel Gorman" <mgorman@suse.de>,
"Valentin Schneider" <vschneid@redhat.com>,
"Will Deacon" <will@kernel.org>,
"Waiman Long" <longman@redhat.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Jens Axboe" <axboe@kernel.dk>,
"Sebastian Andrzej Siewior" <bigeasy@linutronix.de>,
NeilBrown <neilb@suse.de>,
"Caleb Sander Mateos" <csander@purestorage.com>,
"Ryo Takakura" <ryotkkr98@gmail.com>,
"K Prateek Nayak" <kprateek.nayak@amd.com>
Subject: Re: [RFC RESEND v10 03/14] irq & spin_lock: Add counted interrupt disabling/enabling
Date: Wed, 28 May 2025 11:10:23 +0200 [thread overview]
Message-ID: <20250528091023.GY39944@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20250527222254.565881-4-lyude@redhat.com>
On Tue, May 27, 2025 at 06:21:44PM -0400, Lyude Paul wrote:
> From: Boqun Feng <boqun.feng@gmail.com>
>
> Currently the nested interrupt disabling and enabling is present by
> _irqsave() and _irqrestore() APIs, which are relatively unsafe, for
> example:
>
> <interrupts are enabled as beginning>
> spin_lock_irqsave(l1, flag1);
> spin_lock_irqsave(l2, flag2);
> spin_unlock_irqrestore(l1, flags1);
> <l2 is still held but interrupts are enabled>
> // accesses to interrupt-disable protect data will cause races.
>
> This is even easier to triggered with guard facilities:
>
> unsigned long flag2;
>
> scoped_guard(spin_lock_irqsave, l1) {
> spin_lock_irqsave(l2, flag2);
> }
> // l2 locked but interrupts are enabled.
> spin_unlock_irqrestore(l2, flag2);
>
> (Hand-to-hand locking critical sections are not uncommon for a
> fine-grained lock design)
>
> And because this unsafety, Rust cannot easily wrap the
> interrupt-disabling locks in a safe API, which complicates the design.
>
> To resolve this, introduce a new set of interrupt disabling APIs:
>
> * local_interrupt_disable();
> * local_interrupt_enable();
>
> They work like local_irq_save() and local_irq_restore() except that 1)
> the outermost local_interrupt_disable() call save the interrupt state
> into a percpu variable, so that the outermost local_interrupt_enable()
> can restore the state, and 2) a percpu counter is added to record the
> nest level of these calls, so that interrupts are not accidentally
> enabled inside the outermost critical section.
>
> Also add the corresponding spin_lock primitives: spin_lock_irq_disable()
> and spin_unlock_irq_enable(), as a result, code as follow:
>
> spin_lock_irq_disable(l1);
> spin_lock_irq_disable(l2);
> spin_unlock_irq_enable(l1);
> // Interrupts are still disabled.
> spin_unlock_irq_enable(l2);
>
> doesn't have the issue that interrupts are accidentally enabled.
>
> This also makes the wrapper of interrupt-disabling locks on Rust easier
> to design.
>
> Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
>
> ---
> V10:
> * Add missing __raw_spin_lock_irq_disable() definition in spinlock.c
>
> Signed-off-by: Lyude Paul <lyude@redhat.com>
Your SOB is placed wrong, should be below Boqun's. This way it gets
lost.
Also, is there effort planned to fully remove the save/restore variant?
As before, my main objection is adding variants with overlapping
functionality while not cleaning up the pre-existing code.
next prev parent reply other threads:[~2025-05-28 9:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-27 22:21 [RFC RESEND v10 00/14] Refcounted interrupts, SpinLockIrq for rust Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 01/14] preempt: Introduce HARDIRQ_DISABLE_BITS Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 02/14] preempt: Introduce __preempt_count_{sub, add}_return() Lyude Paul
2025-05-28 6:37 ` Heiko Carstens
2025-05-27 22:21 ` [RFC RESEND v10 03/14] irq & spin_lock: Add counted interrupt disabling/enabling Lyude Paul
2025-05-28 9:10 ` Peter Zijlstra [this message]
2025-05-28 14:03 ` Steven Rostedt
2025-05-28 14:47 ` Boqun Feng
2025-06-16 17:54 ` Joel Fernandes
2025-06-16 18:02 ` Boqun Feng
2025-06-16 18:37 ` Joel Fernandes
2025-06-17 14:14 ` Steven Rostedt
2025-05-28 18:47 ` Lyude Paul
2025-06-16 18:10 ` Joel Fernandes
2025-06-16 18:16 ` Boqun Feng
2025-06-17 14:11 ` Steven Rostedt
2025-06-17 14:34 ` Boqun Feng
2025-06-17 15:11 ` Steven Rostedt
2025-06-17 14:25 ` Boqun Feng
2025-05-27 22:21 ` [RFC RESEND v10 04/14] rust: Introduce interrupt module Lyude Paul
2025-05-29 9:21 ` Benno Lossin
2025-05-27 22:21 ` [RFC RESEND v10 05/14] rust: helper: Add spin_{un,}lock_irq_{enable,disable}() helpers Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 06/14] rust: sync: Add SpinLockIrq Lyude Paul
2025-06-16 19:51 ` Joel Fernandes
2025-07-16 20:29 ` Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 07/14] rust: sync: Introduce lock::Backend::Context Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 08/14] rust: sync: lock: Add `Backend::BackendInContext` Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 09/14] rust: sync: Add a lifetime parameter to lock::global::GlobalGuard Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 10/14] rust: sync: lock/global: Rename B to G in trait bounds Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 11/14] rust: sync: Expose lock::Backend Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 12/14] rust: sync: lock/global: Add Backend parameter to GlobalGuard Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 13/14] rust: sync: lock/global: Add BackendInContext support to GlobalLock Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 14/14] locking: Switch to _irq_{disable,enable}() variants in cleanup guards Lyude Paul
2025-05-28 6:11 ` Sebastian Andrzej Siewior
2025-07-02 10:16 ` [RFC RESEND v10 00/14] Refcounted interrupts, SpinLockIrq for rust Benno Lossin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250528091023.GY39944@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=axboe@kernel.dk \
--cc=bigeasy@linutronix.de \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=bsegall@google.com \
--cc=csander@purestorage.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=dietmar.eggemann@arm.com \
--cc=dwmw@amazon.co.uk \
--cc=gary@garyguo.net \
--cc=juri.lelli@redhat.com \
--cc=kprateek.nayak@amd.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=lossin@kernel.org \
--cc=lyude@redhat.com \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=neilb@suse.de \
--cc=ojeda@kernel.org \
--cc=rostedt@goodmis.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=ryotkkr98@gmail.com \
--cc=tglx@linutronix.de \
--cc=tmgross@umich.edu \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.