From: Beata Michalska <beata.michalska@arm.com>
To: Tamir Duberstein <tamird@gmail.com>
Cc: "Andreas Hindborg" <a.hindborg@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Matthew Wilcox" <willy@infradead.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Janne Grunau" <j@jannau.net>
Subject: Re: [PATCH v2 3/3] rust: xarray: add `insert` and `reserve`
Date: Mon, 11 Aug 2025 16:34:30 +0200 [thread overview]
Message-ID: <aJn_dtWDcoscYpgV@arm.com> (raw)
In-Reply-To: <CAJ-ks9=BU2jfT-MPzxDcXrZj7uQkKbVm6WhzGiJsM_628b2kmg@mail.gmail.com>
On Mon, Aug 11, 2025 at 09:09:56AM -0400, Tamir Duberstein wrote:
> On Mon, Aug 11, 2025 at 8:57 AM Beata Michalska <beata.michalska@arm.com> wrote:
> >
> > Hi Tamir,
> >
> > Apologies for such a late drop.
>
> Hi Beata, no worries, thanks for your review.
>
> >
> > On Sun, Jul 13, 2025 at 08:05:49AM -0400, Tamir Duberstein wrote:
[snip] ...
> > > +/// A reserved slot in an array.
> > > +///
> > > +/// The slot is released when the reservation goes out of scope.
> > > +///
> > > +/// Note that the array lock *must not* be held when the reservation is filled or dropped as this
> > > +/// will lead to deadlock. [`Reservation::fill_locked`] and [`Reservation::release_locked`] can be
> > > +/// used in context where the array lock is held.
> > > +#[must_use = "the reservation is released immediately when the reservation is unused"]
> > > +pub struct Reservation<'a, T: ForeignOwnable> {
> > > + xa: &'a XArray<T>,
> > > + index: usize,
> > > +}
> > > +
[snip] ...
> > > +
> > > +impl<T: ForeignOwnable> Drop for Reservation<'_, T> {
> > > + fn drop(&mut self) {
> > > + // NB: Errors here are possible since `Guard::store` does not honor reservations.
> > > + let _: Result = self.release_inner(None);
> > This seems bit risky as one can drop the reservation while still holding the
> > lock?
>
> Yes, that's true. The only way to avoid it would be to make the
> reservation borrowed from the guard, but that would exclude usage
> patterns where the caller wants to reserve and fulfill in different
> critical sections.
>
> Do you have a specific suggestion?
I guess we could try with locked vs unlocked `Reservation' types, which would
have different Drop implementations, and providing a way to convert locked into
unlocked. Just thinking out loud, so no, nothing specific here.
At very least we could add 'rust_helper_spin_assert_is_held() ?'
>
> > > + }
> > > }
> > >
> > > // SAFETY: `XArray<T>` has no shared mutable state so it is `Send` iff `T` is `Send`.
> > > @@ -282,3 +617,136 @@ unsafe impl<T: ForeignOwnable + Send> Send for XArray<T> {}
> > > // SAFETY: `XArray<T>` serialises the interior mutability it provides so it is `Sync` iff `T` is
> > > // `Send`.
> > > unsafe impl<T: ForeignOwnable + Send> Sync for XArray<T> {}
> > > +
> > > +#[macros::kunit_tests(rust_xarray_kunit)]
> > > +mod tests {
> > > + use super::*;
> > > + use pin_init::stack_pin_init;
> > > +
> > > + fn new_kbox<T>(value: T) -> Result<KBox<T>> {
> > > + KBox::new(value, GFP_KERNEL).map_err(Into::into)
> > I believe this should be GFP_ATOMIC as it is being called while holding the xa
> > lock.
>
> I'm not sure what you mean - this function can be called in any
> context, and besides: it is test-only code.
Actually it cannot: allocations using GFP_KERNEL can sleep so should not be
called from atomic context, which is what is happening in the test cases.
---
BR
Beata
>
> >
> > Otherwise:
> >
> > Tested-By: Beata Michalska <beata.michalska@arm.com>
>
> Thanks!
> Tamir
>
> >
> > ---
> > BR
> > Beata
> > > + }
> > > +
> > > + #[test]
> > > + fn test_alloc_kind_alloc() -> Result {
> > > + test_alloc_kind(AllocKind::Alloc, 0)
> > > + }
> > > +
> > > + #[test]
> > > + fn test_alloc_kind_alloc1() -> Result {
> > > + test_alloc_kind(AllocKind::Alloc1, 1)
> > > + }
> > > +
> > > + fn test_alloc_kind(kind: AllocKind, expected_index: usize) -> Result {
> > > + stack_pin_init!(let xa = XArray::new(kind));
> > > + let mut guard = xa.lock();
> > > +
> > > + let reservation = guard.reserve_limit(.., GFP_KERNEL)?;
> > > + assert_eq!(reservation.index(), expected_index);
> > > + reservation.release_locked(&mut guard)?;
> > > +
> > > + let insertion = guard.insert_limit(.., new_kbox(0x1337)?, GFP_KERNEL);
> > > + assert!(insertion.is_ok());
> > > + let insertion_index = insertion.unwrap();
> > > + assert_eq!(insertion_index, expected_index);
> > > +
> > > + Ok(())
> > > + }
> > > +
> > > + #[test]
> > > + fn test_insert_and_reserve_interaction() -> Result {
> > > + const IDX: usize = 0x1337;
> > > +
> > > + fn insert<T: ForeignOwnable>(
> > > + guard: &mut Guard<'_, T>,
> > > + value: T,
> > > + ) -> Result<(), StoreError<T>> {
> > > + guard.insert(IDX, value, GFP_KERNEL)
> > > + }
> > > +
> > > + fn reserve<'a, T: ForeignOwnable>(guard: &mut Guard<'a, T>) -> Result<Reservation<'a, T>> {
> > > + guard.reserve(IDX, GFP_KERNEL)
> > > + }
> > > +
> > > + #[track_caller]
> > > + fn check_not_vacant<'a>(guard: &mut Guard<'a, KBox<usize>>) -> Result {
> > > + // Insertion fails.
> > > + {
> > > + let beef = new_kbox(0xbeef)?;
> > > + let ret = insert(guard, beef);
> > > + assert!(ret.is_err());
> > > + let StoreError { error, value } = ret.unwrap_err();
> > > + assert_eq!(error, EBUSY);
> > > + assert_eq!(*value, 0xbeef);
> > > + }
> > > +
> > > + // Reservation fails.
> > > + {
> > > + let ret = reserve(guard);
> > > + assert!(ret.is_err());
> > > + assert_eq!(ret.unwrap_err(), EBUSY);
> > > + }
> > > +
> > > + Ok(())
> > > + }
> > > +
> > > + stack_pin_init!(let xa = XArray::new(Default::default()));
> > > + let mut guard = xa.lock();
> > > +
> > > + // Vacant.
> > > + assert_eq!(guard.get(IDX), None);
> > > +
> > > + // Reservation succeeds.
> > > + let reservation = {
> > > + let ret = reserve(&mut guard);
> > > + assert!(ret.is_ok());
> > > + ret.unwrap()
> > > + };
> > > +
> > > + // Reserved presents as vacant.
> > > + assert_eq!(guard.get(IDX), None);
> > > +
> > > + check_not_vacant(&mut guard)?;
> > > +
> > > + // Release reservation.
> > > + {
> > > + let ret = reservation.release_locked(&mut guard);
> > > + assert!(ret.is_ok());
> > > + let () = ret.unwrap();
> > > + }
> > > +
> > > + // Vacant again.
> > > + assert_eq!(guard.get(IDX), None);
> > > +
> > > + // Insert succeeds.
> > > + {
> > > + let dead = new_kbox(0xdead)?;
> > > + let ret = insert(&mut guard, dead);
> > > + assert!(ret.is_ok());
> > > + let () = ret.unwrap();
> > > + }
> > > +
> > > + check_not_vacant(&mut guard)?;
> > > +
> > > + // Remove.
> > > + assert_eq!(guard.remove(IDX).as_deref(), Some(&0xdead));
> > > +
> > > + // Reserve and fill.
> > > + {
> > > + let beef = new_kbox(0xbeef)?;
> > > + let ret = reserve(&mut guard);
> > > + assert!(ret.is_ok());
> > > + let reservation = ret.unwrap();
> > > + let ret = reservation.fill_locked(&mut guard, beef);
> > > + assert!(ret.is_ok());
> > > + let () = ret.unwrap();
> > > + };
> > > +
> > > + check_not_vacant(&mut guard)?;
> > > +
> > > + // Remove.
> > > + assert_eq!(guard.remove(IDX).as_deref(), Some(&0xbeef));
> > > +
> > > + Ok(())
> > > + }
> > > +}
> > >
> > > --
> > > 2.50.1
> > >
> > >
>
next prev parent reply other threads:[~2025-08-11 14:35 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-13 12:05 [PATCH v2 0/3] rust: xarray: add `insert` and `reserve` Tamir Duberstein
2025-07-13 12:05 ` [PATCH v2 1/3] rust: xarray: use the prelude Tamir Duberstein
2025-08-11 11:06 ` Andreas Hindborg
2025-07-13 12:05 ` [PATCH v2 2/3] rust: xarray: implement Default for AllocKind Tamir Duberstein
2025-08-11 11:07 ` Andreas Hindborg
2025-07-13 12:05 ` [PATCH v2 3/3] rust: xarray: add `insert` and `reserve` Tamir Duberstein
2025-08-11 12:56 ` Beata Michalska
2025-08-11 13:09 ` Tamir Duberstein
2025-08-11 14:34 ` Beata Michalska [this message]
2025-08-11 18:02 ` Tamir Duberstein
2025-08-13 8:00 ` Beata Michalska
2025-08-11 13:28 ` Andreas Hindborg
2025-08-11 13:42 ` Tamir Duberstein
2025-08-11 13:56 ` Miguel Ojeda
2025-07-23 1:38 ` [PATCH v2 0/3] " Daniel Almeida
2025-07-24 18:50 ` Daniel Almeida
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJn_dtWDcoscYpgV@arm.com \
--to=beata.michalska@arm.com \
--cc=a.hindborg@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=gary@garyguo.net \
--cc=j@jannau.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tamird@gmail.com \
--cc=tmgross@umich.edu \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.