From: Tamir Duberstein <tamird@gmail.com>
To: Beata Michalska <beata.michalska@arm.com>
Cc: "Andreas Hindborg" <a.hindborg@kernel.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Matthew Wilcox" <willy@infradead.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Janne Grunau" <j@jannau.net>
Subject: Re: [PATCH v2 3/3] rust: xarray: add `insert` and `reserve`
Date: Mon, 11 Aug 2025 14:02:59 -0400 [thread overview]
Message-ID: <CAJ-ks9kECSobk0NX6SXn1US7My028POc=nLmw0AHZGiRUstP2g@mail.gmail.com> (raw)
In-Reply-To: <aJn_dtWDcoscYpgV@arm.com>
On Mon, Aug 11, 2025 at 10:35 AM Beata Michalska
<beata.michalska@arm.com> wrote:
>
> On Mon, Aug 11, 2025 at 09:09:56AM -0400, Tamir Duberstein wrote:
> > On Mon, Aug 11, 2025 at 8:57 AM Beata Michalska <beata.michalska@arm.com> wrote:
> > >
> > > Hi Tamir,
> > >
> > > Apologies for such a late drop.
> >
> > Hi Beata, no worries, thanks for your review.
> >
> > >
> > > On Sun, Jul 13, 2025 at 08:05:49AM -0400, Tamir Duberstein wrote:
> [snip] ...
> > > > +/// A reserved slot in an array.
> > > > +///
> > > > +/// The slot is released when the reservation goes out of scope.
> > > > +///
> > > > +/// Note that the array lock *must not* be held when the reservation is filled or dropped as this
> > > > +/// will lead to deadlock. [`Reservation::fill_locked`] and [`Reservation::release_locked`] can be
> > > > +/// used in context where the array lock is held.
> > > > +#[must_use = "the reservation is released immediately when the reservation is unused"]
> > > > +pub struct Reservation<'a, T: ForeignOwnable> {
> > > > + xa: &'a XArray<T>,
> > > > + index: usize,
> > > > +}
> > > > +
> [snip] ...
> > > > +
> > > > +impl<T: ForeignOwnable> Drop for Reservation<'_, T> {
> > > > + fn drop(&mut self) {
> > > > + // NB: Errors here are possible since `Guard::store` does not honor reservations.
> > > > + let _: Result = self.release_inner(None);
> > > This seems bit risky as one can drop the reservation while still holding the
> > > lock?
> >
> > Yes, that's true. The only way to avoid it would be to make the
> > reservation borrowed from the guard, but that would exclude usage
> > patterns where the caller wants to reserve and fulfill in different
> > critical sections.
> >
> > Do you have a specific suggestion?
> I guess we could try with locked vs unlocked `Reservation' types, which would
> have different Drop implementations, and providing a way to convert locked into
> unlocked. Just thinking out loud, so no, nothing specific here.
> At very least we could add 'rust_helper_spin_assert_is_held() ?'
I don't see how having two types of reservations would help.
Can you help me understand how you'd use `rust_helper_spin_assert_is_held` here?
> >
> > > > + }
> > > > }
> > > >
> > > > // SAFETY: `XArray<T>` has no shared mutable state so it is `Send` iff `T` is `Send`.
> > > > @@ -282,3 +617,136 @@ unsafe impl<T: ForeignOwnable + Send> Send for XArray<T> {}
> > > > // SAFETY: `XArray<T>` serialises the interior mutability it provides so it is `Sync` iff `T` is
> > > > // `Send`.
> > > > unsafe impl<T: ForeignOwnable + Send> Sync for XArray<T> {}
> > > > +
> > > > +#[macros::kunit_tests(rust_xarray_kunit)]
> > > > +mod tests {
> > > > + use super::*;
> > > > + use pin_init::stack_pin_init;
> > > > +
> > > > + fn new_kbox<T>(value: T) -> Result<KBox<T>> {
> > > > + KBox::new(value, GFP_KERNEL).map_err(Into::into)
> > > I believe this should be GFP_ATOMIC as it is being called while holding the xa
> > > lock.
> >
> > I'm not sure what you mean - this function can be called in any
> > context, and besides: it is test-only code.
> Actually it cannot: allocations using GFP_KERNEL can sleep so should not be
> called from atomic context, which is what is happening in the test cases.
I see. There are no threads involved in these tests, so I think it is
just fine to sleep with this particular lock held. Can you help me
understand why this is incorrect?
>
> ---
> BR
> Beata
> >
> > >
> > > Otherwise:
> > >
> > > Tested-By: Beata Michalska <beata.michalska@arm.com>
> >
> > Thanks!
> > Tamir
> >
> > >
> > > ---
> > > BR
> > > Beata
> > > > + }
> > > > +
> > > > + #[test]
> > > > + fn test_alloc_kind_alloc() -> Result {
> > > > + test_alloc_kind(AllocKind::Alloc, 0)
> > > > + }
> > > > +
> > > > + #[test]
> > > > + fn test_alloc_kind_alloc1() -> Result {
> > > > + test_alloc_kind(AllocKind::Alloc1, 1)
> > > > + }
> > > > +
> > > > + fn test_alloc_kind(kind: AllocKind, expected_index: usize) -> Result {
> > > > + stack_pin_init!(let xa = XArray::new(kind));
> > > > + let mut guard = xa.lock();
> > > > +
> > > > + let reservation = guard.reserve_limit(.., GFP_KERNEL)?;
> > > > + assert_eq!(reservation.index(), expected_index);
> > > > + reservation.release_locked(&mut guard)?;
> > > > +
> > > > + let insertion = guard.insert_limit(.., new_kbox(0x1337)?, GFP_KERNEL);
> > > > + assert!(insertion.is_ok());
> > > > + let insertion_index = insertion.unwrap();
> > > > + assert_eq!(insertion_index, expected_index);
> > > > +
> > > > + Ok(())
> > > > + }
> > > > +
> > > > + #[test]
> > > > + fn test_insert_and_reserve_interaction() -> Result {
> > > > + const IDX: usize = 0x1337;
> > > > +
> > > > + fn insert<T: ForeignOwnable>(
> > > > + guard: &mut Guard<'_, T>,
> > > > + value: T,
> > > > + ) -> Result<(), StoreError<T>> {
> > > > + guard.insert(IDX, value, GFP_KERNEL)
> > > > + }
> > > > +
> > > > + fn reserve<'a, T: ForeignOwnable>(guard: &mut Guard<'a, T>) -> Result<Reservation<'a, T>> {
> > > > + guard.reserve(IDX, GFP_KERNEL)
> > > > + }
> > > > +
> > > > + #[track_caller]
> > > > + fn check_not_vacant<'a>(guard: &mut Guard<'a, KBox<usize>>) -> Result {
> > > > + // Insertion fails.
> > > > + {
> > > > + let beef = new_kbox(0xbeef)?;
> > > > + let ret = insert(guard, beef);
> > > > + assert!(ret.is_err());
> > > > + let StoreError { error, value } = ret.unwrap_err();
> > > > + assert_eq!(error, EBUSY);
> > > > + assert_eq!(*value, 0xbeef);
> > > > + }
> > > > +
> > > > + // Reservation fails.
> > > > + {
> > > > + let ret = reserve(guard);
> > > > + assert!(ret.is_err());
> > > > + assert_eq!(ret.unwrap_err(), EBUSY);
> > > > + }
> > > > +
> > > > + Ok(())
> > > > + }
> > > > +
> > > > + stack_pin_init!(let xa = XArray::new(Default::default()));
> > > > + let mut guard = xa.lock();
> > > > +
> > > > + // Vacant.
> > > > + assert_eq!(guard.get(IDX), None);
> > > > +
> > > > + // Reservation succeeds.
> > > > + let reservation = {
> > > > + let ret = reserve(&mut guard);
> > > > + assert!(ret.is_ok());
> > > > + ret.unwrap()
> > > > + };
> > > > +
> > > > + // Reserved presents as vacant.
> > > > + assert_eq!(guard.get(IDX), None);
> > > > +
> > > > + check_not_vacant(&mut guard)?;
> > > > +
> > > > + // Release reservation.
> > > > + {
> > > > + let ret = reservation.release_locked(&mut guard);
> > > > + assert!(ret.is_ok());
> > > > + let () = ret.unwrap();
> > > > + }
> > > > +
> > > > + // Vacant again.
> > > > + assert_eq!(guard.get(IDX), None);
> > > > +
> > > > + // Insert succeeds.
> > > > + {
> > > > + let dead = new_kbox(0xdead)?;
> > > > + let ret = insert(&mut guard, dead);
> > > > + assert!(ret.is_ok());
> > > > + let () = ret.unwrap();
> > > > + }
> > > > +
> > > > + check_not_vacant(&mut guard)?;
> > > > +
> > > > + // Remove.
> > > > + assert_eq!(guard.remove(IDX).as_deref(), Some(&0xdead));
> > > > +
> > > > + // Reserve and fill.
> > > > + {
> > > > + let beef = new_kbox(0xbeef)?;
> > > > + let ret = reserve(&mut guard);
> > > > + assert!(ret.is_ok());
> > > > + let reservation = ret.unwrap();
> > > > + let ret = reservation.fill_locked(&mut guard, beef);
> > > > + assert!(ret.is_ok());
> > > > + let () = ret.unwrap();
> > > > + };
> > > > +
> > > > + check_not_vacant(&mut guard)?;
> > > > +
> > > > + // Remove.
> > > > + assert_eq!(guard.remove(IDX).as_deref(), Some(&0xbeef));
> > > > +
> > > > + Ok(())
> > > > + }
> > > > +}
> > > >
> > > > --
> > > > 2.50.1
> > > >
> > > >
> >
next prev parent reply other threads:[~2025-08-11 18:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-13 12:05 [PATCH v2 0/3] rust: xarray: add `insert` and `reserve` Tamir Duberstein
2025-07-13 12:05 ` [PATCH v2 1/3] rust: xarray: use the prelude Tamir Duberstein
2025-08-11 11:06 ` Andreas Hindborg
2025-07-13 12:05 ` [PATCH v2 2/3] rust: xarray: implement Default for AllocKind Tamir Duberstein
2025-08-11 11:07 ` Andreas Hindborg
2025-07-13 12:05 ` [PATCH v2 3/3] rust: xarray: add `insert` and `reserve` Tamir Duberstein
2025-08-11 12:56 ` Beata Michalska
2025-08-11 13:09 ` Tamir Duberstein
2025-08-11 14:34 ` Beata Michalska
2025-08-11 18:02 ` Tamir Duberstein [this message]
2025-08-13 8:00 ` Beata Michalska
2025-08-11 13:28 ` Andreas Hindborg
2025-08-11 13:42 ` Tamir Duberstein
2025-08-11 13:56 ` Miguel Ojeda
2025-07-23 1:38 ` [PATCH v2 0/3] " Daniel Almeida
2025-07-24 18:50 ` Daniel Almeida
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ-ks9kECSobk0NX6SXn1US7My028POc=nLmw0AHZGiRUstP2g@mail.gmail.com' \
--to=tamird@gmail.com \
--cc=a.hindborg@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=beata.michalska@arm.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=gary@garyguo.net \
--cc=j@jannau.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).