From: Boqun Feng <boqun.feng@gmail.com>
To: Lyude Paul <lyude@redhat.com>
Cc: rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Dirk Behme" <dirk.behme@de.bosch.com>,
"Tamir Duberstein" <tamird@gmail.com>,
"Filipe Xavier" <felipe_life@live.com>,
"Martin Rodriguez Reboredo" <yakoyoku@gmail.com>,
"Valentin Obst" <kernel@valentinobst.de>,
"Wedson Almeida Filho" <walmeida@microsoft.com>,
"Danilo Krummrich" <dakr@kernel.org>
Subject: Re: [PATCH v2] rust: sync: Add lock::Backend::assert_is_held()
Date: Sun, 15 Dec 2024 12:17:51 -0800 [thread overview]
Message-ID: <Z185bwYfvVUJ2EXZ@tardis.local> (raw)
In-Reply-To: <20241125204139.656801-1-lyude@redhat.com>
On Mon, Nov 25, 2024 at 03:40:58PM -0500, Lyude Paul wrote:
> Since we've exposed Lock::from_raw() and Guard::new() publically, we want
> to be able to make sure that we assert that a lock is actually held when
> constructing a Guard for it to handle instances of unsafe Guard::new()
> calls outside of our lock module.
>
> So, let's do this by adding a new method assert_is_held to Backend, which
> uses lockdep to check whether or not a lock has been acquired. When lockdep
> is disabled, this has no overhead.
>
> Signed-off-by: Lyude Paul <lyude@redhat.com>
>
Queued for more testing and reviews, thanks!
Regards,
Boqun
> ---
>
> V2
> * Use lockdep instead of is_locked() functions
> * Drop is_locked, replace with assert_is_held()
> ---
> rust/helpers/mutex.c | 5 +++++
> rust/helpers/spinlock.c | 5 +++++
> rust/kernel/sync/lock.rs | 10 ++++++++++
> rust/kernel/sync/lock/mutex.rs | 7 +++++++
> rust/kernel/sync/lock/spinlock.rs | 7 +++++++
> 5 files changed, 34 insertions(+)
>
> diff --git a/rust/helpers/mutex.c b/rust/helpers/mutex.c
> index 7e00680958ef1..06575553eda5c 100644
> --- a/rust/helpers/mutex.c
> +++ b/rust/helpers/mutex.c
> @@ -12,3 +12,8 @@ void rust_helper___mutex_init(struct mutex *mutex, const char *name,
> {
> __mutex_init(mutex, name, key);
> }
> +
> +void rust_helper_mutex_assert_is_held(struct mutex *mutex)
> +{
> + lockdep_assert_held(mutex);
> +}
> diff --git a/rust/helpers/spinlock.c b/rust/helpers/spinlock.c
> index b7b0945e8b3cb..b26953d0d65b5 100644
> --- a/rust/helpers/spinlock.c
> +++ b/rust/helpers/spinlock.c
> @@ -26,3 +26,8 @@ int rust_helper_spin_trylock(spinlock_t *lock)
> {
> return spin_trylock(lock);
> }
> +
> +void rust_helper_spin_assert_is_held(spinlock_t *lock)
> +{
> + lockdep_assert_held(lock);
> +}
> diff --git a/rust/kernel/sync/lock.rs b/rust/kernel/sync/lock.rs
> index 6d3c8874eb26a..bc71fda87b104 100644
> --- a/rust/kernel/sync/lock.rs
> +++ b/rust/kernel/sync/lock.rs
> @@ -85,6 +85,13 @@ unsafe fn relock(ptr: *mut Self::State, guard_state: &mut Self::GuardState) {
> // SAFETY: The safety requirements ensure that the lock is initialised.
> *guard_state = unsafe { Self::lock(ptr) };
> }
> +
> + /// Asserts that the lock is held using lockdep.
> + ///
> + /// # Safety
> + ///
> + /// Callers must ensure that [`Backend::init`] has been previously called.
> + unsafe fn assert_is_held(ptr: *mut Self::State);
> }
>
> /// A mutual exclusion primitive.
> @@ -207,6 +214,9 @@ impl<'a, T: ?Sized, B: Backend> Guard<'a, T, B> {
> ///
> /// The caller must ensure that it owns the lock.
> pub(crate) unsafe fn new(lock: &'a Lock<T, B>, state: B::GuardState) -> Self {
> + // SAFETY: The caller can only hold the lock if `Backend::init` has already been called.
> + unsafe { B::assert_is_held(lock.state.get()) };
> +
> Self {
> lock,
> state,
> diff --git a/rust/kernel/sync/lock/mutex.rs b/rust/kernel/sync/lock/mutex.rs
> index 0e946ebefce12..8ee079f6ae0ac 100644
> --- a/rust/kernel/sync/lock/mutex.rs
> +++ b/rust/kernel/sync/lock/mutex.rs
> @@ -126,4 +126,11 @@ unsafe fn try_lock(ptr: *mut Self::State) -> Option<Self::GuardState> {
> None
> }
> }
> +
> + unsafe fn assert_is_held(ptr: *mut Self::State) {
> + // SAFETY: The `ptr` pointer is guaranteed to be valid and initialized before use.
> + unsafe {
> + bindings::mutex_assert_is_held(ptr);
> + }
> + }
> }
> diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spinlock.rs
> index 9f4d128bed983..b2c1343aabee3 100644
> --- a/rust/kernel/sync/lock/spinlock.rs
> +++ b/rust/kernel/sync/lock/spinlock.rs
> @@ -125,4 +125,11 @@ unsafe fn try_lock(ptr: *mut Self::State) -> Option<Self::GuardState> {
> None
> }
> }
> +
> + unsafe fn assert_is_held(ptr: *mut Self::State) {
> + // SAFETY: The `ptr` pointer is guaranteed to be valid and initialized before use.
> + unsafe {
> + bindings::spin_assert_is_held(ptr);
> + }
> + }
> }
>
> base-commit: b7ed2b6f4e8d7f64649795e76ee9db67300de8eb
> --
> 2.47.0
>
next prev parent reply other threads:[~2024-12-15 20:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-25 20:40 [PATCH v2] rust: sync: Add lock::Backend::assert_is_held() Lyude Paul
2024-12-15 20:17 ` Boqun Feng [this message]
2024-12-24 18:53 ` [tip: locking/core] " tip-bot2 for Lyude Paul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z185bwYfvVUJ2EXZ@tardis.local \
--to=boqun.feng@gmail.com \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=dakr@kernel.org \
--cc=dirk.behme@de.bosch.com \
--cc=felipe_life@live.com \
--cc=gary@garyguo.net \
--cc=kernel@valentinobst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=lyude@redhat.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tamird@gmail.com \
--cc=tmgross@umich.edu \
--cc=walmeida@microsoft.com \
--cc=yakoyoku@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox