From: Alice Ryhl <aliceryhl@google.com>
To: Burak Emir <bqe@google.com>
Cc: "Yury Norov" <yury.norov@gmail.com>,
"Kees Cook" <kees@kernel.org>,
"Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
"Viresh Kumar" <viresh.kumar@linaro.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Gustavo A . R . Silva" <gustavoars@kernel.org>,
"Carlos LLama" <cmllamas@google.com>,
"Pekka Ristola" <pekkarr@protonmail.com>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH v12 5/5] rust: add dynamic ID pool abstraction for bitmap
Date: Thu, 12 Jun 2025 09:09:12 +0000 [thread overview]
Message-ID: <aEqZOOfx-tP5FYio@google.com> (raw)
In-Reply-To: <20250611194840.877308-6-bqe@google.com>
On Wed, Jun 11, 2025 at 07:48:38PM +0000, Burak Emir wrote:
> This is a port of the Binder data structure introduced in commit
> 15d9da3f818c ("binder: use bitmap for faster descriptor lookup") to
> Rust.
>
> Like drivers/android/dbitmap.h, the ID pool abstraction lets
> clients acquire and release IDs. The implementation uses a bitmap to
> know what IDs are in use, and gives clients fine-grained control over
> the time of allocation. This fine-grained control is needed in the
> Android Binder. We provide an example that release a spinlock for
> allocation and unit tests (rustdoc examples).
>
> The implementation does not permit shrinking below capacity below
> BITS_PER_LONG.
>
> Suggested-by: Alice Ryhl <aliceryhl@google.com>
> Suggested-by: Yury Norov <yury.norov@gmail.com>
> Signed-off-by: Burak Emir <bqe@google.com>
> ---
> MAINTAINERS | 1 +
> rust/kernel/id_pool.rs | 223 +++++++++++++++++++++++++++++++++++++++++
> rust/kernel/lib.rs | 1 +
> 3 files changed, 225 insertions(+)
> create mode 100644 rust/kernel/id_pool.rs
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 943d85ed1876..bc95d98f266b 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -4134,6 +4134,7 @@ R: Yury Norov <yury.norov@gmail.com>
> S: Maintained
> F: lib/find_bit_benchmark_rust.rs
> F: rust/kernel/bitmap.rs
> +F: rust/kernel/id_pool.rs
>
> BITOPS API
> M: Yury Norov <yury.norov@gmail.com>
> diff --git a/rust/kernel/id_pool.rs b/rust/kernel/id_pool.rs
> new file mode 100644
> index 000000000000..355a8ae93268
> --- /dev/null
> +++ b/rust/kernel/id_pool.rs
> @@ -0,0 +1,223 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +// Copyright (C) 2025 Google LLC.
> +
> +//! Rust API for an ID pool backed by a [`Bitmap`].
> +
> +use crate::alloc::{AllocError, Flags};
> +use crate::bitmap::Bitmap;
> +
> +/// Represents a dynamic ID pool backed by a [`Bitmap`].
> +///
> +/// Clients acquire and release IDs from unset bits in a bitmap.
> +///
> +/// The capacity of the ID pool may be adjusted by users as
> +/// needed. The API supports the scenario where users need precise control
> +/// over the time of allocation of a new backing bitmap, which may require
> +/// release of spinlock.
> +/// Due to concurrent updates, all operations are re-verified to determine
> +/// if the grow or shrink is sill valid.
> +///
> +/// # Examples
> +///
> +/// Basic usage
> +///
> +/// ```
> +/// use kernel::alloc::{AllocError, flags::GFP_KERNEL};
> +/// use kernel::id_pool::IdPool;
> +///
> +/// let mut pool = IdPool::new(64, GFP_KERNEL)?;
> +/// for i in 0..64 {
> +/// assert_eq!(i, pool.acquire_next_id(i).ok_or(ENOSPC)?);
> +/// }
> +///
> +/// pool.release_id(23);
> +/// assert_eq!(23, pool.acquire_next_id(0).ok_or(ENOSPC)?);
> +///
> +/// assert_eq!(None, pool.acquire_next_id(0)); // time to realloc.
> +/// let resizer = pool.grow_request().ok_or(ENOSPC)?.realloc(GFP_KERNEL)?;
> +/// pool.grow(resizer);
> +///
> +/// assert_eq!(pool.acquire_next_id(0), Some(64));
> +/// # Ok::<(), Error>(())
> +/// ```
> +///
> +/// Releasing spinlock to grow the pool
> +///
> +/// ```no_run
> +/// use kernel::alloc::{AllocError, flags::GFP_KERNEL};
> +/// use kernel::sync::{new_spinlock, SpinLock};
> +/// use kernel::id_pool::IdPool;
> +///
> +/// fn get_id_maybe_realloc(guarded_pool: &SpinLock<IdPool>) -> Result<usize, AllocError> {
> +/// let mut pool = guarded_pool.lock();
> +/// loop {
> +/// match pool.acquire_next_id(0) {
> +/// Some(index) => return Ok(index),
> +/// None => {
> +/// let alloc_request = pool.grow_request();
> +/// drop(pool);
> +/// let resizer = alloc_request.ok_or(AllocError)?.realloc(GFP_KERNEL)?;
> +/// pool = guarded_pool.lock();
> +/// pool.grow(resizer)
> +/// }
> +/// }
> +/// }
> +/// }
> +/// ```
These examples use two spaces for indentation, but in Rust we use four
spaces.
> +pub struct IdPool {
> + map: Bitmap,
> +}
> +
> +/// Indicates that an [`IdPool`] should change to a new target size.
> +pub struct ReallocRequest {
> + num_ids: usize,
> +}
> +
> +/// Contains a [`Bitmap`] of a size suitable for reallocating [`IdPool`].
> +pub struct PoolResizer {
> + new: Bitmap,
> +}
> +
> +impl ReallocRequest {
> + /// Allocates a new backing [`Bitmap`] for [`IdPool`].
> + ///
> + /// This method only prepares reallocation and does not complete it.
> + /// Reallocation will complete after passing the [`PoolResizer`] to the
> + /// [`IdPool::grow`] or [`IdPool::shrink`] operation, which will check
> + /// that reallocation still makes sense.
> + pub fn realloc(&self, flags: Flags) -> Result<PoolResizer, AllocError> {
> + let new = Bitmap::new(self.num_ids, flags)?;
> + Ok(PoolResizer { new })
> + }
> +}
> +
> +impl IdPool {
> + /// Constructs a new [`IdPool`].
> + ///
> + /// [BITS_PER_LONG]: srctree/include/asm-generic/bitsperlong.h
> + /// A capacity below [`BITS_PER_LONG`][BITS_PER_LONG] is adjusted to
> + /// [`BITS_PER_LONG`][BITS_PER_LONG].
I'm concerned that this might not render correctly in the html docs.
Markdown links are usually written below the text and with an empty
line:
/// A capacity below [`BITS_PER_LONG`][BITS_PER_LONG] is adjusted to
/// [`BITS_PER_LONG`][BITS_PER_LONG].
///
/// [BITS_PER_LONG]: srctree/include/asm-generic/bitsperlong.h
which can be further simplified to
/// A capacity below [`BITS_PER_LONG`] is adjusted to [`BITS_PER_LONG`].
///
/// [`BITS_PER_LONG`]: srctree/include/asm-generic/bitsperlong.h
Furthermore, if you declare a public BITS_PER_LONG constant on the Rust
side like I suggested in my reply to one of the other patches, then it
will automatically link to that if you've imported it with `use` and
don't specify a link target:
use kernel::bitmap::BITS_PER_LONG;
/// A capacity below [`BITS_PER_LONG`] is adjusted to [`BITS_PER_LONG`].
Same applies to other docs that link to this constant.
> + #[inline]
> + pub fn new(num_ids: usize, flags: Flags) -> Result<Self, AllocError> {
> + let num_ids = core::cmp::max(num_ids, bindings::BITS_PER_LONG as usize);
Nit: I like to write usize::max(...) instead of core::cmp::max(...),
which I think reads better.
> + let map = Bitmap::new(num_ids, flags)?;
> + Ok(Self { map })
> + }
> +
> + /// Returns how many IDs this pool can currently have.
> + #[expect(clippy::len_without_is_empty)]
> + #[inline]
> + pub fn len(&self) -> usize {
Maybe this should be called capacity() instead? Or maybe we just don't
have this method at all.
Alice
next prev parent reply other threads:[~2025-06-12 9:09 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-11 19:48 [PATCH v12 0/5] rust: adds Bitmap API, ID pool and bindings Burak Emir
2025-06-11 19:48 ` [PATCH v12 1/5] rust: add bindings for bitmap.h Burak Emir
2025-06-11 19:48 ` [PATCH v12 2/5] rust: add bindings for bitops.h Burak Emir
2025-06-11 19:48 ` [PATCH v12 3/5] rust: add bitmap API Burak Emir
2025-06-11 21:58 ` Alice Ryhl
2025-06-12 8:46 ` Burak Emir
2025-06-12 8:49 ` Alice Ryhl
2025-06-12 9:04 ` Burak Emir
2025-06-12 9:52 ` Miguel Ojeda
2025-06-19 9:32 ` Burak Emir
2025-06-16 10:49 ` Alice Ryhl
2025-06-19 9:49 ` Burak Emir
2025-06-19 10:50 ` Alice Ryhl
2025-06-11 19:48 ` [PATCH v12 4/5] rust: add find_bit_benchmark_rust module Burak Emir
2025-06-12 8:58 ` Alice Ryhl
2025-06-11 19:48 ` [PATCH v12 5/5] rust: add dynamic ID pool abstraction for bitmap Burak Emir
2025-06-12 9:09 ` Alice Ryhl [this message]
2025-06-20 8:27 ` Burak Emir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aEqZOOfx-tP5FYio@google.com \
--to=aliceryhl@google.com \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=bqe@google.com \
--cc=cmllamas@google.com \
--cc=gary@garyguo.net \
--cc=gustavoars@kernel.org \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=ojeda@kernel.org \
--cc=pekkarr@protonmail.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=viresh.kumar@linaro.org \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).