From: Joel Fernandes <joelagnelf@nvidia.com>
To: Lyude Paul <lyude@redhat.com>
Cc: rust-for-linux@vger.kernel.org,
"Thomas Gleixner" <tglx@linutronix.de>,
"Boqun Feng" <boqun.feng@gmail.com>,
linux-kernel@vger.kernel.org,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
"Ingo Molnar" <mingo@redhat.com>, "Will Deacon" <will@kernel.org>,
"Waiman Long" <longman@redhat.com>,
"Mitchell Levy" <levymitchell0@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>
Subject: Re: [RFC RESEND v10 06/14] rust: sync: Add SpinLockIrq
Date: Mon, 16 Jun 2025 15:51:54 -0400 [thread overview]
Message-ID: <20250616195154.GA921422@joelnvbox> (raw)
In-Reply-To: <20250527222254.565881-7-lyude@redhat.com>
On Tue, May 27, 2025 at 06:21:47PM -0400, Lyude Paul wrote:
> A variant of SpinLock that is expected to be used in noirq contexts, so
> lock() will disable interrupts and unlock() (i.e. `Guard::drop()` will
> undo the interrupt disable.
>
> [Boqun: Port to use spin_lock_irq_disable() and
> spin_unlock_irq_enable()]
>
> Signed-off-by: Lyude Paul <lyude@redhat.com>
> Co-Developed-by: Boqun Feng <boqun.feng@gmail.com>
> Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
>
> ---
> V10:
> * Also add support to GlobalLock
> * Documentation fixes from Dirk
>
> Signed-off-by: Lyude Paul <lyude@redhat.com>
> ---
> rust/kernel/sync.rs | 4 +-
> rust/kernel/sync/lock/global.rs | 3 +
> rust/kernel/sync/lock/spinlock.rs | 142 ++++++++++++++++++++++++++++++
> 3 files changed, 148 insertions(+), 1 deletion(-)
>
> diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs
> index 36a7190155833..07e83992490d5 100644
> --- a/rust/kernel/sync.rs
> +++ b/rust/kernel/sync.rs
> @@ -20,7 +20,9 @@
> pub use condvar::{new_condvar, CondVar, CondVarTimeoutResult};
> pub use lock::global::{global_lock, GlobalGuard, GlobalLock, GlobalLockBackend, GlobalLockedBy};
> pub use lock::mutex::{new_mutex, Mutex, MutexGuard};
> -pub use lock::spinlock::{new_spinlock, SpinLock, SpinLockGuard};
> +pub use lock::spinlock::{
> + new_spinlock, new_spinlock_irq, SpinLock, SpinLockGuard, SpinLockIrq, SpinLockIrqGuard,
> +};
> pub use locked_by::LockedBy;
>
> /// Represents a lockdep class. It's a wrapper around C's `lock_class_key`.
> diff --git a/rust/kernel/sync/lock/global.rs b/rust/kernel/sync/lock/global.rs
> index d65f94b5caf26..47e200b750c1d 100644
> --- a/rust/kernel/sync/lock/global.rs
> +++ b/rust/kernel/sync/lock/global.rs
> @@ -299,4 +299,7 @@ macro_rules! global_lock_inner {
> (backend SpinLock) => {
> $crate::sync::lock::spinlock::SpinLockBackend
> };
> + (backend SpinLockIrq) => {
> + $crate::sync::lock::spinlock::SpinLockIrqBackend
> + };
> }
> diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spinlock.rs
> index d7be38ccbdc7d..a1d76184a5bb4 100644
> --- a/rust/kernel/sync/lock/spinlock.rs
> +++ b/rust/kernel/sync/lock/spinlock.rs
> @@ -139,3 +139,145 @@ unsafe fn assert_is_held(ptr: *mut Self::State) {
> unsafe { bindings::spin_assert_is_held(ptr) }
> }
> }
> +
> +/// Creates a [`SpinLockIrq`] initialiser with the given name and a newly-created lock class.
> +///
> +/// It uses the name if one is given, otherwise it generates one based on the file name and line
> +/// number.
> +#[macro_export]
> +macro_rules! new_spinlock_irq {
> + ($inner:expr $(, $name:literal)? $(,)?) => {
> + $crate::sync::SpinLockIrq::new(
> + $inner, $crate::optional_name!($($name)?), $crate::static_lock_class!())
> + };
> +}
> +pub use new_spinlock_irq;
> +
> +/// A spinlock that may be acquired when local processor interrupts are disabled.
> +///
> +/// This is a version of [`SpinLock`] that can only be used in contexts where interrupts for the
> +/// local CPU are disabled. It can be acquired in two ways:
> +///
> +/// - Using [`lock()`] like any other type of lock, in which case the bindings will modify the
> +/// interrupt state to ensure that local processor interrupts remain disabled for at least as long
> +/// as the [`SpinLockIrqGuard`] exists.
> +/// - Using [`lock_with()`] in contexts where a [`LocalInterruptDisabled`] token is present and
> +/// local processor interrupts are already known to be disabled, in which case the local interrupt
> +/// state will not be touched. This method should be preferred if a [`LocalInterruptDisabled`]
> +/// token is present in the scope.
Just a nit:
Is it also worth adding debug-only code to make sure at runtime that IRQs
are indeed disabled when calling lock_with()? Or is there a check for that
somewhere? I am just concerned, even if rust thinks interrupts are disabled,
but for some reason they got enabled when the lock was acquired. Then we'd
have code failing silently. That might require implement lock_with() in
SpinlockIrq and checking for this, and then calling the generic Lock's
locks_with()?
thanks,
- Joel
> +///
> +/// For more info on spinlocks, see [`SpinLock`]. For more information on interrupts,
> +/// [see the interrupt module](kernel::interrupt).
> +///
> +/// # Examples
> +///
> +/// The following example shows how to declare, allocate initialise and access a struct (`Example`)
> +/// that contains an inner struct (`Inner`) that is protected by a spinlock that requires local
> +/// processor interrupts to be disabled.
> +///
> +/// ```
> +/// use kernel::sync::{new_spinlock_irq, SpinLockIrq};
> +///
> +/// struct Inner {
> +/// a: u32,
> +/// b: u32,
> +/// }
> +///
> +/// #[pin_data]
> +/// struct Example {
> +/// #[pin]
> +/// c: SpinLockIrq<Inner>,
> +/// #[pin]
> +/// d: SpinLockIrq<Inner>,
> +/// }
> +///
> +/// impl Example {
> +/// fn new() -> impl PinInit<Self> {
> +/// pin_init!(Self {
> +/// c <- new_spinlock_irq!(Inner { a: 0, b: 10 }),
> +/// d <- new_spinlock_irq!(Inner { a: 20, b: 30 }),
> +/// })
> +/// }
> +/// }
> +///
> +/// // Allocate a boxed `Example`
> +/// let e = KBox::pin_init(Example::new(), GFP_KERNEL)?;
> +///
> +/// // Accessing an `Example` from a context where interrupts may not be disabled already.
> +/// let c_guard = e.c.lock(); // interrupts are disabled now, +1 interrupt disable refcount
> +/// let d_guard = e.d.lock(); // no interrupt state change, +1 interrupt disable refcount
> +///
> +/// assert_eq!(c_guard.a, 0);
> +/// assert_eq!(c_guard.b, 10);
> +/// assert_eq!(d_guard.a, 20);
> +/// assert_eq!(d_guard.b, 30);
> +///
> +/// drop(c_guard); // Dropping c_guard will not re-enable interrupts just yet, since d_guard is
> +/// // still in scope.
> +/// drop(d_guard); // Last interrupt disable reference dropped here, so interrupts are re-enabled
> +/// // now
> +/// # Ok::<(), Error>(())
> +/// ```
> +///
> +/// [`lock()`]: SpinLockIrq::lock
> +/// [`lock_with()`]: SpinLockIrq::lock_with
> +pub type SpinLockIrq<T> = super::Lock<T, SpinLockIrqBackend>;
> +
> +/// A kernel `spinlock_t` lock backend that is acquired in interrupt disabled contexts.
> +pub struct SpinLockIrqBackend;
> +
> +/// A [`Guard`] acquired from locking a [`SpinLockIrq`] using [`lock()`].
> +///
> +/// This is simply a type alias for a [`Guard`] returned from locking a [`SpinLockIrq`] using
> +/// [`lock_with()`]. It will unlock the [`SpinLockIrq`] and decrement the local processor's
> +/// interrupt disablement refcount upon being dropped.
> +///
> +/// [`Guard`]: super::Guard
> +/// [`lock()`]: SpinLockIrq::lock
> +/// [`lock_with()`]: SpinLockIrq::lock_with
> +pub type SpinLockIrqGuard<'a, T> = super::Guard<'a, T, SpinLockIrqBackend>;
> +
> +// SAFETY: The underlying kernel `spinlock_t` object ensures mutual exclusion. `relock` uses the
> +// default implementation that always calls the same locking method.
> +unsafe impl super::Backend for SpinLockIrqBackend {
> + type State = bindings::spinlock_t;
> + type GuardState = ();
> +
> + unsafe fn init(
> + ptr: *mut Self::State,
> + name: *const crate::ffi::c_char,
> + key: *mut bindings::lock_class_key,
> + ) {
> + // SAFETY: The safety requirements ensure that `ptr` is valid for writes, and `name` and
> + // `key` are valid for read indefinitely.
> + unsafe { bindings::__spin_lock_init(ptr, name, key) }
> + }
> +
> + unsafe fn lock(ptr: *mut Self::State) -> Self::GuardState {
> + // SAFETY: The safety requirements of this function ensure that `ptr` points to valid
> + // memory, and that it has been initialised before.
> + unsafe { bindings::spin_lock_irq_disable(ptr) }
> + }
> +
> + unsafe fn unlock(ptr: *mut Self::State, _guard_state: &Self::GuardState) {
> + // SAFETY: The safety requirements of this function ensure that `ptr` is valid and that the
> + // caller is the owner of the spinlock.
> + unsafe { bindings::spin_unlock_irq_enable(ptr) }
> + }
> +
> + unsafe fn try_lock(ptr: *mut Self::State) -> Option<Self::GuardState> {
> + // SAFETY: The `ptr` pointer is guaranteed to be valid and initialized before use.
> + let result = unsafe { bindings::spin_trylock_irq_disable(ptr) };
> +
> + if result != 0 {
> + Some(())
> + } else {
> + None
> + }
> + }
> +
> + unsafe fn assert_is_held(ptr: *mut Self::State) {
> + // SAFETY: The `ptr` pointer is guaranteed to be valid and initialized before use.
> + unsafe { bindings::spin_assert_is_held(ptr) }
> + }
> +}
> --
> 2.49.0
>
next prev parent reply other threads:[~2025-06-16 19:52 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-27 22:21 [RFC RESEND v10 00/14] Refcounted interrupts, SpinLockIrq for rust Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 01/14] preempt: Introduce HARDIRQ_DISABLE_BITS Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 02/14] preempt: Introduce __preempt_count_{sub, add}_return() Lyude Paul
2025-05-28 6:37 ` Heiko Carstens
2025-05-27 22:21 ` [RFC RESEND v10 03/14] irq & spin_lock: Add counted interrupt disabling/enabling Lyude Paul
2025-05-28 9:10 ` Peter Zijlstra
2025-05-28 14:03 ` Steven Rostedt
2025-05-28 14:47 ` Boqun Feng
2025-06-16 17:54 ` Joel Fernandes
2025-06-16 18:02 ` Boqun Feng
2025-06-16 18:37 ` Joel Fernandes
2025-06-17 14:14 ` Steven Rostedt
2025-05-28 18:47 ` Lyude Paul
2025-06-16 18:10 ` Joel Fernandes
2025-06-16 18:16 ` Boqun Feng
2025-06-17 14:11 ` Steven Rostedt
2025-06-17 14:34 ` Boqun Feng
2025-06-17 15:11 ` Steven Rostedt
2025-06-17 14:25 ` Boqun Feng
2025-05-27 22:21 ` [RFC RESEND v10 04/14] rust: Introduce interrupt module Lyude Paul
2025-05-29 9:21 ` Benno Lossin
2025-05-27 22:21 ` [RFC RESEND v10 05/14] rust: helper: Add spin_{un,}lock_irq_{enable,disable}() helpers Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 06/14] rust: sync: Add SpinLockIrq Lyude Paul
2025-06-16 19:51 ` Joel Fernandes [this message]
2025-07-16 20:29 ` Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 07/14] rust: sync: Introduce lock::Backend::Context Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 08/14] rust: sync: lock: Add `Backend::BackendInContext` Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 09/14] rust: sync: Add a lifetime parameter to lock::global::GlobalGuard Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 10/14] rust: sync: lock/global: Rename B to G in trait bounds Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 11/14] rust: sync: Expose lock::Backend Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 12/14] rust: sync: lock/global: Add Backend parameter to GlobalGuard Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 13/14] rust: sync: lock/global: Add BackendInContext support to GlobalLock Lyude Paul
2025-05-27 22:21 ` [RFC RESEND v10 14/14] locking: Switch to _irq_{disable,enable}() variants in cleanup guards Lyude Paul
2025-05-28 6:11 ` Sebastian Andrzej Siewior
2025-07-02 10:16 ` [RFC RESEND v10 00/14] Refcounted interrupts, SpinLockIrq for rust Benno Lossin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250616195154.GA921422@joelnvbox \
--to=joelagnelf@nvidia.com \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=gary@garyguo.net \
--cc=levymitchell0@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=lossin@kernel.org \
--cc=lyude@redhat.com \
--cc=mingo@redhat.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tmgross@umich.edu \
--cc=wedsonaf@gmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).