From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D06A21C186; Mon, 30 Jun 2025 12:27:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751286475; cv=none; b=CZDn/FIrxj17YMETFd97b5HQYTWIjZj/cGbFoq90WAWiZfg9+lY45v03P7LgHi9yAMbtR5S8SmX4yjVdtjROiqFedrXKZiF6q2QpdTf450f+YEO0vdJ7UnjYuXXyy6EKu598u0JHKqvHF08beoz9w2SZbckbh11bxL86JllnaZ8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751286475; c=relaxed/simple; bh=TdkNbXOSEdCNBRION+A5vF/XNr0ga0/GKwNsi4yCSA4=; h=Mime-Version:Content-Type:Date:Message-Id:To:Cc:Subject:From: References:In-Reply-To; b=tkIbmU0RdJfgyFcHfGYwambzjrlJPFJakGFLpxf/xuNz96ECPbVX5VQqwVWa1RevYDKdtLXLUi69MSALJs4R9NReAGZmQjfZW0iEf/n7i2n13XXPBT+KjNRS2H7Dqpyq+VCIBLMgZRrYGb4BYSmkOoDgLEjJAubCWlrvwf778VU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=C9r2lQ7x; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="C9r2lQ7x" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3A9E8C4CEE3; Mon, 30 Jun 2025 12:27:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1751286473; bh=TdkNbXOSEdCNBRION+A5vF/XNr0ga0/GKwNsi4yCSA4=; h=Date:To:Cc:Subject:From:References:In-Reply-To:From; b=C9r2lQ7xLa1CG57hZnMQ/cxxrJVKBryIAUf2UHq1rW95CIn3COVgtCw7EL7CMLjqJ qGsXMAYq87zlK4fTVlB85LpFzDlo2OJHlWpwqE5N7huY7w2eBO/qcIrBFe3p1bwSjI eTWUy65fz/ge31BZV9MlalxKOPrPu0geyfIBcafy8x68VIVA3ZsgM5JUIxySBFrBpq zXLnQdUOYJeQhDYT98BDykMc3TvQ9yHfmJr+5JdFIiVmnWs/qHvoWT0lVVDO2NUigw LPyymUz/9YoIFG4L4FJCdSHBLG/vZKVywkmpcR83yq6gtgmCLmK453RqgGXnCB9hC3 t5QsfuimZgVIw== Precedence: bulk X-Mailing-List: rust-for-linux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Mon, 30 Jun 2025 14:27:47 +0200 Message-Id: To: "Andreas Hindborg" Cc: "Miguel Ojeda" , "Alex Gaynor" , "Boqun Feng" , "Gary Guo" , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , "Alice Ryhl" , "Masahiro Yamada" , "Nathan Chancellor" , "Luis Chamberlain" , "Danilo Krummrich" , "Nicolas Schier" , "Trevor Gross" , "Adam Bratschi-Kaye" , , , , "Petr Pavlu" , "Sami Tolvanen" , "Daniel Gomez" , "Simona Vetter" , "Greg KH" , "Fiona Behrens" , "Daniel Almeida" , Subject: Re: [PATCH v13 2/6] rust: introduce module_param module From: "Benno Lossin" X-Mailer: aerc 0.20.1 References: <20250612-module-params-v3-v13-0-bc219cd1a3f8@kernel.org> <20250612-module-params-v3-v13-2-bc219cd1a3f8@kernel.org> <87ikkq648o.fsf@kernel.org> <877c126bce.fsf@kernel.org> <87v7om4jhq.fsf@kernel.org> <878qlh4aj1.fsf@kernel.org> <87plepzke5.fsf@kernel.org> <87wm8txysl.fsf@kernel.org> In-Reply-To: <87wm8txysl.fsf@kernel.org> On Mon Jun 30, 2025 at 1:18 PM CEST, Andreas Hindborg wrote: > "Benno Lossin" writes: >> On Fri Jun 27, 2025 at 9:57 AM CEST, Andreas Hindborg wrote: >>> Andreas Hindborg writes: >>>> "Benno Lossin" writes: >>>>> That's good to know, then let's try to go for something simple. >>>>> >>>>> I don't think that we can just use a `Mutex`, because we don't hav= e a >>>>> way to create it at const time... I guess we could have >>>>> >>>>> impl Mutex >>>>> /// # Safety >>>>> /// >>>>> /// The returned value needs to be pinned and then `init` nee= ds >>>>> /// to be called before any other methods are called on this. >>>>> pub unsafe const fn const_new() -> Self; >>>>> >>>>> pub unsafe fn init(&self); >>>>> } >>>>> >>>>> But that seems like a bad idea, because where would we call the `init= ` >>>>> function? That also needs to be synchronized... >>>> >>>> Ah, that is unfortunate. The init function will not run before this, s= o >>>> we would need a `Once` or an atomic anyway to initialize the lock. >>>> >>>> I am not sure if we are allowed to sleep during this, I would have to >>>> check. But then we could use a spin lock. >>>> >>>> We will need the locking anyway, when we want to enable sysfs write >>>> access to the parameters. >>>> >>>>> >>>>> Maybe we can just like you said use an atomic bool? >>>> >>>> Sigh, I will have to check how far that series has come. >>>> >>> >>> I think I am going to build some kind of `Once` feature on top of >>> Boqun's atomic series [1], so that we can initialize a lock in these >>> statics. We can't use `global_lock!`, because that depends on module >>> init to initialize the lock before first use. >> >> Sounds good, though we probably don't want to name it `Once`. Since it >> is something that will be populated in the future, but not by some >> random accessor, but rather a specific populator. >> >> So maybe: >> >> pub struct Delayed { >> dummy: T, >> real: Opaque, >> populated: Atomic, // or Atomic >> writing: Atomic, // or Atomic >> } >> >> impl Delayed { >> pub fn new(dummy: T) -> Self { >> Self { >> dummy, >> real: Opaque::uninit(), >> populated: Atomic::new(false), >> writing: Atomic::new(false), >> } >> } >> >> pub fn get(&self) -> &T { >> if self.populated.load(Acquire) { >> unsafe { &*self.real.get() } >> } else { >> // maybe print a warning here? >> // or maybe let the user configure this in `new()`? >> &self.dummy >> } >> } >> >> pub fn populate(&self, value: T) { >> if self.writing.cmpxchg(false, true, Release) { >> unsafe { *self.real.get() =3D value }; >> self.populated.store(true, Release); >> } else { >> pr_warn!("`Delayed<{}>` written to twice!\n", core::any:= :type_name::()); >> } >> } >> } >> >> (no idea if the orderings are correct, I always have to think way to >> much about that... especially since our atomics seem to only take one >> ordering in compare_exchange?) >> >>> As far as I can tell, atomics may not land in v6.17, so this series >>> will probably not be ready for merge until v6.18 at the earliest. >> >> Yeah, sorry about that :( > > Actually, perhaps we could aim at merging this code without this > synchronization? I won't remember this issue in a few weeks and I fear that it will just get buried. In fact, I already had to re-read now what the actual issue was... > The lack of synchronization is only a problem if we > support custom parsing. This patch set does not allow custom parsing > code, so it does not suffer this issue. ... In doing that, I saw my original example of UB: module! { = =20 // ... = =20 params: { = =20 my_param: i64 { = =20 default: 0, = =20 description: "", = =20 }, = =20 }, = =20 } = =20 = =20 static BAD: &'static i64 =3D module_parameters::my_param.get(); That can happen without custom parsing, so it's still a problem... --- Cheers, Benno