Re: [PATCH v2 1/2] rust: sync: atomic: Add AtomicFlag::get_mut

public inbox for rust-for-linux@vger.kernel.org
 help / color / mirror / Atom feed

From: "Gary Guo" <gary@garyguo.net>
To: "Boqun Feng" <boqun@kernel.org>, "Gary Guo" <gary@garyguo.net>
Cc: "FUJITA Tomonori" <tomo@aliasing.net>, <ojeda@kernel.org>,
	<peterz@infradead.org>, <will@kernel.org>,
	<a.hindborg@kernel.org>, <aliceryhl@google.com>,
	<bjorn3_gh@protonmail.com>, <dakr@kernel.org>,
	<lossin@kernel.org>, <mark.rutland@arm.com>, <tmgross@umich.edu>,
	<rust-for-linux@vger.kernel.org>,
	"FUJITA Tomonori" <fujita.tomonori@gmail.com>
Subject: Re: [PATCH v2 1/2] rust: sync: atomic: Add AtomicFlag::get_mut
Date: Tue, 27 Jan 2026 16:10:35 +0000	[thread overview]
Message-ID: <DFZI47QW7VTE.1PF5P6LUTASVS@garyguo.net> (raw)
In-Reply-To: <aXjg4jv-3aQcy4O0@tardis.local>

On Tue Jan 27, 2026 at 3:59 PM GMT, Boqun Feng wrote:
> On Tue, Jan 27, 2026 at 03:42:42PM +0000, Gary Guo wrote:
>> On Tue Jan 27, 2026 at 3:35 PM GMT, Boqun Feng wrote:
>> > [For some unknown reasons, I cannot send my reply via gmail hence reply
>> >  via kernel.org account, I might switch from gmail later on]
>> >
>> > On Tue, Jan 27, 2026 at 09:52:59PM +0900, FUJITA Tomonori wrote:
>> >> From: FUJITA Tomonori <fujita.tomonori@gmail.com>
>> >> 
>> >> AtomicFlag exposes a bool API, but it lacks a get_mut() equivalent to
>> >> Atomic<T>::get_mut().
>> >> 
>> >> Also add kunit tests for AtomicFlag.
>> >> 
>> >> Signed-off-by: FUJITA Tomonori <fujita.tomonori@gmail.com>
>> >> ---
>> >>  rust/kernel/sync/atomic.rs           | 20 ++++++++++++++++++++
>> >>  rust/kernel/sync/atomic/predefine.rs | 17 +++++++++++++++++
>> >>  2 files changed, 37 insertions(+)
>> >> 
>> >> diff --git a/rust/kernel/sync/atomic.rs b/rust/kernel/sync/atomic.rs
>> >> index 6c46335bdb8c..b6c01d9f3a46 100644
>> >> --- a/rust/kernel/sync/atomic.rs
>> >> +++ b/rust/kernel/sync/atomic.rs
>> >> @@ -591,6 +591,26 @@ pub fn store<Ordering: ordering::ReleaseOrRelaxed>(&self, b: bool, o: Ordering)
>> >>          self.0.store(b.into(), o)
>> >>      }
>> >>  
>> >> +    /// Returns a mutable reference to the underlying flag as a `bool`.
>> >> +    ///
>> >> +    /// This is safe because the mutable reference of the atomic flag guarantees exclusive access.
>> >> +    pub fn get_mut(&mut self) -> &mut bool {
>> >> +        let byte_ptr = {
>> >> +            let ptr = self.0.as_ptr().cast::<u8>();
>> >> +            let offset = if cfg!(target_endian = "big") {
>> >> +                core::mem::size_of::<Flag>() - 1
>> >> +            } else {
>> >> +                0
>> >> +            };
>> >
>> > The idea is solid, but I want to avoid endian handling in the function,
>> > I would prefer a "struct declaration" solution like:
>> >
>> >     #[cfg(target_endian = "big")]
>> >     #[repr(align(4))]
>> >     pub(super) struct FlagInner {
>> >         _pad: [i8; 3],
>> > 	bool_field: bool,
>> >     }
>> >
>> >     #[cfg(target_endian = "little")]
>> >     #[repr(align(4))]
>> >     struct FlagInner {
>> > 	bool_field: bool,
>> >         _pad: [i8; 3],
>> >     }
>> >
>> > redefine `Flag` as `BoolFlag`
>> >
>> >     #[repr(i32)]
>> >     pub enum BoolFlag {
>> >         Clear = 0,
>> > 	Set = 1,
>> >     }
>> >
>> > and `Flag` becomes a union of `BoolFlag` and `FlagInner`:
>> >
>> >     /// # Invariants
>> >     /// `Flag` is either 0 or 1 in a i32 representation which implies
>> >     /// that `inner` is always valid as long as `_pad` stays 0.
>> >     pub union Flag {
>> >         pub(super) inner: FlagInner,
>> >         pub flag: BoolFlag,
>> >     }
>> >
>> >     // can static_assert that `Flag` and `BoolFlag` has the same
>> >     // alignement and size.
>> >
>> > then
>> >
>> >     impl AtomicFlag {
>> >         pub fn get_mut(&mut self) -> &mut bool {
>> > 	    let flag = self.0.get_mut(); // <- &mut Flag
>> >
>> >             // INVARIANTS: flag.inner._pad cannot be modified via the
>> > 	    // returned reference.
>> > 	    // SAFETY: Per type invariants, `flag.inner.bool_field` is
>> > 	    // always a valid bool.
>> > 	    unsafe { &mut flag.inner.bool_field }
>> > 	}
>> >     }
>> >
>> > Thoughts?
>> >
>> > Regards,
>> > Boqun
>> 
>> I think we really need special handling for endianness for this one single
>> function, so doing all the extra stuff feels really unnecessary.
>> 
>
> First, this one single function changes the design actually, previously
> you can even implement a Flag as:
>
>    enum Flag {
>        Clear = 6,
>        Set = 7,
>    }
>
> and it'll work, that is as long as `Flag` behaves like a bool, it's
> fine. But now this function implies there is actually a bool in `Flag`,
> which is kinda totally different.
>
> Besides, by using the current implement, we set an example about "how to
> do a byte offset in an i32 for different endians", and then if anyone
> wanted to do something similar, very likely they would copy-paste and
> modify what we have here. The potential tech debts are significant. So I
> would like to do it in a right way ("right" is probably subjective, but
> it comes from someone who needs to live with the code as a maintainer
> ;-) and I'm happy to switch to a better way if necessary).

I think what Fujita has is more "proper". Your approach still have the issue of
requiring a specific ordering of the fields. If this is messed up, then the
entire thing is broken. I.e. the safety proof of `get_mut` depends on the fields
being ordered correctly in `FlagInner`.

If you want to go down this route then I would just scrap `enum Flag` all
together and always define it as struct, with an internal `bool` + 3 bytes of
zero padding. This way we don't even need unsafe for `get_mut`.

Best,
Gary
>
> Hope this can explain why I want to do this right now.
>
> Regards,
> Boqun
>
>> I prefer Fujita's current version.
>> 
>> Best,
>> Gary
>> 
>> >
>> >> +
>> >> +            // SAFETY: `ptr` is valid for `size_of::<Flag>()` bytes; `offset` selects the LSB.
>> >> +            unsafe { ptr.add(offset) }
>> >> +        };
>> >> +
>> >> +        // SAFETY: The LSB holds `0`/`1` for `Flag::Clear/Set`, and `bool` is `i8`-sized/aligned.
>> >> +        unsafe { &mut *byte_ptr.cast::<bool>() }
>> >> +    }
>> >> +
>> >>      /// Stores a value to the atomic flag and returns the previous value.
>> >>      #[inline(always)]
>> >>      pub fn xchg<Ordering: ordering::Ordering>(&self, b: bool, o: Ordering) -> bool {
>> >> diff --git a/rust/kernel/sync/atomic/predefine.rs b/rust/kernel/sync/atomic/predefine.rs
>> >> index 11bc67ab70a3..e413b9e9fe21 100644
>> >> --- a/rust/kernel/sync/atomic/predefine.rs
>> >> +++ b/rust/kernel/sync/atomic/predefine.rs
>> >> @@ -351,6 +351,23 @@ fn atomic_bool_tests() {
>> >>          assert_eq!(Ok(false), x.cmpxchg(false, true, Full));
>> >>      }
>> >>  
>> >> +    #[test]
>> >> +    fn atomic_flag_tests() {
>> >> +        let mut flag = AtomicFlag::new(false);
>> >> +
>> >> +        assert_eq!(false, flag.load(Relaxed));
>> >> +
>> >> +        *flag.get_mut() = true;
>> >> +        assert_eq!(true, flag.load(Relaxed));
>> >> +
>> >> +        assert_eq!(true, flag.xchg(false, Relaxed));
>> >> +        assert_eq!(false, flag.load(Relaxed));
>> >> +
>> >> +        *flag.get_mut() = true;
>> >> +        assert_eq!(Ok(true), flag.cmpxchg(true, false, Full));
>> >> +        assert_eq!(false, flag.load(Relaxed));
>> >> +    }
>> >> +
>> >>      #[test]
>> >>      fn atomic_ptr_tests() {
>> >>          let mut v = 42;
>> >> -- 
>> >> 2.43.0
>> >> 
>>

next prev parent reply	other threads:[~2026-01-27 16:10 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-27 12:52 [PATCH v2 0/2] rust: add AtomicFlag::get_mut FUJITA Tomonori
2026-01-27 12:52 ` [PATCH v2 1/2] rust: sync: atomic: Add AtomicFlag::get_mut FUJITA Tomonori
2026-01-27 13:53   ` Gary Guo
2026-01-27 14:32   ` Miguel Ojeda
2026-01-28  3:47     ` FUJITA Tomonori
2026-01-28  3:55       ` Boqun Feng
2026-01-27 15:35   ` Boqun Feng
2026-01-27 15:42     ` Gary Guo
2026-01-27 15:59       ` Boqun Feng
2026-01-27 16:10         ` Gary Guo [this message]
2026-01-27 16:34           ` Boqun Feng
2026-01-28  3:32             ` FUJITA Tomonori
2026-01-28  3:38               ` Boqun Feng
2026-01-27 12:53 ` [PATCH v2 2/2] rust: list: Use AtomicFlag in AtomicTracker FUJITA Tomonori
2026-01-27 13:54   ` Gary Guo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DFZI47QW7VTE.1PF5P6LUTASVS@garyguo.net \
    --to=gary@garyguo.net \
    --cc=a.hindborg@kernel.org \
    --cc=aliceryhl@google.com \
    --cc=bjorn3_gh@protonmail.com \
    --cc=boqun@kernel.org \
    --cc=dakr@kernel.org \
    --cc=fujita.tomonori@gmail.com \
    --cc=lossin@kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=ojeda@kernel.org \
    --cc=peterz@infradead.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=tmgross@umich.edu \
    --cc=tomo@aliasing.net \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox