798bb342e0
Toolchain and infrastructure:
- Enable a series of lints, including safety-related ones, e.g. the
compiler will now warn about missing safety comments, as well as
unnecessary ones. How safety documentation is organized is a frequent
source of review comments, thus having the compiler guide new
developers on where they are expected (and where not) is very nice.
- Start using '#[expect]': an interesting feature in Rust (stabilized
in 1.81.0) that makes the compiler warn if an expected warning was
_not_ emitted. This is useful to avoid forgetting cleaning up locally
ignored diagnostics ('#[allow]'s).
- Introduce '.clippy.toml' configuration file for Clippy, the Rust
linter, which will allow us to tweak its behaviour. For instance, our
first use cases are declaring a disallowed macro and, more
importantly, enabling the checking of private items.
- Lints-related fixes and cleanups related to the items above.
- Migrate from 'receiver_trait' to 'arbitrary_self_types': to get the
kernel into stable Rust, one of the major pieces of the puzzle is the
support to write custom types that can be used as 'self', i.e. as
receivers, since the kernel needs to write types such as 'Arc' that
common userspace Rust would not. 'arbitrary_self_types' has been
accepted to become stable, and this is one of the steps required to
get there.
- Remove usage of the 'new_uninit' unstable feature.
- Use custom C FFI types. Includes a new 'ffi' crate to contain our
custom mapping, instead of using the standard library 'core::ffi'
one. The actual remapping will be introduced in a later cycle.
- Map '__kernel_{size_t,ssize_t,ptrdiff_t}' to 'usize'/'isize' instead
of 32/64-bit integers.
- Fix 'size_t' in bindgen generated prototypes of C builtins.
- Warn on bindgen < 0.69.5 and libclang >= 19.1 due to a double issue
in the projects, which we managed to trigger with the upcoming
tracepoint support. It includes a build test since some distributions
backported the fix (e.g. Debian -- thanks!). All major distributions
we list should be now OK except Ubuntu non-LTS.
'macros' crate:
- Adapt the build system to be able run the doctests there too; and
clean up and enable the corresponding doctests.
'kernel' crate:
- Add 'alloc' module with generic kernel allocator support and remove
the dependency on the Rust standard library 'alloc' and the extension
traits we used to provide fallible methods with flags.
Add the 'Allocator' trait and its implementations '{K,V,KV}malloc'.
Add the 'Box' type (a heap allocation for a single value of type 'T'
that is also generic over an allocator and considers the kernel's GFP
flags) and its shorthand aliases '{K,V,KV}Box'. Add 'ArrayLayout'
type. Add 'Vec' (a contiguous growable array type) and its shorthand
aliases '{K,V,KV}Vec', including iterator support.
For instance, now we may write code such as:
let mut v = KVec::new();
v.push(1, GFP_KERNEL)?;
assert_eq!(&v, &[1]);
Treewide, move as well old users to these new types.
- 'sync' module: add global lock support, including the
'GlobalLockBackend' trait; the 'Global{Lock,Guard,LockedBy}' types
and the 'global_lock!' macro. Add the 'Lock::try_lock' method.
- 'error' module: optimize 'Error' type to use 'NonZeroI32' and make
conversion functions public.
- 'page' module: add 'page_align' function.
- Add 'transmute' module with the existing 'FromBytes' and 'AsBytes'
traits.
- 'block::mq::request' module: improve rendered documentation.
- 'types' module: extend 'Opaque' type documentation and add simple
examples for the 'Either' types.
drm/panic:
- Clean up a series of Clippy warnings.
Documentation:
- Add coding guidelines for lints and the '#[expect]' feature.
- Add Ubuntu to the list of distributions in the Quick Start guide.
MAINTAINERS:
- Add Danilo Krummrich as maintainer of the new 'alloc' module.
And a few other small cleanups and fixes.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAmdFMIgACgkQGXyLc2ht
IW16hQ/+KX/jmdGoXtNXx7T6yG6SJ/txPOieGAWfhBf6C3bqkGrU9Gnw/O3VWrxf
eyj1QLQaIVUkmumWCefeiy9u3xRXx5fpS0tWJOjUtxC5NcS7vCs0AHQs1skIa6H+
YD6UKDPOy7CB5fVYqo13B5xnFAlciU0dLo6IGB6bB/lSpCudGLE9+nukfn5H3/R1
DTc3/fbSoYQU6Ij/FKscB+D/A7ojdYaReodhbzNw1lChg1MrJlCpqoQvHPE8ijg+
UDljHFFvgKdhSQL9GTa3LC7X4DsnihMWzXt14m6mMOqBa6TqF47WUhhgC77pHEI2
v/Yy8MLq0pdIzT1wFjsqs6opuvXc7K5Yk5Y60HDsDyIyjk2xgOjh6ZlD0EV161gS
7w1NtaKd/Cn7hnL7Ua51yJDxJTMllne3fTWemhs3Zd63j7ham98yOoiw+6L2QaM4
C9nW48vfUuTwDuYJ5HU0uSugubuHW3Ng5JEvMcvd4QjmaI1bQNkgVzefR5j3dLw8
9kEOTzJoxHpu5B7PZVTEd/L95hlmk1csSQObxi7JYCCimMkusF1S+heBzV/SqWD5
5ioEhCnSKE05fhQs0Uxns1HkcFle8Bn6r3aSAWV6yaR8oF94yHcuaZRUKxKMHw+1
cmBE2X8Yvtldw+CYDwEGWjKDtwOStbqk+b/ZzP7f7/p56QH9lSg=
=Kn7b
-----END PGP SIGNATURE-----
Merge tag 'rust-6.13' of https://github.com/Rust-for-Linux/linux
Pull rust updates from Miguel Ojeda:
"Toolchain and infrastructure:
- Enable a series of lints, including safety-related ones, e.g. the
compiler will now warn about missing safety comments, as well as
unnecessary ones. How safety documentation is organized is a
frequent source of review comments, thus having the compiler guide
new developers on where they are expected (and where not) is very
nice.
- Start using '#[expect]': an interesting feature in Rust (stabilized
in 1.81.0) that makes the compiler warn if an expected warning was
_not_ emitted. This is useful to avoid forgetting cleaning up
locally ignored diagnostics ('#[allow]'s).
- Introduce '.clippy.toml' configuration file for Clippy, the Rust
linter, which will allow us to tweak its behaviour. For instance,
our first use cases are declaring a disallowed macro and, more
importantly, enabling the checking of private items.
- Lints-related fixes and cleanups related to the items above.
- Migrate from 'receiver_trait' to 'arbitrary_self_types': to get the
kernel into stable Rust, one of the major pieces of the puzzle is
the support to write custom types that can be used as 'self', i.e.
as receivers, since the kernel needs to write types such as 'Arc'
that common userspace Rust would not. 'arbitrary_self_types' has
been accepted to become stable, and this is one of the steps
required to get there.
- Remove usage of the 'new_uninit' unstable feature.
- Use custom C FFI types. Includes a new 'ffi' crate to contain our
custom mapping, instead of using the standard library 'core::ffi'
one. The actual remapping will be introduced in a later cycle.
- Map '__kernel_{size_t,ssize_t,ptrdiff_t}' to 'usize'/'isize'
instead of 32/64-bit integers.
- Fix 'size_t' in bindgen generated prototypes of C builtins.
- Warn on bindgen < 0.69.5 and libclang >= 19.1 due to a double issue
in the projects, which we managed to trigger with the upcoming
tracepoint support. It includes a build test since some
distributions backported the fix (e.g. Debian -- thanks!). All
major distributions we list should be now OK except Ubuntu non-LTS.
'macros' crate:
- Adapt the build system to be able run the doctests there too; and
clean up and enable the corresponding doctests.
'kernel' crate:
- Add 'alloc' module with generic kernel allocator support and remove
the dependency on the Rust standard library 'alloc' and the
extension traits we used to provide fallible methods with flags.
Add the 'Allocator' trait and its implementations '{K,V,KV}malloc'.
Add the 'Box' type (a heap allocation for a single value of type
'T' that is also generic over an allocator and considers the
kernel's GFP flags) and its shorthand aliases '{K,V,KV}Box'. Add
'ArrayLayout' type. Add 'Vec' (a contiguous growable array type)
and its shorthand aliases '{K,V,KV}Vec', including iterator
support.
For instance, now we may write code such as:
let mut v = KVec::new();
v.push(1, GFP_KERNEL)?;
assert_eq!(&v, &[1]);
Treewide, move as well old users to these new types.
- 'sync' module: add global lock support, including the
'GlobalLockBackend' trait; the 'Global{Lock,Guard,LockedBy}' types
and the 'global_lock!' macro. Add the 'Lock::try_lock' method.
- 'error' module: optimize 'Error' type to use 'NonZeroI32' and make
conversion functions public.
- 'page' module: add 'page_align' function.
- Add 'transmute' module with the existing 'FromBytes' and 'AsBytes'
traits.
- 'block::mq::request' module: improve rendered documentation.
- 'types' module: extend 'Opaque' type documentation and add simple
examples for the 'Either' types.
drm/panic:
- Clean up a series of Clippy warnings.
Documentation:
- Add coding guidelines for lints and the '#[expect]' feature.
- Add Ubuntu to the list of distributions in the Quick Start guide.
MAINTAINERS:
- Add Danilo Krummrich as maintainer of the new 'alloc' module.
And a few other small cleanups and fixes"
* tag 'rust-6.13' of https://github.com/Rust-for-Linux/linux: (82 commits)
rust: alloc: Fix `ArrayLayout` allocations
docs: rust: remove spurious item in `expect` list
rust: allow `clippy::needless_lifetimes`
rust: warn on bindgen < 0.69.5 and libclang >= 19.1
rust: use custom FFI integer types
rust: map `__kernel_size_t` and friends also to usize/isize
rust: fix size_t in bindgen prototypes of C builtins
rust: sync: add global lock support
rust: macros: enable the rest of the tests
rust: macros: enable paste! use from macro_rules!
rust: enable macros::module! tests
rust: kbuild: expand rusttest target for macros
rust: types: extend `Opaque` documentation
rust: block: fix formatting of `kernel::block::mq::request` module
rust: macros: fix documentation of the paste! macro
rust: kernel: fix THIS_MODULE header path in ThisModule doc comment
rust: page: add Rust version of PAGE_ALIGN
rust: helpers: remove unnecessary header includes
rust: exports: improve grammar in commentary
drm/panic: allow verbose version check
...
221 lines
7.5 KiB
Rust
221 lines
7.5 KiB
Rust
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
//! Generic kernel lock and guard.
|
|
//!
|
|
//! It contains a generic Rust lock and guard that allow for different backends (e.g., mutexes,
|
|
//! spinlocks, raw spinlocks) to be provided with minimal effort.
|
|
|
|
use super::LockClassKey;
|
|
use crate::{
|
|
init::PinInit,
|
|
pin_init,
|
|
str::CStr,
|
|
types::{NotThreadSafe, Opaque, ScopeGuard},
|
|
};
|
|
use core::{cell::UnsafeCell, marker::PhantomPinned};
|
|
use macros::pin_data;
|
|
|
|
pub mod mutex;
|
|
pub mod spinlock;
|
|
|
|
pub(super) mod global;
|
|
pub use global::{GlobalGuard, GlobalLock, GlobalLockBackend, GlobalLockedBy};
|
|
|
|
/// The "backend" of a lock.
|
|
///
|
|
/// It is the actual implementation of the lock, without the need to repeat patterns used in all
|
|
/// locks.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// - Implementers must ensure that only one thread/CPU may access the protected data once the lock
|
|
/// is owned, that is, between calls to [`lock`] and [`unlock`].
|
|
/// - Implementers must also ensure that [`relock`] uses the same locking method as the original
|
|
/// lock operation.
|
|
///
|
|
/// [`lock`]: Backend::lock
|
|
/// [`unlock`]: Backend::unlock
|
|
/// [`relock`]: Backend::relock
|
|
pub unsafe trait Backend {
|
|
/// The state required by the lock.
|
|
type State;
|
|
|
|
/// The state required to be kept between [`lock`] and [`unlock`].
|
|
///
|
|
/// [`lock`]: Backend::lock
|
|
/// [`unlock`]: Backend::unlock
|
|
type GuardState;
|
|
|
|
/// Initialises the lock.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// `ptr` must be valid for write for the duration of the call, while `name` and `key` must
|
|
/// remain valid for read indefinitely.
|
|
unsafe fn init(
|
|
ptr: *mut Self::State,
|
|
name: *const crate::ffi::c_char,
|
|
key: *mut bindings::lock_class_key,
|
|
);
|
|
|
|
/// Acquires the lock, making the caller its owner.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// Callers must ensure that [`Backend::init`] has been previously called.
|
|
#[must_use]
|
|
unsafe fn lock(ptr: *mut Self::State) -> Self::GuardState;
|
|
|
|
/// Tries to acquire the lock.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// Callers must ensure that [`Backend::init`] has been previously called.
|
|
unsafe fn try_lock(ptr: *mut Self::State) -> Option<Self::GuardState>;
|
|
|
|
/// Releases the lock, giving up its ownership.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// It must only be called by the current owner of the lock.
|
|
unsafe fn unlock(ptr: *mut Self::State, guard_state: &Self::GuardState);
|
|
|
|
/// Reacquires the lock, making the caller its owner.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// Callers must ensure that `guard_state` comes from a previous call to [`Backend::lock`] (or
|
|
/// variant) that has been unlocked with [`Backend::unlock`] and will be relocked now.
|
|
unsafe fn relock(ptr: *mut Self::State, guard_state: &mut Self::GuardState) {
|
|
// SAFETY: The safety requirements ensure that the lock is initialised.
|
|
*guard_state = unsafe { Self::lock(ptr) };
|
|
}
|
|
}
|
|
|
|
/// A mutual exclusion primitive.
|
|
///
|
|
/// Exposes one of the kernel locking primitives. Which one is exposed depends on the lock
|
|
/// [`Backend`] specified as the generic parameter `B`.
|
|
#[pin_data]
|
|
pub struct Lock<T: ?Sized, B: Backend> {
|
|
/// The kernel lock object.
|
|
#[pin]
|
|
state: Opaque<B::State>,
|
|
|
|
/// Some locks are known to be self-referential (e.g., mutexes), while others are architecture
|
|
/// or config defined (e.g., spinlocks). So we conservatively require them to be pinned in case
|
|
/// some architecture uses self-references now or in the future.
|
|
#[pin]
|
|
_pin: PhantomPinned,
|
|
|
|
/// The data protected by the lock.
|
|
pub(crate) data: UnsafeCell<T>,
|
|
}
|
|
|
|
// SAFETY: `Lock` can be transferred across thread boundaries iff the data it protects can.
|
|
unsafe impl<T: ?Sized + Send, B: Backend> Send for Lock<T, B> {}
|
|
|
|
// SAFETY: `Lock` serialises the interior mutability it provides, so it is `Sync` as long as the
|
|
// data it protects is `Send`.
|
|
unsafe impl<T: ?Sized + Send, B: Backend> Sync for Lock<T, B> {}
|
|
|
|
impl<T, B: Backend> Lock<T, B> {
|
|
/// Constructs a new lock initialiser.
|
|
pub fn new(t: T, name: &'static CStr, key: &'static LockClassKey) -> impl PinInit<Self> {
|
|
pin_init!(Self {
|
|
data: UnsafeCell::new(t),
|
|
_pin: PhantomPinned,
|
|
// SAFETY: `slot` is valid while the closure is called and both `name` and `key` have
|
|
// static lifetimes so they live indefinitely.
|
|
state <- Opaque::ffi_init(|slot| unsafe {
|
|
B::init(slot, name.as_char_ptr(), key.as_ptr())
|
|
}),
|
|
})
|
|
}
|
|
}
|
|
|
|
impl<T: ?Sized, B: Backend> Lock<T, B> {
|
|
/// Acquires the lock and gives the caller access to the data protected by it.
|
|
pub fn lock(&self) -> Guard<'_, T, B> {
|
|
// SAFETY: The constructor of the type calls `init`, so the existence of the object proves
|
|
// that `init` was called.
|
|
let state = unsafe { B::lock(self.state.get()) };
|
|
// SAFETY: The lock was just acquired.
|
|
unsafe { Guard::new(self, state) }
|
|
}
|
|
|
|
/// Tries to acquire the lock.
|
|
///
|
|
/// Returns a guard that can be used to access the data protected by the lock if successful.
|
|
pub fn try_lock(&self) -> Option<Guard<'_, T, B>> {
|
|
// SAFETY: The constructor of the type calls `init`, so the existence of the object proves
|
|
// that `init` was called.
|
|
unsafe { B::try_lock(self.state.get()).map(|state| Guard::new(self, state)) }
|
|
}
|
|
}
|
|
|
|
/// A lock guard.
|
|
///
|
|
/// Allows mutual exclusion primitives that implement the [`Backend`] trait to automatically unlock
|
|
/// when a guard goes out of scope. It also provides a safe and convenient way to access the data
|
|
/// protected by the lock.
|
|
#[must_use = "the lock unlocks immediately when the guard is unused"]
|
|
pub struct Guard<'a, T: ?Sized, B: Backend> {
|
|
pub(crate) lock: &'a Lock<T, B>,
|
|
pub(crate) state: B::GuardState,
|
|
_not_send: NotThreadSafe,
|
|
}
|
|
|
|
// SAFETY: `Guard` is sync when the data protected by the lock is also sync.
|
|
unsafe impl<T: Sync + ?Sized, B: Backend> Sync for Guard<'_, T, B> {}
|
|
|
|
impl<T: ?Sized, B: Backend> Guard<'_, T, B> {
|
|
pub(crate) fn do_unlocked<U>(&mut self, cb: impl FnOnce() -> U) -> U {
|
|
// SAFETY: The caller owns the lock, so it is safe to unlock it.
|
|
unsafe { B::unlock(self.lock.state.get(), &self.state) };
|
|
|
|
let _relock = ScopeGuard::new(||
|
|
// SAFETY: The lock was just unlocked above and is being relocked now.
|
|
unsafe { B::relock(self.lock.state.get(), &mut self.state) });
|
|
|
|
cb()
|
|
}
|
|
}
|
|
|
|
impl<T: ?Sized, B: Backend> core::ops::Deref for Guard<'_, T, B> {
|
|
type Target = T;
|
|
|
|
fn deref(&self) -> &Self::Target {
|
|
// SAFETY: The caller owns the lock, so it is safe to deref the protected data.
|
|
unsafe { &*self.lock.data.get() }
|
|
}
|
|
}
|
|
|
|
impl<T: ?Sized, B: Backend> core::ops::DerefMut for Guard<'_, T, B> {
|
|
fn deref_mut(&mut self) -> &mut Self::Target {
|
|
// SAFETY: The caller owns the lock, so it is safe to deref the protected data.
|
|
unsafe { &mut *self.lock.data.get() }
|
|
}
|
|
}
|
|
|
|
impl<T: ?Sized, B: Backend> Drop for Guard<'_, T, B> {
|
|
fn drop(&mut self) {
|
|
// SAFETY: The caller owns the lock, so it is safe to unlock it.
|
|
unsafe { B::unlock(self.lock.state.get(), &self.state) };
|
|
}
|
|
}
|
|
|
|
impl<'a, T: ?Sized, B: Backend> Guard<'a, T, B> {
|
|
/// Constructs a new immutable lock guard.
|
|
///
|
|
/// # Safety
|
|
///
|
|
/// The caller must ensure that it owns the lock.
|
|
pub(crate) unsafe fn new(lock: &'a Lock<T, B>, state: B::GuardState) -> Self {
|
|
Self {
|
|
lock,
|
|
state,
|
|
_not_send: NotThreadSafe,
|
|
}
|
|
}
|
|
}
|