lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 2 Mar 2024 11:29:53 +0100
From: Mathys Gasnier <mathys35.gasnier@...il.com>
To: Boqun Feng <boqun.feng@...il.com>
Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, 
	Wedson Almeida Filho <wedsonaf@...il.com>, Gary Guo <gary@...yguo.net>, 
	Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>, 
	Alice Ryhl <aliceryhl@...gle.com>, rust-for-linux@...r.kernel.org, 
	linux-kernel@...r.kernel.org, Martin Rodriguez Reboredo <yakoyoku@...il.com>
Subject: Re: [PATCH v5] rust: locks: Add `get_mut` method to `Lock`

Le ven. 1 mars 2024 à 23:53, Boqun Feng <boqun.feng@...il.com> a écrit :
>
> On Fri, Mar 01, 2024 at 06:33:23PM +0100, Mathys-Gasnier via B4 Relay wrote:
> > From: Mathys-Gasnier <mathys35.gasnier@...il.com>
> >
> > Having a mutable reference guarantees that no other threads have
> > access to the lock, so we can take advantage of that to grant callers
> > access to the protected data without the cost of acquiring and
> > releasing the locks. Since the lifetime of the data is tied to the
> > mutable reference, the borrow checker guarantees that the usage is safe.
> >
> > Reviewed-by: Martin Rodriguez Reboredo <yakoyoku@...il.com>
> > Reviewed-by: Alice Ryhl <aliceryhl@...gle.com>
> > Reviewed-by: Boqun Feng <boqun.feng@...il.com>
> > Signed-off-by: Mathys-Gasnier <mathys35.gasnier@...il.com>
> > ---
> > Changes in v5:
> > - Adding example
> > - Link to v4: https://lore.kernel.org/r/20240226-rust-locks-get-mut-v4-1-24abf57707a8@gmail.com
> >
> > Changes in v4:
> > - Improved documentation
> > - Link to v3: https://lore.kernel.org/r/20240222-rust-locks-get-mut-v3-1-d38a6f4bde3d@gmail.com
> >
> > Changes in v3:
> > - Changing the function to take a `Pin<&mut self>` instead of a `&mut self`
> > - Removed reviewed-by's since big changes were made. Please take another
> >   look.
> > - Link to v2: https://lore.kernel.org/r/20240212-rust-locks-get-mut-v2-1-5ccd34c2b70b@gmail.com
> >
> > Changes in v2:
> > - Improved doc comment.
> > - Link to v1: https://lore.kernel.org/r/20240209-rust-locks-get-mut-v1-1-ce351fc3de47@gmail.com
> > ---
> >  rust/kernel/sync/lock.rs | 38 +++++++++++++++++++++++++++++++++++++-
> >  1 file changed, 37 insertions(+), 1 deletion(-)
> >
> > diff --git a/rust/kernel/sync/lock.rs b/rust/kernel/sync/lock.rs
> > index f12a684bc957..345ca7be9d9f 100644
> > --- a/rust/kernel/sync/lock.rs
> > +++ b/rust/kernel/sync/lock.rs
> > @@ -7,7 +7,11 @@
> >
> >  use super::LockClassKey;
> >  use crate::{bindings, init::PinInit, pin_init, str::CStr, types::Opaque, types::ScopeGuard};
> > -use core::{cell::UnsafeCell, marker::PhantomData, marker::PhantomPinned};
> > +use core::{
> > +    cell::UnsafeCell,
> > +    marker::{PhantomData, PhantomPinned},
> > +    pin::Pin,
> > +};
> >  use macros::pin_data;
> >
> >  pub mod mutex;
> > @@ -121,6 +125,38 @@ pub fn lock(&self) -> Guard<'_, T, B> {
> >          // SAFETY: The lock was just acquired.
> >          unsafe { Guard::new(self, state) }
> >      }
> > +
> > +    /// Gets the data contained in the lock.
> > +    ///
> > +    /// Having a mutable reference to the lock guarantees that no other threads have access to the
> > +    /// lock. And because `data` is not structurally pinned, it is safe to get a mutable reference
> > +    /// to the lock content.
> > +    ///
> > +    /// # Example
> > +    ///
>
> Thanks! But please see below:
>
> > +    /// Using `get_mut` with a mutex.
> > +    ///
> > +    /// ```
>
> The example looks good, however, I was thinking about something like:
>
>     /// ```
>     /// use kernel::sync::{new_mutex, Mutex};
>     ///
>     /// let mut m = Box::pin_init(new_mutex!(None))?;
>     ///
>     /// assert_eq!(*(m.lock()), None);
>     ///
>     /// Mutex::get_mut(m.as_mut()).replace(42i32);
>     ///
>     /// assert_eq!(*(m.lock()), Some(42));
>     ///
>     /// # Ok::<(), Error>(())
>     /// ```
>
> because, this will also run something instead of just compiling a
> function.
>
> > +    /// use kernel::sync::Mutex;
> > +    ///
> > +    /// struct Example {
> > +    ///     a: u32,
> > +    ///     b: u32,
> > +    /// }
> > +    ///
> > +    /// fn example(m: Pin<&mut Mutex<Example>>) {
> > +    ///     // Calling from Mutex to avoid conflict with Pin::get_mut().
> > +    ///     let mut data = Mutex::get_mut(m);
>
> The other thing I notice when I try to make the above example work is:
> `Pin` also has a `get_mut`[1] function, so seems we have to use
> `Mutex::get_mut` to invoke the correct function, I personally want the
> following just works:
>
>         m.as_mut().get_mut().replace(42i32);
>
> and looks to me the simplest way is to change the function's name (for
> example `get_data_mut`), and we can do:
>
>         m.as_mut().get_data_mut().replace(42i32);
>
> Thoughts?

I don't understand why `Pin::get_mut` creates a conflict as it should
be behind a where close forcing the type to be `UnPin`.
The name of the function was chosen to be the same as rust std
`Mutex::get_mut` [1],
but you are right renaming this to something else might be the easiest
way of fixing it

Regards,
Mathys Gasnier

[1]: https://doc.rust-lang.org/std/sync/struct.Mutex.html#method.get_mut

> Regards,
> Boqun
>
>
> [1]: https://doc.rust-lang.org/core/pin/struct.Pin.html#method.get_mut
>
>
>
> > +    ///     data.a += 10;
> > +    ///     data.b += 20;
> > +    /// }
> > +    /// ```
> > +    pub fn get_mut(self: Pin<&mut Self>) -> &mut T {
> > +        // SAFETY: The lock will only be used to get a reference to the data, therefore self won't
> > +        // get moved.
> > +        let lock = unsafe { self.get_unchecked_mut() };
> > +        lock.data.get_mut()
> > +    }
> >  }
> >
> >  /// A lock guard.
> >
> > ---
> > base-commit: 711cbfc717650532624ca9f56fbaf191bed56e67
> > change-id: 20240118-rust-locks-get-mut-c42072101d7a
> >
> > Best regards,
> > --
> > Mathys-Gasnier <mathys35.gasnier@...il.com>
> >
> >

Le ven. 1 mars 2024 à 23:53, Boqun Feng <boqun.feng@...il.com> a écrit :
>
> On Fri, Mar 01, 2024 at 06:33:23PM +0100, Mathys-Gasnier via B4 Relay wrote:
> > From: Mathys-Gasnier <mathys35.gasnier@...il.com>
> >
> > Having a mutable reference guarantees that no other threads have
> > access to the lock, so we can take advantage of that to grant callers
> > access to the protected data without the cost of acquiring and
> > releasing the locks. Since the lifetime of the data is tied to the
> > mutable reference, the borrow checker guarantees that the usage is safe.
> >
> > Reviewed-by: Martin Rodriguez Reboredo <yakoyoku@...il.com>
> > Reviewed-by: Alice Ryhl <aliceryhl@...gle.com>
> > Reviewed-by: Boqun Feng <boqun.feng@...il.com>
> > Signed-off-by: Mathys-Gasnier <mathys35.gasnier@...il.com>
> > ---
> > Changes in v5:
> > - Adding example
> > - Link to v4: https://lore.kernel.org/r/20240226-rust-locks-get-mut-v4-1-24abf57707a8@gmail.com
> >
> > Changes in v4:
> > - Improved documentation
> > - Link to v3: https://lore.kernel.org/r/20240222-rust-locks-get-mut-v3-1-d38a6f4bde3d@gmail.com
> >
> > Changes in v3:
> > - Changing the function to take a `Pin<&mut self>` instead of a `&mut self`
> > - Removed reviewed-by's since big changes were made. Please take another
> >   look.
> > - Link to v2: https://lore.kernel.org/r/20240212-rust-locks-get-mut-v2-1-5ccd34c2b70b@gmail.com
> >
> > Changes in v2:
> > - Improved doc comment.
> > - Link to v1: https://lore.kernel.org/r/20240209-rust-locks-get-mut-v1-1-ce351fc3de47@gmail.com
> > ---
> >  rust/kernel/sync/lock.rs | 38 +++++++++++++++++++++++++++++++++++++-
> >  1 file changed, 37 insertions(+), 1 deletion(-)
> >
> > diff --git a/rust/kernel/sync/lock.rs b/rust/kernel/sync/lock.rs
> > index f12a684bc957..345ca7be9d9f 100644
> > --- a/rust/kernel/sync/lock.rs
> > +++ b/rust/kernel/sync/lock.rs
> > @@ -7,7 +7,11 @@
> >
> >  use super::LockClassKey;
> >  use crate::{bindings, init::PinInit, pin_init, str::CStr, types::Opaque, types::ScopeGuard};
> > -use core::{cell::UnsafeCell, marker::PhantomData, marker::PhantomPinned};
> > +use core::{
> > +    cell::UnsafeCell,
> > +    marker::{PhantomData, PhantomPinned},
> > +    pin::Pin,
> > +};
> >  use macros::pin_data;
> >
> >  pub mod mutex;
> > @@ -121,6 +125,38 @@ pub fn lock(&self) -> Guard<'_, T, B> {
> >          // SAFETY: The lock was just acquired.
> >          unsafe { Guard::new(self, state) }
> >      }
> > +
> > +    /// Gets the data contained in the lock.
> > +    ///
> > +    /// Having a mutable reference to the lock guarantees that no other threads have access to the
> > +    /// lock. And because `data` is not structurally pinned, it is safe to get a mutable reference
> > +    /// to the lock content.
> > +    ///
> > +    /// # Example
> > +    ///
>
> Thanks! But please see below:
>
> > +    /// Using `get_mut` with a mutex.
> > +    ///
> > +    /// ```
>
> The example looks good, however, I was thinking about something like:
>
>     /// ```
>     /// use kernel::sync::{new_mutex, Mutex};
>     ///
>     /// let mut m = Box::pin_init(new_mutex!(None))?;
>     ///
>     /// assert_eq!(*(m.lock()), None);
>     ///
>     /// Mutex::get_mut(m.as_mut()).replace(42i32);
>     ///
>     /// assert_eq!(*(m.lock()), Some(42));
>     ///
>     /// # Ok::<(), Error>(())
>     /// ```
>
> because, this will also run something instead of just compiling a
> function.
>
> > +    /// use kernel::sync::Mutex;
> > +    ///
> > +    /// struct Example {
> > +    ///     a: u32,
> > +    ///     b: u32,
> > +    /// }
> > +    ///
> > +    /// fn example(m: Pin<&mut Mutex<Example>>) {
> > +    ///     // Calling from Mutex to avoid conflict with Pin::get_mut().
> > +    ///     let mut data = Mutex::get_mut(m);
>
> The other thing I notice when I try to make the above example work is:
> `Pin` also has a `get_mut`[1] function, so seems we have to use
> `Mutex::get_mut` to invoke the correct function, I personally want the
> following just works:
>
>         m.as_mut().get_mut().replace(42i32);
>
> and looks to me the simplest way is to change the function's name (for
> example `get_data_mut`), and we can do:
>
>         m.as_mut().get_data_mut().replace(42i32);
>
> Thoughts?
>
> Regards,
> Boqun
>
>
> [1]: https://doc.rust-lang.org/core/pin/struct.Pin.html#method.get_mut
>
>
>
> > +    ///     data.a += 10;
> > +    ///     data.b += 20;
> > +    /// }
> > +    /// ```
> > +    pub fn get_mut(self: Pin<&mut Self>) -> &mut T {
> > +        // SAFETY: The lock will only be used to get a reference to the data, therefore self won't
> > +        // get moved.
> > +        let lock = unsafe { self.get_unchecked_mut() };
> > +        lock.data.get_mut()
> > +    }
> >  }
> >
> >  /// A lock guard.
> >
> > ---
> > base-commit: 711cbfc717650532624ca9f56fbaf191bed56e67
> > change-id: 20240118-rust-locks-get-mut-c42072101d7a
> >
> > Best regards,
> > --
> > Mathys-Gasnier <mathys35.gasnier@...il.com>
> >
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ