| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6a6bcf8a-8b33-4f46-b891-4a97da2b73fc@proton.me>
Date: Thu, 01 Aug 2024 10:11:47 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: Lyude Paul <lyude@...hat.com>, rust-for-linux@...r.kernel.org
Cc: Danilo Krummrich <dakr@...hat.com>, airlied@...hat.com, Ingo Molnar <mingo@...hat.com>, Will Deacon <will@...nel.org>, Waiman Long <longman@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...sung.com>, Alice Ryhl <aliceryhl@...gle.com>, Martin Rodriguez Reboredo <yakoyoku@...il.com>, Valentin Obst <kernel@...entinobst.de>, Trevor Gross <tmgross@...ch.edu>, Ben Gooding <ben.gooding.dev@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/3] rust: sync: Introduce lock::Backend::Context
On 01.08.24 00:35, Lyude Paul wrote:
> Now that we've introduced an `IrqDisabled` token for marking contexts in
> which IRQs are disabled, we need a way to be able to pass it to locks that
> require that IRQs are disabled. In order to continue using the
> `lock::Backend` type instead of inventing our own thing, we accomplish this
> by adding the associated Context type, along with a `lock_with()` function
> that can accept a Context when acquiring a lock. To allow current users of
> context-less locks to keep using the normal `lock()` method, we take an
> example from Wedson Almeida Filho's work and add a `where T<'a>: Default`
> bound to `lock()` so that it can only be called on lock types where the
> context is simply a placeholder value, then re-implement it through the new
> `lock_with()` function.
>
> Signed-off-by: Lyude Paul <lyude@...hat.com>
> ---
> rust/kernel/sync/lock.rs | 17 +++++++++++++++--
> rust/kernel/sync/lock/mutex.rs | 3 +++
> rust/kernel/sync/lock/spinlock.rs | 1 +
> 3 files changed, 19 insertions(+), 2 deletions(-)
>
> diff --git a/rust/kernel/sync/lock.rs b/rust/kernel/sync/lock.rs
> index f6c34ca4d819f..f3ff50c4272cf 100644
> --- a/rust/kernel/sync/lock.rs
> +++ b/rust/kernel/sync/lock.rs
> @@ -38,6 +38,9 @@ pub unsafe trait Backend {
> /// [`unlock`]: Backend::unlock
> type GuardState;
>
> + /// The context which much be provided to acquire the lock.
> + type Context<'a>;
> +
> /// Initialises the lock.
> ///
> /// # Safety
> @@ -120,14 +123,24 @@ pub fn new(t: T, name: &'static CStr, key: &'static LockClassKey) -> impl PinIni
> }
>
> impl<T: ?Sized, B: Backend> Lock<T, B> {
> - /// Acquires the lock and gives the caller access to the data protected by it.
> - pub fn lock(&self) -> Guard<'_, T, B> {
> + /// Acquires the lock with the given context and gives the caller access to the data protected
> + /// by it.
> + pub fn lock_with(&self, _context: B::Context<'_>) -> Guard<'_, T, B> {
Here we need to be careful, without lifetime elision, this signature is:
pub fn lock_with<'a, 'b>(&'a self, _context: B::Context<'b>) -> Guard<'a, T, B>
This is problematic, since with this signature you should be able to
create this piece of code:
let lock: SpinLockIrq = /* ... */
let mut guard = None;
with_irq_disabled(|irq| guard = Some(lock.lock_with(irq)));
// then use guard when `irq` are again enabled!
So what we want the signature to be is this:
pub fn lock_with<'a>(&'a self, _context: B::Context<'a>) -> Guard<'a, T, B>
So we need to ensure that the lifetime of `context` is bound to the
lifetime of the guard.
> // SAFETY: The constructor of the type calls `init`, so the existence of the object proves
> // that `init` was called.
> let state = unsafe { B::lock(self.state.get()) };
> // SAFETY: The lock was just acquired.
> unsafe { Guard::new(self, state) }
> }
> +
> + /// Acquires the lock and gives the caller access to the data protected by it.
> + #[inline]
> + pub fn lock<'a>(&'a self) -> Guard<'a, T, B>
> + where
> + B::Context<'a>: Default,
> + {
> + self.lock_with(B::Context::default())
> + }
> }
>
> /// A lock guard.
> diff --git a/rust/kernel/sync/lock/mutex.rs b/rust/kernel/sync/lock/mutex.rs
> index 30632070ee670..327e53be4c0f4 100644
> --- a/rust/kernel/sync/lock/mutex.rs
> +++ b/rust/kernel/sync/lock/mutex.rs
> @@ -4,6 +4,8 @@
> //!
> //! This module allows Rust code to use the kernel's `struct mutex`.
>
> +use core::marker::*;
> +
> /// Creates a [`Mutex`] initialiser with the given name and a newly-created lock class.
> ///
> /// It uses the name if one is given, otherwise it generates one based on the file name and line
> @@ -93,6 +95,7 @@ macro_rules! new_mutex {
> unsafe impl super::Backend for MutexBackend {
> type State = bindings::mutex;
> type GuardState = ();
> + type Context<'a> = PhantomData<&'a ()>;
Is there any reason you chose `PhantomData` here? Why not just `()`?
---
Cheers,
Benno
>
> unsafe fn init(
> ptr: *mut Self::State,
> diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spinlock.rs
> index ea5c5bc1ce12e..8503d6e8e3de3 100644
> --- a/rust/kernel/sync/lock/spinlock.rs
> +++ b/rust/kernel/sync/lock/spinlock.rs
> @@ -92,6 +92,7 @@ macro_rules! new_spinlock {
> unsafe impl super::Backend for SpinLockBackend {
> type State = bindings::spinlock_t;
> type GuardState = ();
> + type Context<'a> = PhantomData<&'a ()>;
>
> unsafe fn init(
> ptr: *mut Self::State,
> --
> 2.45.2
>
Powered by blists - more mailing lists