lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3535d832-7980-4c95-a2f7-b6d90b172173@de.bosch.com>
Date: Thu, 12 Sep 2024 08:06:24 +0200
From: Dirk Behme <dirk.behme@...bosch.com>
To: Lyude Paul <lyude@...hat.com>, <rust-for-linux@...r.kernel.org>
CC: Danilo Krummrich <dakr@...hat.com>, <airlied@...hat.com>, Ingo Molnar
	<mingo@...hat.com>, Will Deacon <will@...nel.org>, Waiman Long
	<longman@...hat.com>, Peter Zijlstra <peterz@...radead.org>,
	<linux-kernel@...r.kernel.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor
	<alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, "Boqun
 Feng" <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin
	<benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>, "Alice
 Ryhl" <aliceryhl@...gle.com>, Asahi Lina <lina@...hilina.net>, Valentin Obst
	<kernel@...entinobst.de>
Subject: Re: [PATCH v4 1/3] rust: Introduce irq module

On 12.09.2024 02:55, Lyude Paul wrote:
> This introduces a module for dealing with interrupt-disabled contexts,
> including the ability to enable and disable interrupts
> (with_irqs_disabled()) - along with the ability to annotate functions as
> expecting that IRQs are already disabled on the local CPU.
> 
> Signed-off-by: Lyude Paul <lyude@...hat.com>
> 
> ---
> 
> V2:
> * Actually make it so that we check whether or not we have interrupts
>    disabled with debug assertions
> * Fix issues in the documentation (added suggestions, missing periods, made
>    sure that all rustdoc examples compile properly)
> * Pass IrqDisabled by value, not reference
> * Ensure that IrqDisabled is !Send and !Sync using
>    PhantomData<(&'a (), *mut ())>
> * Add all of the suggested derives from Benno Lossin
> 
> V3:
> * Use `impl` for FnOnce bounds in with_irqs_disabled()
> * Use higher-ranked trait bounds for the lifetime of with_irqs_disabled()
> * Wording changes in the documentation for the module itself
> 
> V4:
> * Use the actual unsafe constructor for IrqDisabled in
>    with_irqs_disabled()
> * Fix comment style in with_irqs_disabled example
> * Check before calling local_irq_restore() in with_irqs_disabled that
>    interrupts are still disabled. 


This looks correct ...


> It would have been nice to do this from a
>    Drop implementation like I hoped, but I realized rust doesn't allow that
>    for types that implement Copy.
> * Document that interrupts can't be re-enabled within the `cb` provided to
>    `with_irqs_disabled`, and link to the github issue I just filed about
>    this that describes the solution for this.
> 
> Signed-off-by: Lyude Paul <lyude@...hat.com>
....
> +/// Run the closure `cb` with interrupts disabled on the local CPU.
> +///
> +/// This creates an [`IrqDisabled`] token, which can be passed to functions that must be run
> +/// without interrupts. Note that interrupts must be disabled for the entire duration of `cb`, they
> +/// cannot be re-enabled. In the future, this may be expanded on
> +/// [as documented here](https://github.com/Rust-for-Linux/linux/issues/1115).
> +///
> +/// # Examples
> +///
> +/// Using [`with_irqs_disabled`] to call a function that can only be called with interrupts
> +/// disabled:
> +///
> +/// ```
> +/// use kernel::irq::{IrqDisabled, with_irqs_disabled};
> +///
> +/// // Requiring interrupts be disabled to call a function
> +/// fn dont_interrupt_me(_irq: IrqDisabled<'_>) {
> +///     // When this token is available, IRQs are known to be disabled. Actions that rely on this
> +///     // can be safely performed
> +/// }
> +///
> +/// // Disabling interrupts. They'll be re-enabled once this closure completes.
> +/// with_irqs_disabled(|irq| dont_interrupt_me(irq));
> +/// ```
> +#[inline]
> +pub fn with_irqs_disabled<T>(cb: impl for<'a> FnOnce(IrqDisabled<'a>) -> T) -> T {
> +    // SAFETY: FFI call with no special requirements
> +    let flags = unsafe { bindings::local_irq_save() };
> +
> +    // SAFETY: We just disabled IRQs using `local_irq_save()`
> +    let ret = cb(unsafe { IrqDisabled::new() });
> +
> +    // Confirm that IRQs are still enabled now that the callback has finished

... so here it should be 'disabled' instead of 'enabled'? "Confirm that 
IRQs are still disabled ...".

Dirk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ