lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aLu3U7T6Whasa2J-@archiso>
Date: Sat, 6 Sep 2025 04:23:47 +0000
From: Elle Rhumsaa <elle@...thered-steel.dev>
To: Boqun Feng <boqun.feng@...il.com>
Cc: rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
	lkmm@...ts.linux.dev, Will Deacon <will@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Mark Rutland <mark.rutland@....com>, Ingo Molnar <mingo@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	"Paul E. McKenney" <paulmck@...nel.org>, stern@...land.harvard.edu,
	Miguel Ojeda <ojeda@...nel.org>, alex.gaynor@...il.com,
	Gary Guo <gary@...yguo.net>,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>,
	Benno Lossin <lossin@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>,
	Trevor Gross <tmgross@...ch.edu>,
	Danilo Krummrich <dakr@...nel.org>,
	Andreas Hindborg <a.hindborg@...nel.org>
Subject: Re: [PATCH 06/14] rust: sync: atomic: Add the framework of
 arithmetic operations

On Thu, Sep 04, 2025 at 09:41:33PM -0700, Boqun Feng wrote:
> One important set of atomic operations is the arithmetic operations,
> i.e. add(), sub(), fetch_add(), add_return(), etc. However it may not
> make senses for all the types that `AtomicType` to have arithmetic
> operations, for example a `Foo(u32)` may not have a reasonable add() or
> sub(), plus subword types (`u8` and `u16`) currently don't have
> atomic arithmetic operations even on C side and might not have them in
> the future in Rust (because they are usually suboptimal on a few
> architecures). Therefore the plan is to add a few subtraits of
> `AtomicType` describing which types have and can do atomic arithemtic
> operations.
> 
> One trait `AtomicAdd` is added, and only add() and fetch_add() are
> added. The rest will be added in the future.
> 
> Reviewed-by: Alice Ryhl <aliceryhl@...gle.com>
> Reviewed-by: Benno Lossin <lossin@...nel.org>
> Signed-off-by: Boqun Feng <boqun.feng@...il.com>
> Link: https://lore.kernel.org/all/20250719030827.61357-7-boqun.feng@gmail.com/
> ---
>  rust/kernel/sync/atomic.rs           | 94 +++++++++++++++++++++++++++-
>  rust/kernel/sync/atomic/predefine.rs | 14 +++++
>  2 files changed, 106 insertions(+), 2 deletions(-)
> 
> diff --git a/rust/kernel/sync/atomic.rs b/rust/kernel/sync/atomic.rs
> index 4c32d12dc61e..016a6bcaf080 100644
> --- a/rust/kernel/sync/atomic.rs
> +++ b/rust/kernel/sync/atomic.rs
> @@ -16,7 +16,6 @@
>  //!
>  //! [`LKMM`]: srctree/tools/memory-model/
>  
> -#[allow(dead_code, unreachable_pub)]
>  mod internal;
>  pub mod ordering;
>  mod predefine;
> @@ -25,7 +24,7 @@
>  pub use ordering::{Acquire, Full, Relaxed, Release};
>  
>  use crate::build_error;
> -use internal::{AtomicBasicOps, AtomicExchangeOps, AtomicRepr};
> +use internal::{AtomicArithmeticOps, AtomicBasicOps, AtomicExchangeOps, AtomicRepr};
>  use ordering::OrderingType;
>  
>  /// A memory location which can be safely modified from multiple execution contexts.
> @@ -112,6 +111,19 @@ pub unsafe trait AtomicType: Sized + Send + Copy {
>      type Repr: AtomicImpl;
>  }
>  
> +/// Types that support atomic add operations.
> +///
> +/// # Safety
> +///
> +// TODO: Properly defines `wrapping_add` in the following comment.
> +/// `wrapping_add` any value of type `Self::Repr::Delta` obtained by [`Self::rhs_into_delta()`] to
> +/// any value of type `Self::Repr` obtained through transmuting a value of type `Self` to must
> +/// yield a value with a bit pattern also valid for `Self`.
> +pub unsafe trait AtomicAdd<Rhs = Self>: AtomicType {
> +    /// Converts `Rhs` into the `Delta` type of the atomic implementation.
> +    fn rhs_into_delta(rhs: Rhs) -> <Self::Repr as AtomicImpl>::Delta;
> +}
> +
>  #[inline(always)]
>  const fn into_repr<T: AtomicType>(v: T) -> T::Repr {
>      // SAFETY: Per the safety requirement of `AtomicType`, `T` is round-trip transmutable to
> @@ -459,3 +471,81 @@ fn try_cmpxchg<Ordering: ordering::Ordering>(&self, old: &mut T, new: T, _: Orde
>          ret
>      }
>  }
> +
> +impl<T: AtomicType> Atomic<T>
> +where
> +    T::Repr: AtomicArithmeticOps,
> +{
> +    /// Atomic add.
> +    ///
> +    /// Atomically updates `*self` to `(*self).wrapping_add(v)`.
> +    ///
> +    /// # Examples
> +    ///
> +    /// ```
> +    /// use kernel::sync::atomic::{Atomic, Relaxed};
> +    ///
> +    /// let x = Atomic::new(42);
> +    ///
> +    /// assert_eq!(42, x.load(Relaxed));
> +    ///
> +    /// x.add(12, Relaxed);
> +    ///
> +    /// assert_eq!(54, x.load(Relaxed));
> +    /// ```
> +    #[inline(always)]
> +    pub fn add<Rhs>(&self, v: Rhs, _: ordering::Relaxed)
> +    where
> +        T: AtomicAdd<Rhs>,
> +    {
> +        let v = T::rhs_into_delta(v);
> +
> +        // INVARIANT: `self.0` is a valid `T` after `atomic_add()` due to safety requirement of
> +        // `AtomicAdd`.
> +        T::Repr::atomic_add(&self.0, v);
> +    }
> +
> +    /// Atomic fetch and add.
> +    ///
> +    /// Atomically updates `*self` to `(*self).wrapping_add(v)`, and returns the value of `*self`
> +    /// before the update.
> +    ///
> +    /// # Examples
> +    ///
> +    /// ```
> +    /// use kernel::sync::atomic::{Atomic, Acquire, Full, Relaxed};
> +    ///
> +    /// let x = Atomic::new(42);
> +    ///
> +    /// assert_eq!(42, x.load(Relaxed));
> +    ///
> +    /// assert_eq!(54, { x.fetch_add(12, Acquire); x.load(Relaxed) });
> +    ///
> +    /// let x = Atomic::new(42);
> +    ///
> +    /// assert_eq!(42, x.load(Relaxed));
> +    ///
> +    /// assert_eq!(54, { x.fetch_add(12, Full); x.load(Relaxed) } );
> +    /// ```
> +    #[inline(always)]
> +    pub fn fetch_add<Rhs, Ordering: ordering::Ordering>(&self, v: Rhs, _: Ordering) -> T
> +    where
> +        T: AtomicAdd<Rhs>,
> +    {
> +        let v = T::rhs_into_delta(v);
> +
> +        // INVARIANT: `self.0` is a valid `T` after `atomic_fetch_add*()` due to safety requirement
> +        // of `AtomicAdd`.
> +        let ret = {
> +            match Ordering::TYPE {
> +                OrderingType::Full => T::Repr::atomic_fetch_add(&self.0, v),
> +                OrderingType::Acquire => T::Repr::atomic_fetch_add_acquire(&self.0, v),
> +                OrderingType::Release => T::Repr::atomic_fetch_add_release(&self.0, v),
> +                OrderingType::Relaxed => T::Repr::atomic_fetch_add_relaxed(&self.0, v),
> +            }
> +        };
> +
> +        // SAFETY: `ret` comes from reading `self.0`, which is a valid `T` per type invariants.
> +        unsafe { from_repr(ret) }
> +    }
> +}
> diff --git a/rust/kernel/sync/atomic/predefine.rs b/rust/kernel/sync/atomic/predefine.rs
> index 33356deee952..a6e5883be7cb 100644
> --- a/rust/kernel/sync/atomic/predefine.rs
> +++ b/rust/kernel/sync/atomic/predefine.rs
> @@ -8,8 +8,22 @@ unsafe impl super::AtomicType for i32 {
>      type Repr = i32;
>  }
>  
> +// SAFETY: The wrapping add result of two `i32`s is a valid `i32`.
> +unsafe impl super::AtomicAdd<i32> for i32 {
> +    fn rhs_into_delta(rhs: i32) -> i32 {
> +        rhs
> +    }
> +}
> +
>  // SAFETY: `i64` has the same size and alignment with itself, and is round-trip transmutable to
>  // itself.
>  unsafe impl super::AtomicType for i64 {
>      type Repr = i64;
>  }
> +
> +// SAFETY: The wrapping add result of two `i64`s is a valid `i64`.
> +unsafe impl super::AtomicAdd<i64> for i64 {
> +    fn rhs_into_delta(rhs: i64) -> i64 {
> +        rhs
> +    }
> +}
> -- 
> 2.51.0
> 
> 

Reviewed-by: Elle Rhumsaa <elle@...thered-steel.dev>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ