Re: [PATCH v3 07/13] rust: lock: implement `IrqSaveBackend` for `SpinLock`

From: Martin Rodriguez Reboredo
Date: Sun Apr 09 2023 - 12:48:58 EST


On 4/8/23 04:53, Wedson Almeida Filho wrote:
> From: Wedson Almeida Filho <walmeida@xxxxxxxxxxxxx>
>
> This allows Rust code to use the `lock_irqsave` variant of spinlocks.
>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: Will Deacon <will@xxxxxxxxxx>
> Cc: Waiman Long <longman@xxxxxxxxxx>
> Signed-off-by: Wedson Almeida Filho <walmeida@xxxxxxxxxxxxx>
> ---
> v1 -> v2: No changes
> v2 -> v3: No changes
>
> rust/helpers.c | 16 +++++++++++++
> rust/kernel/sync/lock/spinlock.rs | 38 ++++++++++++++++++++++++++-----
> 2 files changed, 48 insertions(+), 6 deletions(-)
>
> diff --git a/rust/helpers.c b/rust/helpers.c
> index 05694e3f8f70..e42f5b446f92 100644
> --- a/rust/helpers.c
> +++ b/rust/helpers.c
> @@ -59,6 +59,22 @@ void rust_helper_spin_unlock(spinlock_t *lock)
> }
> EXPORT_SYMBOL_GPL(rust_helper_spin_unlock);
>
> +unsigned long rust_helper_spin_lock_irqsave(spinlock_t *lock)
> +{
> + unsigned long flags;
> +
> + spin_lock_irqsave(lock, flags);
> +
> + return flags;
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_spin_lock_irqsave);
> +
> +void rust_helper_spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags)
> +{
> + spin_unlock_irqrestore(lock, flags);
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_spin_unlock_irqrestore);
> +
> refcount_t rust_helper_REFCOUNT_INIT(int n)
> {
> return (refcount_t)REFCOUNT_INIT(n);
> diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spinlock.rs
> index a52d20fc9755..34dec09a97c0 100644
> --- a/rust/kernel/sync/lock/spinlock.rs
> +++ b/rust/kernel/sync/lock/spinlock.rs
> @@ -61,6 +61,8 @@ macro_rules! new_spinlock {
> /// assert_eq!(e.c, 10);
> /// assert_eq!(e.d.lock().a, 20);
> /// assert_eq!(e.d.lock().b, 30);
> +/// assert_eq!(e.d.lock_irqsave().a, 20);
> +/// assert_eq!(e.d.lock_irqsave().b, 30);
> /// ```
> ///
> /// The following example shows how to use interior mutability to modify the contents of a struct
> @@ -79,6 +81,12 @@ macro_rules! new_spinlock {
> /// guard.a += 10;
> /// guard.b += 20;
> /// }
> +///
> +/// fn example2(m: &SpinLock<Example>) {
> +/// let mut guard = m.lock_irqsave();
> +/// guard.a += 10;
> +/// guard.b += 20;
> +/// }
> /// ```
> ///
> /// [`spinlock_t`]: ../../../../include/linux/spinlock.h
> @@ -90,7 +98,7 @@ pub struct SpinLockBackend;
> // SAFETY: The underlying kernel `spinlock_t` object ensures mutual exclusion.
> unsafe impl super::Backend for SpinLockBackend {
> type State = bindings::spinlock_t;
> - type GuardState = ();
> + type GuardState = Option<core::ffi::c_ulong>;
>
> unsafe fn init(
> ptr: *mut Self::State,
> @@ -105,12 +113,30 @@ unsafe impl super::Backend for SpinLockBackend {
> unsafe fn lock(ptr: *mut Self::State) -> Self::GuardState {
> // SAFETY: The safety requirements of this function ensure that `ptr` points to valid
> // memory, and that it has been initialised before.
> - unsafe { bindings::spin_lock(ptr) }
> + unsafe { bindings::spin_lock(ptr) };
> + None
> }
>
> - unsafe fn unlock(ptr: *mut Self::State, _guard_state: &Self::GuardState) {
> - // SAFETY: The safety requirements of this function ensure that `ptr` is valid and that the
> - // caller is the owner of the mutex.
> - unsafe { bindings::spin_unlock(ptr) }
> + unsafe fn unlock(ptr: *mut Self::State, guard_state: &Self::GuardState) {
> + match guard_state {
> + // SAFETY: The safety requirements of this function ensure that `ptr` is valid and that
> + // the caller is the owner of the mutex.
> + Some(flags) => unsafe { bindings::spin_unlock_irqrestore(ptr, *flags) },
> + // SAFETY: The safety requirements of this function ensure that `ptr` is valid and that
> + // the caller is the owner of the mutex.
> + None => unsafe { bindings::spin_unlock(ptr) },
> + }
> + }
> +}
> +
> +// SAFETY: The underlying kernel `spinlock_t` object ensures mutual exclusion. We use the `irqsave`
> +// variant of the C lock acquisition functions to disable interrupts and retrieve the original
> +// interrupt state, and the `irqrestore` variant of the lock release functions to restore the state
> +// in `unlock` -- we use the guard context to determine which method was used to acquire the lock.
> +unsafe impl super::IrqSaveBackend for SpinLockBackend {
> + unsafe fn lock_irqsave(ptr: *mut Self::State) -> Self::GuardState {
> + // SAFETY: The safety requirements of this function ensure that `ptr` points to valid
> + // memory, and that it has been initialised before.
> + Some(unsafe { bindings::spin_lock_irqsave(ptr) })
> }
> }

Reviewed-by: Martin Rodriguez Reboredo <yakoyoku@xxxxxxxxx>