Re: [PATCH net-next v2 5/6] rust: Add read_poll_timeout function
From: Boqun Feng
Date: Sat Oct 05 2024 - 18:23:55 EST
On Sat, Oct 05, 2024 at 08:32:01PM +0200, Andrew Lunn wrote:
> > might_sleep() is called via a wrapper so the __FILE__ and __LINE__
> > debug info with CONFIG_DEBUG_ATOMIC_SLEEP enabled isn't what we
> > expect; the wrapper instead of the caller.
>
> So not very useful. All we know is that somewhere in Rust something is
> sleeping in atomic context. Is it possible to do better? Does __FILE__
> and __LINE__ exist in Rust?
>
Sure, you can use:
https://doc.rust-lang.org/core/macro.line.html
> > + if sleep {
> > + // SAFETY: FFI call.
> > + unsafe { bindings::might_sleep() }
> > + }
>
> What is actually unsafe about might_sleep()? It is a void foo(void)
Every extern "C" function is by default unsafe, because C doesn't have
the concept of safe/unsafe. If you want to avoid unsafe, you could
introduce a Rust's might_sleep() which calls into
`bindings::might_sleep()`:
pub fn might_sleep() {
// SAFETY: ??
unsafe { bindings::might_sleep() }
}
however, if you call a might_sleep() in a preemption disabled context
when CONFIG_DEBUG_ATOMIC_SLEEP=n and PREEMPT=VOLUNTERY, it could means
an unexpected RCU quiescent state, which results an early RCU grace
period, and that may mean a use-after-free. So it's not that safe as you
may expected.
Regards,
Boqun
> function, so takes no parameters, returns no results. It cannot affect
> anything which Rust is managing.
>
> > + // SAFETY: FFI call.
> > + unsafe { bindings::cpu_relax() }
>
> Same here.
>
> Andrew
>