Re: Rust kernel policy

[Andrew Lunn]

On Wed, Feb 19, 2025 at 11:33:31AM -0500, Steven Rostedt wrote:
> On Wed, 19 Feb 2025 17:15:43 +0100
> Willy Tarreau <w@xxxxxx> wrote:
> 
> > Yeah absolutely. However I remember having faced code in the past where
> > developers had abused this "unlock on return" concept resulting in locks
> > lazily being kept way too long after an operation. I don't think this
> > will happen in the kernel thanks to reviews, but typically all the stuff
> > that's done after a locked retrieval was done normally is down outside
> > of the lock, while here for the sake of not dealing with unlocks, quite
> > a few lines were still covered by the lock for no purpose. Anyway
> > there's no perfect solution.
> 
> This was one of my concerns, and it does creep up slightly (even in my own
> use cases where I implemented them!).
> 
> But we should be encouraging the use of:
> 
> 	scoped_guard(mutex)(&my_mutex) {
> 		/* Do the work needed for for my_mutex */
> 	}
> 
> Which does work out very well. And the fact that the code guarded by the
> mutex is now also indented, it makes it easier to review.

In networking, at least for the moment, we have set a policy of only
allowing scoped_guard. The more magical, less C like constructs are
strongly discouraged. We will review this policy in a few years time,
see how well the rest of cleanup.h actually worked out in other parts
of the kernel.

	Andrew