Re: Rust kernel policy
From: Andrew Lunn
Date: Wed Feb 19 2025 - 11:51:48 EST
On Wed, Feb 19, 2025 at 11:33:31AM -0500, Steven Rostedt wrote:
> On Wed, 19 Feb 2025 17:15:43 +0100
> Willy Tarreau <w@xxxxxx> wrote:
>
> > Yeah absolutely. However I remember having faced code in the past where
> > developers had abused this "unlock on return" concept resulting in locks
> > lazily being kept way too long after an operation. I don't think this
> > will happen in the kernel thanks to reviews, but typically all the stuff
> > that's done after a locked retrieval was done normally is down outside
> > of the lock, while here for the sake of not dealing with unlocks, quite
> > a few lines were still covered by the lock for no purpose. Anyway
> > there's no perfect solution.
>
> This was one of my concerns, and it does creep up slightly (even in my own
> use cases where I implemented them!).
>
> But we should be encouraging the use of:
>
> scoped_guard(mutex)(&my_mutex) {
> /* Do the work needed for for my_mutex */
> }
>
> Which does work out very well. And the fact that the code guarded by the
> mutex is now also indented, it makes it easier to review.
In networking, at least for the moment, we have set a policy of only
allowing scoped_guard. The more magical, less C like constructs are
strongly discouraged. We will review this policy in a few years time,
see how well the rest of cleanup.h actually worked out in other parts
of the kernel.
Andrew