Re: [PATCH v3 5/7] rust: percpu: Support non-zeroable types for DynamicPerCpu

From: Mitchell Levy
Date: Thu Sep 04 2025 - 17:50:45 EST

Next message: Kory Maincent: "Re: [PATCH net] net: dev_ioctl: take ops lock in hwtstamp lower paths"
Previous message: Yang Shi: "Re: [PATCH v7 0/6] arm64: support FEAT_BBM level 2 and large block mapping when rodata=full"
In reply to: Miguel Ojeda: "Re: [PATCH v3 5/7] rust: percpu: Support non-zeroable types for DynamicPerCpu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 04, 2025 at 10:37:48PM +0200, Miguel Ojeda wrote:
> On Thu, Sep 4, 2025 at 10:17 PM Mitchell Levy <levymitchell0@xxxxxxxxx> wrote:
> >
> > Will do.
>
> By the way, sorry -- just to clarify, I didn't mean to remove
> anything, but rather split it (likely at the first full stop).

Oh no worries, I gotcha

> > Yes, this is true; strictly speaking, calling this function without
> > dereferencing the returned pointer is always safe. I suppose I find i
> t> clearer that, when a function has preconditions that are necessary for
> > it to return a valid pointer, the "safe-ness" has more to do with the
> > functions preconditions than the act of dereferencing the pointer.
>
> In that case, I would make it safe -- we don't use safety
> preconditions to mark "dangerous" operations, so to speak.

Understood.

> > In this case, the pointer shouldn't be going very far, but I think this
> > logic applies especially well in cases where pointers might be getting
> > stored away for later (and so the validity of the dereference later on
> > might rely on non-local conditions).
>
> But that applies to any returned raw pointer, no?

This is a fair point :)

> > This flows from the first requirement (that `self` is a live allocation,
> > which is necessary for `per_cpu_ptr` to return a valid pointer). Though,
> > as above, simply possessing this pointer isn't UB, so it's arguable that
> > any call to `per_cpu_ptr` (on x86 at least, I'm not sure how it's
> > implemented on other arches) is always safe. Regardless, I agree this
> > comment should be more clear (even if the function is safe, it's
> > probably worth noting why the pointer returned is valid when the
> > function preconditions are met); will fix.
>
> Sounds good, thanks!
>
> If you have cases you think other architectures may have different
> requirements, and you think it is likely one could enable the support
> for other arches and break it, then I would suggest adding a comment
> about it.
>
> Or, ideally, try to see if other architectures are fine already, even
> if you still don't enable the code in other arches.

Yeah agreed, I'd like to get ARM64 support going soon-ish at the very
least. My hope is that I should only need to mess with `percpu::numeric`
and `PerCpuPtr::get_ptr`... usage of `per_cpu_ptr` *shouldn't* have any
prerequisites, but there's just this note:
https://elixir.bootlin.com/linux/v6.17-rc4/source/include/asm-generic/percpu.h#L29
so I don't want to make strong claims :)

(note, I think the comment about x86_64 might be out-of-date, see
https://elixir.bootlin.com/linux/v6.17-rc4/source/arch/x86/kernel/setup_percpu.c#L32
and
https://elixir.bootlin.com/linux/v6.17-rc4/source/arch/x86/kernel/setup_percpu.c#L165
)

Thanks,
Mitchell

> Cheers,
> Miguel

Next message: Kory Maincent: "Re: [PATCH net] net: dev_ioctl: take ops lock in hwtstamp lower paths"
Previous message: Yang Shi: "Re: [PATCH v7 0/6] arm64: support FEAT_BBM level 2 and large block mapping when rodata=full"
In reply to: Miguel Ojeda: "Re: [PATCH v3 5/7] rust: percpu: Support non-zeroable types for DynamicPerCpu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]