From patchwork Fri Feb 9 11:18:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 198818 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:50ea:b0:106:860b:bbdd with SMTP id r10csp780032dyd; Fri, 9 Feb 2024 03:20:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IEj/ziyzmiBYj6HydqmleJzz376K3XsKhAh1TUxx1kBecxJHopb+Xf0MMQLoMbeXrxmztva X-Received: by 2002:a05:6e02:ca8:b0:363:bdb9:72af with SMTP id 8-20020a056e020ca800b00363bdb972afmr1489938ilg.23.1707477657933; Fri, 09 Feb 2024 03:20:57 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707477657; cv=pass; d=google.com; s=arc-20160816; b=LlXphE5mRFFbqmclMq4TxWivESnacLt1gOUuOwrQq7CCsvCmd8Ba10Tj+K0clNQRsa mKgTF8fdONjSrWNE30Kh5jICU3X3dU0OivpUyr16cG3k4UgB5GFCM6MzkBgLg2TCQQgl ekvdU2uJlrc9M2Tp7KJKksuDGAnX0bF1zzMC37bfKnsP3d7CX9VbWp4Nte9fQmAixlNX Vr0PEXD5z5pd2nak01lXtN4vdlhjT0AaJsEa6TDixiqFn661FvJKyqjgWXwWc8bTHijS Tx3hG7Ti0fOdl05Q06nXx2vrEA4MWp3isC1yZA7pKAOt7mMYm1fntahQRCeJhVzbUVuC TuNw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=9q54lAKt/gv2rK+yHeXkaQhcn+YG2rdku2rLMO1QR6A=; fh=2t9+2b8ltRwCYKVcpKJ1+2822r2kJnocn87uxeK4csc=; b=WFSlc4a8h897rlIu8Ww4b9/TnF6Z35qge9dOdsKyist/vFLMEEG1I06JYmT88SFfN2 m5mST1evmM15IFNRUfo0yPx50czVf5YCOw/gBdUO5eotci3FJXdO6GgwpmHlkgeGCQZY AaWYDs5Xam2s6ar6WqewW6PbNmFXqvWbdL8yX1v9SjwcroA/kspcB/YQ2wxKU1ysOPRi beD4tijqVRn1EtUG3LRKWLee0aqkv4Vkb9ETuEQ8Jl0JNW6cYqMD3hQc6TkM9/X65rv8 8g98jxLt77THmsiufFPAOWI/XaERHvngzGpRTB931SvixT/Q4pmmJWWM5p0Gug0pi9tT IqRg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=CXjKMt2b; arc=pass (i=1 spf=pass spfdomain=flex--aliceryhl.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-59278-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-59278-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=2; AJvYcCWTMHHXKff1Zocp+NvjBl7dY9Ui1pENazozy57/3whGZu6KimaLsZlGJvOoCiCFpBmE7upsC63tTlgFcJSPeC9IgR68eA== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d23-20020a637357000000b005d8b59b8da3si1497700pgn.839.2024.02.09.03.20.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Feb 2024 03:20:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-59278-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=CXjKMt2b; arc=pass (i=1 spf=pass spfdomain=flex--aliceryhl.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-59278-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-59278-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id BF11128CFB3 for ; Fri, 9 Feb 2024 11:20:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 76DEE364CF; Fri, 9 Feb 2024 11:18:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CXjKMt2b" Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5D2ADF57 for ; Fri, 9 Feb 2024 11:18:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707477534; cv=none; b=P6L8JHCKUCBWDPCeV9pGQAskjUU09dRZwrsHA3+jGJLg84RF/Lqh8IojIBDJ/btXdtBUsLYTJWFf0biUT7uWRYghMWNfCDWXz980drJlR9BPxUOrNCby4O77u0fjv5BuezNC++McQWB2M/HEaye7eNWCxmp7/beY8n5fnEmdFec= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707477534; c=relaxed/simple; bh=Ot5zgSBuhhqw7Lyq5N1K+biVLFlimbZBNuPkWRRLiE4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=elFy6ncMA0zqU05NjfnQQSEAYzWYn8GflRUy1dGdyFnCgxM5/j58tkqM88jDjpDqQf73Dl6MuK+YjiCSmWLN9DvTDliiUb4fVb2oCfWyABqbO+y6mClBbCPClFwzVYvwDztJDHnFfvvrKjNPIXFqeQ18KklPEUsiFF9TEqRpfnA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CXjKMt2b; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-60492d6bfc0so14868697b3.2 for ; Fri, 09 Feb 2024 03:18:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707477531; x=1708082331; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=9q54lAKt/gv2rK+yHeXkaQhcn+YG2rdku2rLMO1QR6A=; b=CXjKMt2bR2duDsCcVo1Ub81PH/W5Pvk5yVCebChy+56ctskn01xc04iX+zwCcPg9Ya mdYwvBO6p9gBa4tAhC3V88XxX3sDmmE3WABuFqk4nLhBF9vtO16rYpGYW4CHcFYYZ0bR esPZ7tLSNm2r7lP7gxmOJ2dvygYXZcU0TcFATUCeXzZn8IFN4VjR87PnVFA7iZQX8D/u e0vsXVL/PTq+tzF3spe1ZcTAcAi1Lzn2rWsNRZ3+/t7gWp9iyuHeWInv/4Mv98m0jsSg IEOydsDLVnyTq68z099N6YFNxJWxzsAQ5CqnpWsJXa6jnTS7JVf8K2INc2+XfiXJiq2s 9yeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707477531; x=1708082331; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9q54lAKt/gv2rK+yHeXkaQhcn+YG2rdku2rLMO1QR6A=; b=ZaXoNjw4y8zerRG/HEs84mAZcrFeKB7QHoLLwH3YR8fzslHkzgNfwFEludCSzwnrLm CfQZ+t42MScuiryVV1OQhqTTQclNXcboF70w5l4pdIHlKOb28t+VJpSRmZb25ClCSbMq ueij6wjwdXj6B6i0nrEKrzOmqRbwIBmcc4aC2QN0guCQZPKEJ933onrWfmQcNYUjEqqJ BhAEg5zt0Tpp4bR1qNIeg9AStynZGTwt1wZcJX672DnQYCHdYJOuusyrjPCsAJec37J9 Bo3+o1x/Wn67xM5cU7g2P6WlVKJQuAUjVkZlp/Tj19qTisaKlbxK0qRmnPCro0ApTVS4 GCxg== X-Gm-Message-State: AOJu0YxqPYb5qgKCySbQD6KkhzuS7cKThDZMLWzLLApTWpUR//gEqYzs q4Vj+i05vFq/vUvnCCrJKWxcaRyJDvBetsZ/P8c/GhNPeXUyHleLXfCsiPZr+kyxGS3guCIqKhn ztZyyhrYv30OFEQ== X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a05:6902:706:b0:dc2:421d:ee30 with SMTP id k6-20020a056902070600b00dc2421dee30mr18422ybt.6.1707477531683; Fri, 09 Feb 2024 03:18:51 -0800 (PST) Date: Fri, 09 Feb 2024 11:18:14 +0000 In-Reply-To: <20240209-alice-file-v5-0-a37886783025@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240209-alice-file-v5-0-a37886783025@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=5346; i=aliceryhl@google.com; h=from:subject:message-id; bh=Ot5zgSBuhhqw7Lyq5N1K+biVLFlimbZBNuPkWRRLiE4=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBlxgoPyGfidEExgGJzTQr4EuqI+P+PF6rccTGHa xqqgMJnVTmJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZcYKDwAKCRAEWL7uWMY5 RtXHD/96K2s5KP11BZAzeOUDVG85LrVgPCSeO7vAKxIsG5apeK3QUDwOM/nwagQGS2D4OsaDvSv jY2t+v1f2Jh8kUs/D1JuZs4o+nBB0B56BdMU1pWtEaBeXtPQB9xWHS87Ysi68C0iMUWsxIvI03i KlOXxSXBWQcX/9aPTzbTK18h+/DvTMmUxfDW6I6NhY8r0QxHsGZi8TlWjWUSfaii1kVzi9bC2hI MiOT8PNZAMBGvNsA/O94uIT57I2Dno5iLzD9xmQeiE58UEjQFE51OpKrPt9hEDRUl9biKklGa05 Gpf/Mgg1zgo3xu5+9ERTCQXXfV0qZn263lywYnnA8fhvMeh7WBVqo3TDq6yfYAEeAQwIqxn8Be1 +8MJj1ZScSdEkI73Ig+YUWiyuxZWcO7S10A850Y6I3vAPgMc5nVVPv0Do7zWYr9PxtG/7IcR3zo xcNqe4hV0glN6my3SOZFeopaHnPyGHHdy7PzeBbrvOIsURMUBoV4uswpsmE/yJdaCdSkzraWdjP X3eU6vFFhjE+KGoWfRwT9x4AH7cg2SLC4rHf8aRzqbgA9GeIY+SIJhLPBuCHQnyj6WSIPBCzl3U XOq4n47NHEf7vKsxh+1VoO6X6LP/L2mCtIn1aG6s3YVeMo16ff+2TkRKcO3ZiO4sU+80fwqlD5c eysAhO7o+dHjryQ== X-Mailer: b4 0.13-dev-26615 Message-ID: <20240209-alice-file-v5-1-a37886783025@google.com> Subject: [PATCH v5 1/9] rust: types: add `NotThreadSafe` From: Alice Ryhl To: Miguel Ojeda , Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Peter Zijlstra , Alexander Viro , Christian Brauner , Greg Kroah-Hartman , " =?utf-8?q?Arve_Hj=C3=B8n?= =?utf-8?q?nev=C3=A5g?= " , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan Cc: Dan Williams , Kees Cook , Matthew Wilcox , Thomas Gleixner , Daniel Xu , linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, linux-fsdevel@vger.kernel.org, Alice Ryhl , Trevor Gross , Martin Rodriguez Reboredo X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790420092494786732 X-GMAIL-MSGID: 1790420092494786732 This introduces a new marker type for types that shouldn't be thread safe. By adding a field of this type to a struct, it becomes non-Send and non-Sync, which means that it cannot be accessed in any way from threads other than the one it was created on. This is useful for APIs that require globals such as `current` to remain constant while the value exists. We update two existing users in the Kernel to use this helper: * `Task::current()` - moving the return type of this value to a different thread would not be safe as you can no longer be guaranteed that the `current` pointer remains valid. * Lock guards. Mutexes and spinlocks should be unlocked on the same thread as where they were locked, so we enforce this using the Send trait. There are also additional users in later patches of this patchset. See [1] and [2] for the discussion that led to the introduction of this patch. Link: https://lore.kernel.org/all/nFDPJFnzE9Q5cqY7FwSMByRH2OAn_BpI4H53NQfWIlN6I2qfmAqnkp2wRqn0XjMO65OyZY4h6P4K2nAGKJpAOSzksYXaiAK_FoH_8QbgBI4=@proton.me/ [1] Link: https://lore.kernel.org/all/nFDPJFnzE9Q5cqY7FwSMByRH2OAn_BpI4H53NQfWIlN6I2qfmAqnkp2wRqn0XjMO65OyZY4h6P4K2nAGKJpAOSzksYXaiAK_FoH_8QbgBI4=@proton.me/ [2] Suggested-by: Benno Lossin Reviewed-by: Benno Lossin Reviewed-by: Trevor Gross Reviewed-by: Martin Rodriguez Reboredo Signed-off-by: Alice Ryhl --- rust/kernel/sync/lock.rs | 14 ++++++++++---- rust/kernel/task.rs | 10 ++++++---- rust/kernel/types.rs | 18 ++++++++++++++++++ 3 files changed, 34 insertions(+), 8 deletions(-) diff --git a/rust/kernel/sync/lock.rs b/rust/kernel/sync/lock.rs index 149a5259d431..090b9ad63dc6 100644 --- a/rust/kernel/sync/lock.rs +++ b/rust/kernel/sync/lock.rs @@ -6,8 +6,14 @@ //! spinlocks, raw spinlocks) to be provided with minimal effort. use super::LockClassKey; -use crate::{bindings, init::PinInit, pin_init, str::CStr, types::Opaque, types::ScopeGuard}; -use core::{cell::UnsafeCell, marker::PhantomData, marker::PhantomPinned}; +use crate::{ + bindings, + init::PinInit, + pin_init, + str::CStr, + types::{NotThreadSafe, ScopeGuard, Opaque}, +}; +use core::{cell::UnsafeCell, marker::PhantomPinned}; use macros::pin_data; pub mod mutex; @@ -132,7 +138,7 @@ pub fn lock(&self) -> Guard<'_, T, B> { pub struct Guard<'a, T: ?Sized, B: Backend> { pub(crate) lock: &'a Lock, pub(crate) state: B::GuardState, - _not_send: PhantomData<*mut ()>, + _not_send: NotThreadSafe, } // SAFETY: `Guard` is sync when the data protected by the lock is also sync. @@ -184,7 +190,7 @@ pub(crate) unsafe fn new(lock: &'a Lock, state: B::GuardState) -> Self { Self { lock, state, - _not_send: PhantomData, + _not_send: NotThreadSafe, } } } diff --git a/rust/kernel/task.rs b/rust/kernel/task.rs index a3a4007db682..148a4f4eb7a8 100644 --- a/rust/kernel/task.rs +++ b/rust/kernel/task.rs @@ -4,10 +4,12 @@ //! //! C header: [`include/linux/sched.h`](srctree/include/linux/sched.h). -use crate::{bindings, types::Opaque}; +use crate::{ + bindings, + types::{NotThreadSafe, Opaque}, +}; use core::{ ffi::{c_int, c_long, c_uint}, - marker::PhantomData, ops::Deref, ptr, }; @@ -106,7 +108,7 @@ impl Task { pub unsafe fn current() -> impl Deref { struct TaskRef<'a> { task: &'a Task, - _not_send: PhantomData<*mut ()>, + _not_send: NotThreadSafe, } impl Deref for TaskRef<'_> { @@ -125,7 +127,7 @@ fn deref(&self) -> &Self::Target { // that `TaskRef` is not `Send`, we know it cannot be transferred to another thread // (where it could potentially outlive the caller). task: unsafe { &*ptr.cast() }, - _not_send: PhantomData, + _not_send: NotThreadSafe, } } diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index fdb778e65d79..ee1375d47df0 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -387,3 +387,21 @@ pub enum Either { /// Constructs an instance of [`Either`] containing a value of type `R`. Right(R), } + +/// Zero-sized type to mark types not [`Send`]. +/// +/// Add this type as a field to your struct if your type should not be sent to a different task. +/// Since [`Send`] is an auto trait, adding a single field that is `!Send` will ensure that the +/// whole type is `!Send`. +/// +/// If a type is `!Send` it is impossible to give control over an instance of the type to another +/// task. This is useful to include in types that store or reference task-local information. A file +/// descriptor is an example of such task-local information. +pub type NotThreadSafe = PhantomData<*mut ()>; + +/// Used to construct instances of type [`NotThreadSafe`] similar to how `PhantomData` is +/// constructed. +/// +/// [`NotThreadSafe`]: type@NotThreadSafe +#[allow(non_upper_case_globals)] +pub const NotThreadSafe: NotThreadSafe = PhantomData;