From: Boqun Feng <boqun.feng@gmail.com>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Matthew Wilcox" <willy@infradead.org>,
"Lorenzo Stoakes" <lorenzo.stoakes@oracle.com>,
"Vlastimil Babka" <vbabka@suse.cz>,
"John Hubbard" <jhubbard@nvidia.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"Christian Brauner" <brauner@kernel.org>,
"Jann Horn" <jannh@google.com>,
"Suren Baghdasaryan" <surenb@google.com>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
rust-for-linux@vger.kernel.org,
"Andreas Hindborg" <a.hindborg@kernel.org>
Subject: Re: [PATCH v9 8/8] task: rust: rework how current is accessed
Date: Fri, 22 Nov 2024 10:03:48 -0800 [thread overview]
Message-ID: <6740c786.050a0220.31315a.5363@mx.google.com> (raw)
In-Reply-To: <20241122-vma-v9-8-7127bfcdd54e@google.com>
On Fri, Nov 22, 2024 at 03:40:33PM +0000, Alice Ryhl wrote:
> Introduce a new type called `CurrentTask` that lets you perform various
> operations that are only safe on the `current` task. Use the new type to
> provide a way to access the current mm without incrementing its
> refcount.
>
> With this change, you can write stuff such as
>
> let vma = current!().mm().lock_vma_under_rcu(addr);
>
> without incrementing any refcounts.
>
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> ---
> Reviewers: Does accessing task->mm on a non-current task require rcu
> protection?
>
> Christian: If you submit the PidNamespace abstractions this cycle, I'll
> update this to also apply to PidNamespace.
> ---
> rust/kernel/mm.rs | 22 ------------------
> rust/kernel/task.rs | 64 ++++++++++++++++++++++++++++++++++++++++++-----------
> 2 files changed, 51 insertions(+), 35 deletions(-)
>
> diff --git a/rust/kernel/mm.rs b/rust/kernel/mm.rs
> index 50f4861ae4b9..f7d1079391ef 100644
> --- a/rust/kernel/mm.rs
> +++ b/rust/kernel/mm.rs
> @@ -142,28 +142,6 @@ fn deref(&self) -> &MmWithUser {
>
> // These methods are safe to call even if `mm_users` is zero.
> impl Mm {
> - /// Call `mmgrab` on `current.mm`.
> - #[inline]
> - pub fn mmgrab_current() -> Option<ARef<Mm>> {
> - // SAFETY: It's safe to get the `mm` field from current.
> - let mm = unsafe {
> - let current = bindings::get_current();
> - (*current).mm
> - };
> -
> - if mm.is_null() {
> - return None;
> - }
> -
> - // SAFETY: The value of `current->mm` is guaranteed to be null or a valid `mm_struct`. We
> - // just checked that it's not null. Furthermore, the returned `&Mm` is valid only for the
> - // duration of this function, and `current->mm` will stay valid for that long.
> - let mm = unsafe { Mm::from_raw(mm) };
> -
> - // This increments the refcount using `mmgrab`.
> - Some(ARef::from(mm))
> - }
> -
> /// Returns a raw pointer to the inner `mm_struct`.
> #[inline]
> pub fn as_raw(&self) -> *mut bindings::mm_struct {
> diff --git a/rust/kernel/task.rs b/rust/kernel/task.rs
> index 9e59d86da42d..103d235eb844 100644
> --- a/rust/kernel/task.rs
> +++ b/rust/kernel/task.rs
> @@ -94,6 +94,26 @@ unsafe impl Send for Task {}
> // synchronised by C code (e.g., `signal_pending`).
> unsafe impl Sync for Task {}
>
> +/// Represents a [`Task`] obtained from the `current` global.
> +///
> +/// This type exists to provide more efficient operations that are only valid on the current task.
> +/// For example, to retrieve the pid-namespace of a task, you must use rcu protection unless it is
> +/// the current task.
> +///
> +/// # Invariants
> +///
> +/// Must be equal to `current` of some thread that is currently running somewhere.
> +pub struct CurrentTask(Task);
> +
I think you need to make `CurrentTask` `!Sync`, right? Otherwise, other
threads can access the shared reference of a `CurrentTask` and the ->mm
field. I'm thinking if we have a scoped thread/workqueue support in the
future:
let task = current!();
Workqueue::scoped(|s| {
s.spawn(|| {
let mm = task.mm();
// do something with the mm
});
});
> +// Make all `Task` methods available on `CurrentTask`.
> +impl Deref for CurrentTask {
> + type Target = Task;
> + #[inline]
> + fn deref(&self) -> &Task {
> + &self.0
> + }
> +}
> +
> /// The type of process identifiers (PIDs).
> type Pid = bindings::pid_t;
>
> @@ -121,27 +141,25 @@ pub fn current_raw() -> *mut bindings::task_struct {
> /// # Safety
> ///
> /// Callers must ensure that the returned object doesn't outlive the current task/thread.
> - pub unsafe fn current() -> impl Deref<Target = Task> {
> - struct TaskRef<'a> {
> - task: &'a Task,
> - _not_send: NotThreadSafe,
> + pub unsafe fn current() -> impl Deref<Target = CurrentTask> {
> + struct TaskRef {
> + task: *const CurrentTask,
> }
>
> - impl Deref for TaskRef<'_> {
> - type Target = Task;
> + impl Deref for TaskRef {
> + type Target = CurrentTask;
>
> fn deref(&self) -> &Self::Target {
> - self.task
> + // SAFETY: The returned reference borrows from this `TaskRef`, so it cannot outlive
> + // the `TaskRef`, which the caller of `Task::current()` has promised will not
> + // outlive the task/thread for which `self.task` is the `current` pointer. Thus, it
> + // is okay to return a `CurrentTask` reference here.
> + unsafe { &*self.task }
> }
> }
>
> - let current = Task::current_raw();
> TaskRef {
> - // SAFETY: If the current thread is still running, the current task is valid. Given
> - // that `TaskRef` is not `Send`, we know it cannot be transferred to another thread
> - // (where it could potentially outlive the caller).
> - task: unsafe { &*current.cast() },
> - _not_send: NotThreadSafe,
> + task: Task::current_raw().cast(),
> }
> }
>
> @@ -203,6 +221,26 @@ pub fn wake_up(&self) {
> }
> }
>
> +impl CurrentTask {
> + /// Access the address space of this task.
> + ///
> + /// To increment the refcount of the referenced `mm`, you can use `ARef::from`.
> + #[inline]
> + pub fn mm(&self) -> Option<&MmWithUser> {
Hmm... similar issue, `MmWithUser` is `Sync`.
> + let mm = unsafe { (*self.as_ptr()).mm };
> +
> + if mm.is_null() {
> + None
> + } else {
> + // SAFETY: If `current->mm` is non-null, then it references a valid mm with a non-zero
> + // value of `mm_users`. The returned `&MmWithUser` borrows from `CurrentTask`, so the
> + // `&MmWithUser` cannot escape the current task, meaning `mm_users` can't reach zero
> + // while the reference is still live.
Regards,
Boqun
> + Some(unsafe { MmWithUser::from_raw(mm) })
> + }
> + }
> +}
> +
> // SAFETY: The type invariants guarantee that `Task` is always refcounted.
> unsafe impl crate::types::AlwaysRefCounted for Task {
> fn inc_ref(&self) {
>
> --
> 2.47.0.371.ga323438b13-goog
>
next prev parent reply other threads:[~2024-11-22 18:03 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-22 15:40 [PATCH v9 0/8] Rust support for mm_struct, vm_area_struct, and mmap Alice Ryhl
2024-11-22 15:40 ` [PATCH v9 1/8] mm: rust: add abstraction for struct mm_struct Alice Ryhl
2024-11-22 17:27 ` Lorenzo Stoakes
2024-11-22 15:40 ` [PATCH v9 2/8] mm: rust: add vm_area_struct methods that require read access Alice Ryhl
2024-11-26 22:09 ` Jann Horn
2024-11-27 12:01 ` Alice Ryhl
2024-11-27 15:40 ` Jann Horn
2024-11-27 15:45 ` Alice Ryhl
2024-11-27 16:16 ` Jann Horn
2024-11-29 11:44 ` Alice Ryhl
2024-11-29 11:58 ` Lorenzo Stoakes
2024-11-22 15:40 ` [PATCH v9 3/8] mm: rust: add vm_insert_page Alice Ryhl
2024-11-22 15:40 ` [PATCH v9 4/8] mm: rust: add lock_vma_under_rcu Alice Ryhl
2024-11-26 21:50 ` Jann Horn
2024-11-22 15:40 ` [PATCH v9 5/8] mm: rust: add mmput_async support Alice Ryhl
2024-11-22 15:40 ` [PATCH v9 6/8] mm: rust: add VmAreaNew for f_ops->mmap() Alice Ryhl
2024-11-22 17:33 ` Lorenzo Stoakes
2024-11-26 21:29 ` Jann Horn
2024-11-27 12:38 ` Alice Ryhl
2024-11-27 16:19 ` Jann Horn
2024-11-22 15:40 ` [PATCH v9 7/8] rust: miscdevice: add mmap support Alice Ryhl
2024-11-22 15:40 ` [PATCH v9 8/8] task: rust: rework how current is accessed Alice Ryhl
2024-11-22 15:53 ` Alice Ryhl
2024-11-22 17:34 ` Lorenzo Stoakes
2024-11-22 17:54 ` Lorenzo Stoakes
2024-11-22 18:51 ` Alice Ryhl
2024-11-22 18:03 ` Boqun Feng [this message]
2024-11-22 18:48 ` Alice Ryhl
2024-11-22 19:17 ` Boqun Feng
2024-11-22 19:30 ` Matthew Wilcox
2024-11-22 19:43 ` Alice Ryhl
2024-11-22 19:54 ` Matthew Wilcox
2024-11-22 20:16 ` Alice Ryhl
2024-11-26 17:14 ` Jann Horn
2024-11-27 12:35 ` Alice Ryhl
2024-11-27 15:52 ` Jann Horn
2024-11-27 15:57 ` Alice Ryhl
2024-11-27 16:18 ` Jann Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6740c786.050a0220.31315a.5363@mx.google.com \
--to=boqun.feng@gmail.com \
--cc=Liam.Howlett@oracle.com \
--cc=a.hindborg@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=arnd@arndb.de \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=brauner@kernel.org \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=jhubbard@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox