Define basic low-level bindings to a kernel workqueue. The API defined
here can only be used unsafely. Later commits will provide safe
wrappers.
Co-developed-by: Gary Guo <[email protected]>
Signed-off-by: Gary Guo <[email protected]>
Signed-off-by: Alice Ryhl <[email protected]>
---
rust/bindings/bindings_helper.h | 1 +
rust/kernel/lib.rs | 1 +
rust/kernel/workqueue.rs | 107 ++++++++++++++++++++++++++++++++
3 files changed, 109 insertions(+)
create mode 100644 rust/kernel/workqueue.rs
diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
index 50e7a76d5455..ae2e8f018268 100644
--- a/rust/bindings/bindings_helper.h
+++ b/rust/bindings/bindings_helper.h
@@ -10,6 +10,7 @@
#include <linux/refcount.h>
#include <linux/wait.h>
#include <linux/sched.h>
+#include <linux/workqueue.h>
/* `bindgen` gets confused at certain things. */
const gfp_t BINDINGS_GFP_KERNEL = GFP_KERNEL;
diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
index 85b261209977..eaded02ffb01 100644
--- a/rust/kernel/lib.rs
+++ b/rust/kernel/lib.rs
@@ -43,6 +43,7 @@
pub mod sync;
pub mod task;
pub mod types;
+pub mod workqueue;
#[doc(hidden)]
pub use bindings;
diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs
new file mode 100644
index 000000000000..9c630840039b
--- /dev/null
+++ b/rust/kernel/workqueue.rs
@@ -0,0 +1,107 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! Work queues.
+//!
+//! C header: [`include/linux/workqueue.h`](../../../../include/linux/workqueue.h)
+
+use crate::{bindings, types::Opaque};
+
+/// A kernel work queue.
+///
+/// Wraps the kernel's C `struct workqueue_struct`.
+///
+/// It allows work items to be queued to run on thread pools managed by the kernel. Several are
+/// always available, for example, `system`, `system_highpri`, `system_long`, etc.
+#[repr(transparent)]
+pub struct Queue(Opaque<bindings::workqueue_struct>);
+
+// SAFETY: Kernel workqueues are usable from any thread.
+unsafe impl Send for Queue {}
+unsafe impl Sync for Queue {}
+
+impl Queue {
+ /// Use the provided `struct workqueue_struct` with Rust.
+ ///
+ /// # Safety
+ ///
+ /// The caller must ensure that the provided raw pointer is not dangling, that it points at a
+ /// valid workqueue, and that it remains valid until the end of 'a.
+ pub unsafe fn from_raw<'a>(ptr: *const bindings::workqueue_struct) -> &'a Queue {
+ // SAFETY: The `Queue` type is `#[repr(transparent)]`, so the pointer cast is valid. The
+ // caller promises that the pointer is not dangling.
+ unsafe { &*(ptr as *const Queue) }
+ }
+
+ /// Enqueues a work item.
+ ///
+ /// This may fail if the work item is already enqueued in a workqueue.
+ ///
+ /// The work item will be submitted using `WORK_CPU_UNBOUND`.
+ pub fn enqueue<W, const ID: u64>(&self, w: W) -> W::EnqueueOutput
+ where
+ W: RawWorkItem<ID> + Send + 'static,
+ {
+ let queue_ptr = self.0.get();
+
+ // SAFETY: We only return `false` if the `work_struct` is already in a workqueue. The other
+ // `__enqueue` requirements are not relevant since `W` is `Send` and static.
+ //
+ // The call to `bindings::queue_work_on` will dereference the provided raw pointer, which
+ // is ok because `__enqueue` guarantees that the pointer is valid for the duration of this
+ // closure.
+ //
+ // Furthermore, if the C workqueue code accesses the pointer after this call to
+ // `__enqueue`, then the work item was successfully enqueued, and `bindings::queue_work_on`
+ // will have returned true. In this case, `__enqueue` promises that the raw pointer will
+ // stay valid until we call the function pointer in the `work_struct`, so the access is ok.
+ unsafe {
+ w.__enqueue(move |work_ptr| {
+ bindings::queue_work_on(bindings::WORK_CPU_UNBOUND as _, queue_ptr, work_ptr)
+ })
+ }
+ }
+}
+
+/// A raw work item.
+///
+/// This is the low-level trait that is designed for being as general as possible.
+///
+/// The `ID` parameter to this trait exists so that a single type can provide multiple
+/// implementations of this trait. For example, if a struct has multiple `work_struct` fields, then
+/// you will implement this trait once for each field, using a different id for each field. The
+/// actual value of the id is not important as long as you use different ids for different fields
+/// of the same struct. (Fields of different structs need not use different ids.)
+///
+/// Note that the id is used only to select the right method to call during compilation. It wont be
+/// part of the final executable.
+///
+/// # Safety
+///
+/// Implementers must ensure that any pointers passed to a `queue_work_on` closure by `__enqueue`
+/// remain valid for the duration specified in the documentation for `__enqueue`.
+pub unsafe trait RawWorkItem<const ID: u64> {
+ /// The return type of [`Queue::enqueue`].
+ type EnqueueOutput;
+
+ /// Enqueues this work item on a queue using the provided `queue_work_on` method.
+ ///
+ /// # Guarantees
+ ///
+ /// If this method calls the provided closure, then the raw pointer is guaranteed to point at a
+ /// valid `work_struct` for the duration of the call to the closure. If the closure returns
+ /// true, then it is further guaranteed that the pointer remains valid until someone calls the
+ /// function pointer stored in the `work_struct`.
+ ///
+ /// # Safety
+ ///
+ /// The provided closure may only return `false` if the `work_struct` is already in a workqueue.
+ ///
+ /// If the work item type is annotated with any lifetimes, then you must not call the function
+ /// pointer after any such lifetime expires. (Never calling the function pointer is okay.)
+ ///
+ /// If the work item type is not [`Send`], then the function pointer must be called on the same
+ /// thread as the call to `__enqueue`.
+ unsafe fn __enqueue<F>(self, queue_work_on: F) -> Self::EnqueueOutput
+ where
+ F: FnOnce(*mut bindings::work_struct) -> bool;
+}
--
2.41.0.rc0.172.g3f132b7071-goog
On 6/1/23 10:49, Alice Ryhl wrote:
> Define basic low-level bindings to a kernel workqueue. The API defined
> here can only be used unsafely. Later commits will provide safe
> wrappers.
>
> Co-developed-by: Gary Guo <[email protected]>
> Signed-off-by: Gary Guo <[email protected]>
> Signed-off-by: Alice Ryhl <[email protected]>
> ---
> [...]
My Reviewed-by is missing.
Reviewed-by: Martin Rodriguez Reboredo <[email protected]>
Alice Ryhl <[email protected]> writes:
> Define basic low-level bindings to a kernel workqueue. The API defined
> here can only be used unsafely. Later commits will provide safe
> wrappers.
>
> Co-developed-by: Gary Guo <[email protected]>
> Signed-off-by: Gary Guo <[email protected]>
> Signed-off-by: Alice Ryhl <[email protected]>
Reviewed-by: Andreas Hindborg (Samsung) <[email protected]>
> ---
> rust/bindings/bindings_helper.h | 1 +
> rust/kernel/lib.rs | 1 +
> rust/kernel/workqueue.rs | 107 ++++++++++++++++++++++++++++++++
> 3 files changed, 109 insertions(+)
> create mode 100644 rust/kernel/workqueue.rs
>
> diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
> index 50e7a76d5455..ae2e8f018268 100644
> --- a/rust/bindings/bindings_helper.h
> +++ b/rust/bindings/bindings_helper.h
> @@ -10,6 +10,7 @@
> #include <linux/refcount.h>
> #include <linux/wait.h>
> #include <linux/sched.h>
> +#include <linux/workqueue.h>
>
> /* `bindgen` gets confused at certain things. */
> const gfp_t BINDINGS_GFP_KERNEL = GFP_KERNEL;
> diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
> index 85b261209977..eaded02ffb01 100644
> --- a/rust/kernel/lib.rs
> +++ b/rust/kernel/lib.rs
> @@ -43,6 +43,7 @@
> pub mod sync;
> pub mod task;
> pub mod types;
> +pub mod workqueue;
>
> #[doc(hidden)]
> pub use bindings;
> diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs
> new file mode 100644
> index 000000000000..9c630840039b
> --- /dev/null
> +++ b/rust/kernel/workqueue.rs
> @@ -0,0 +1,107 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +//! Work queues.
> +//!
> +//! C header: [`include/linux/workqueue.h`](../../../../include/linux/workqueue.h)
> +
> +use crate::{bindings, types::Opaque};
> +
> +/// A kernel work queue.
> +///
> +/// Wraps the kernel's C `struct workqueue_struct`.
> +///
> +/// It allows work items to be queued to run on thread pools managed by the kernel. Several are
> +/// always available, for example, `system`, `system_highpri`, `system_long`, etc.
> +#[repr(transparent)]
> +pub struct Queue(Opaque<bindings::workqueue_struct>);
> +
> +// SAFETY: Kernel workqueues are usable from any thread.
> +unsafe impl Send for Queue {}
> +unsafe impl Sync for Queue {}
> +
> +impl Queue {
> + /// Use the provided `struct workqueue_struct` with Rust.
> + ///
> + /// # Safety
> + ///
> + /// The caller must ensure that the provided raw pointer is not dangling, that it points at a
> + /// valid workqueue, and that it remains valid until the end of 'a.
> + pub unsafe fn from_raw<'a>(ptr: *const bindings::workqueue_struct) -> &'a Queue {
> + // SAFETY: The `Queue` type is `#[repr(transparent)]`, so the pointer cast is valid. The
> + // caller promises that the pointer is not dangling.
> + unsafe { &*(ptr as *const Queue) }
> + }
> +
> + /// Enqueues a work item.
> + ///
> + /// This may fail if the work item is already enqueued in a workqueue.
> + ///
> + /// The work item will be submitted using `WORK_CPU_UNBOUND`.
> + pub fn enqueue<W, const ID: u64>(&self, w: W) -> W::EnqueueOutput
> + where
> + W: RawWorkItem<ID> + Send + 'static,
> + {
> + let queue_ptr = self.0.get();
> +
> + // SAFETY: We only return `false` if the `work_struct` is already in a workqueue. The other
> + // `__enqueue` requirements are not relevant since `W` is `Send` and static.
> + //
> + // The call to `bindings::queue_work_on` will dereference the provided raw pointer, which
> + // is ok because `__enqueue` guarantees that the pointer is valid for the duration of this
> + // closure.
> + //
> + // Furthermore, if the C workqueue code accesses the pointer after this call to
> + // `__enqueue`, then the work item was successfully enqueued, and `bindings::queue_work_on`
> + // will have returned true. In this case, `__enqueue` promises that the raw pointer will
> + // stay valid until we call the function pointer in the `work_struct`, so the access is ok.
> + unsafe {
> + w.__enqueue(move |work_ptr| {
> + bindings::queue_work_on(bindings::WORK_CPU_UNBOUND as _, queue_ptr, work_ptr)
> + })
> + }
> + }
> +}
> +
> +/// A raw work item.
> +///
> +/// This is the low-level trait that is designed for being as general as possible.
> +///
> +/// The `ID` parameter to this trait exists so that a single type can provide multiple
> +/// implementations of this trait. For example, if a struct has multiple `work_struct` fields, then
> +/// you will implement this trait once for each field, using a different id for each field. The
> +/// actual value of the id is not important as long as you use different ids for different fields
> +/// of the same struct. (Fields of different structs need not use different ids.)
> +///
> +/// Note that the id is used only to select the right method to call during compilation. It wont be
> +/// part of the final executable.
> +///
> +/// # Safety
> +///
> +/// Implementers must ensure that any pointers passed to a `queue_work_on` closure by `__enqueue`
> +/// remain valid for the duration specified in the documentation for `__enqueue`.
> +pub unsafe trait RawWorkItem<const ID: u64> {
> + /// The return type of [`Queue::enqueue`].
> + type EnqueueOutput;
> +
> + /// Enqueues this work item on a queue using the provided `queue_work_on` method.
> + ///
> + /// # Guarantees
> + ///
> + /// If this method calls the provided closure, then the raw pointer is guaranteed to point at a
> + /// valid `work_struct` for the duration of the call to the closure. If the closure returns
> + /// true, then it is further guaranteed that the pointer remains valid until someone calls the
> + /// function pointer stored in the `work_struct`.
> + ///
> + /// # Safety
> + ///
> + /// The provided closure may only return `false` if the `work_struct` is already in a workqueue.
> + ///
> + /// If the work item type is annotated with any lifetimes, then you must not call the function
> + /// pointer after any such lifetime expires. (Never calling the function pointer is okay.)
> + ///
> + /// If the work item type is not [`Send`], then the function pointer must be called on the same
> + /// thread as the call to `__enqueue`.
> + unsafe fn __enqueue<F>(self, queue_work_on: F) -> Self::EnqueueOutput
> + where
> + F: FnOnce(*mut bindings::work_struct) -> bool;
> +}
On Thu, Jun 01, 2023 at 01:49:39PM +0000, Alice Ryhl wrote:
[...]
> +/// A raw work item.
> +///
> +/// This is the low-level trait that is designed for being as general as possible.
> +///
> +/// The `ID` parameter to this trait exists so that a single type can provide multiple
> +/// implementations of this trait. For example, if a struct has multiple `work_struct` fields, then
> +/// you will implement this trait once for each field, using a different id for each field. The
> +/// actual value of the id is not important as long as you use different ids for different fields
> +/// of the same struct. (Fields of different structs need not use different ids.)
> +///
> +/// Note that the id is used only to select the right method to call during compilation. It wont be
> +/// part of the final executable.
> +///
> +/// # Safety
> +///
> +/// Implementers must ensure that any pointers passed to a `queue_work_on` closure by `__enqueue`
> +/// remain valid for the duration specified in the documentation for `__enqueue`.
^ better to say "the #Guarantees section in the documentation for
`__enqueue`"?
Regards,
Boqun
> +pub unsafe trait RawWorkItem<const ID: u64> {
> + /// The return type of [`Queue::enqueue`].
> + type EnqueueOutput;
> +
> + /// Enqueues this work item on a queue using the provided `queue_work_on` method.
> + ///
> + /// # Guarantees
> + ///
> + /// If this method calls the provided closure, then the raw pointer is guaranteed to point at a
> + /// valid `work_struct` for the duration of the call to the closure. If the closure returns
> + /// true, then it is further guaranteed that the pointer remains valid until someone calls the
> + /// function pointer stored in the `work_struct`.
> + ///
> + /// # Safety
> + ///
> + /// The provided closure may only return `false` if the `work_struct` is already in a workqueue.
> + ///
> + /// If the work item type is annotated with any lifetimes, then you must not call the function
> + /// pointer after any such lifetime expires. (Never calling the function pointer is okay.)
> + ///
> + /// If the work item type is not [`Send`], then the function pointer must be called on the same
> + /// thread as the call to `__enqueue`.
> + unsafe fn __enqueue<F>(self, queue_work_on: F) -> Self::EnqueueOutput
> + where
> + F: FnOnce(*mut bindings::work_struct) -> bool;
> +}
> --
> 2.41.0.rc0.172.g3f132b7071-goog
>
Boqun Feng <[email protected]> writes:
> On Thu, Jun 01, 2023 at 01:49:39PM +0000, Alice Ryhl wrote:
> [...]
>> +/// A raw work item.
>> +///
>> +/// This is the low-level trait that is designed for being as general as possible.
>> +///
>> +/// The `ID` parameter to this trait exists so that a single type can provide multiple
>> +/// implementations of this trait. For example, if a struct has multiple `work_struct` fields, then
>> +/// you will implement this trait once for each field, using a different id for each field. The
>> +/// actual value of the id is not important as long as you use different ids for different fields
>> +/// of the same struct. (Fields of different structs need not use different ids.)
>> +///
>> +/// Note that the id is used only to select the right method to call during compilation. It wont be
>> +/// part of the final executable.
>> +///
>> +/// # Safety
>> +///
>> +/// Implementers must ensure that any pointers passed to a `queue_work_on` closure by `__enqueue`
>> +/// remain valid for the duration specified in the documentation for `__enqueue`.
>
> ^ better to say "the #Guarantees section in the documentation for
> `__enqueue`"?
>
> Regards,
> Boqun
Sure, I will clarify that this refers to the guarantees section in the
next version of the patchset.
Alice
On 01.06.23 15:49, Alice Ryhl wrote:
> Define basic low-level bindings to a kernel workqueue. The API defined
> here can only be used unsafely. Later commits will provide safe
> wrappers.
>
> Co-developed-by: Gary Guo <[email protected]>
> Signed-off-by: Gary Guo <[email protected]>
> Signed-off-by: Alice Ryhl <[email protected]>
Reviewed-by: Benno Lossin <[email protected]>
--
Cheers,
Benno
> ---
> rust/bindings/bindings_helper.h | 1 +
> rust/kernel/lib.rs | 1 +
> rust/kernel/workqueue.rs | 107 ++++++++++++++++++++++++++++++++
> 3 files changed, 109 insertions(+)
> create mode 100644 rust/kernel/workqueue.rs
>
> diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
> index 50e7a76d5455..ae2e8f018268 100644
> --- a/rust/bindings/bindings_helper.h
> +++ b/rust/bindings/bindings_helper.h
> @@ -10,6 +10,7 @@
> #include <linux/refcount.h>
> #include <linux/wait.h>
> #include <linux/sched.h>
> +#include <linux/workqueue.h>
>
> /* `bindgen` gets confused at certain things. */
> const gfp_t BINDINGS_GFP_KERNEL = GFP_KERNEL;
> diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
> index 85b261209977..eaded02ffb01 100644
> --- a/rust/kernel/lib.rs
> +++ b/rust/kernel/lib.rs
> @@ -43,6 +43,7 @@
> pub mod sync;
> pub mod task;
> pub mod types;
> +pub mod workqueue;
>
> #[doc(hidden)]
> pub use bindings;
> diff --git a/rust/kernel/workqueue.rs b/rust/kernel/workqueue.rs
> new file mode 100644
> index 000000000000..9c630840039b
> --- /dev/null
> +++ b/rust/kernel/workqueue.rs
> @@ -0,0 +1,107 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +//! Work queues.
> +//!
> +//! C header: [`include/linux/workqueue.h`](../../../../include/linux/workqueue.h)
> +
> +use crate::{bindings, types::Opaque};
> +
> +/// A kernel work queue.
> +///
> +/// Wraps the kernel's C `struct workqueue_struct`.
> +///
> +/// It allows work items to be queued to run on thread pools managed by the kernel. Several are
> +/// always available, for example, `system`, `system_highpri`, `system_long`, etc.
> +#[repr(transparent)]
> +pub struct Queue(Opaque<bindings::workqueue_struct>);
> +
> +// SAFETY: Kernel workqueues are usable from any thread.
> +unsafe impl Send for Queue {}
> +unsafe impl Sync for Queue {}
> +
> +impl Queue {
> + /// Use the provided `struct workqueue_struct` with Rust.
> + ///
> + /// # Safety
> + ///
> + /// The caller must ensure that the provided raw pointer is not dangling, that it points at a
> + /// valid workqueue, and that it remains valid until the end of 'a.
> + pub unsafe fn from_raw<'a>(ptr: *const bindings::workqueue_struct) -> &'a Queue {
> + // SAFETY: The `Queue` type is `#[repr(transparent)]`, so the pointer cast is valid. The
> + // caller promises that the pointer is not dangling.
> + unsafe { &*(ptr as *const Queue) }
> + }
> +
> + /// Enqueues a work item.
> + ///
> + /// This may fail if the work item is already enqueued in a workqueue.
> + ///
> + /// The work item will be submitted using `WORK_CPU_UNBOUND`.
> + pub fn enqueue<W, const ID: u64>(&self, w: W) -> W::EnqueueOutput
> + where
> + W: RawWorkItem<ID> + Send + 'static,
> + {
> + let queue_ptr = self.0.get();
> +
> + // SAFETY: We only return `false` if the `work_struct` is already in a workqueue. The other
> + // `__enqueue` requirements are not relevant since `W` is `Send` and static.
> + //
> + // The call to `bindings::queue_work_on` will dereference the provided raw pointer, which
> + // is ok because `__enqueue` guarantees that the pointer is valid for the duration of this
> + // closure.
> + //
> + // Furthermore, if the C workqueue code accesses the pointer after this call to
> + // `__enqueue`, then the work item was successfully enqueued, and `bindings::queue_work_on`
> + // will have returned true. In this case, `__enqueue` promises that the raw pointer will
> + // stay valid until we call the function pointer in the `work_struct`, so the access is ok.
> + unsafe {
> + w.__enqueue(move |work_ptr| {
> + bindings::queue_work_on(bindings::WORK_CPU_UNBOUND as _, queue_ptr, work_ptr)
> + })
> + }
> + }
> +}
> +
> +/// A raw work item.
> +///
> +/// This is the low-level trait that is designed for being as general as possible.
> +///
> +/// The `ID` parameter to this trait exists so that a single type can provide multiple
> +/// implementations of this trait. For example, if a struct has multiple `work_struct` fields, then
> +/// you will implement this trait once for each field, using a different id for each field. The
> +/// actual value of the id is not important as long as you use different ids for different fields
> +/// of the same struct. (Fields of different structs need not use different ids.)
> +///
> +/// Note that the id is used only to select the right method to call during compilation. It wont be
> +/// part of the final executable.
> +///
> +/// # Safety
> +///
> +/// Implementers must ensure that any pointers passed to a `queue_work_on` closure by `__enqueue`
> +/// remain valid for the duration specified in the documentation for `__enqueue`.
> +pub unsafe trait RawWorkItem<const ID: u64> {
> + /// The return type of [`Queue::enqueue`].
> + type EnqueueOutput;
> +
> + /// Enqueues this work item on a queue using the provided `queue_work_on` method.
> + ///
> + /// # Guarantees
> + ///
> + /// If this method calls the provided closure, then the raw pointer is guaranteed to point at a
> + /// valid `work_struct` for the duration of the call to the closure. If the closure returns
> + /// true, then it is further guaranteed that the pointer remains valid until someone calls the
> + /// function pointer stored in the `work_struct`.
> + ///
> + /// # Safety
> + ///
> + /// The provided closure may only return `false` if the `work_struct` is already in a workqueue.
> + ///
> + /// If the work item type is annotated with any lifetimes, then you must not call the function
> + /// pointer after any such lifetime expires. (Never calling the function pointer is okay.)
> + ///
> + /// If the work item type is not [`Send`], then the function pointer must be called on the same
> + /// thread as the call to `__enqueue`.
> + unsafe fn __enqueue<F>(self, queue_work_on: F) -> Self::EnqueueOutput
> + where
> + F: FnOnce(*mut bindings::work_struct) -> bool;
> +}
> --
> 2.41.0.rc0.172.g3f132b7071-goog
>