Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp1156410pxb; Sat, 17 Apr 2021 08:15:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwg1HN5Yy8YzlNYqErts++s4J9AGwqbP0Kg4p+TgsDILItAoHICAR88ePKInX5daj7BGrXX X-Received: by 2002:a05:6402:34c8:: with SMTP id w8mr16741282edc.235.1618672520802; Sat, 17 Apr 2021 08:15:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618672520; cv=none; d=google.com; s=arc-20160816; b=qQUc8KsxEoJAsdDlaybf1jWzy+fxt0BdVrKXjVfrmo6HjIDty4PwHKVNMUAQ7M38V/ 3KDBA8WdTP4VX5j1Z9zqDBH7jy12AOZSOrOwfJsvsfo7B8C7zgQ6LJcB+ZffeioGEcVf TJWmzLXik1HSzFVSIxW5dVvMi6oZ0P09iICPdJEJeuqQTDFalOfmMox/6QxvcwsKGYDd CjAi6K2kn+TsuwmWL1G1gRnjUBn+xRih1KWcVgmRYCfxUKNLH3aKL0pq754D62JR6TXC ccnu0AEn3a0xu/5a2aAfs/4WDh0CNvzfsfgpAgbUY397fwB2sNU0IuF5489Bylyvhby3 AbPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=wpOOK6WyEfT9G+36ImXYA6KEN0QYHqGNtXUv7YEpGBY=; b=bxhCkFYa9ivvDGCTFtSmTV2r8c8IrJmldVBkGzjv1Y1K1jvS9HPLOpOOoWJ+5plJoU uo8nyAwSz83wiSdNXfbaIPKLb0B+wdixXQzunqoVzrCWRFrcWLXB6stKo6NLXoB80Vcl qAIU1O87Fbdj1UQ9ZsEeZpYUwmbzgEGCO6ThQf6cEU8lJMHO2hE84RmPIn7zqqoJlNd6 ptxT+PjRac5XB7pyt/fck9b0ywxPcQW1qsp4GOMn6RBRjxGoRFrdGjN0pwyXsb3af5Kc Ct9epmtGC19XwJ3KXOf9BUBDtx75CBHqsBQsJEEFQyiqKo5pdKJilgrHg79CZHV0B7y7 +lLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=JdFkhezn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u18si1272898ejf.448.2021.04.17.08.14.58; Sat, 17 Apr 2021 08:15:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=JdFkhezn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236377AbhDQPMT (ORCPT + 99 others); Sat, 17 Apr 2021 11:12:19 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:58864 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236367AbhDQPMS (ORCPT ); Sat, 17 Apr 2021 11:12:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1618672311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wpOOK6WyEfT9G+36ImXYA6KEN0QYHqGNtXUv7YEpGBY=; b=JdFkheznm0Crwdc8G1jV5agfbuwUAv9mAeUCPLPWtUmCSUNUsSZghBZ+VAizDofA1uJ1fG 7Ll0YqTeJg1x2SOLwAyD265Qco/xFG4Ii1CypIAoCweWht14GyN7sfWxD88iks2MmJcJOu u8fZxACUyyYd2GvaJiSPk+lUY/lgEoc= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-365-yv8jjhlQMFC5jcZrE_9zvg-1; Sat, 17 Apr 2021 11:11:49 -0400 X-MC-Unique: yv8jjhlQMFC5jcZrE_9zvg-1 Received: by mail-ed1-f72.google.com with SMTP id c15-20020a056402100fb029038518e5afc5so1170008edu.18 for ; Sat, 17 Apr 2021 08:11:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=wpOOK6WyEfT9G+36ImXYA6KEN0QYHqGNtXUv7YEpGBY=; b=Eg3Gd4F29KhLDq6qPjPQ2FBUkUDcQnfyHEp5ZkXKGz9JoFpFmQ1kyihf+k8WoCLe1V TTfmBMQbdQhtgandAVFch3J3yoku4OLDa0HuU9PjGwdm7oxtmpF4gOl/7WwUAr7DDG7U BewcXZLRaqtPZSDF1lx4a5awerpILpPCBNHg1Zr+mO3W3oIHSQnoTREsYb/uXpRFiQTI 1svR0d4ziMYnnoHO3aD+HUYIFQOd2nxs8jNF4cCLWBExeeAgVfTcjGYqbUDNz+qhwaI9 Q7laYwyA37w9c53+EfZOEa1M/eGet95ZZnXLDUyj094/NN0X2HkeK2uHG10GQW65Dfj8 WecQ== X-Gm-Message-State: AOAM530kZDv6M1nzuKl7DesRkHNKaL8vUcE4zLh8vuH+75UmM7oIr1f4 2dGob0ZTfFckTqqEQhuMBQGUoC/wnJtB2NySywhS9dV8AaDT9Gg2tyfCrXY8/eq14YZvf9p4cdU 8x49bCN47myxwGs4rWHxTia1p38KeZkqFGQGu8CGf5fh3NGWmjl1pFoQmH+K49W634amsKLDlH3 J9 X-Received: by 2002:aa7:cf03:: with SMTP id a3mr15838095edy.142.1618672308278; Sat, 17 Apr 2021 08:11:48 -0700 (PDT) X-Received: by 2002:aa7:cf03:: with SMTP id a3mr15838064edy.142.1618672308034; Sat, 17 Apr 2021 08:11:48 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:c8dd:75d4:99ab:290a? ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id o6sm8417188edw.24.2021.04.17.08.11.46 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 17 Apr 2021 08:11:47 -0700 (PDT) Subject: Re: [PATCH 00/13] [RFC] Rust support To: Theodore Ts'o , Wedson Almeida Filho Cc: Peter Zijlstra , ojeda@kernel.org, Linus Torvalds , Greg Kroah-Hartman , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org References: <20210414184604.23473-1-ojeda@kernel.org> From: Paolo Bonzini Message-ID: <7035e8a9-4bcd-bc87-4272-7efa6ed5ac53@redhat.com> Date: Sat, 17 Apr 2021 17:11:46 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 16/04/21 17:58, Theodore Ts'o wrote: > Another fairly common use case is a lockless, racy test of a > particular field, as an optimization before we take the lock before we > test it for realsies. In this particular case, we can't allocate > memory while holding a spinlock, so we check to see without taking the > spinlock to see whether we should allocate memory (which is expensive, > and unnecessasry most of the time): > > alloc_transaction: > /* > * This check is racy but it is just an optimization of allocating new > * transaction early if there are high chances we'll need it. If we > * guess wrong, we'll retry or free the unused transaction. > */ > if (!data_race(journal->j_running_transaction)) { > /* > * If __GFP_FS is not present, then we may be being called from > * inside the fs writeback layer, so we MUST NOT fail. > */ > if ((gfp_mask & __GFP_FS) == 0) > gfp_mask |= __GFP_NOFAIL; > new_transaction = kmem_cache_zalloc(transaction_cache, > gfp_mask); > if (!new_transaction) > return -ENOMEM; > } From my limited experience with Rust, things like these are a bit annoying indeed, sooner or later Mutex<> just doesn't cut it and you have to deal with its limitations. In this particular case you would use an AtomicBool field, place it outside the Mutex-protected struct, and make sure that is only accessed under the lock just like in C. One easy way out is to make the Mutex protect (officially) nothing, i.e. Mutex<()>, and handle the mutable fields yourself using RefCell (which gives you run-time checking but has some some space cost) or UnsafeCell (which is unsafe as the name says). Rust makes it pretty easy to write smart pointers (Mutex<>'s lock guard itself is a smart pointer) so you also have the possibility of writing a safe wrapper for the combination of Mutex<()> and UnsafeCell. Another example is when yu have a list of XYZ objects and use the same mutex for both the list of XYZ and a field in struct XYZ. You could place that field in an UnsafeCell and write a function that receives a guard for the list lock and returns the field, or something like that. It *is* quite ugly though. As an aside, from a teaching standpoint associating a Mutex with a specific data structure is bad IMNSHO, because it encourages too fine-grained locking. Sometimes the easiest path to scalability is to use a more coarse lock and ensure that contention is extremely rare. But it does work for most simple use cases (and device drivers would qualify as simple more often than not). Paolo