Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp4176715rwl; Tue, 27 Dec 2022 23:53:56 -0800 (PST) X-Google-Smtp-Source: AMrXdXv+xun3kLM1Zt5sChktzsDQWlhxVW70z0D9NH9xdV0Jew2uJXL+qFsfnX1atR7PiSruG2lN X-Received: by 2002:a05:6a20:d68f:b0:af:b909:2b34 with SMTP id it15-20020a056a20d68f00b000afb9092b34mr32370129pzb.41.1672214036667; Tue, 27 Dec 2022 23:53:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672214036; cv=none; d=google.com; s=arc-20160816; b=CKYCg9BsX1H2Z12k7tmjjdvTllfG8M/00My/bVQFWwh7wWJlFrs6FOZW5EOo/i8VrI 3nUtyerxjuyCv1BVQKioVZqMMuZ9ihJ9XoVS6kaDRv865xrYVAu4h+jg7lZbXF+AcaoO S2NBrvNK18DJUHVovmssFczOTWB6wyN7mhpAdDMMhWkz6axiCL8JWR21YTpoPXBzt0/v ljYm5RHR9Rf1N/u3xdC/HHVOJ7HYpYFPBX945nelbVVPGUxsMBI/H7XYMFPkqNhhOZgX Aw//skzBBYWjVgedWRL7AnaCyz/lPlrzgU69EUcKmJFf9Twd8uA1qrJ/aJdeP3QQH1hS 9x7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=h6QXMJKjXRhLN3M3TBsEF+a1iGTF5nwOodBXfKcg/rw=; b=mh6uenUn0Rczc2pjN+OaxRDMk6eHIGwDoYj5EkSOX/o3yKjBE9YgGTwASTQ5aG4gtM PQ688YtX9xB3Aa5qyzxoOpz4Sp0HTsDjo/IFkGik4qcCRo0C/oQcsREJ4G7W5gbwC55t dZyxIYthKRiyV8lxpYopA0/oW3i545RvO4SgqnR2F0mbzm077vguHgJE8oOhTfywrnx9 b4yWA4/1eDTWANeKs4yGSXYJjWrtPNBOVNeyoCACFBlSEYU5NyMVkuYIe99thB2b504g 1/L1tNHHfB/y1u5V9F9s7BZY5YrNeLMONlq3fS3jD2KXsOYN6+tLKfukjH3+1FKeHOlc cXuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@me.com header.s=1a1hai header.b=YrOY5R0F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=me.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e23-20020a656897000000b0047958831653si15763855pgt.525.2022.12.27.23.53.46; Tue, 27 Dec 2022 23:53:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@me.com header.s=1a1hai header.b=YrOY5R0F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=me.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229912AbiL1HUL (ORCPT + 65 others); Wed, 28 Dec 2022 02:20:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229665AbiL1HUG (ORCPT ); Wed, 28 Dec 2022 02:20:06 -0500 Received: from mr85p00im-ztdg06011801.me.com (mr85p00im-ztdg06011801.me.com [17.58.23.199]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21705F038 for ; Tue, 27 Dec 2022 23:20:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=1a1hai; t=1672212004; bh=h6QXMJKjXRhLN3M3TBsEF+a1iGTF5nwOodBXfKcg/rw=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=YrOY5R0FnmGXU+X8MGGIqdqQMt4FEQTzvV6G/qJ4b6N1QP+2xlMWp5mZh0fTGaFm4 zxtOLSGrq2+5pEgr3qHbgdoiMYIKmDGLAokeMePHYCmlsHFzCNRpS/mWpJT3yCMxva ZaGYBysml2A8e0MQUCA/ykBruMxnnrM4Cwo9JByQi4uUEJAo0R//47c/WUydrcsNcn KBr9086S4SVLrtV6wkzNfHuSJ2TFi84+dhSVJN/c9TCKfULN8kDXOsvJwcnzVzyBUy oNDPPLAn7Ed9+dc6dnrea4p6hEDwrILL/pV6lLzdCOJWwptU+AYvKeqtgYj8MqlkWF w8ybMFzjlbpqQ== Received: from smtpclient.apple (mr38p00im-dlb-asmtp-mailmevip.me.com [17.57.152.18]) by mr85p00im-ztdg06011801.me.com (Postfix) with ESMTPSA id B89129C1CB7; Wed, 28 Dec 2022 07:20:03 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.23\)) Subject: Re: [PATCH 6/7] rust: sync: introduce `UniqueArc` From: Laine Taffin Altman In-Reply-To: <20221228060346.352362-6-wedsonaf@gmail.com> Date: Tue, 27 Dec 2022 23:19:52 -0800 Cc: rust-for-linux@vger.kernel.org, Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Message-Id: <792D12DA-73F0-4218-B0E1-7A0D8C235C21@me.com> References: <20221228060346.352362-1-wedsonaf@gmail.com> <20221228060346.352362-6-wedsonaf@gmail.com> To: Wedson Almeida Filho X-Mailer: Apple Mail (2.3731.400.23) X-Proofpoint-GUID: DBm9ilUyzi5etzvJXVSIrCyBbuFE_PWX X-Proofpoint-ORIG-GUID: DBm9ilUyzi5etzvJXVSIrCyBbuFE_PWX X-Proofpoint-Virus-Version: =?UTF-8?Q?vendor=3Dfsecure_engine=3D1.1.170-22c6f66c430a71ce266a39bfe25bc?= =?UTF-8?Q?2903e8d5c8f:6.0.425,18.0.572,17.11.62.513.0000000_definitions?= =?UTF-8?Q?=3D2022-01-14=5F01:2022-01-14=5F01,2020-02-14=5F11,2021-12-02?= =?UTF-8?Q?=5F01_signatures=3D0?= X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 spamscore=0 suspectscore=0 mlxscore=0 clxscore=1015 mlxlogscore=999 bulkscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2212280058 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Dec 27, 2022, at 10:03 PM, Wedson Almeida Filho = wrote: >=20 > Since `Arc` does not allow mutating `T` directly (i.e., without = inner > mutability), it is currently not possible to do some initialisation of > `T` post construction but before being shared. >=20 > `UniqueArc` addresses this problem essentially being an `Arc` = that > has a refcount of 1 and is therefore writable. Once initialisation is > completed, it can be transitioned (without failure paths) into an > `Arc`. >=20 > Suggested-by: Gary Guo > Signed-off-by: Wedson Almeida Filho > --- > rust/kernel/sync.rs | 2 +- > rust/kernel/sync/arc.rs | 152 +++++++++++++++++++++++++++++++++++++++- > 2 files changed, 151 insertions(+), 3 deletions(-) >=20 > diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs > index 5de03ea83ea1..33da23e3076d 100644 > --- a/rust/kernel/sync.rs > +++ b/rust/kernel/sync.rs > @@ -7,4 +7,4 @@ >=20 > mod arc; >=20 > -pub use arc::{Arc, ArcBorrow}; > +pub use arc::{Arc, ArcBorrow, UniqueArc}; > diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs > index 84f31c85a513..832bafc74a90 100644 > --- a/rust/kernel/sync/arc.rs > +++ b/rust/kernel/sync/arc.rs > @@ -19,8 +19,9 @@ use crate::{bindings, error::Result, types::Opaque}; > use alloc::boxed::Box; > use core::{ > marker::{PhantomData, Unsize}, > - mem::ManuallyDrop, > - ops::Deref, > + mem::{ManuallyDrop, MaybeUninit}, > + ops::{Deref, DerefMut}, > + pin::Pin, > ptr::NonNull, > }; >=20 > @@ -222,6 +223,19 @@ impl Drop for Arc { > } > } >=20 > +impl From> for Arc { > + fn from(item: UniqueArc) -> Self { > + item.inner > + } > +} > + > +impl From>> for Arc { > + fn from(item: Pin>) -> Self { > + // SAFETY: The type invariants of `Arc` guarantee that the = data is pinned. > + unsafe { Pin::into_inner_unchecked(item).inner } > + } > +} > + > /// A borrowed reference to an [`Arc`] instance. > /// > /// For cases when one doesn't ever need to increment the refcount on = the allocation, it is simpler > @@ -328,3 +342,137 @@ impl Deref for ArcBorrow<'_, T> { > unsafe { &self.inner.as_ref().data } > } > } > + > +/// A refcounted object that is known to have a refcount of 1. > +/// > +/// It is mutable and can be converted to an [`Arc`] so that it can = be shared. > +/// > +/// # Invariants > +/// > +/// `inner` always has a reference count of 1. > +/// > +/// # Examples > +/// > +/// In the following example, we make changes to the inner object = before turning it into an > +/// `Arc` object (after which point, it cannot be mutated = directly). Note that `x.into()` > +/// cannot fail. > +/// > +/// ``` > +/// use kernel::sync::{Arc, UniqueArc}; > +/// > +/// struct Example { > +/// a: u32, > +/// b: u32, > +/// } > +/// > +/// fn test() -> Result> { > +/// let mut x =3D UniqueArc::try_new(Example { a: 10, b: 20 })?; > +/// x.a +=3D 1; > +/// x.b +=3D 1; > +/// Ok(x.into()) > +/// } > +/// > +/// # test().unwrap(); > +/// ``` > +/// > +/// In the following example we first allocate memory for a = ref-counted `Example` but we don't > +/// initialise it on allocation. We do initialise it later with a = call to [`UniqueArc::write`], > +/// followed by a conversion to `Arc`. This is particularly = useful when allocation happens > +/// in one context (e.g., sleepable) and initialisation in another = (e.g., atomic): > +/// > +/// ``` > +/// use kernel::sync::{Arc, UniqueArc}; > +/// > +/// struct Example { > +/// a: u32, > +/// b: u32, > +/// } > +/// > +/// fn test() -> Result> { > +/// let x =3D UniqueArc::try_new_uninit()?; > +/// Ok(x.write(Example { a: 10, b: 20 }).into()) > +/// } > +/// > +/// # test().unwrap(); > +/// ``` > +/// > +/// In the last example below, the caller gets a pinned instance of = `Example` while converting to > +/// `Arc`; this is useful in scenarios where one needs a = pinned reference during > +/// initialisation, for example, when initialising fields that are = wrapped in locks. > +/// > +/// ``` > +/// use kernel::sync::{Arc, UniqueArc}; > +/// > +/// struct Example { > +/// a: u32, > +/// b: u32, > +/// } > +/// > +/// fn test() -> Result> { > +/// let mut pinned =3D Pin::from(UniqueArc::try_new(Example { a: = 10, b: 20 })?); > +/// // We can modify `pinned` because it is `Unpin`. > +/// pinned.as_mut().a +=3D 1; > +/// Ok(pinned.into()) > +/// } > +/// > +/// # test().unwrap(); > +/// ``` > +pub struct UniqueArc { > + inner: Arc, > +} > + > +impl UniqueArc { > + /// Tries to allocate a new [`UniqueArc`] instance. > + pub fn try_new(value: T) -> Result { > + Ok(Self { > + // INVARIANT: The newly-created object has a ref-count of = 1. > + inner: Arc::try_new(value)?, > + }) > + } > + > + /// Tries to allocate a new [`UniqueArc`] instance whose contents = are not initialised yet. > + pub fn try_new_uninit() -> Result>> { > + Ok(UniqueArc::> { > + // INVARIANT: The newly-created object has a ref-count of = 1. > + inner: Arc::try_new(MaybeUninit::uninit())?, > + }) > + } > +} > + > +impl UniqueArc> { > + /// Converts a `UniqueArc>` into a `UniqueArc` = by writing a value into it. > + pub fn write(mut self, value: T) -> UniqueArc { > + self.deref_mut().write(value); > + let inner =3D ManuallyDrop::new(self).inner.ptr; > + UniqueArc { > + // SAFETY: The new `Arc` is taking over `ptr` from = `self.inner` (which won't be > + // dropped). The types are compatible because = `MaybeUninit` is compatible with `T`. > + inner: unsafe { Arc::from_inner(inner.cast()) }, > + } > + } > +} > + > +impl From> for Pin> { > + fn from(obj: UniqueArc) -> Self { > + // SAFETY: It is not possible to move/replace `T` inside a = `Pin>` (unless `T` Minor nit: `Pin>` in this comment should just be = `UniqueArc`. > + // is `Unpin`), so it is ok to convert it to = `Pin>`. > + unsafe { Pin::new_unchecked(obj) } > + } > +} > + > +impl Deref for UniqueArc { > + type Target =3D T; > + > + fn deref(&self) -> &Self::Target { > + self.inner.deref() > + } > +} > + > +impl DerefMut for UniqueArc { > + fn deref_mut(&mut self) -> &mut Self::Target { > + // SAFETY: By the `Arc` type invariant, there is necessarily = a reference to the object, so > + // it is safe to dereference it. Additionally, we know there = is only one reference when > + // it's inside a `UniqueArc`, so it is safe to get a mutable = reference. > + unsafe { &mut self.inner.ptr.as_mut().data } > + } > +} > --=20 > 2.34.1 >=20 >=20 =E2=80=94 Laine Taffin Altman