Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp3896475rwb; Mon, 16 Jan 2023 14:51:45 -0800 (PST) X-Google-Smtp-Source: AMrXdXtRYkIcJa51BhdDM6fddF7GakTMFopXccj/gjSvT8aaSgqDLZIy/FF73Ve6IkmB5hWLTkr5 X-Received: by 2002:a17:903:22c9:b0:191:e0b0:f8df with SMTP id y9-20020a17090322c900b00191e0b0f8dfmr1443967plg.58.1673909504844; Mon, 16 Jan 2023 14:51:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673909504; cv=none; d=google.com; s=arc-20160816; b=Jp9C/xkvUfRqhthdBNjh5H9DpAXvTKgTb3gpgvdS1fVhtH0Gl1AxNps6PMaxd2Q/6P DhKU9Q7cWUojC8UcdDgGoVosWqTgTvdQ6UvpF8eNfRoQOzuT7WdgtDxYB3pC5td8bQ2o iIf8hwryTgO/sWGDFrdX+EdeE5rmfQhmGbcoHT/YR6qypVRyG9xHWsqrYCl30ilpeLAd h8KKSG9oRArLTf8QKpqXX/QfKyqjIUM2ZAzXkLWNEkWyg5dnDankqQURipT5j4fgheys 7swcQR0qHOM9/dAXTQFZsQF+YULTKsj0boO1ThPW2vg8ZeBuLeaarywqnkNGTuYett1g lBRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=rjZVJeqqULFSXmD53yNXzMDaOIl+IC+pV+97/4sSu6I=; b=bndpHI2/LuFnRSQ8/pAp8Xfb7klwWQJepnTP88obgYDsfWSzeMRalUr1VDK1canczt sEIgNw9PhQEC5CXj6w3sTcOPAQRzpSvIZTKBNIzgrIQF1cRq1MjsDve4relMDGrJLQS5 jUVfgpoA7KxU0dSUG0FkeLlQRiNfia5OJHqGh1vLLQ8ivo+sh32KZc+NbQDMHhNKQa/i RpLgXBpVgug1BmhE54MyD3qukqwEkzLoP9FGOnRcxE/OBpGDYTCsK4Byj23NyL9BNDEN ijkjiibI9xJgGjYkl9H0k+p5XH2vdTZXOQaDg0wynXeJjTPc+kqKrmaZEVqbZnb1AG7Q s6Tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=A50ejkIH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j13-20020a170902da8d00b00186881688f9si3634871plx.276.2023.01.16.14.51.39; Mon, 16 Jan 2023 14:51:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=A50ejkIH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234158AbjAPWmw (ORCPT + 49 others); Mon, 16 Jan 2023 17:42:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232546AbjAPWmu (ORCPT ); Mon, 16 Jan 2023 17:42:50 -0500 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24CAC2387A; Mon, 16 Jan 2023 14:42:48 -0800 (PST) Received: by mail-pg1-x531.google.com with SMTP id s67so20629245pgs.3; Mon, 16 Jan 2023 14:42:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=rjZVJeqqULFSXmD53yNXzMDaOIl+IC+pV+97/4sSu6I=; b=A50ejkIHtFgA5d0wShNxSrxkuzQ0lPf5tP4owGGARkoP3Z6vrmV94Jy3s1fQPzuMr9 4K8HqAKlukvJ+QQGXZ0uX8YPG9WzST0vVaiHa2xcYzuv7etiDMGxGjCCLotBGgUuopWK MOBrZHqMSO14DZeEuDOOMBvQRMhBRXO9RfHoYvhp0+1R5g3GsRs5B6YyBrvzxke8gbm1 FSrwesrnoFJBeSKm9pjYYjXtPJ+h6OPenqmqnbGzR/AvY9f5UqK6NcZmi+VO8qzzLuqx O/83nNUGMv89GFOM2I/PFQRz2DKTaTSPI6IW5HGGq9wEX8COP3NiDLT5URz3CWKdh2Tm /uJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rjZVJeqqULFSXmD53yNXzMDaOIl+IC+pV+97/4sSu6I=; b=JT6F+MMcd64hKPeEUZVD7J/Ml9sEc1k7LJZdNRRebvl+gqQiikJ8ETN4gpTA3yycJL xoDvlS3njEqTuCqH+PgP4pODv28nCBaQ/ZW3JBmZ33Qy3sp2vc9eYZyuUu8JPN9uXPJ7 RnGXZS6FGRNQjSfGZ5oFkJOfnFqqpTiUEGD3DNl88VLTY/r+Iy+WU0s/UDzx4V1Adq1x 8Zp9Y1hvcsyl/+lPCMhPrv1BqamuDVcmpbbSQRAw9YzWxsR4g8300+0maOm+lp1Se7fy UwDrhasBAEIEFsOzKm8Lh/Qhh0P8BrPjsgkPowTR0qPB18WzSHfSHjx2rAY+JJc3kZAB e/ig== X-Gm-Message-State: AFqh2kpsMEY22xdU7j0mnFthUxrJwynSv9iMLwZ7LL7zpRfVWq3c8TPv he1LbqHdSnfguB0r+e3zyxVWngi4eiD5Dz3Pb2g6VL3d4Xpbqg4i X-Received: by 2002:a63:ea0c:0:b0:476:aad3:9121 with SMTP id c12-20020a63ea0c000000b00476aad39121mr35934pgi.385.1673908967516; Mon, 16 Jan 2023 14:42:47 -0800 (PST) MIME-Version: 1.0 References: <20221228060346.352362-1-wedsonaf@gmail.com> <20221228060346.352362-4-wedsonaf@gmail.com> In-Reply-To: <20221228060346.352362-4-wedsonaf@gmail.com> From: Vincenzo Palazzo Date: Mon, 16 Jan 2023 23:42:35 +0100 Message-ID: Subject: Re: [PATCH 4/7] rust: sync: introduce `ArcBorrow` To: Wedson Almeida Filho Cc: rust-for-linux@vger.kernel.org, Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Ops! I fall asleep while waiting for the Copy to derive Copy debate! Reviewed-by: Vincenzo Palazzo On Wed, Dec 28, 2022 at 7:05 AM Wedson Almeida Filho wrote: > > This allows us to create references to a ref-counted allocation without > double-indirection and that still allow us to increment the refcount to > a new `Arc`. > > Signed-off-by: Wedson Almeida Filho > --- > rust/kernel/sync.rs | 2 +- > rust/kernel/sync/arc.rs | 97 +++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 98 insertions(+), 1 deletion(-) > > diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs > index 39b379dd548f..5de03ea83ea1 100644 > --- a/rust/kernel/sync.rs > +++ b/rust/kernel/sync.rs > @@ -7,4 +7,4 @@ > > mod arc; > > -pub use arc::Arc; > +pub use arc::{Arc, ArcBorrow}; > diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs > index dbc7596cc3ce..f68bfc02c81a 100644 > --- a/rust/kernel/sync/arc.rs > +++ b/rust/kernel/sync/arc.rs > @@ -19,6 +19,7 @@ use crate::{bindings, error::Result, types::Opaque}; > use alloc::boxed::Box; > use core::{ > marker::{PhantomData, Unsize}, > + mem::ManuallyDrop, > ops::Deref, > ptr::NonNull, > }; > @@ -164,6 +165,18 @@ impl Arc { > _p: PhantomData, > } > } > + > + /// Returns an [`ArcBorrow`] from the given [`Arc`]. > + /// > + /// This is useful when the argument of a function call is an [`ArcBorrow`] (e.g., in a method > + /// receiver), but we have an [`Arc`] instead. Getting an [`ArcBorrow`] is free when optimised. > + #[inline] > + pub fn as_arc_borrow(&self) -> ArcBorrow<'_, T> { > + // SAFETY: The constraint that the lifetime of the shared reference must outlive that of > + // the returned `ArcBorrow` ensures that the object remains alive and that no mutable > + // reference can be created. > + unsafe { ArcBorrow::new(self.ptr) } > + } > } > > impl Deref for Arc { > @@ -208,3 +221,87 @@ impl Drop for Arc { > } > } > } > + > +/// A borrowed reference to an [`Arc`] instance. > +/// > +/// For cases when one doesn't ever need to increment the refcount on the allocation, it is simpler > +/// to use just `&T`, which we can trivially get from an `Arc` instance. > +/// > +/// However, when one may need to increment the refcount, it is preferable to use an `ArcBorrow` > +/// over `&Arc` because the latter results in a double-indirection: a pointer (shared reference) > +/// to a pointer (`Arc`) to the object (`T`). An [`ArcBorrow`] eliminates this double > +/// indirection while still allowing one to increment the refcount and getting an `Arc` when/if > +/// needed. > +/// > +/// # Invariants > +/// > +/// There are no mutable references to the underlying [`Arc`], and it remains valid for the > +/// lifetime of the [`ArcBorrow`] instance. > +/// > +/// # Example > +/// > +/// ``` > +/// use crate::sync::{Arc, ArcBorrow}; > +/// > +/// struct Example; > +/// > +/// fn do_something(e: ArcBorrow<'_, Example>) -> Arc { > +/// e.into() > +/// } > +/// > +/// let obj = Arc::try_new(Example)?; > +/// let cloned = do_something(obj.as_arc_borrow()); > +/// > +/// // Assert that both `obj` and `cloned` point to the same underlying object. > +/// assert!(core::ptr::eq(&*obj, &*cloned)); > +/// ``` > +pub struct ArcBorrow<'a, T: ?Sized + 'a> { > + inner: NonNull>, > + _p: PhantomData<&'a ()>, > +} > + > +impl Clone for ArcBorrow<'_, T> { > + fn clone(&self) -> Self { > + *self > + } > +} > + > +impl Copy for ArcBorrow<'_, T> {} > + > +impl ArcBorrow<'_, T> { > + /// Creates a new [`ArcBorrow`] instance. > + /// > + /// # Safety > + /// > + /// Callers must ensure the following for the lifetime of the returned [`ArcBorrow`] instance: > + /// 1. That `inner` remains valid; > + /// 2. That no mutable references to `inner` are created. > + unsafe fn new(inner: NonNull>) -> Self { > + // INVARIANT: The safety requirements guarantee the invariants. > + Self { > + inner, > + _p: PhantomData, > + } > + } > +} > + > +impl From> for Arc { > + fn from(b: ArcBorrow<'_, T>) -> Self { > + // SAFETY: The existence of `b` guarantees that the refcount is non-zero. `ManuallyDrop` > + // guarantees that `drop` isn't called, so it's ok that the temporary `Arc` doesn't own the > + // increment. > + ManuallyDrop::new(unsafe { Arc::from_inner(b.inner) }) > + .deref() > + .clone() > + } > +} > + > +impl Deref for ArcBorrow<'_, T> { > + type Target = T; > + > + fn deref(&self) -> &Self::Target { > + // SAFETY: By the type invariant, the underlying object is still alive with no mutable > + // references to it, so it is safe to create a shared reference. > + unsafe { &self.inner.as_ref().data } > + } > +} > -- > 2.34.1 >