Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp781036rwl;
        Wed, 12 Apr 2023 04:09:53 -0700 (PDT)
X-Google-Smtp-Source: AKy350aixO+J7EDRxwGKWMHeWz2NAqAY6JLBaaY0Yj4fbs+s7M6WPUsmSzzcolHcVPaLiLr+d2rT
X-Received: by 2002:a05:6a20:bc9a:b0:d9:4cc8:996b with SMTP id fx26-20020a056a20bc9a00b000d94cc8996bmr14363796pzb.15.1681297793271;
        Wed, 12 Apr 2023 04:09:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1681297793; cv=none;
        d=google.com; s=arc-20160816;
        b=M33SvYPbRVSrQeMf4sTmZ4biV8PvQXJUG/yn1VJc/kQ/9p3NXHImWdc8amTueR9U3t
         YCTOP7AIzEhC8vNEskuTZAILqShy/TBN9G39juolh3RPFIsgGx/k73KiuB6/seUvdNAp
         IgV+QF3hdRMYt3XCRH/C+m5TQK43Oo94hwx5fxC8soT50DVBYi4Asvau92ySiUanhN0S
         iuvtXUVrxEytkYuHoM0UcwQEDHWS8xduVxGxh2K9bC51dtXpsgAp7NbzqMeaIpFYu7YH
         LB5H5J0hut7RAx83BpVqfUd/v/2d4zYKFbQ+cG2766QUsBpU6x6FXQCR1JvGBCH4Ddoi
         6JgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=+0tHhoLaNH21wv0oq5mHGI1fOn2fqnxMjXKIfupUAhY=;
        b=z2Zf7PsSnXnyJf7L4YxnI0GLNhM0Klcp/5vtauyzkJgPJdjaExxw9Q9RSUV1vulEHl
         HpFzz7nUaToKxSctcSjzwMrVHHc4ziFXz+yRzUhieRY/gNhFM8uX2lEBx/uQJ52JPJq0
         /+hELLMVa48wQiSfPKzBhGL5sWlP5yTQ4b/KrFzUxQoepDIwAhot0Y6AisigXWy0QkgT
         c/Jzk2lVp5N8mTuhDFYLvEAEAFAEabhoD+w7T3UBbQGu539V11Go1ZJBW/h7GORXM8x5
         tj1QOS9k4CpSI4nYXnYXs/DJXxRRoLykIho6nyktTRRYejQ7CWSiai04poapkcIOnQ7K
         qKEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20221208 header.b=e+swkbxq;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id k4-20020aa79d04000000b005a8efbddf5esi16165777pfp.238.2023.04.12.04.09.41;
        Wed, 12 Apr 2023 04:09:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20221208 header.b=e+swkbxq;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229854AbjDLLHy (ORCPT <rfc822;aravind.ht@gmail.com> + 99 others);
        Wed, 12 Apr 2023 07:07:54 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60124 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229536AbjDLLHx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Apr 2023 07:07:53 -0400
Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B56D6A60;
        Wed, 12 Apr 2023 04:07:52 -0700 (PDT)
Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-54c061acbc9so351658207b3.11;
        Wed, 12 Apr 2023 04:07:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1681297671;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=+0tHhoLaNH21wv0oq5mHGI1fOn2fqnxMjXKIfupUAhY=;
        b=e+swkbxqpSikjMu4Ym4/TcQ6kqy9uQ3Geo9IvLWoYrR77zM4L1lJBhLSISGU5J1Sgm
         xHHk5vS38naiRIRK4WLlRLso1dMAh8h5c0NLaE9v7PEebn9niewxb4lncH+Mfakeycfq
         KL0vtdtS/kRHbpdpbqjimd21xhTMEzgy2EhKdZF0MsDxdTgdtkcjYA19jWkqJQ4Cvnul
         ty6NbM52DcuXqqunzXLQf1CemY2SPtUWkyrg8OE1VznNOtVh4/ElfBurpgG0UqEi4aeF
         OE6aTqxRoUA+338Vd5f75CbPj7l4nHx788g5QOxkPRd/G/eQHPQxMOwHmu2Ff3h7H+Jd
         R5Pg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1681297671;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=+0tHhoLaNH21wv0oq5mHGI1fOn2fqnxMjXKIfupUAhY=;
        b=D5Jr0krUe0EoQfrmYG/QahSgcdsGn3ONtdMSSDKTlkqLCNxwARIRRnc7FIHdYT+zSm
         5Vsn1Ve3tKt4Siun6LkUSIV0PyKTSt2Nfsq+GLTNCOLz16cjWoD5Or1nIHTdPRZx6Ix7
         EvBmylw7zYGVro+L49A0bJqd/E2I8dvUPv1dt5Dc3WaObwD9SywJN96fbSVYk1lCS0K4
         VB7o6ulCSlXWDh7wPd9NI0S+dDP6lqgpkulV4ljEo5urxsUlPbVFQ/A3Lt0vqBQhaI7S
         aFVooOMm0oxz0QNd9Kb9dnuawScwyd/J77awU894RWfbT2P9W9awwHKpR0/I21qyIihG
         T5nA==
X-Gm-Message-State: AAQBX9dantb8yaUc/89VxtqeQOZwdD7/zLsNjYY4i4ug3BdLYVo2Qfzp
        H9w2vDFlkqJijZy99LBIU3esQx72AWvzKpWsPIE=
X-Received: by 2002:a81:af0c:0:b0:54c:c979:7f95 with SMTP id
 n12-20020a81af0c000000b0054cc9797f95mr7858106ywh.9.1681297671489; Wed, 12 Apr
 2023 04:07:51 -0700 (PDT)
MIME-Version: 1.0
References: <20230411054543.21278-1-wedsonaf@gmail.com> <20230411054543.21278-11-wedsonaf@gmail.com>
 <ZDZOzzMvvxr4rsW4@Boquns-Mac-mini.local>
In-Reply-To: <ZDZOzzMvvxr4rsW4@Boquns-Mac-mini.local>
From:   Wedson Almeida Filho <wedsonaf@gmail.com>
Date:   Wed, 12 Apr 2023 08:07:40 -0300
Message-ID: <CANeycqqpR6Gs5Qb_pc2j_QV-JAc8xR360vth6We8xWU1GU5ASA@mail.gmail.com>
Subject: Re: [PATCH v4 11/13] rust: lock: add `Guard::do_unlocked`
To:     Boqun Feng <boqun.feng@gmail.com>
Cc:     rust-for-linux@vger.kernel.org, Miguel Ojeda <ojeda@kernel.org>,
        Alex Gaynor <alex.gaynor@gmail.com>,
        Gary Guo <gary@garyguo.net>,
        =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>,
        linux-kernel@vger.kernel.org,
        Wedson Almeida Filho <walmeida@microsoft.com>,
        Martin Rodriguez Reboredo <yakoyoku@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 12 Apr 2023 at 03:25, Boqun Feng <boqun.feng@gmail.com> wrote:
>
> On Tue, Apr 11, 2023 at 02:45:41AM -0300, Wedson Almeida Filho wrote:
> [...]
> > +
> > +    unsafe fn relock(ptr: *mut Self::State, guard_state: &mut Self::GuardState) {
> > +        let _ = match guard_state {
> > +            // SAFETY: The safety requiments of this function ensure that `ptr` has been
> > +            // initialised.
> > +            None => unsafe { Self::lock(ptr) },
> > +            // SAFETY: The safety requiments of this function ensure that `ptr` has been
> > +            // initialised.
> > +            Some(_) => unsafe { Self::lock_irqsave(ptr) },
> > +        };
> > +    }
> >  }
> >
>
> One thing I'm little worried about the above is that we don't store back
> the new GuardState into `guard_state`, the particular case I'm worried
> about is as follow:
>
>         // IRQ is enabled.
>         // Disabling IRQ
>         unsafe { bindings::local_irq_disable(); }
>
>         let mut g = unsafe { SpinLockBackend::lock(&mut lock as *mut _) };
>         // `g` records irq state is "irq disabled"
>
>         unsafe { SpinLockBackend::unlock(&mut lock as *mut _, &g); }
>         // restore into "irq disabled" mode.
>         // IRQ is disabled.
>
>         // Enabling IRQ
>         unsafe { bindings::local_irq_enable(); }
>         // IRQ is enabled.
>
>         unsafe { SpinLockBackend::relock(&mut lock as *mut _, &mut g) }
>         // `g` still records irq state is "irq disabled"

Yes, that's by design. If you want it to record the new "irq enabled"
state, then you should call `lock()`, not `relock()`.

>         unsafe { SpinLockBackend::unlock(&mut lock as *mut _, &g); }
>         // restore into "irq disabled" mode.
>         // IRQ is disabled.
>
>
> This looks pretty scary to me, I would expect `relock()` updates the
> latest GuardState to the guard. Any reason it's implemented this way?

A `relock()` followed by an `unlock()` takes the state back to how it
was when `lock()` was originally called: this is precisely why
`relock()` exists.

Consider the following case:

```
local_disable_irq();
let mut guard = spinlock.lock();

guard.do_unlocked(|| {
    local_irq_enable();
    schedule();
});

drop(guard);
```

What would you expect the state to be? It's meant to be the state
right before `spinlock.lock()` was called, that's what the guard
represents.

If you want to preserve a new state, then you don't want `relock()`,
you just want a new `lock()` call.

> Regards,
> Boqun
>
> >  // SAFETY: The underlying kernel `spinlock_t` object ensures mutual exclusion. We use the `irqsave`
> >  // variant of the C lock acquisition functions to disable interrupts and retrieve the original
> >  // interrupt state, and the `irqrestore` variant of the lock release functions to restore the state
> >  // in `unlock` -- we use the guard context to determine which method was used to acquire the lock.
> > -unsafe impl super::IrqSaveBackend for SpinLockBackend {
> > +unsafe impl IrqSaveBackend for SpinLockBackend {
> >      unsafe fn lock_irqsave(ptr: *mut Self::State) -> Self::GuardState {
> >          // SAFETY: The safety requirements of this function ensure that `ptr` points to valid
> >          // memory, and that it has been initialised before.
> > --
> > 2.34.1
> >