mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2026-02-28 19:06:51 +01:00
0923fd0419
Pull locking updates from Ingo Molnar:
"Lock debugging:
- Implement compiler-driven static analysis locking context checking,
using the upcoming Clang 22 compiler's context analysis features
(Marco Elver)
We removed Sparse context analysis support, because prior to
removal even a defconfig kernel produced 1,700+ context tracking
Sparse warnings, the overwhelming majority of which are false
positives. On an allmodconfig kernel the number of false positive
context tracking Sparse warnings grows to over 5,200... On the plus
side of the balance actual locking bugs found by Sparse context
analysis is also rather ... sparse: I found only 3 such commits in
the last 3 years. So the rate of false positives and the
maintenance overhead is rather high and there appears to be no
active policy in place to achieve a zero-warnings baseline to move
the annotations & fixers to developers who introduce new code.
Clang context analysis is more complete and more aggressive in
trying to find bugs, at least in principle. Plus it has a different
model to enabling it: it's enabled subsystem by subsystem, which
results in zero warnings on all relevant kernel builds (as far as
our testing managed to cover it). Which allowed us to enable it by
default, similar to other compiler warnings, with the expectation
that there are no warnings going forward. This enforces a
zero-warnings baseline on clang-22+ builds (Which are still limited
in distribution, admittedly)
Hopefully the Clang approach can lead to a more maintainable
zero-warnings status quo and policy, with more and more subsystems
and drivers enabling the feature. Context tracking can be enabled
for all kernel code via WARN_CONTEXT_ANALYSIS_ALL=y (default
disabled), but this will generate a lot of false positives.
( Having said that, Sparse support could still be added back,
if anyone is interested - the removal patch is still
relatively straightforward to revert at this stage. )
Rust integration updates: (Alice Ryhl, Fujita Tomonori, Boqun Feng)
- Add support for Atomic<i8/i16/bool> and replace most Rust native
AtomicBool usages with Atomic<bool>
- Clean up LockClassKey and improve its documentation
- Add missing Send and Sync trait implementation for SetOnce
- Make ARef Unpin as it is supposed to be
- Add __rust_helper to a few Rust helpers as a preparation for
helper LTO
- Inline various lock related functions to avoid additional function
calls
WW mutexes:
- Extend ww_mutex tests and other test-ww_mutex updates (John
Stultz)
Misc fixes and cleanups:
- rcu: Mark lockdep_assert_rcu_helper() __always_inline (Arnd
Bergmann)
- locking/local_lock: Include more missing headers (Peter Zijlstra)
- seqlock: fix scoped_seqlock_read kernel-doc (Randy Dunlap)
- rust: sync: Replace `kernel::c_str!` with C-Strings (Tamir
Duberstein)"
* tag 'locking-core-2026-02-08' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (90 commits)
locking/rwlock: Fix write_trylock_irqsave() with CONFIG_INLINE_WRITE_TRYLOCK
rcu: Mark lockdep_assert_rcu_helper() __always_inline
compiler-context-analysis: Remove __assume_ctx_lock from initializers
tomoyo: Use scoped init guard
crypto: Use scoped init guard
kcov: Use scoped init guard
compiler-context-analysis: Introduce scoped init guards
cleanup: Make __DEFINE_LOCK_GUARD handle commas in initializers
seqlock: fix scoped_seqlock_read kernel-doc
tools: Update context analysis macros in compiler_types.h
rust: sync: Replace `kernel::c_str!` with C-Strings
rust: sync: Inline various lock related methods
rust: helpers: Move #define __rust_helper out of atomic.c
rust: wait: Add __rust_helper to helpers
rust: time: Add __rust_helper to helpers
rust: task: Add __rust_helper to helpers
rust: sync: Add __rust_helper to helpers
rust: refcount: Add __rust_helper to helpers
rust: rcu: Add __rust_helper to helpers
rust: processor: Add __rust_helper to helpers
...
230 lines
6.5 KiB
Rust
230 lines
6.5 KiB
Rust
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
//! Pre-defined atomic types
|
|
|
|
use crate::static_assert;
|
|
use core::mem::{align_of, size_of};
|
|
|
|
// Ensure size and alignment requirements are checked.
|
|
static_assert!(size_of::<bool>() == size_of::<i8>());
|
|
static_assert!(align_of::<bool>() == align_of::<i8>());
|
|
|
|
// SAFETY: `bool` has the same size and alignment as `i8`, and Rust guarantees that `bool` has
|
|
// only two valid bit patterns: 0 (false) and 1 (true). Those are valid `i8` values, so `bool` is
|
|
// round-trip transmutable to `i8`.
|
|
unsafe impl super::AtomicType for bool {
|
|
type Repr = i8;
|
|
}
|
|
|
|
// SAFETY: `i8` has the same size and alignment with itself, and is round-trip transmutable to
|
|
// itself.
|
|
unsafe impl super::AtomicType for i8 {
|
|
type Repr = i8;
|
|
}
|
|
|
|
// SAFETY: `i16` has the same size and alignment with itself, and is round-trip transmutable to
|
|
// itself.
|
|
unsafe impl super::AtomicType for i16 {
|
|
type Repr = i16;
|
|
}
|
|
|
|
// SAFETY: `i32` has the same size and alignment with itself, and is round-trip transmutable to
|
|
// itself.
|
|
unsafe impl super::AtomicType for i32 {
|
|
type Repr = i32;
|
|
}
|
|
|
|
// SAFETY: The wrapping add result of two `i32`s is a valid `i32`.
|
|
unsafe impl super::AtomicAdd<i32> for i32 {
|
|
fn rhs_into_delta(rhs: i32) -> i32 {
|
|
rhs
|
|
}
|
|
}
|
|
|
|
// SAFETY: `i64` has the same size and alignment with itself, and is round-trip transmutable to
|
|
// itself.
|
|
unsafe impl super::AtomicType for i64 {
|
|
type Repr = i64;
|
|
}
|
|
|
|
// SAFETY: The wrapping add result of two `i64`s is a valid `i64`.
|
|
unsafe impl super::AtomicAdd<i64> for i64 {
|
|
fn rhs_into_delta(rhs: i64) -> i64 {
|
|
rhs
|
|
}
|
|
}
|
|
|
|
// Defines an internal type that always maps to the integer type which has the same size alignment
|
|
// as `isize` and `usize`, and `isize` and `usize` are always bi-directional transmutable to
|
|
// `isize_atomic_repr`, which also always implements `AtomicImpl`.
|
|
#[allow(non_camel_case_types)]
|
|
#[cfg(not(testlib))]
|
|
#[cfg(not(CONFIG_64BIT))]
|
|
type isize_atomic_repr = i32;
|
|
#[allow(non_camel_case_types)]
|
|
#[cfg(not(testlib))]
|
|
#[cfg(CONFIG_64BIT)]
|
|
type isize_atomic_repr = i64;
|
|
|
|
#[allow(non_camel_case_types)]
|
|
#[cfg(testlib)]
|
|
#[cfg(target_pointer_width = "32")]
|
|
type isize_atomic_repr = i32;
|
|
#[allow(non_camel_case_types)]
|
|
#[cfg(testlib)]
|
|
#[cfg(target_pointer_width = "64")]
|
|
type isize_atomic_repr = i64;
|
|
|
|
// Ensure size and alignment requirements are checked.
|
|
static_assert!(size_of::<isize>() == size_of::<isize_atomic_repr>());
|
|
static_assert!(align_of::<isize>() == align_of::<isize_atomic_repr>());
|
|
static_assert!(size_of::<usize>() == size_of::<isize_atomic_repr>());
|
|
static_assert!(align_of::<usize>() == align_of::<isize_atomic_repr>());
|
|
|
|
// SAFETY: `isize` has the same size and alignment with `isize_atomic_repr`, and is round-trip
|
|
// transmutable to `isize_atomic_repr`.
|
|
unsafe impl super::AtomicType for isize {
|
|
type Repr = isize_atomic_repr;
|
|
}
|
|
|
|
// SAFETY: The wrapping add result of two `isize_atomic_repr`s is a valid `usize`.
|
|
unsafe impl super::AtomicAdd<isize> for isize {
|
|
fn rhs_into_delta(rhs: isize) -> isize_atomic_repr {
|
|
rhs as isize_atomic_repr
|
|
}
|
|
}
|
|
|
|
// SAFETY: `u32` and `i32` has the same size and alignment, and `u32` is round-trip transmutable to
|
|
// `i32`.
|
|
unsafe impl super::AtomicType for u32 {
|
|
type Repr = i32;
|
|
}
|
|
|
|
// SAFETY: The wrapping add result of two `i32`s is a valid `u32`.
|
|
unsafe impl super::AtomicAdd<u32> for u32 {
|
|
fn rhs_into_delta(rhs: u32) -> i32 {
|
|
rhs as i32
|
|
}
|
|
}
|
|
|
|
// SAFETY: `u64` and `i64` has the same size and alignment, and `u64` is round-trip transmutable to
|
|
// `i64`.
|
|
unsafe impl super::AtomicType for u64 {
|
|
type Repr = i64;
|
|
}
|
|
|
|
// SAFETY: The wrapping add result of two `i64`s is a valid `u64`.
|
|
unsafe impl super::AtomicAdd<u64> for u64 {
|
|
fn rhs_into_delta(rhs: u64) -> i64 {
|
|
rhs as i64
|
|
}
|
|
}
|
|
|
|
// SAFETY: `usize` has the same size and alignment with `isize_atomic_repr`, and is round-trip
|
|
// transmutable to `isize_atomic_repr`.
|
|
unsafe impl super::AtomicType for usize {
|
|
type Repr = isize_atomic_repr;
|
|
}
|
|
|
|
// SAFETY: The wrapping add result of two `isize_atomic_repr`s is a valid `usize`.
|
|
unsafe impl super::AtomicAdd<usize> for usize {
|
|
fn rhs_into_delta(rhs: usize) -> isize_atomic_repr {
|
|
rhs as isize_atomic_repr
|
|
}
|
|
}
|
|
|
|
use crate::macros::kunit_tests;
|
|
|
|
#[kunit_tests(rust_atomics)]
|
|
mod tests {
|
|
use super::super::*;
|
|
|
|
// Call $fn($val) with each $type of $val.
|
|
macro_rules! for_each_type {
|
|
($val:literal in [$($type:ty),*] $fn:expr) => {
|
|
$({
|
|
let v: $type = $val;
|
|
|
|
$fn(v);
|
|
})*
|
|
}
|
|
}
|
|
|
|
#[test]
|
|
fn atomic_basic_tests() {
|
|
for_each_type!(42 in [i8, i16, i32, i64, u32, u64, isize, usize] |v| {
|
|
let x = Atomic::new(v);
|
|
|
|
assert_eq!(v, x.load(Relaxed));
|
|
});
|
|
}
|
|
|
|
#[test]
|
|
fn atomic_acquire_release_tests() {
|
|
for_each_type!(42 in [i8, i16, i32, i64, u32, u64, isize, usize] |v| {
|
|
let x = Atomic::new(0);
|
|
|
|
x.store(v, Release);
|
|
assert_eq!(v, x.load(Acquire));
|
|
});
|
|
}
|
|
|
|
#[test]
|
|
fn atomic_xchg_tests() {
|
|
for_each_type!(42 in [i8, i16, i32, i64, u32, u64, isize, usize] |v| {
|
|
let x = Atomic::new(v);
|
|
|
|
let old = v;
|
|
let new = v + 1;
|
|
|
|
assert_eq!(old, x.xchg(new, Full));
|
|
assert_eq!(new, x.load(Relaxed));
|
|
});
|
|
}
|
|
|
|
#[test]
|
|
fn atomic_cmpxchg_tests() {
|
|
for_each_type!(42 in [i8, i16, i32, i64, u32, u64, isize, usize] |v| {
|
|
let x = Atomic::new(v);
|
|
|
|
let old = v;
|
|
let new = v + 1;
|
|
|
|
assert_eq!(Err(old), x.cmpxchg(new, new, Full));
|
|
assert_eq!(old, x.load(Relaxed));
|
|
assert_eq!(Ok(old), x.cmpxchg(old, new, Relaxed));
|
|
assert_eq!(new, x.load(Relaxed));
|
|
});
|
|
}
|
|
|
|
#[test]
|
|
fn atomic_arithmetic_tests() {
|
|
for_each_type!(42 in [i32, i64, u32, u64, isize, usize] |v| {
|
|
let x = Atomic::new(v);
|
|
|
|
assert_eq!(v, x.fetch_add(12, Full));
|
|
assert_eq!(v + 12, x.load(Relaxed));
|
|
|
|
x.add(13, Relaxed);
|
|
|
|
assert_eq!(v + 25, x.load(Relaxed));
|
|
});
|
|
}
|
|
|
|
#[test]
|
|
fn atomic_bool_tests() {
|
|
let x = Atomic::new(false);
|
|
|
|
assert_eq!(false, x.load(Relaxed));
|
|
x.store(true, Relaxed);
|
|
assert_eq!(true, x.load(Relaxed));
|
|
|
|
assert_eq!(true, x.xchg(false, Relaxed));
|
|
assert_eq!(false, x.load(Relaxed));
|
|
|
|
assert_eq!(Err(false), x.cmpxchg(true, true, Relaxed));
|
|
assert_eq!(false, x.load(Relaxed));
|
|
assert_eq!(Ok(false), x.cmpxchg(false, true, Full));
|
|
}
|
|
}
|