Commit 114ba9b9 authored by Alice Ryhl's avatar Alice Ryhl Committed by Andrew Morton
Browse files

mm: rust: add mmput_async support 

Adds an MmWithUserAsync type that uses mmput_async when dropped but is
otherwise identical to MmWithUser.  This has to be done using a separate
type because the thing we are changing is the destructor.

Rust Binder needs this to avoid a certain deadlock.  See commit
9a9ab0d9 ("binder: fix race between mmput() and do_exit()") for
details.  It's also needed in the shrinker to avoid cleaning up the mm in
the shrinker's context.

Link: https://lkml.kernel.org/r/20250408-vma-v16-5-d8b446e885d9@google.com


Signed-off-by: default avatarAlice Ryhl <aliceryhl@google.com>
Acked-by: default avatarLorenzo Stoakes <lorenzo.stoakes@oracle.com>
Acked-by: default avatarLiam R. Howlett <Liam.Howlett@Oracle.com>
Reviewed-by: default avatarAndreas Hindborg <a.hindborg@kernel.org>
Reviewed-by: default avatarGary Guo <gary@garyguo.net>
Cc: Alex Gaynor <alex.gaynor@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Balbir Singh <balbirs@nvidia.com>
Cc: Benno Lossin <benno.lossin@proton.me>
Cc: Björn Roy Baron <bjorn3_gh@protonmail.com>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jann Horn <jannh@google.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Trevor Gross <tmgross@umich.edu>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 3105f8f3

rust/kernel/mm.rs

+51 −0
Original line number Diff line number Diff line
@@ -111,6 +111,50 @@ fn deref(&self) -> &Mm { 
    }

}



/// A wrapper for the kernel's `struct mm_struct`.

///

/// This type is identical to `MmWithUser` except that it uses `mmput_async` when dropping a

/// refcount. This means that the destructor of `ARef<MmWithUserAsync>` is safe to call in atomic

/// context.

///

/// # Invariants

///

/// Values of this type are always refcounted using `mmget`. The value of `mm_users` is non-zero.

#[repr(transparent)]

pub struct MmWithUserAsync {

    mm: MmWithUser,

}



// SAFETY: It is safe to call `mmput_async` on another thread than where `mmget` was called.

unsafe impl Send for MmWithUserAsync {}

// SAFETY: All methods on `MmWithUserAsync` can be called in parallel from several threads.

unsafe impl Sync for MmWithUserAsync {}



// SAFETY: By the type invariants, this type is always refcounted.

unsafe impl AlwaysRefCounted for MmWithUserAsync {

    #[inline]

    fn inc_ref(&self) {

        // SAFETY: The pointer is valid since self is a reference.

        unsafe { bindings::mmget(self.as_raw()) };

    }



    #[inline]

    unsafe fn dec_ref(obj: NonNull<Self>) {

        // SAFETY: The caller is giving up their refcount.

        unsafe { bindings::mmput_async(obj.cast().as_ptr()) };

    }

}



// Make all `MmWithUser` methods available on `MmWithUserAsync`.

impl Deref for MmWithUserAsync {

    type Target = MmWithUser;



    #[inline]

    fn deref(&self) -> &MmWithUser {

        &self.mm

    }

}



// These methods are safe to call even if `mm_users` is zero.

impl Mm {

    /// Returns a raw pointer to the inner `mm_struct`.
@@ -162,6 +206,13 @@ pub unsafe fn from_raw<'a>(ptr: *const bindings::mm_struct) -> &'a MmWithUser { 
        unsafe { &*ptr.cast() }

    }



    /// Use `mmput_async` when dropping this refcount.

    #[inline]

    pub fn into_mmput_async(me: ARef<MmWithUser>) -> ARef<MmWithUserAsync> {

        // SAFETY: The layouts and invariants are compatible.

        unsafe { ARef::from_raw(ARef::into_raw(me).cast()) }

    }



    /// Attempt to access a vma using the vma read lock.

    ///

    /// This is an optimistic trylock operation, so it may fail if there is contention. In that