1 // SPDX-License-Identifier: GPL-2.0
3 //! Generic kernel lock and guard.
5 //! It contains a generic Rust lock and guard that allow for different backends (e.g., mutexes,
6 //! spinlocks, raw spinlocks) to be provided with minimal effort.
8 use super::LockClassKey;
9 use crate::{bindings, init::PinInit, pin_init, str::CStr, types::Opaque, types::ScopeGuard};
10 use core::{cell::UnsafeCell, marker::PhantomData, marker::PhantomPinned};
16 /// The "backend" of a lock.
18 /// It is the actual implementation of the lock, without the need to repeat patterns used in all
23 /// - Implementers must ensure that only one thread/CPU may access the protected data once the lock
24 /// is owned, that is, between calls to `lock` and `unlock`.
25 /// - Implementers must also ensure that `relock` uses the same locking method as the original
27 pub unsafe trait Backend {
28 /// The state required by the lock.
31 /// The state required to be kept between lock and unlock.
34 /// Initialises the lock.
38 /// `ptr` must be valid for write for the duration of the call, while `name` and `key` must
39 /// remain valid for read indefinitely.
41 ptr: *mut Self::State,
42 name: *const core::ffi::c_char,
43 key: *mut bindings::lock_class_key,
46 /// Acquires the lock, making the caller its owner.
50 /// Callers must ensure that [`Backend::init`] has been previously called.
52 unsafe fn lock(ptr: *mut Self::State) -> Self::GuardState;
54 /// Releases the lock, giving up its ownership.
58 /// It must only be called by the current owner of the lock.
59 unsafe fn unlock(ptr: *mut Self::State, guard_state: &Self::GuardState);
61 /// Reacquires the lock, making the caller its owner.
65 /// Callers must ensure that `guard_state` comes from a previous call to [`Backend::lock`] (or
66 /// variant) that has been unlocked with [`Backend::unlock`] and will be relocked now.
67 unsafe fn relock(ptr: *mut Self::State, guard_state: &mut Self::GuardState) {
68 // SAFETY: The safety requirements ensure that the lock is initialised.
69 *guard_state = unsafe { Self::lock(ptr) };
73 /// A mutual exclusion primitive.
75 /// Exposes one of the kernel locking primitives. Which one is exposed depends on the lock
76 /// [`Backend`] specified as the generic parameter `B`.
78 pub struct Lock<T: ?Sized, B: Backend> {
79 /// The kernel lock object.
81 state: Opaque<B::State>,
83 /// Some locks are known to be self-referential (e.g., mutexes), while others are architecture
84 /// or config defined (e.g., spinlocks). So we conservatively require them to be pinned in case
85 /// some architecture uses self-references now or in the future.
89 /// The data protected by the lock.
90 pub(crate) data: UnsafeCell<T>,
93 // SAFETY: `Lock` can be transferred across thread boundaries iff the data it protects can.
94 unsafe impl<T: ?Sized + Send, B: Backend> Send for Lock<T, B> {}
96 // SAFETY: `Lock` serialises the interior mutability it provides, so it is `Sync` as long as the
97 // data it protects is `Send`.
98 unsafe impl<T: ?Sized + Send, B: Backend> Sync for Lock<T, B> {}
100 impl<T, B: Backend> Lock<T, B> {
101 /// Constructs a new lock initialiser.
102 pub fn new(t: T, name: &'static CStr, key: &'static LockClassKey) -> impl PinInit<Self> {
104 data: UnsafeCell::new(t),
106 // SAFETY: `slot` is valid while the closure is called and both `name` and `key` have
107 // static lifetimes so they live indefinitely.
108 state <- Opaque::ffi_init(|slot| unsafe {
109 B::init(slot, name.as_char_ptr(), key.as_ptr())
115 impl<T: ?Sized, B: Backend> Lock<T, B> {
116 /// Acquires the lock and gives the caller access to the data protected by it.
117 pub fn lock(&self) -> Guard<'_, T, B> {
118 // SAFETY: The constructor of the type calls `init`, so the existence of the object proves
119 // that `init` was called.
120 let state = unsafe { B::lock(self.state.get()) };
121 // SAFETY: The lock was just acquired.
122 unsafe { Guard::new(self, state) }
128 /// Allows mutual exclusion primitives that implement the [`Backend`] trait to automatically unlock
129 /// when a guard goes out of scope. It also provides a safe and convenient way to access the data
130 /// protected by the lock.
131 #[must_use = "the lock unlocks immediately when the guard is unused"]
132 pub struct Guard<'a, T: ?Sized, B: Backend> {
133 pub(crate) lock: &'a Lock<T, B>,
134 pub(crate) state: B::GuardState,
135 _not_send: PhantomData<*mut ()>,
138 // SAFETY: `Guard` is sync when the data protected by the lock is also sync.
139 unsafe impl<T: Sync + ?Sized, B: Backend> Sync for Guard<'_, T, B> {}
141 impl<T: ?Sized, B: Backend> Guard<'_, T, B> {
142 pub(crate) fn do_unlocked(&mut self, cb: impl FnOnce()) {
143 // SAFETY: The caller owns the lock, so it is safe to unlock it.
144 unsafe { B::unlock(self.lock.state.get(), &self.state) };
146 // SAFETY: The lock was just unlocked above and is being relocked now.
148 ScopeGuard::new(|| unsafe { B::relock(self.lock.state.get(), &mut self.state) });
154 impl<T: ?Sized, B: Backend> core::ops::Deref for Guard<'_, T, B> {
157 fn deref(&self) -> &Self::Target {
158 // SAFETY: The caller owns the lock, so it is safe to deref the protected data.
159 unsafe { &*self.lock.data.get() }
163 impl<T: ?Sized, B: Backend> core::ops::DerefMut for Guard<'_, T, B> {
164 fn deref_mut(&mut self) -> &mut Self::Target {
165 // SAFETY: The caller owns the lock, so it is safe to deref the protected data.
166 unsafe { &mut *self.lock.data.get() }
170 impl<T: ?Sized, B: Backend> Drop for Guard<'_, T, B> {
172 // SAFETY: The caller owns the lock, so it is safe to unlock it.
173 unsafe { B::unlock(self.lock.state.get(), &self.state) };
177 impl<'a, T: ?Sized, B: Backend> Guard<'a, T, B> {
178 /// Constructs a new immutable lock guard.
182 /// The caller must ensure that it owns the lock.
183 pub(crate) unsafe fn new(lock: &'a Lock<T, B>, state: B::GuardState) -> Self {
187 _not_send: PhantomData,