summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--rust/kernel/sync.rs2
-rw-r--r--rust/kernel/sync/revocable.rs97
2 files changed, 99 insertions, 0 deletions
diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs
index 874a45b0c168..377446e37961 100644
--- a/rust/kernel/sync.rs
+++ b/rust/kernel/sync.rs
@@ -12,11 +12,13 @@ mod condvar;
pub mod lock;
mod locked_by;
pub mod rcu;
+mod revocable;
pub use arc::{Arc, ArcBorrow, UniqueArc};
pub use condvar::CondVar;
pub use lock::{mutex::Mutex, spinlock::SpinLock};
pub use locked_by::LockedBy;
+pub use revocable::RevocableMutex;
/// Represents a lockdep class. It's a wrapper around C's `lock_class_key`.
#[repr(transparent)]
diff --git a/rust/kernel/sync/revocable.rs b/rust/kernel/sync/revocable.rs
new file mode 100644
index 000000000000..f0372cf848a7
--- /dev/null
+++ b/rust/kernel/sync/revocable.rs
@@ -0,0 +1,97 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! Synchronisation primitives where access to their contents can be revoked at runtime.
+
+use macros::pin_data;
+
+use crate::{
+ init::PinInit,
+ pin_init,
+ str::CStr,
+ sync::{lock, lock::Lock, LockClassKey},
+};
+use core::mem::MaybeUninit;
+
+use super::lock::Guard;
+
+/// The state within the revocable synchronisation primitive.
+///
+/// We don't use simply `Option<T>` because we need to drop in-place because the contents are
+/// implicitly pinned.
+///
+/// # Invariants
+///
+/// The `is_available` field determines if `data` is initialised.
+struct Inner<T> {
+ is_available: bool,
+ data: MaybeUninit<T>,
+}
+
+impl<T> Inner<T> {
+ fn new(data: T) -> Self {
+ // INVARIANT: `data` is initialised and `is_available` is `true`, so the state matches.
+ Self {
+ is_available: true,
+ data: MaybeUninit::new(data),
+ }
+ }
+
+ fn drop_in_place(&mut self) {
+ if !self.is_available {
+ // Already dropped.
+ return;
+ }
+
+ // INVARIANT: `data` is being dropped and `is_available` is set to `false`, so the state
+ // matches.
+ self.is_available = false;
+
+ // SAFETY: By the type invariants, `data` is valid because `is_available` was true.
+ unsafe { self.data.assume_init_drop() };
+ }
+}
+
+impl<T> Drop for Inner<T> {
+ fn drop(&mut self) {
+ self.drop_in_place();
+ }
+}
+
+#[pin_data]
+pub struct Revocable<T, B: lock::Backend> {
+ #[pin]
+ inner: Lock<Inner<T>, B>,
+}
+
+/// Safely initialises a [`Revocable`] instance with the given name, generating a new lock class.
+// #[macro_export]
+// macro_rules! revocable_init {
+// ($mutex:expr, $name:literal) => {
+// $crate::init_with_lockdep!($mutex, $name)
+// };
+// }
+
+impl<T, B> Revocable<T, B>
+where
+ B: lock::Backend,
+{
+ /// Creates a new revocable instance of the given lock.
+ pub fn new(data: T, name: &'static CStr, key: &'static LockClassKey) -> impl PinInit<Self> {
+ pin_init!(Self {
+ inner <- Lock::new(Inner::new(data), name, key) ,
+ })
+ }
+
+ /// Revokes access to and drops the wrapped object.
+ ///
+ /// Revocation and dropping happen after ongoing accessors complete.
+ pub fn revoke(&self) {
+ self.lock().drop_in_place();
+ }
+
+ fn lock(&self) -> Guard<'_, Inner<T>, B> {
+ self.inner.lock()
+ }
+}
+
+pub type RevocableMutex<T> = Revocable<T, super::lock::mutex::MutexBackend>;