On 26.07.24 10:14, Alice Ryhl wrote:
> On Fri, Jul 26, 2024 at 10:11 AM Benno Lossin <benno.lossin@xxxxxxxxx> wrote:
>>
>> On 23.07.24 16:32, Alice Ryhl wrote:
>>> +pub struct MmGet {
>>> + mm: NonNull<bindings::mm_struct>,
>>> +}
>>> +
>>> +impl MmGet {
>>> + /// Lock the mmap read lock.
>>> + #[inline]
>>> + pub fn mmap_write_lock(&self) -> MmapWriteLock<'_> {
>>> + // SAFETY: The pointer is valid since we hold a refcount.
>>> + unsafe { bindings::mmap_write_lock(self.mm.as_ptr()) };
>>> +
>>> + // INVARIANT: We just acquired the write lock, so we can transfer to this guard.
>>> + //
>>> + // The signature of this function ensures that the `MmapWriteLock` will not outlive this
>>> + // `mmget` refcount.
>>> + MmapWriteLock {
>>> + mm: self.mm,
>>> + _lifetime: PhantomData,
>>> + }
>>> + }
>>> +
>>> + /// When dropping this refcount, use `mmput_async` instead of `mmput`.
>>
>> I don't get this comment.
>
> The C side provides two ways to decrement the mmget refcount. One is
> mmput and the other is mmput_async. The difference is that when the
> refcount hits zero, mmput_async cleans up the mm_struct on the
> workqueue, whereas mmput cleans it up immediately. This means that
> mmput_async is safe in atomic context, but mmput is not.
I see, IMO this would be a better comment:
/// Converts to this `MmGet` to `MmGetAsync`.
///
/// `MmGetAsync` uses `mmput_async` instead of `mmput` for decrementing
/// the refcount.
Since from a Rust perspective, this is just a conversion function. Maybe
the name should also reflect that ie `to_mm_get_async` or similar.
---
Cheers,
Benno
