On Fri, Jul 26, 2024 at 10:26 AM Benno Lossin <benno.lossin@xxxxxxxxx> wrote:
>
> On 26.07.24 10:14, Alice Ryhl wrote:
> > On Fri, Jul 26, 2024 at 10:11 AM Benno Lossin <benno.lossin@xxxxxxxxx> wrote:
> >>
> >> On 23.07.24 16:32, Alice Ryhl wrote:
> >>> +pub struct MmGet {
> >>> + mm: NonNull<bindings::mm_struct>,
> >>> +}
> >>> +
> >>> +impl MmGet {
> >>> + /// Lock the mmap read lock.
> >>> + #[inline]
> >>> + pub fn mmap_write_lock(&self) -> MmapWriteLock<'_> {
> >>> + // SAFETY: The pointer is valid since we hold a refcount.
> >>> + unsafe { bindings::mmap_write_lock(self.mm.as_ptr()) };
> >>> +
> >>> + // INVARIANT: We just acquired the write lock, so we can transfer to this guard.
> >>> + //
> >>> + // The signature of this function ensures that the `MmapWriteLock` will not outlive this
> >>> + // `mmget` refcount.
> >>> + MmapWriteLock {
> >>> + mm: self.mm,
> >>> + _lifetime: PhantomData,
> >>> + }
> >>> + }
> >>> +
> >>> + /// When dropping this refcount, use `mmput_async` instead of `mmput`.
> >>
> >> I don't get this comment.
> >
> > The C side provides two ways to decrement the mmget refcount. One is
> > mmput and the other is mmput_async. The difference is that when the
> > refcount hits zero, mmput_async cleans up the mm_struct on the
> > workqueue, whereas mmput cleans it up immediately. This means that
> > mmput_async is safe in atomic context, but mmput is not.
>
> I see, IMO this would be a better comment:
>
> /// Converts to this `MmGet` to `MmGetAsync`.
> ///
> /// `MmGetAsync` uses `mmput_async` instead of `mmput` for decrementing
> /// the refcount.
>
> Since from a Rust perspective, this is just a conversion function. Maybe
> the name should also reflect that ie `to_mm_get_async` or similar.
That sounds good to me.
Alice
