On Wed, Nov 20, 2024 at 8:47 PM Lorenzo Stoakes
<lorenzo.stoakes@xxxxxxxxxx> wrote:
>
> On Wed, Nov 20, 2024 at 02:49:59PM +0000, Alice Ryhl wrote:
> > Adds an MmWithUserAsync type that uses mmput_async when dropped but is
> > otherwise identical to MmWithUser. This has to be done using a separate
> > type because the thing we are changing is the destructor.
> >
> > Rust Binder needs this to avoid a certain deadlock. See commit
> > 9a9ab0d96362 ("binder: fix race between mmput() and do_exit()") for
> > details. It's also needed in the shrinker to avoid cleaning up the mm in
> > the shrinker's context.
>
> Oh Lord, I didn't even know this existed... I see it was (re-)added in commit
> a1b2289cef92 ("android: binder: drop lru lock in isolate callback") back in 2017
> so quite a history of being necessary for binder.
>
> I see mmdrop_async(), I guess that's not needed for anything binder-ish? A quick
> look in the code suggests this is invoked in free_signal_struct() and is there
> due to some softirq stuff on x86... so yeah I guess not :)
I didn't know it was so binder-specific. I assumed it would be a
relatively common use-case.
> > // These methods are safe to call even if `mm_users` is zero.
> > impl Mm {
> > /// Call `mmgrab` on `current.mm`.
> > @@ -171,6 +213,13 @@ pub unsafe fn from_raw<'a>(ptr: *const bindings::mm_struct) -> &'a MmWithUser {
> > unsafe { &*ptr.cast() }
> > }
> >
> > + /// Use `mmput_async` when dropping this refcount.
> > + #[inline]
> > + pub fn use_mmput_async(me: ARef<MmWithUser>) -> ARef<MmWithUserAsync> {
>
> Again, nitty, but I wonder if this should be as_xxx()?
>
> But I guess this makes sense too.
In this case, the as_ prefix is incorrect because this is an owned ->
owned conversion. See the API guidelines:
https://rust-lang.github.io/api-guidelines/naming.html#ad-hoc-conversions-follow-as_-to_-into_-conventions-c-conv
If we wish to use a prefix, the correct prefix is into_.
Alice
