On Thu, May 21, 2026 at 09:25:28AM +0200, Philipp Stanner wrote: > [+cc Boris] > > On Wed, 2026-05-20 at 06:59 -0700, Boqun Feng wrote: > > Hi Philipp, > > Hi Boqun; hope you're doing well > > > > > On Wed, May 20, 2026 at 03:17:26PM +0200, Philipp Stanner wrote: > > > call_rcu() can be expected to be needed by a great variety of users. > > > This functionality is almost always used for deallocating resources > > > after all accessors are gone. Hence, it appears reasonable to implement > > > the abstractions in such a way that the user merely passes data, which > > > is later (after a grace period) dropped. > > > > > > In the rare cases where the user needs special action to take place, > > > this could be achieved through implementing a custom drop() method. > > > > > > Implement a first minimal abstraction for call_rcu(). > > > > > > > Thanks for the patch! Do you have have any reference usage of this new > > API, maybe contains how RCU readers will read the data? > > Read the data? This design does not intend to have any readers. >
Please understand that from the perspective of an RCU maintainer, I would like to examine how the current design would work with a more general case, otherwise it's going to be a maintenance nightmare. > I want it as some sort of trash-bin container that does nothing but > defer a drop(). Intended user will be this section here: > > https://gitlab.freedesktop.org/pstanner/linux-drm-work/-/merge_requests/1/diffs#5ef8add7e1b3375ce9a0b47595b531244bf98dce_0_611 > The fact that you need a "defer" means that there are readers, right? You don't need to worry about here because the readers are in the callback of fences. > > > > > Compared to Alice's RcuBox proposal: > > > > > > https://lore.kernel.org/rust-for-linux/[email protected]/ > > > > I do have a design question: is support data type like Arc<CallBack<T>> > > or Pin<VBox<Callback<T>> in the plan of this API? If so, how would that > > be like? A separate new() and submit() function or a separate data type? > > I wasn't aware of Alice's proposal. Let me try whether I can make it > work for my purposes. > > The idea behind my code here would be to have some minimalist RCU > wrapper that merely defers dropping data. So it's a fire-and-forget > mechanism that would not support Arc: take over ownership of the data, > have it be unaccessible, and drop it after a grace period. > Maybe then name this data structure `RcuDeferDropBox<T>` or something? Because if the design goal is not to support a general RCU usage (with readers), than it probably shouldn't take the rcu::Callback name. Or maybe keep the `Callback<T>`, but only implement `new()` (with a return type as `impl PinInit<Callback<T>>` and the rcu_head accessor of it. Then based on it you can implement the `RcuDeferDropBox<T>`, in this way, we could both support your usage and move towards a full-featured RCU implementation. Thoughts? Plus, I think Alice's patch here [1] would also benefit from having a basic rcu::Callback (to replace `PollCondVarBoxInner`). [1]: https://lore.kernel.org/rust-for-linux/[email protected]/ Regards, Boqun > Reason is that call_rcu() is most commonly needed for delaying a free() > operation. > > Alice's idea seems more generic. > > But I agree that large allocations, aka VBox, should be supported. > > > P. > > > If not, what's the main difference between Callback API and RcuBox? > > > > Regards, > > Boqun > > > > > Signed-off-by: Philipp Stanner <[email protected]> > > > --- > > > rust/helpers/rcu.c | 1 + > > > rust/kernel/sync.rs | 1 + > > > rust/kernel/sync/rcu.rs | 89 ++++++++++++++++++++++++++++++++++++++++- > > > 3 files changed, 90 insertions(+), 1 deletion(-) > > > > > > diff --git a/rust/helpers/rcu.c b/rust/helpers/rcu.c > > > index 481274c05857..c9cfc99c93d5 100644 > > > --- a/rust/helpers/rcu.c > > > +++ b/rust/helpers/rcu.c > > > @@ -1,5 +1,6 @@ > > > // SPDX-License-Identifier: GPL-2.0 > > > > > > +#include <linux/types.h> /* for callback_head */ > > > #include <linux/rcupdate.h> > > > > > > __rust_helper void rust_helper_rcu_read_lock(void) > > > diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs > > > index 993dbf2caa0e..1ddca3847b19 100644 > > > --- a/rust/kernel/sync.rs > > > +++ b/rust/kernel/sync.rs > > > @@ -31,6 +31,7 @@ > > > pub use locked_by::LockedBy; > > > pub use refcount::Refcount; > > > pub use set_once::SetOnce; > > > +pub use rcu::Callback; > > > > > > /// Represents a lockdep class. > > > /// > > > diff --git a/rust/kernel/sync/rcu.rs b/rust/kernel/sync/rcu.rs > > > index a32bef6e490b..caf71fa46f5e 100644 > > > --- a/rust/kernel/sync/rcu.rs > > > +++ b/rust/kernel/sync/rcu.rs > > > @@ -4,7 +4,15 @@ > > > //! > > > //! C header: > > > [`include/linux/rcupdate.h`](srctree/include/linux/rcupdate.h) > > > > > > -use crate::{bindings, types::NotThreadSafe}; > > > +use crate::{ > > > + bindings, > > > + prelude::*, > > > + types::{ > > > + NotThreadSafe, > > > + Opaque, > > > + }, > > > + alloc::Flags, > > > +}; > > > > > > /// Evidence that the RCU read side lock is held on the current > > > thread/CPU. > > > /// > > > @@ -50,3 +58,82 @@ fn drop(&mut self) { > > > pub fn read_lock() -> Guard { > > > Guard::new() > > > } > > > + > > > + > > > +/// An RCU callback object. Carries the user's data to drop() it once a > > > grace period ellapsed. > > > +/// > > > +/// This object serves to implement C's `call_rcu()` method. Since it is > > > almost > > > +/// always used to free a resource once a grace period ellapsed, the > > > only thing > > > +/// this implementation does is drop the user's data. In the rare cases > > > in which > > > +/// the user needs more action to take place, said actions need to be > > > implemented > > > +/// on the user's data via the [`Drop`] trait. > > > +/// > > > +/// # Examples > > > +/// > > > +/// ``` > > > +/// use kernel::sync::rcu::Callback; > > > +/// > > > +/// struct Foo {}; > > > +/// > > > +/// impl Drop for Foo { > > > +/// fn drop(&mut self) { > > > +/// pr_info!("rcu::Foo Dropping.\n"); > > > +/// } > > > +/// } > > > +/// > > > +/// let data = Foo {}; > > > +/// > > > +/// let cb = Callback::new(data, GFP_KERNEL)?; > > > +/// cb.submit(); > > > +/// > > > +/// Ok::<(), Error>(()) > > > +/// ``` > > > +#[repr(C)] > > > +#[pin_data] > > > +pub struct Callback<T: Send + 'static> { > > > + /// The RCU head. Only used (and initialized) by the C backend. > > > + #[pin] > > > + inner: Opaque<bindings::callback_head>, > > > + /// The user's data. This should implement [`Drop`] if the user > > > wants specific > > > + /// actions, besides mere deallocation, to happen. > > > + #[pin] > > > + data: T, > > > +} > > > + > > > +impl<T: Send + 'static> Callback<T> { > > > + /// Create a new callback. > > > + pub fn new(data: impl PinInit<T>, flags: Flags) -> > > > Result<Pin<KBox<Self>>> { > > > + let cb = try_pin_init!(Self { > > > + inner: Opaque::uninit(), // Only needed for the C backend, > > > who will initialize it. > > > + data <- data, > > > + }); > > > + > > > + KBox::pin_init(cb, flags) > > > + } > > > + > > > + extern "C" fn callback(rcu_head: *mut bindings::callback_head) { > > > + let cb_ptr = rcu_head as *mut Self; > > > + > > > + // SAFETY: All [`Callback`] objects in this module are always > > > created > > > + // as `Pin<KBox<Self>>`. `Pin` is a transparent container. The > > > action > > > + // below merely serves re-creating the KBox so that it can drop > > > properly. > > > + let _cb = unsafe { KBox::from_raw(cb_ptr) }; > > > + > > > + // Self::data drops, ensuring the desired cleanup operation. > > > + } > > > + > > > + fn as_raw(&self) -> *mut bindings::callback_head { > > > + self.inner.get() > > > + } > > > + > > > + /// Arm a [`Callback`]. One grace period after this function was > > > called, > > > + /// the callback object will be dropped. > > > + pub fn submit(self: Pin<KBox<Self>>) { > > > + // SAFETY: The memory is not moved by this code or the C backend. > > > + let cb = unsafe { Pin::into_inner_unchecked(self) }; > > > + let ptr = KBox::into_raw(cb); > > > + // SAFETY: `ptr` was just created validly above. > > > `Self::callback` relies > > > + // on the RCU module / code never being unloaded. > > > + unsafe { bindings::call_rcu((*ptr).as_raw(), > > > Some(Self::callback)) }; > > > + } > > > +} > > > -- > > > 2.49.0 > > > > >
