[+cc Boris] On Wed, 2026-05-20 at 06:59 -0700, Boqun Feng wrote: > Hi Philipp,
Hi Boqun; hope you're doing well > > On Wed, May 20, 2026 at 03:17:26PM +0200, Philipp Stanner wrote: > > call_rcu() can be expected to be needed by a great variety of users. > > This functionality is almost always used for deallocating resources > > after all accessors are gone. Hence, it appears reasonable to implement > > the abstractions in such a way that the user merely passes data, which > > is later (after a grace period) dropped. > > > > In the rare cases where the user needs special action to take place, > > this could be achieved through implementing a custom drop() method. > > > > Implement a first minimal abstraction for call_rcu(). > > > > Thanks for the patch! Do you have have any reference usage of this new > API, maybe contains how RCU readers will read the data? Read the data? This design does not intend to have any readers. I want it as some sort of trash-bin container that does nothing but defer a drop(). Intended user will be this section here: https://gitlab.freedesktop.org/pstanner/linux-drm-work/-/merge_requests/1/diffs#5ef8add7e1b3375ce9a0b47595b531244bf98dce_0_611 > > Compared to Alice's RcuBox proposal: > > > https://lore.kernel.org/rust-for-linux/[email protected]/ > > I do have a design question: is support data type like Arc<CallBack<T>> > or Pin<VBox<Callback<T>> in the plan of this API? If so, how would that > be like? A separate new() and submit() function or a separate data type? I wasn't aware of Alice's proposal. Let me try whether I can make it work for my purposes. The idea behind my code here would be to have some minimalist RCU wrapper that merely defers dropping data. So it's a fire-and-forget mechanism that would not support Arc: take over ownership of the data, have it be unaccessible, and drop it after a grace period. Reason is that call_rcu() is most commonly needed for delaying a free() operation. Alice's idea seems more generic. But I agree that large allocations, aka VBox, should be supported. P. > If not, what's the main difference between Callback API and RcuBox? > > Regards, > Boqun > > > Signed-off-by: Philipp Stanner <[email protected]> > > --- > > rust/helpers/rcu.c | 1 + > > rust/kernel/sync.rs | 1 + > > rust/kernel/sync/rcu.rs | 89 ++++++++++++++++++++++++++++++++++++++++- > > 3 files changed, 90 insertions(+), 1 deletion(-) > > > > diff --git a/rust/helpers/rcu.c b/rust/helpers/rcu.c > > index 481274c05857..c9cfc99c93d5 100644 > > --- a/rust/helpers/rcu.c > > +++ b/rust/helpers/rcu.c > > @@ -1,5 +1,6 @@ > > // SPDX-License-Identifier: GPL-2.0 > > > > +#include <linux/types.h> /* for callback_head */ > > #include <linux/rcupdate.h> > > > > __rust_helper void rust_helper_rcu_read_lock(void) > > diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs > > index 993dbf2caa0e..1ddca3847b19 100644 > > --- a/rust/kernel/sync.rs > > +++ b/rust/kernel/sync.rs > > @@ -31,6 +31,7 @@ > > pub use locked_by::LockedBy; > > pub use refcount::Refcount; > > pub use set_once::SetOnce; > > +pub use rcu::Callback; > > > > /// Represents a lockdep class. > > /// > > diff --git a/rust/kernel/sync/rcu.rs b/rust/kernel/sync/rcu.rs > > index a32bef6e490b..caf71fa46f5e 100644 > > --- a/rust/kernel/sync/rcu.rs > > +++ b/rust/kernel/sync/rcu.rs > > @@ -4,7 +4,15 @@ > > //! > > //! C header: > > [`include/linux/rcupdate.h`](srctree/include/linux/rcupdate.h) > > > > -use crate::{bindings, types::NotThreadSafe}; > > +use crate::{ > > + bindings, > > + prelude::*, > > + types::{ > > + NotThreadSafe, > > + Opaque, > > + }, > > + alloc::Flags, > > +}; > > > > /// Evidence that the RCU read side lock is held on the current thread/CPU. > > /// > > @@ -50,3 +58,82 @@ fn drop(&mut self) { > > pub fn read_lock() -> Guard { > > Guard::new() > > } > > + > > + > > +/// An RCU callback object. Carries the user's data to drop() it once a > > grace period ellapsed. > > +/// > > +/// This object serves to implement C's `call_rcu()` method. Since it is > > almost > > +/// always used to free a resource once a grace period ellapsed, the only > > thing > > +/// this implementation does is drop the user's data. In the rare cases in > > which > > +/// the user needs more action to take place, said actions need to be > > implemented > > +/// on the user's data via the [`Drop`] trait. > > +/// > > +/// # Examples > > +/// > > +/// ``` > > +/// use kernel::sync::rcu::Callback; > > +/// > > +/// struct Foo {}; > > +/// > > +/// impl Drop for Foo { > > +/// fn drop(&mut self) { > > +/// pr_info!("rcu::Foo Dropping.\n"); > > +/// } > > +/// } > > +/// > > +/// let data = Foo {}; > > +/// > > +/// let cb = Callback::new(data, GFP_KERNEL)?; > > +/// cb.submit(); > > +/// > > +/// Ok::<(), Error>(()) > > +/// ``` > > +#[repr(C)] > > +#[pin_data] > > +pub struct Callback<T: Send + 'static> { > > + /// The RCU head. Only used (and initialized) by the C backend. > > + #[pin] > > + inner: Opaque<bindings::callback_head>, > > + /// The user's data. This should implement [`Drop`] if the user wants > > specific > > + /// actions, besides mere deallocation, to happen. > > + #[pin] > > + data: T, > > +} > > + > > +impl<T: Send + 'static> Callback<T> { > > + /// Create a new callback. > > + pub fn new(data: impl PinInit<T>, flags: Flags) -> > > Result<Pin<KBox<Self>>> { > > + let cb = try_pin_init!(Self { > > + inner: Opaque::uninit(), // Only needed for the C backend, who > > will initialize it. > > + data <- data, > > + }); > > + > > + KBox::pin_init(cb, flags) > > + } > > + > > + extern "C" fn callback(rcu_head: *mut bindings::callback_head) { > > + let cb_ptr = rcu_head as *mut Self; > > + > > + // SAFETY: All [`Callback`] objects in this module are always > > created > > + // as `Pin<KBox<Self>>`. `Pin` is a transparent container. The > > action > > + // below merely serves re-creating the KBox so that it can drop > > properly. > > + let _cb = unsafe { KBox::from_raw(cb_ptr) }; > > + > > + // Self::data drops, ensuring the desired cleanup operation. > > + } > > + > > + fn as_raw(&self) -> *mut bindings::callback_head { > > + self.inner.get() > > + } > > + > > + /// Arm a [`Callback`]. One grace period after this function was > > called, > > + /// the callback object will be dropped. > > + pub fn submit(self: Pin<KBox<Self>>) { > > + // SAFETY: The memory is not moved by this code or the C backend. > > + let cb = unsafe { Pin::into_inner_unchecked(self) }; > > + let ptr = KBox::into_raw(cb); > > + // SAFETY: `ptr` was just created validly above. `Self::callback` > > relies > > + // on the RCU module / code never being unloaded. > > + unsafe { bindings::call_rcu((*ptr).as_raw(), Some(Self::callback)) > > }; > > + } > > +} > > -- > > 2.49.0 > >
