Re: [PATCH v1 2/2] rust: task: add `Send` marker to `Task`
From: Andreas Hindborg
Date: Tue May 23 2023 - 09:50:09 EST
Alice Ryhl <aliceryhl@xxxxxxxxxx> writes:
> When a type also implements `Sync`, the meaning of `Send` is just "this
> type may be accessed mutably from threads other than the one it is
> created on". That's ok for this type.
>
> Signed-off-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
> ---
> rust/kernel/task.rs | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/rust/kernel/task.rs b/rust/kernel/task.rs
> index 526d29a0ae27..4f1fe9aa9f6e 100644
> --- a/rust/kernel/task.rs
> +++ b/rust/kernel/task.rs
> @@ -64,6 +64,11 @@ macro_rules! current {
> #[repr(transparent)]
> pub struct Task(pub(crate) Opaque<bindings::task_struct>);
>
> +// SAFETY: The only situation in which this can be accessed mutably is when the refcount drops to
> +// zero and the destructor runs. It is safe for that to happen on any thread, so it is ok for this
> +// type to be `Send`.
> +unsafe impl Send for Task {}
To enhance clarity, could you elaborate _why_ `Task` can never be
accessed mutably by Rust? Perhaps "By design, `Task` can only be
accessed thorough `&Task` and `Task` can never be owned by the Rust
side. Therefore the only situation ...".
> +
> // SAFETY: It's OK to access `Task` through references from other threads because we're either
> // accessing properties that don't change (e.g., `pid`, `group_leader`) or that are properly
> // synchronised by C code (e.g., `signal_pending`).