lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6a6bcf8a-8b33-4f46-b891-4a97da2b73fc@proton.me>
Date: Thu, 01 Aug 2024 10:11:47 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: Lyude Paul <lyude@...hat.com>, rust-for-linux@...r.kernel.org
Cc: Danilo Krummrich <dakr@...hat.com>, airlied@...hat.com, Ingo Molnar <mingo@...hat.com>, Will Deacon <will@...nel.org>, Waiman Long <longman@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...sung.com>, Alice Ryhl <aliceryhl@...gle.com>, Martin Rodriguez Reboredo <yakoyoku@...il.com>, Valentin Obst <kernel@...entinobst.de>, Trevor Gross <tmgross@...ch.edu>, Ben Gooding <ben.gooding.dev@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/3] rust: sync: Introduce lock::Backend::Context

On 01.08.24 00:35, Lyude Paul wrote:
> Now that we've introduced an `IrqDisabled` token for marking contexts in
> which IRQs are disabled, we need a way to be able to pass it to locks that
> require that IRQs are disabled. In order to continue using the
> `lock::Backend` type instead of inventing our own thing, we accomplish this
> by adding the associated Context type, along with a `lock_with()` function
> that can accept a Context when acquiring a lock. To allow current users of
> context-less locks to keep using the normal `lock()` method, we take an
> example from Wedson Almeida Filho's work and add a `where T<'a>: Default`
> bound to `lock()` so that it can only be called on lock types where the
> context is simply a placeholder value, then re-implement it through the new
> `lock_with()` function.
> 
> Signed-off-by: Lyude Paul <lyude@...hat.com>
> ---
>  rust/kernel/sync/lock.rs          | 17 +++++++++++++++--
>  rust/kernel/sync/lock/mutex.rs    |  3 +++
>  rust/kernel/sync/lock/spinlock.rs |  1 +
>  3 files changed, 19 insertions(+), 2 deletions(-)
> 
> diff --git a/rust/kernel/sync/lock.rs b/rust/kernel/sync/lock.rs
> index f6c34ca4d819f..f3ff50c4272cf 100644
> --- a/rust/kernel/sync/lock.rs
> +++ b/rust/kernel/sync/lock.rs
> @@ -38,6 +38,9 @@ pub unsafe trait Backend {
>      /// [`unlock`]: Backend::unlock
>      type GuardState;
> 
> +    /// The context which much be provided to acquire the lock.
> +    type Context<'a>;
> +
>      /// Initialises the lock.
>      ///
>      /// # Safety
> @@ -120,14 +123,24 @@ pub fn new(t: T, name: &'static CStr, key: &'static LockClassKey) -> impl PinIni
>  }
> 
>  impl<T: ?Sized, B: Backend> Lock<T, B> {
> -    /// Acquires the lock and gives the caller access to the data protected by it.
> -    pub fn lock(&self) -> Guard<'_, T, B> {
> +    /// Acquires the lock with the given context and gives the caller access to the data protected
> +    /// by it.
> +    pub fn lock_with(&self, _context: B::Context<'_>) -> Guard<'_, T, B> {

Here we need to be careful, without lifetime elision, this signature is:

    pub fn lock_with<'a, 'b>(&'a self, _context: B::Context<'b>) -> Guard<'a, T, B>

This is problematic, since with this signature you should be able to
create this piece of code:

    let lock: SpinLockIrq = /* ... */

    let mut guard = None;
    with_irq_disabled(|irq| guard = Some(lock.lock_with(irq)));
    // then use guard when `irq` are again enabled!

So what we want the signature to be is this:
    
    pub fn lock_with<'a>(&'a self, _context: B::Context<'a>) -> Guard<'a, T, B>

So we need to ensure that the lifetime of `context` is bound to the
lifetime of the guard.

>          // SAFETY: The constructor of the type calls `init`, so the existence of the object proves
>          // that `init` was called.
>          let state = unsafe { B::lock(self.state.get()) };
>          // SAFETY: The lock was just acquired.
>          unsafe { Guard::new(self, state) }
>      }
> +
> +    /// Acquires the lock and gives the caller access to the data protected by it.
> +    #[inline]
> +    pub fn lock<'a>(&'a self) -> Guard<'a, T, B>
> +    where
> +        B::Context<'a>: Default,
> +    {
> +        self.lock_with(B::Context::default())
> +    }
>  }
> 
>  /// A lock guard.
> diff --git a/rust/kernel/sync/lock/mutex.rs b/rust/kernel/sync/lock/mutex.rs
> index 30632070ee670..327e53be4c0f4 100644
> --- a/rust/kernel/sync/lock/mutex.rs
> +++ b/rust/kernel/sync/lock/mutex.rs
> @@ -4,6 +4,8 @@
>  //!
>  //! This module allows Rust code to use the kernel's `struct mutex`.
> 
> +use core::marker::*;
> +
>  /// Creates a [`Mutex`] initialiser with the given name and a newly-created lock class.
>  ///
>  /// It uses the name if one is given, otherwise it generates one based on the file name and line
> @@ -93,6 +95,7 @@ macro_rules! new_mutex {
>  unsafe impl super::Backend for MutexBackend {
>      type State = bindings::mutex;
>      type GuardState = ();
> +    type Context<'a> = PhantomData<&'a ()>;

Is there any reason you chose `PhantomData` here? Why not just `()`?

---
Cheers,
Benno

> 
>      unsafe fn init(
>          ptr: *mut Self::State,
> diff --git a/rust/kernel/sync/lock/spinlock.rs b/rust/kernel/sync/lock/spinlock.rs
> index ea5c5bc1ce12e..8503d6e8e3de3 100644
> --- a/rust/kernel/sync/lock/spinlock.rs
> +++ b/rust/kernel/sync/lock/spinlock.rs
> @@ -92,6 +92,7 @@ macro_rules! new_spinlock {
>  unsafe impl super::Backend for SpinLockBackend {
>      type State = bindings::spinlock_t;
>      type GuardState = ();
> +    type Context<'a> = PhantomData<&'a ()>;
> 
>      unsafe fn init(
>          ptr: *mut Self::State,
> --
> 2.45.2
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ