lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAH5fLggEGMVspJoO6CE-gTa3-OHfkUnS=L1X-VNC8Cp57GYVkA@mail.gmail.com>
Date: Wed, 23 Oct 2024 19:52:23 +0200
From: Alice Ryhl <aliceryhl@...gle.com>
To: Boqun Feng <boqun.feng@...il.com>
Cc: Abdiel Janulgue <abdiel.janulgue@...il.com>, rust-for-linux@...r.kernel.org, 
	dakr@...hat.com, linux-kernel@...r.kernel.org, airlied@...hat.com, 
	miguel.ojeda.sandonis@...il.com
Subject: Re: [PATCH v2 1/5] rust: types: add `Owned` type and `Ownable` trait

On Wed, Oct 23, 2024 at 4:58 PM Boqun Feng <boqun.feng@...il.com> wrote:
>
> On Wed, Oct 23, 2024 at 01:26:14PM +0300, Abdiel Janulgue wrote:
> >
> >
> > On 23/10/2024 12:28, Alice Ryhl wrote:
> > > On Wed, Oct 23, 2024 at 12:49 AM Abdiel Janulgue
> > > <abdiel.janulgue@...il.com> wrote:
> > > >
> > > > Add the 'Owned' type, a simple smart pointer type that owns the
> > > > underlying data.
> > > >
> > > > An object implementing `Ownable' can constructed by wrapping it in
> > > > `Owned`, which has the advantage of allowing fine-grained control
> > > > over it's resource allocation and deallocation.
> > > >
> > > > Co-developed-by: Boqun Feng <boqun.feng@...il.com>
> > > > Signed-off-by: Boqun Feng <boqun.feng@...il.com>
> > > > Signed-off-by: Abdiel Janulgue <abdiel.janulgue@...il.com>
> > > > ---
> > > >   rust/kernel/types.rs | 62 ++++++++++++++++++++++++++++++++++++++++++++
> > > >   1 file changed, 62 insertions(+)
> > > >
> > > > diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
> > > > index ced143600eb1..3f632916bd4d 100644
> > > > --- a/rust/kernel/types.rs
> > > > +++ b/rust/kernel/types.rs
> > > > @@ -429,3 +429,65 @@ pub enum Either<L, R> {
> > > >       /// Constructs an instance of [`Either`] containing a value of type `R`.
> > > >       Right(R),
> > > >   }
> > > > +
> > > > +/// A smart pointer that owns the underlying data `T`.
> > > > +///
> > > > +/// This is a simple smart pointer that owns the underlying data. Typically, this would be
> > > > +/// returned as a wrapper for `T` in `T`'s constructor.
> > > > +/// When an object adds an option of being constructed this way, in addition to implementing
> > > > +/// `Drop`, it implements `Ownable` as well, thus having finer-grained control in where
> > > > +/// resource allocation and deallocation happens.
> > > > +///
> > > > +/// # Invariants
> > > > +///
> > > > +/// The pointer is always valid and owns the underlying data.
> > > > +pub struct Owned<T: Ownable> {
> > > > +    ptr: NonNull<T>,
> > > > +}
> > > > +
> > > > +impl<T: Ownable> Owned<T> {
> > > > +    /// Creates a new smart pointer that owns `T`.
> > > > +    ///
> > > > +    /// # Safety
> > > > +    /// `ptr` needs to be a valid pointer, and it should be the unique owner to the object,
> > > > +    /// in other words, no other entity should free the underlying data.
> > > > +    pub unsafe fn to_owned(ptr: *mut T) -> Self {
> > >
> > > Please rename this function to from_raw to match the name used by
> > > other similar functions.
> > >
> > > Also, I don't love this wording. We don't really want to guarantee
> > > that it is unique. For example, pages have one primary owner, but
> > > there can be others who also have refcounts to the page, so it's not
> > > really unique. I think you just want to say that `ptr` must point at a
>
> But then when `Owned<Page>` dropped, it will call __free_pages() which
> invalidate any other existing users. Do you assume that the users will
> use pointers anyway, so it's their unsafe responsiblity to guarantee
> that they don't use an invalid pointer?
>
> Also I assume you mean the others have refcounts to the page *before* an
> `Owned<Page>` is created, right? Because if we really have a use case
> where we want to have multiple users of a page after `Owned<Page>`
> created, we should better provide a `Owned<Page>` to `ARef<Page>`
> function.

The __free_pages function just decrements a refcount. If there are
other references to it, it's not actually freed.

Alice

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ