| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJ-ks9nGZCMjgTTzeRz3DUCQyLVu-xWKau4AFkMGutLtomK-fA@mail.gmail.com>
Date: Thu, 6 Feb 2025 13:21:35 -0500
From: Tamir Duberstein <tamird@...il.com>
To: Boqun Feng <boqun.feng@...il.com>
Cc: Danilo Krummrich <dakr@...nel.org>, Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...nel.org>,
Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>,
Matthew Wilcox <willy@...radead.org>, Bjorn Helgaas <bhelgaas@...gle.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>,
Maíra Canal <mcanal@...lia.com>,
Asahi Lina <lina@...hilina.net>, rust-for-linux@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-pci@...r.kernel.org
Subject: Re: [PATCH v15 2/3] rust: xarray: Add an abstraction for XArray
Hi Boqun,
On Thu, Feb 6, 2025 at 12:18 PM Boqun Feng <boqun.feng@...il.com> wrote:
>
> Hi Tamir,
>
> This looks good to me overall, a few comments below:
>
> On Thu, Feb 06, 2025 at 11:24:44AM -0500, Tamir Duberstein wrote:
> [...]
> > +impl<'a, T: ForeignOwnable> Guard<'a, T> {
> [...]
> > + /// Loads an entry from the array.
> > + ///
> > + /// Returns the entry at the given index.
> > + pub fn get(&self, index: usize) -> Option<T::Borrowed<'_>> {
> > + self.load(index, |ptr| {
> > + // SAFETY: `ptr` came from `T::into_foreign`.
> > + unsafe { T::borrow(ptr.as_ptr()) }
> > + })
> > + }
> > +
> > + /// Loads an entry from the array.
>
> Nit: firstly, this function has the same description of `get()`, also
> I would prefer something like "Returns a [`T::Borrowed`] of the object
> at `index`" rather then "Loads an entry from the array", thoughts?
I was trying to avoid repeating the signature in the comment. In other
words I was trying to write a comment that wouldn't have to change if
the signature (but not the semantics) of the function changed. Since
the difference between `get` and `get_mut` is completely described in
the type system, the two functions got the same comment. Shall I
change it?
> > + ///
> > + /// Returns the entry at the given index.
> > + pub fn get_mut(&mut self, index: usize) -> Option<T::BorrowedMut<'_>> {
> > + self.load(index, |ptr| {
> > + // SAFETY: `ptr` came from `T::into_foreign`.
> > + unsafe { T::borrow_mut(ptr.as_ptr()) }
> > + })
> > + }
> > +
> > + /// Erases an entry from the array.
>
> Nit: s/Erases/Removes?
Will change. I used "erase" because that's the verb used in the C
function name but named it "remove" because that's the verb used in
the Rust standard library. The result is neither here nor there :)
>
> > + ///
> > + /// Returns the entry which was previously at the given index.
> > + pub fn remove(&mut self, index: usize) -> Option<T> {
> > + // SAFETY: `self.xa.xa` is always valid by the type invariant.
> > + //
> > + // SAFETY: The caller holds the lock.
> > + let ptr = unsafe { bindings::__xa_erase(self.xa.xa.get(), index) }.cast();
> > + // SAFETY: `ptr` is either NULL or came from `T::into_foreign`.
>
> SAFETY comment here needs to mention why there is no alive `T::Borrowed`
> or `T::BorrowedMut` out there per the safety requirement.
Will do.
> Regards,
> Boqun
>
> > + unsafe { T::try_from_foreign(ptr) }
> > + }
> > +
> [...]
Thanks for the review!
Powered by blists - more mailing lists