| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z8h4mO_deAi_V3mf@laptop> Date: Wed, 05 Mar 2025 16:15:24 +0000 From: Oliver Mangold <oliver.mangold@...me> To: Alice Ryhl <aliceryhl@...gle.com> Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...nel.org>, Trevor Gross <tmgross@...ch.edu>, rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v4] rust: adding UniqueRefCounted and UniqueRef types On 250305 1613, Alice Ryhl wrote: > On Wed, Mar 5, 2025 at 3:56 PM Oliver Mangold <oliver.mangold@...me> wrote: > > > > > > What stops people from doing this? > > > > > > let my_unique: UniqueRef<T> = ...; > > > let my_ref: &T = &*my_unique; > > > let my_shared: ARef<T> = ARef::from(my_ref); > > > > > > Now it is no longer unique. > > > > > Oh, indeed. That's a serious problem. I see 2 options to deal with that: > > > > 1. remove ARef::From<&T> > > > > I checked the users of this, and it looks to me like there is rather > > a limited number and they are easy to fix by replacing the &T with ARef<T>. > > But I assume that wouldn't be welcome as it is intrusive nonetheless > > and of course there is ergonomic value in having the function around. > > Definitely not an option. There are many users of this function that > are in the process of being upstreamed. The ability to go &T -> > ARef<T> is pretty fundamental for ARef. Ok. Suspected something like that. > > I do think that you essentially need two structs to use this at all - > one for the shared and one for the unique case. Sounds pretty > unergonomic. > Sorry, but can you explain? Why does one need structs? > What is the use-case for these abstractions? > It came up in the block subsystem. For mq::Request it is rather essential to be able to ensure that one has a unique reference. Maybe Andreas can explain a bit more. We can work around that there, with special wrappers specific for block, sure. But are you sure it isn't much more widely useful? Correct me if I'm wrong, but as I understand, currently for AlwaysRefCounted objects you can never safely obtain an &mut. So you cannot use the static safety checks that come with '&' vs. '&mut'. This means you have to rely on interior mutability, requiring runtime checks in the wrapper functions, no? Isn't that, for example, the reason that Page is not AlwaysRefCounted, as write access is protected by requiring an '&mut'? Best, Oliver
Powered by blists - more mailing lists