lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aA4ChLR5xf0I7YJY@pollux>
Date: Sun, 27 Apr 2025 12:10:12 +0200
From: Danilo Krummrich <dakr@...nel.org>
To: Benno Lossin <benno.lossin@...ton.me>
Cc: gregkh@...uxfoundation.org, rafael@...nel.org, bhelgaas@...gle.com,
	kwilczynski@...nel.org, zhiw@...dia.com, cjia@...dia.com,
	jhubbard@...dia.com, bskeggs@...dia.com, acurrid@...dia.com,
	joelagnelf@...dia.com, ttabi@...dia.com, acourbot@...dia.com,
	ojeda@...nel.org, alex.gaynor@...il.com, boqun.feng@...il.com,
	gary@...yguo.net, bjorn3_gh@...tonmail.com, a.hindborg@...nel.org,
	aliceryhl@...gle.com, tmgross@...ch.edu, linux-pci@...r.kernel.org,
	rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] rust: devres: implement Devres::access_with()

On Sun, Apr 27, 2025 at 08:41:02AM +0000, Benno Lossin wrote:
> On Sat Apr 26, 2025 at 11:24 PM CEST, Danilo Krummrich wrote:
> > On Sat, Apr 26, 2025 at 08:28:30PM +0000, Benno Lossin wrote:
> >> On Sat Apr 26, 2025 at 3:30 PM CEST, Danilo Krummrich wrote:
> >> > +    pub fn access_with<'s, 'd: 's>(&'s self, dev: &'d Device<Bound>) -> Result<&'s T> {
> >> 
> >> I don't think that we need the `'d` lifetime here (if not, we should
> >> remove it).
> >
> > If the returned reference out-lives dev it can become invalid, since it means
> > that the device could subsequently be unbound. Hence, I think we indeed need to
> > require that the returned reference cannot out-live dev.
> 
> I meant the following signature:
> 
>     pub fn access_with<'a>(&'a self, dev: &'a Device<Bound>) -> Result<&'a T>
> 
> You don't need to specify the additional `'d` one, since lifetimes allow
> subtyping [1]. So if I have a `&'s self` and a `&'d Device<Bound>` and
> `'d: 's`, then I can supply those arguments to my suggested function and
> the compiler will shorten `'d` to be `'s` or whatever is correct in the
> context.
> 
> [1]: https://doc.rust-lang.org/nomicon/subtyping.html#subtyping

Makes sense, and I don't mind changing it, but I still think the orignal version
makes the actual requirement more obvious to the reader, i.e. dev must live *at
least* as long as self, but not dev must live *exactly* as long as self.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ