lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87y0vg21pm.fsf@kernel.org>
Date: Thu, 01 May 2025 10:07:49 +0200
From: Andreas Hindborg <a.hindborg@...nel.org>
To: "Alice Ryhl" <aliceryhl@...gle.com>
Cc: "Tamir Duberstein" <tamird@...il.com>,  "Gary Guo" <gary@...yguo.net>,
  "Danilo Krummrich" <dakr@...nel.org>,  "Miguel Ojeda" <ojeda@...nel.org>,
  "Alex Gaynor" <alex.gaynor@...il.com>,  "Boqun Feng"
 <boqun.feng@...il.com>,  Björn Roy Baron
 <bjorn3_gh@...tonmail.com>,
  "Benno Lossin" <benno.lossin@...ton.me>,  "Trevor Gross"
 <tmgross@...ch.edu>,  "Matthew Wilcox" <willy@...radead.org>,  "Bjorn
 Helgaas" <bhelgaas@...gle.com>,  "Greg Kroah-Hartman"
 <gregkh@...uxfoundation.org>,  "Rafael J. Wysocki" <rafael@...nel.org>,
  "FUJITA Tomonori" <fujita.tomonori@...il.com>,  "Rob Herring (Arm)"
 <robh@...nel.org>,  Maíra Canal <mcanal@...lia.com>,
  "Asahi Lina"
 <lina@...hilina.net>,  <rust-for-linux@...r.kernel.org>,
  <linux-fsdevel@...r.kernel.org>,  <linux-kernel@...r.kernel.org>,
  <linux-pci@...r.kernel.org>
Subject: Re: [PATCH v19 1/3] rust: types: add `ForeignOwnable::PointedTo`

"Alice Ryhl" <aliceryhl@...gle.com> writes:

> On Wed, Apr 30, 2025 at 8:57 PM Tamir Duberstein <tamird@...il.com> wrote:
>>
>> On Wed, Apr 30, 2025 at 11:31 AM Gary Guo <gary@...yguo.net> wrote:
>> >
>> > On Wed, 23 Apr 2025 09:54:37 -0400
>> > Tamir Duberstein <tamird@...il.com> wrote:
>> > > -impl<T: 'static, A> ForeignOwnable for Box<T, A>
>> > > +// SAFETY: The `into_foreign` function returns a pointer that is well-aligned.
>> > > +unsafe impl<T: 'static, A> ForeignOwnable for Box<T, A>
>> > >  where
>> > >      A: Allocator,
>> > >  {
>> > > +    type PointedTo = T;
>> >
>> > I don't think this is the correct solution for this. The returned
>> > pointer is supposed to opaque, and exposing this type may encourage
>> > this is to be wrongly used.
>>
>> Can you give an example?
>
> This came up when we discussed this patch in the meeting yesterday:
> https://lore.kernel.org/all/20250227-configfs-v5-1-c40e8dc3b9cd@kernel.org/
>
> This is incorrect use of the trait. The pointer is supposed to be
> opaque, and you can't dereference it. See my reply to that patch as
> well:
> https://lore.kernel.org/all/CAH5fLggDwPBzMO2Z48oMjDm4qgoNM0NQs_63TxmVEGy+gtMpOA@mail.gmail.com/


For reference, the outcome of the discussion yesterday:

 - The use of `ForeignOwnable` in the configfs series is not correct. The pointer
   must be opaque. I will drop the use of `ForeignOwnable` and adapt
   `Arc` methods `into_raw`/`from_raw` instead. I had a plan to make the
   code generic over the pointer type with a bound on `ForeignOwnable`.
   A new trait is required for that now.

 - There may be a use case for a trait that allows passing ownership of
   an object to C, similar to `ForeignOwnable` but with a non-opaque
   pointer. Trait methods would be `into_raw`, `from_raw`, `borrow`.

 - The solution for alignment adopted in this (xarray) series is not
   ideal. However, given the timeline we will proceed merging the series
   as is, and then change the solution to the one outlined by Gary in
   the next cycle.

@Gary you mentioned an implementation of the solution you outlined is
already posted to the list. I can't seem to find it, can you point to
it?

Best regards,
Andreas Hindborg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ