| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aCzzBT96ktapP03e@google.com> Date: Tue, 20 May 2025 21:24:21 +0000 From: Alice Ryhl <aliceryhl@...gle.com> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: Benno Lossin <lossin@...nel.org>, Matthew Maurer <mmaurer@...gle.com>, Danilo Krummrich <dakr@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, "Björn Roy Baron" <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...nel.org>, Trevor Gross <tmgross@...ch.edu>, "Rafael J. Wysocki" <rafael@...nel.org>, Sami Tolvanen <samitolvanen@...gle.com>, Timur Tabi <ttabi@...dia.com>, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org Subject: Re: [PATCH v5 4/4] rust: samples: Add debugfs sample On Thu, May 15, 2025 at 01:43:09PM +0200, Greg Kroah-Hartman wrote: > On Thu, May 15, 2025 at 10:59:44AM +0200, Benno Lossin wrote: > > On Wed May 14, 2025 at 11:55 PM CEST, Matthew Maurer wrote: > > > On Wed, May 14, 2025 at 2:07 AM Danilo Krummrich <dakr@...nel.org> wrote: > > >> However, I really think we should keep the code as it is in this version and > > >> just don't provide an example that utilizes ManuallyDrop and forget(). > > >> > > >> I don't see how the idea of "manually dropping" (sub-)directories and files > > >> provides any real value compared to just storing their instance in a driver > > >> structure as long as they should stay alive, which is much more intuitive > > >> anyways. > > > > > > We can't easily do this, because dropping a root directory recursively > > > drops everything underneath it. This means that if I have > > > > > > foo/ > > > - bar/ > > > - baz/ > > > > > > Then my directory handle for `bar` have to be guaranteed to outlive my > > > directory handle for `foo` so that I know it's didn't get deleted > > > under me. This is why they have a borrow onto their parent directory. > > > This borrow means that you can't (without `unsafe`, or something like > > > `yoke`) keep handles to `foo` and `bar` in the same struct. > > > > Is there no refcount that we can use instead of borrowing? I guess not, > > since one can call `debugfs_remove`. What about a refcount on the rust > > side? or is debugfs not used for "debugging" and needs to have the > > performance of no refcount? > > debugfs should never have any performance issues (i.e. you don't use it > for performant things.) > > So refcount away! That should never be an issue. What I imagine would be the ideal API for Rust is the following: * For each file / dir you create, you get a Rust object that owns it. * When you destroy one of these Rust objects, it disappears from the file system. I.e., dropping a directory removes things recursively. * If you remove a directory before the removing objects inside it, then the Rust objects become "ghost" objects that are still usable, but not visible in the file system anywhere. I.e. calling methods on them succeed but are no-ops. * Possibly we have a way to drop a Rust object without removing it from the file system. In this case, it can never be accessed from Rust again, and the only way to remove it is to drop its parent directory. This way, you can drop foo/ before dropping bar/ and baz/ without that having to be unsafe. Whether that's best implemented by calling dget/dput on the dentry or by having Rust keep track of a separate Rust-only refcount, I don't know. But I think this is the API we want. Thoughts? Alice
Powered by blists - more mailing lists