lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aF0xp4ZKP_a7cJsc@pollux>
Date: Thu, 26 Jun 2025 13:40:23 +0200
From: Danilo Krummrich <dakr@...nel.org>
To: Benno Lossin <lossin@...nel.org>
Cc: Boqun Feng <boqun.feng@...il.com>, gregkh@...uxfoundation.org,
	rafael@...nel.org, ojeda@...nel.org, alex.gaynor@...il.com,
	gary@...yguo.net, bjorn3_gh@...tonmail.com, a.hindborg@...nel.org,
	aliceryhl@...gle.com, tmgross@...ch.edu, david.m.ertman@...el.com,
	ira.weiny@...el.com, leon@...nel.org, kwilczynski@...nel.org,
	bhelgaas@...gle.com, rust-for-linux@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org
Subject: Re: [PATCH v3 3/4] rust: devres: get rid of Devres' inner Arc

On Thu, Jun 26, 2025 at 01:07:25PM +0200, Danilo Krummrich wrote:
> On Thu, Jun 26, 2025 at 12:27:18PM +0200, Benno Lossin wrote:
> > On Thu Jun 26, 2025 at 12:01 PM CEST, Danilo Krummrich wrote:
> > > On Wed, Jun 25, 2025 at 09:13:24PM -0700, Boqun Feng wrote:
> > >> On Tue, Jun 24, 2025 at 11:54:01PM +0200, Danilo Krummrich wrote:
> > >> [...]
> > >> > +#[pin_data(PinnedDrop)]
> > >> > +pub struct Devres<T> {
> > >> 
> > >> It makes me realize: I think we need to make `T` being `Send`? Because
> > >> the devm callback can happen on a different thread other than
> > >> `Devres::new()` and the callback may drop `T` because of revoke(), so we
> > >> are essientially sending `T`. Alternatively we can make `Devres::new()`
> > >> and its friend require `T` being `Send`.
> > >> 
> > >> If it's true, we need a separate patch that "Fixes" this.
> > >
> > > Indeed, that needs a fix.
> > 
> > Oh and we have no `'static` bound on `T` either... We should require
> > that as well.
> 
> I don't think we actually need that, The Devres instance can't out-live a &T
> passed into it. And the &T can't out-live the &Device<Bound>, hence we're
> guaranteed that devres_callback() is never called because Devres::drop() will be
> able successfully unregister the callback given that we're still in the
> &Device<Bound> scope.
> 
> The only thing that could technically out-live the &Device<Bound> would be
> &'static T, but that would obviously be fine.
> 
> Do I miss anything?

Thinking a bit more about it, a similar argumentation is true for not needing
T: Send. The only way to leave the &Device<Bound> scope and hence the thread
would be to stuff the Devres into a ForeignOwnable container, no?

Analogous to Benno asking for ForeignOwnable: 'static, should we also require
ForeignOwnable: Send + Sync?

Alternatively, the safety requirements of ForeignOwnable:::from_foreign() and
ForeignOwnable::borrow() would need to cover this, which they currently they
are not.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ