lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DAWHMFWA2FZB.2III53VFXATS4@kernel.org>
Date: Thu, 26 Jun 2025 15:09:30 +0200
From: "Benno Lossin" <lossin@...nel.org>
To: "Danilo Krummrich" <dakr@...nel.org>
Cc: "Boqun Feng" <boqun.feng@...il.com>, <gregkh@...uxfoundation.org>,
 <rafael@...nel.org>, <ojeda@...nel.org>, <alex.gaynor@...il.com>,
 <gary@...yguo.net>, <bjorn3_gh@...tonmail.com>, <a.hindborg@...nel.org>,
 <aliceryhl@...gle.com>, <tmgross@...ch.edu>, <david.m.ertman@...el.com>,
 <ira.weiny@...el.com>, <leon@...nel.org>, <kwilczynski@...nel.org>,
 <bhelgaas@...gle.com>, <rust-for-linux@...r.kernel.org>,
 <linux-kernel@...r.kernel.org>, <linux-pci@...r.kernel.org>
Subject: Re: [PATCH v3 3/4] rust: devres: get rid of Devres' inner Arc

On Thu Jun 26, 2025 at 1:40 PM CEST, Danilo Krummrich wrote:
> On Thu, Jun 26, 2025 at 01:07:25PM +0200, Danilo Krummrich wrote:
>> On Thu, Jun 26, 2025 at 12:27:18PM +0200, Benno Lossin wrote:
>> > On Thu Jun 26, 2025 at 12:01 PM CEST, Danilo Krummrich wrote:
>> > > On Wed, Jun 25, 2025 at 09:13:24PM -0700, Boqun Feng wrote:
>> > >> On Tue, Jun 24, 2025 at 11:54:01PM +0200, Danilo Krummrich wrote:
>> > >> [...]
>> > >> > +#[pin_data(PinnedDrop)]
>> > >> > +pub struct Devres<T> {
>> > >> 
>> > >> It makes me realize: I think we need to make `T` being `Send`? Because
>> > >> the devm callback can happen on a different thread other than
>> > >> `Devres::new()` and the callback may drop `T` because of revoke(), so we
>> > >> are essientially sending `T`. Alternatively we can make `Devres::new()`
>> > >> and its friend require `T` being `Send`.
>> > >> 
>> > >> If it's true, we need a separate patch that "Fixes" this.
>> > >
>> > > Indeed, that needs a fix.
>> > 
>> > Oh and we have no `'static` bound on `T` either... We should require
>> > that as well.
>> 
>> I don't think we actually need that, The Devres instance can't out-live a &T
>> passed into it. And the &T can't out-live the &Device<Bound>, hence we're
>> guaranteed that devres_callback() is never called because Devres::drop() will be
>> able successfully unregister the callback given that we're still in the
>> &Device<Bound> scope.
>> 
>> The only thing that could technically out-live the &Device<Bound> would be
>> &'static T, but that would obviously be fine.
>> 
>> Do I miss anything?
>
> Thinking a bit more about it, a similar argumentation is true for not needing
> T: Send. The only way to leave the &Device<Bound> scope and hence the thread
> would be to stuff the Devres into a ForeignOwnable container, no?

I think `T: Send` is required, since we drop the `T` in the other thread
when `devres_callback` is called from the device unbinding.

> Analogous to Benno asking for ForeignOwnable: 'static, should we also require
> ForeignOwnable: Send + Sync?

I don't think so, you could have a type that stores the pointer in C,
but only ever allows access from the same thread.

> Alternatively, the safety requirements of ForeignOwnable:::from_foreign() and
> ForeignOwnable::borrow() would need to cover this, which they currently they
> are not.

Oh right, yeah they should cover that.

---
Cheers,
Benno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ