lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250703172605.28891-1-work@onurozkan.dev>
Date: Thu,  3 Jul 2025 20:26:05 +0300
From: Onur Özkan <work@...rozkan.dev>
To: rust-for-linux@...r.kernel.org,
	linux-kernel@...r.kernel.org
Cc: ojeda@...nel.org, "alex.gaynor@...il.comboqun.feng"@gmail.com,
	gary@...yguo.net, bjorn3_gh@...tonmail.com, lossin@...nel.org,
	a.hindborg@...nel.org, aliceryhl@...gle.com, tmgross@...ch.edu,
	dakr@...nel.org, acourbot@...dia.com, joelagnelf@...dia.com,
	wedsonaf@...il.com,
	Onur Özkan <work@...rozkan.dev>
Subject: [PATCH] rust: fix outdated safety note in `Revocable::revoke_internal`

The code used to use `compare_exchange` in the initial version
but it was changed to `swap` after a reviewer suggestion (see [1]),
and then the safety comment was not updated and became incorrect.

Link: https://lore.kernel.org/all/20241211104742.533392-1-benoit@dugarreau.fr [1]

Signed-off-by: Onur Özkan <work@...rozkan.dev>
---
 rust/kernel/revocable.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/rust/kernel/revocable.rs b/rust/kernel/revocable.rs
index 06a3cdfce344..5c0b7afa76fb 100644
--- a/rust/kernel/revocable.rs
+++ b/rust/kernel/revocable.rs
@@ -163,8 +163,10 @@ unsafe fn revoke_internal<const SYNC: bool>(&self) -> bool {
                 unsafe { bindings::synchronize_rcu() };
             }
 
-            // SAFETY: We know `self.data` is valid because only one CPU can succeed the
-            // `compare_exchange` above that takes `is_available` from `true` to `false`.
+            // SAFETY: We just used an atomic `swap` to check if the data was still marked
+            // as available. If it returns `true`, that means we are the first (and only)
+            // thread to see it as available and mark it as unavailable. So no other thread
+            // can access or drop the data after this. That makes it safe to drop the data here.
             unsafe { drop_in_place(self.data.get()) };
         }
 
-- 
2.50.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ