lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DB6RHMJJ5I4F.3LB85KT35FO5C@kernel.org>
Date: Tue, 08 Jul 2025 17:00:03 +0200
From: "Benno Lossin" <lossin@...nel.org>
To: "Oliver Mangold" <oliver.mangold@...me>
Cc: "Miguel Ojeda" <ojeda@...nel.org>, "Alex Gaynor"
 <alex.gaynor@...il.com>, "Boqun Feng" <boqun.feng@...il.com>, "Gary Guo"
 <gary@...yguo.net>, Björn Roy Baron
 <bjorn3_gh@...tonmail.com>, "Andreas Hindborg" <a.hindborg@...nel.org>,
 "Alice Ryhl" <aliceryhl@...gle.com>, "Trevor Gross" <tmgross@...ch.edu>,
 "Asahi Lina" <lina+kernel@...hilina.net>, <rust-for-linux@...r.kernel.org>,
 <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v11 1/4] rust: types: Add Ownable/Owned types

On Tue Jul 8, 2025 at 11:56 AM CEST, Oliver Mangold wrote:
> On 250707 1123, Benno Lossin wrote:
>> On Mon Jul 7, 2025 at 8:58 AM CEST, Oliver Mangold wrote:
>> > On 250702 1303, Benno Lossin wrote:
>> >> On Wed Jun 18, 2025 at 2:27 PM CEST, Oliver Mangold wrote:
>> >> > +///
>> >> > +/// # Invariants
>> >> > +///
>> >> > +/// The pointer stored in `ptr` can be considered owned by the [`Owned`] instance.
>> >>
>> >> What exactly is "owned" supposed to mean? It depends on the concrete `T`
>> >> and that isn't well-defined (since it's a generic)...
>> >
>> > "owned" means that access to the `T` is exclusive through the `Owned<T>`,
>> > so normal Rust semantics can be applied.
>> 
>> Okay, in that case just say that `ptr` has exclusive access.
>
> Or, ehm, sorry, I forgot, ownership also implies that the allocation of the
> underlying resource/object is now under the responsibility of the owner,
> i.e. the owner should free it at the appropriate time.
>
> In short, just the standard meaning of ownership in Rust.
>
> https://doc.rust-lang.org/book/ch04-01-what-is-ownership.html

Okay that's good to hear. I think what tripped me up the most was the
"can be considered" wording. Let's just say:

    /// # Invariants
    ///
    /// - `ptr` is valid,
    /// - `*ptr` is owned by `self`,
    /// - `ptr` is an "owning pointer" according to the [`Ownable`] implementation for `T`.

And then on `Ownable` we add:

    /// # Invariants
    ///
    /// An implementer of this trait needs to define which pointers can be supplied to
    /// [`Self::release`]. These pointers are called "owning pointers".

This should be as general as possible and still give us exactly the
guarantees that we need to implement `Owned`.

`Owned::from_raw` can then require that the pointer is an owning
pointer (& it's valid) and that the caller yields ownership to
`from_raw`.

---
Cheers,
Benno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ