| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DC0AUNNAKGJI.4KX0TW6LG83Y@kernel.org>
Date: Tue, 12 Aug 2025 10:17:44 +0200
From: "Benno Lossin" <lossin@...nel.org>
To: "Gary Guo" <gary@...nel.org>, "Miguel Ojeda" <ojeda@...nel.org>, "Alex
Gaynor" <alex.gaynor@...il.com>, "Boqun Feng" <boqun.feng@...il.com>, "Gary
Guo" <gary@...yguo.net>, Björn Roy Baron
<bjorn3_gh@...tonmail.com>, "Andreas Hindborg" <a.hindborg@...nel.org>,
"Alice Ryhl" <aliceryhl@...gle.com>, "Trevor Gross" <tmgross@...ch.edu>,
"Danilo Krummrich" <dakr@...nel.org>, "Will Deacon" <will@...nel.org>,
"Peter Zijlstra" <peterz@...radead.org>, "Mark Rutland"
<mark.rutland@....com>, "Tamir Duberstein" <tamird@...il.com>, "Francesco
Zardi" <frazar00@...il.com>, "Antonio Hickey" <contact@...oniohickey.com>
Cc: <rust-for-linux@...r.kernel.org>, "David Gow" <davidgow@...gle.com>,
<linux-block@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5 4/5] rust: block: convert `block::mq` to use
`Refcount`
On Thu Jul 24, 2025 at 1:32 AM CEST, Gary Guo wrote:
> From: Gary Guo <gary@...yguo.net>
>
> Currently there's a custom reference counting in `block::mq`, which uses
> `AtomicU64` Rust atomics, and this type doesn't exist on some 32-bit
> architectures. We cannot just change it to use 32-bit atomics, because
> doing so will make it vulnerable to refcount overflow. So switch it to
> use the kernel refcount `kernel::sync::Refcount` instead.
>
> There is an operation needed by `block::mq`, atomically decreasing
> refcount from 2 to 0, which is not available through refcount.h, so
> I exposed `Refcount::as_atomic` which allows accessing the refcount
> directly.
>
> Tested-by: David Gow <davidgow@...gle.com>
> Acked-by: Andreas Hindborg <a.hindborg@...nel.org>
> Signed-off-by: Gary Guo <gary@...yguo.net>
Reviewed-by: Benno Lossin <lossin@...nel.org>
> ---
> rust/kernel/block/mq/operations.rs | 7 ++--
> rust/kernel/block/mq/request.rs | 63 ++++++++----------------------
> rust/kernel/sync/refcount.rs | 14 +++++++
> 3 files changed, 34 insertions(+), 50 deletions(-)
> diff --git a/rust/kernel/sync/refcount.rs b/rust/kernel/sync/refcount.rs
> index 3ff4585326b41..a9b24c6b2f8a7 100644
> --- a/rust/kernel/sync/refcount.rs
> +++ b/rust/kernel/sync/refcount.rs
> @@ -4,6 +4,8 @@
> //!
> //! C header: [`include/linux/refcount.h`](srctree/include/linux/refcount.h)
>
> +use core::sync::atomic::AtomicI32;
> +
> use crate::build_assert;
> use crate::types::Opaque;
>
> @@ -34,6 +36,18 @@ fn as_ptr(&self) -> *mut bindings::refcount_t {
> self.0.get()
> }
>
> + /// Get the underlying atomic counter that backs the refcount.
> + ///
> + /// NOTE: This will be changed to LKMM atomic in the future.
Can we discourage using this function a bit more in the docs? At least
point people to try other ways before reaching for this, since it allows
overflowing & doesn't warn on saturate etc.
---
Cheers,
Benno
> + #[inline]
> + pub fn as_atomic(&self) -> &AtomicI32 {
> + let ptr = self.0.get().cast();
> + // SAFETY: `refcount_t` is a transparent wrapper of `atomic_t`, which is an atomic 32-bit
> + // integer that is layout-wise compatible with `AtomicI32`. All values are valid for
> + // `refcount_t`, despite some of the values being considered saturated and "bad".
> + unsafe { &*ptr }
> + }
> +
> /// Set a refcount's value.
> #[inline]
> pub fn set(&self, value: i32) {
Powered by blists - more mailing lists