| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DC9VG96PR778.4L9WNCE521AV@kernel.org> Date: Sat, 23 Aug 2025 16:20:19 +0200 From: "Danilo Krummrich" <dakr@...nel.org> To: "Alexandre Courbot" <acourbot@...dia.com> Cc: <akpm@...ux-foundation.org>, <ojeda@...nel.org>, <alex.gaynor@...il.com>, <boqun.feng@...il.com>, <gary@...yguo.net>, <bjorn3_gh@...tonmail.com>, <lossin@...nel.org>, <a.hindborg@...nel.org>, <aliceryhl@...gle.com>, <tmgross@...ch.edu>, <abdiel.janulgue@...il.com>, <jgg@...pe.ca>, <lyude@...hat.com>, <robin.murphy@....com>, <daniel.almeida@...labora.com>, <rust-for-linux@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2 3/5] rust: scatterlist: Add type-state abstraction for sg_table On Sat Aug 23, 2025 at 4:16 PM CEST, Alexandre Courbot wrote: > On Sat Aug 23, 2025 at 10:57 PM JST, Danilo Krummrich wrote: >> On Sat Aug 23, 2025 at 3:47 PM CEST, Alexandre Courbot wrote: >>> Oops, forgot to mention a couple more things: >>> >>> On Thu Aug 21, 2025 at 1:52 AM JST, Danilo Krummrich wrote: >>>> Add a safe Rust abstraction for the kernel's scatter-gather list >>>> facilities (`struct scatterlist` and `struct sg_table`). >>>> >>>> This commit introduces `SGTable<T>`, a wrapper that uses a type-state >>>> pattern to provide compile-time guarantees about ownership and lifetime. >>> >>> Is this actually a typestate? From my understanding, the typestate >>> pattern implies transitions from one state to the other (such as >>> Unmapped -> Mapped), but in this version there are no such transitions >>> (the previous ones had, though). We are just using a generic parameter, >>> so mentioning typestate sounds a bit misleading to me. >> >> I'd argue that it's still kind of a typestate. You can derive &SGTable (i.e. >> &SGTable<Borrowed>) from SGTabe<Owned>. So, technically there is an >> uni-directional transition I guess. > > That's technically correct, but is also not the intent of the design, at > least compared to something like Unmapped <-> Mapped. Not a big problem > if you prefer to keep the current naming though. I don't mind to name / call it differently, any suggestion? >> >>> Another random thought, in the owned case, do we want to provide an >>> accessor to the provider of the backing pages? Or do we expect the >>> caller to take dispositions to keep such a reference if they need to >>> access the backing buffer post-mapping? >> >> That's not going to work that easily. Once the backing pages are DMA mapped, the >> backing buffer can be accessed safely an more. >> >> See also the safety requirements of dma::CoherentAllocation::as_slice() and >> dma::CoherentAllocation::as_slice_mut(). > > Yup. So couldn't similar accessors (marked unsafe of course) be > convenient? Absolutely! But I think we want them represented by a common trait that can be used by SGTable and dma::CoherentAllocation. >> >> If we want to support that, we have to provide a new type for this and maybe >> want to define a common trait for DMA mapped memory accessors, etc. >> >> Not the scope for this series, I believe. :) > > I've had a few thoughts in that direction as well, but completely agree > we should debate about this *after* this series is merged. :) Yeah, let's add this feature subsequently.
Powered by blists - more mailing lists