| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANiq72nkZ0F1_YUfBg_y=JcEMnQW+uVr9v4BXONUJdor3ZJzgA@mail.gmail.com> Date: Thu, 4 Sep 2025 22:37:48 +0200 From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com> To: Mitchell Levy <levymitchell0@...il.com> Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, Andrew Morton <akpm@...ux-foundation.org>, Dennis Zhou <dennis@...nel.org>, Tejun Heo <tj@...nel.org>, Christoph Lameter <cl@...ux.com>, Danilo Krummrich <dakr@...nel.org>, Benno Lossin <lossin@...nel.org>, Yury Norov <yury.norov@...il.com>, Viresh Kumar <viresh.kumar@...aro.org>, Tyler Hicks <code@...icks.com>, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH v3 5/7] rust: percpu: Support non-zeroable types for DynamicPerCpu On Thu, Sep 4, 2025 at 10:17 PM Mitchell Levy <levymitchell0@...il.com> wrote: > > Will do. By the way, sorry -- just to clarify, I didn't mean to remove anything, but rather split it (likely at the first full stop). > Yes, this is true; strictly speaking, calling this function without > dereferencing the returned pointer is always safe. I suppose I find i t> clearer that, when a function has preconditions that are necessary for > it to return a valid pointer, the "safe-ness" has more to do with the > functions preconditions than the act of dereferencing the pointer. In that case, I would make it safe -- we don't use safety preconditions to mark "dangerous" operations, so to speak. > In this case, the pointer shouldn't be going very far, but I think this > logic applies especially well in cases where pointers might be getting > stored away for later (and so the validity of the dereference later on > might rely on non-local conditions). But that applies to any returned raw pointer, no? > This flows from the first requirement (that `self` is a live allocation, > which is necessary for `per_cpu_ptr` to return a valid pointer). Though, > as above, simply possessing this pointer isn't UB, so it's arguable that > any call to `per_cpu_ptr` (on x86 at least, I'm not sure how it's > implemented on other arches) is always safe. Regardless, I agree this > comment should be more clear (even if the function is safe, it's > probably worth noting why the pointer returned is valid when the > function preconditions are met); will fix. Sounds good, thanks! If you have cases you think other architectures may have different requirements, and you think it is likely one could enable the support for other arches and break it, then I would suggest adding a comment about it. Or, ideally, try to see if other architectures are fine already, even if you still don't enable the code in other arches. Cheers, Miguel
Powered by blists - more mailing lists