| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <55E30790-0370-4910-B8E9-C007052BF285@collabora.com> Date: Wed, 17 Dec 2025 05:54:46 -0300 From: Daniel Almeida <daniel.almeida@...labora.com> To: Onur Özkan <work@...rozkan.dev> Cc: Alice Ryhl <aliceryhl@...gle.com>, rust-for-linux@...r.kernel.org, lossin@...nel.org, lyude@...hat.com, ojeda@...nel.org, alex.gaynor@...il.com, boqun.feng@...il.com, gary@...yguo.net, a.hindborg@...nel.org, tmgross@...ch.edu, dakr@...nel.org, peterz@...radead.org, mingo@...hat.com, will@...nel.org, longman@...hat.com, felipe_life@...e.com, daniel@...lak.dev, thomas.hellstrom@...ux.intel.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH v8 5/6] rust: ww_mutex: add Mutex, AcquireCtx and MutexGuard > On 15 Dec 2025, at 06:10, Onur Özkan <work@...rozkan.dev> wrote: > > On Thu, 4 Dec 2025 09:07:18 +0000 > Alice Ryhl <aliceryhl@...gle.com> wrote: > >> On Wed, Dec 03, 2025 at 02:23:14PM -0300, Daniel Almeida wrote: >>> >>> >>>> On 3 Dec 2025, at 10:26, Alice Ryhl <aliceryhl@...gle.com> wrote: >>>> >>>> On Mon, Dec 01, 2025 at 01:28:54PM +0300, Onur Özkan wrote: >>>>> Yeah :(. We could get rid of them easily by keeping the class >>>>> that was passed to the constructor functions but that becomes a >>>>> problem for the from_raw implementations. >>>>> >>>>> I think the best solution would be to expose ww_class type from >>>>> ww_acquire_ctx and ww_mutex unconditionally (right now it >>>>> depends on DEBUG_WW_MUTEXES). That way we can just access the >>>>> class and verify that the mutex and acquire_ctx classes match. >>>>> >>>>> What do you think? I can submit a patch for the C-side >>>>> implementation. It should be straightforward and shouldn't have >>>>> any runtime impact. >>>> >>>> I think there is a better solution. We can create a different >>>> type for every single class, like how >>>> rust/kernel/sync/lock/global.rs creates a different type for >>>> every single mutex. Then, you know that the classes are the same >>>> since the class is part of the type. >>> >>> I don’t think this would work with the from_raw() functions. What >>> class would you assign then? I think this is precisely what sparked >>> the current solution. >> >> There can be a way to create a type for a C-defined class, and >> from_raw() can require that you don't use the same Rust type for >> different C classes. >> > > Do you think this is a better alternative? IMO it doesn't seem worth > it for what it's doing. Current approach adds less complexity and is > easier to maintain. It's not just helping from_raw functions, the class > validation is being much simpler without having to deal with storing > class references or creating new types. > > I am holding off the next version because we don't have a clear > consensus on this. > > - Onur > >> Alice I am frankly not sure whether what Alice suggested is an improvement either. Having the class stored seems like a much simpler solution to the problem. > Then when you call from_raw(), you call > > Mutex::<T, MY_C_CLASS>::from_raw(ptr_to_mutex) That’s what we are trying to avoid in the first place. It does not really matter that from_raw() is unsafe, because this is not really about UB, but rather about trying to avoid broken code if possible. IMHO, if we can check this, then I propose that we do. Hence why we are storing the class. — Daniel
Powered by blists - more mailing lists