| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011814-wrongdoer-obvious-f8fa@gregkh>
Date: Sun, 18 Jan 2026 07:51:38 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: jkhall81 <jason.kei.hall@...il.com>
Cc: Alice Ryhl <aliceryhl@...gle.com>,
Arve Hjønnevåg <arve@...roid.com>,
Todd Kjos <tkjos@...roid.com>, Carlos Llamas <cmllamas@...gle.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH rust-next] rust: binder: refactor context management to
use KVVec
On Sat, Jan 17, 2026 at 09:22:42AM -0700, jkhall81 wrote:
> Replace the intrusive linked list management in context.rs with KVVec.
> This modernization simplifies the ownership model by using standard
> Arc-based tracking and moves away from manual unsafe list removals.
>
> The refactor improves memory safety by leveraging Rust's contiguous
> collection types while maintaining proper error propagation for
> allocation failures during process registration.
>
> Suggested-by: Alice Ryhl <aliceryhl@...gle.com>
> Link: https://github.com/rust-for-linux/linux/issues/1215
> Signed-off-by: jkhall81 <jason.kei.hall@...il.com>
> ---
> drivers/android/binder/context.rs | 73 ++++++++++++++-----------------
> drivers/android/binder/process.rs | 4 +-
> 2 files changed, 36 insertions(+), 41 deletions(-)
>
> diff --git a/drivers/android/binder/context.rs b/drivers/android/binder/context.rs
> index 3d135ec03ca7..83fa8a16662b 100644
> --- a/drivers/android/binder/context.rs
> +++ b/drivers/android/binder/context.rs
> @@ -3,8 +3,8 @@
> // Copyright (C) 2025 Google LLC.
>
> use kernel::{
> - error::Error,
> - list::{List, ListArc, ListLinks},
> + alloc::kvec::{KVVec, KVec},
> + error::code::*,
> prelude::*,
> security,
> str::{CStr, CString},
> @@ -17,22 +17,19 @@
> kernel::sync::global_lock! {
> // SAFETY: We call `init` in the module initializer, so it's initialized before first use.
> pub(crate) unsafe(uninit) static CONTEXTS: Mutex<ContextList> = ContextList {
> - list: List::new(),
> + contexts: KVVec::new(),
> };
> }
>
> pub(crate) struct ContextList {
> - list: List<Context>,
> + contexts: KVVec<Arc<Context>>,
> }
>
> pub(crate) fn get_all_contexts() -> Result<KVec<Arc<Context>>> {
> let lock = CONTEXTS.lock();
> -
> - let count = lock.list.iter().count();
> -
> - let mut ctxs = KVec::with_capacity(count, GFP_KERNEL)?;
> - for ctx in &lock.list {
> - ctxs.push(Arc::from(ctx), GFP_KERNEL)?;
> + let mut ctxs = KVec::with_capacity(lock.contexts.len(), GFP_KERNEL)?;
> + for ctx in lock.contexts.iter() {
> + ctxs.push(ctx.clone(), GFP_KERNEL)?;
> }
> Ok(ctxs)
> }
> @@ -42,7 +39,7 @@ pub(crate) fn get_all_contexts() -> Result<KVec<Arc<Context>>> {
> struct Manager {
> node: Option<NodeRef>,
> uid: Option<Kuid>,
> - all_procs: List<Process>,
> + all_procs: KVVec<Arc<Process>>,
> }
>
> /// There is one context per binder file (/dev/binder, /dev/hwbinder, etc)
> @@ -51,28 +48,16 @@ pub(crate) struct Context {
> #[pin]
> manager: Mutex<Manager>,
> pub(crate) name: CString,
> - #[pin]
> - links: ListLinks,
> -}
> -
> -kernel::list::impl_list_arc_safe! {
> - impl ListArcSafe<0> for Context { untracked; }
> -}
> -kernel::list::impl_list_item! {
> - impl ListItem<0> for Context {
> - using ListLinks { self.links };
> - }
> }
>
> impl Context {
> pub(crate) fn new(name: &CStr) -> Result<Arc<Self>> {
> let name = CString::try_from(name)?;
> - let list_ctx = ListArc::pin_init::<Error>(
> + let ctx = Arc::pin_init(
> try_pin_init!(Context {
> name,
> - links <- ListLinks::new(),
> manager <- kernel::new_mutex!(Manager {
> - all_procs: List::new(),
> + all_procs: KVVec::new(),
> node: None,
> uid: None,
> }, "Context::manager"),
> @@ -80,8 +65,7 @@ pub(crate) fn new(name: &CStr) -> Result<Arc<Self>> {
> GFP_KERNEL,
> )?;
>
> - let ctx = list_ctx.clone_arc();
> - CONTEXTS.lock().list.push_back(list_ctx);
> + CONTEXTS.lock().contexts.push(ctx.clone(), GFP_KERNEL)?;
>
> Ok(ctx)
> }
> @@ -90,17 +74,24 @@ pub(crate) fn new(name: &CStr) -> Result<Arc<Self>> {
> ///
> /// No-op if called twice.
> pub(crate) fn deregister(&self) {
> - // SAFETY: We never add the context to any other linked list than this one, so it is either
> - // in this list, or not in any list.
> - unsafe { CONTEXTS.lock().list.remove(self) };
> + // Safe removal using retain
> + CONTEXTS.lock().contexts.retain(|c| {
> + let p1 = Arc::as_ptr(c);
> + let p2 = self as *const Context;
> + p1 != p2
> + });
> }
>
> - pub(crate) fn register_process(self: &Arc<Self>, proc: ListArc<Process>) {
> + pub(crate) fn register_process(self: &Arc<Self>, proc: Arc<Process>) -> Result {
> if !Arc::ptr_eq(self, &proc.ctx) {
> pr_err!("Context::register_process called on the wrong context.");
> - return;
> + return Err(EINVAL);
> }
> - self.manager.lock().all_procs.push_back(proc);
> + self.manager
> + .lock()
> + .all_procs
> + .push(proc, GFP_KERNEL)
> + .map_err(Error::from)
> }
>
> pub(crate) fn deregister_process(self: &Arc<Self>, proc: &Process) {
> @@ -108,8 +99,12 @@ pub(crate) fn deregister_process(self: &Arc<Self>, proc: &Process) {
> pr_err!("Context::deregister_process called on the wrong context.");
> return;
> }
> - // SAFETY: We just checked that this is the right list.
> - unsafe { self.manager.lock().all_procs.remove(proc) };
> + // Safe removal using retain
> + self.manager.lock().all_procs.retain(|p| {
> + let p1 = Arc::as_ptr(p);
> + let p2 = proc as *const Process;
> + p1 != p2
> + });
> }
>
> pub(crate) fn set_manager_node(&self, node_ref: NodeRef) -> Result {
> @@ -160,11 +155,9 @@ pub(crate) fn for_each_proc<F>(&self, mut func: F)
>
> pub(crate) fn get_all_procs(&self) -> Result<KVec<Arc<Process>>> {
> let lock = self.manager.lock();
> - let count = lock.all_procs.iter().count();
> -
> - let mut procs = KVec::with_capacity(count, GFP_KERNEL)?;
> - for proc in &lock.all_procs {
> - procs.push(Arc::from(proc), GFP_KERNEL)?;
> + let mut procs = KVec::with_capacity(lock.all_procs.len(), GFP_KERNEL)?;
> + for proc in lock.all_procs.iter() {
> + procs.push(Arc::clone(proc), GFP_KERNEL)?;
> }
> Ok(procs)
> }
> diff --git a/drivers/android/binder/process.rs b/drivers/android/binder/process.rs
> index 132055b4790f..c3676fc7785d 100644
> --- a/drivers/android/binder/process.rs
> +++ b/drivers/android/binder/process.rs
> @@ -513,7 +513,9 @@ fn new(ctx: Arc<Context>, cred: ARef<Credential>) -> Result<Arc<Self>> {
> )?;
>
> let process = list_process.clone_arc();
> - process.ctx.register_process(list_process);
> + process
> + .ctx
> + .register_process(Arc::from(list_process.as_arc_borrow()))?;
>
> Ok(process)
> }
> --
> 2.43.0
>
Hi,
This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him
a patch that has triggered this response. He used to manually respond
to these common problems, but in order to save his sanity (he kept
writing the same thing over and over, yet to different people), I was
created. Hopefully you will not take offence and will fix the problem
in your patch and resubmit it so that it can be accepted into the Linux
kernel tree.
You are receiving this message because of the following common error(s)
as indicated below:
- It looks like you did not use your "real" name for the patch on either
the Signed-off-by: line, or the From: line (both of which have to
match). Please read the kernel file,
Documentation/process/submitting-patches.rst for how to do this
correctly.
If you wish to discuss this problem further, or you have questions about
how to resolve this issue, please feel free to respond to this email and
Greg will reply once he has dug out from the pending patches received
from other developers.
thanks,
greg k-h's patch email bot
Powered by blists - more mailing lists